Path to Become Cybersecurity Expert - Start Cybersecurity Careers

June 15, 2021

The Cyber Rants Podcast

Episode #31 - How to Start a Career in Cybersecurity

There's no "right way" to get started in cybersecurity but there are a lot of different paths to become a cybersecurity expert. This week, the guys talk about their career paths starting from the ancient IT world and moving into modern day cybersecurity disciplines. They share some of the most important skill sets that you rarely hear about. Get the latest tips and tricks to start your cybersecurity career today.

Pick up your copy of Cyber Rants on Amazon.
Looking to take your Cyber Security to the next level? Visit us at www.silentsector.com.
Be sure to rate the podcast, leave us a review, and subscribe!

Headlines:

Ransomware to Be Investigated Like Terrorism

Researchers Discover First Known Malware Targeting Windows Containers

The U.S. Must Redefine Critical Infrastructure for the Digital Era

FBI Recovers Millions in Ransom From Darkside Ransomware Gang

Meatpacking Organization JBS Pays $11 Million to REvil Ransomware Hackers

Billions of Compromised Records and Counting: Why the Application Layer is Still the Front Door for Data Breaches

DarkSide Pwned Colonial With Old VPN Password

Hundreds of Suspected Criminals Arrested After Being Tricked Into Using FBI-run Chat App

Microsoft Patches Six Zero-Day Security Holes

Emerging Ransomware Targets Dozens of Businesses Worldwide

welcome to the cyber rants podcast where we're all about sharing the forbidden

secrets and slightly embellished truths about corporate cyber security programs

we're ranting we're raving and we're telling you the stuff that nobody talks

about on their fancy website and trade show giveaways all to protect you from cyber criminals and now here's your hosts mike rotondo zack fuller and lauro chavez

welcome to the cyber ants podcast this is your co-host zach fuller

joined by mike rotondo and laura chavez

and today we are talking about getting into the

cyber security field business industry whatever you'd

like to call it but how do you getstarted

what might that look like what are some options uh and ways to do that so that's what

we're going to talk about but before we do mike why don't you kick us off with the news

good morning uh podcast fans uh the cyber silent sector news desk is well rested

after its vacation on the southern alabama riviera so uh here are the podcast headlines for six eleven

uh severe rce vulnerability and vmware

vcenter server

is under attack there are more vmware v

center

issues going on please patch these as

soon as possible

on wednesday a researcher published a

proof of concept code that exploits

the vulnerability another specialist

declared the exploit is able to be

trusted in that little extra work is

required to use code for malicious

purposes

it can be reproduced using five requests

from curl

a command line tool that transfers data

using http https imap and other common

internet protocols so

apache vmware news from the federal

government ransomware is now to be

investigated like terrorism

uh the u.s attorney's office wants to

organize the ransomware investigations

that is similar to other national

security issues not the severity of the

punishments

or the way conv the way convicted

persons will be apprehended i'm assuming

there's no seal teams that are going to

be busting down

computer center but you never know um

ransomware especially ransomware as a

service as a similar organization

structures to some

terrorist organizations so that's the

justification behind that just another

note

about 27 of victims are choosing to pay

ransom right now and there is discussion

that they're going to make

paying ransom illegal which let's do

that because that ransom just

funds terrorism please do please do that

that would be

excellent yeah news today researchers

discover first known malware targeting

windows containers

security researchers have discovered the

first known malware dub styloscope

targeting windows server containers to

infect kubernetes clusters and cloud

environments

it is a heavily obfuscated

malware targeting kubernetes clusters

through windows containers said unit 42

researcher

at palo verde palo verde its main

purpose is to open a back door into

poorly configured kubernetes clusters in

order to run malicious containers

such as but not limited to crypto

jackers uh this also dovetails into

hitting your hyper-vs

definitely worth looking in looking into

this at the hacker news

interesting story that came out that the

us must be

defined critical infrastructure for the

digital era and it's a really good point

this american definition of

infrastructure has remained largely

unchanged since world war ii

uh when the federal government updated

roads railroads

water supplies etc uh you know back then

communications was basically the radio

but right now we've learned especially

through the pandemic that our economy

rise heavily

on robust internet or our digital

infrastructure is the lifeblood

of basically enabling people to continue

to work at least for the laptop class

um this is good news fbi recovers

millions of ransomware

ransom from dark side ransomware gang

i'm sure we've all heard about this but

they were the doj was able to claw back

about 2.3 million dollars worth of

cryptocurrency

uh that was paid to darkseid for the uh

colonial hack on the on the other side

of that

meat packing organization jbs paid 11

million dollars to our evil

for ransomware hacks basically jbs is

the world's largest meat packing

enterprise declared this week that it

paid an 11 million dollar ransom

our evil ransomware threat actors

it ultimately paid the requested ransom

in order to keep their stolen

information from being leaked online

and reduce any unintense unanticipated

issues related to the crypto

cyber attack i don't know what critical

information meat packers have but

apparently

it's worth 11 million dollars billions

of compromise records and

counting why the application layer is

still the front door for data breaches

this is an interesting story each year

the number of data breaches grow by 30

while the number of records compromised

increased by an average of 224 percent

uh that's pretty scary in january alone

more records were stolen than all of

2017 so attackers are continuing to

evolve their tactics to get

access to sensitive data they're using

more sophisticated methods and

research finds that nearly 50 of data

breaches over the past several years

originated at the web

application layer attackers continue to

use sql injection

for remote code execution to exploit

vulnerabilities so basically protect all

paths to the data

um we found out how dark side got into

colonial

um basically it's an old vpn password

so they discovered it inside a bachelor

password somehow that

that account was still left active and

basically

we're able to get in so a silent sector

recommendation

create a strong separation and

termination policy and account

auditing to ensure this doesn't happen

in the future so when you terminate

someone make sure all of their accounts

are terminated uh

analyze their you know account usage

every every year

um this is kind of funny hundreds of

suspected criminals arrested after being

tricked into using

fbi run chat app basically the

australians and the

fbi and 16 other countries came up with

a chat app called anam

that was added to the mobile phones um

that basically

uh was supposed to be encrypted data

that criminals were using global

criminal organizations were using

um in reality they were just feeding

straight data directly to these uh

these police organizations good job

microsoft patches six data security

six zero day security holes excuse me uh

microsoft on tuesday released another

round of security updates for windows

operating systems

including fixes for six zero day bugs

remote

code execution bugs and then four

elevation of privilege flaws

so that is something to be very

concerned about make sure you patch

everything

and lastly emerging ransomware targets

dozens of businesses worldwide

emerging ransomware restrained in the

threat landscape claims to have breached

30 organizations in just four months

so when operational supposedly part of

the reward syndicate which is

apparently everywhere now however it was

first observed in february 21

2021 it's called prometheus it's just an

offshoot of another ransomware variant

called thanos which was previously

deployed against state-run organizations

of the middle east and north africa

currently they're targeting government

financial services manufacturing

logistics consulting

agriculture health care insurance blah

blah blah everything out there so

um good news there's another ransomware

laurel what do we got for

vulnerabilities today yikes well

thanks for that mike certainly nice to

have you back um it was just weird with

me doing the news

honestly i didn't feel everybody

no i was dirty i had to like date

afterwards bizarre

so for exploitation uh to be worried

about this week uh microsoft sharepoint

server 16

has a get xml data form data source

server side request

forgery vulnerability that is exportable

the payloads there

for use so if you're running uh version

make sure that you're upgrading that and

that's um windows server 2019 that's

testing on

for proof of concept pretty interesting

stuff uh

and the rust that i have again is just a

tail as old as time i probably shouldn't

even

bring these up anymore but my gosh there

are just there's three more wordpress

plugin remote code execution pieces for

wordpress discuss uh the visitor app

plug-in

and force for um the smart slider the

smart slider plug-in piece for wordpress

careful what plug-ins you're using for

wordpress

man i'm just saying like wordpress is

becoming as dangerous if not

more dangerous than using microsoft

excel chrome

maybe just just get off get get off

wordpress

yeah it's like it's like playing yes

like playing with a barrel cactus you

know it's just

i well uh

and by the way uh for those of you

listening that

want to find news articles if you go to

our website and the podcast

pages uh for each episode we will have

links posted so you can read the

articles in detail

all good stuff i know mike goes through

a lot more articles to bring you the

ones that are of importance so it's a

great source of information

want even more cyber rants be sure to

subscribe to the cyber rants podcast

get your copy of our best-selling book

cyber rants on amazon today

this podcast is brought to you by silent

sector

a firm dedicated to building world-class

cyber security

programs for mid-market and emerging

companies across the u.s

silent sector also provides

industry-leading penetration tests

and cyber risk assessments visit

silentsector.com and contact us today

that being said uh by popular request

today we are talking about how to get

into the cyber security industry

and what you need to think about what

you need to do and

i'm going to preface all this with uh it

depends

there's there's no right answer to that

right and so everybody's got different

skill sets

everybody has a different point of view

but i figured

maybe we'll start by just talking

briefly about how you guys got into the

cyber security

industry mike and laura because i'm a

i'm a business guy by nature so yes i

have certifications

and such but um i

have a kind of a skewed viewpoint uh

i i would say so i think people are

asking really about how do you become a

practitioner

in the cyber security field um so that

said

do one of you mind taking the big leap

and just

sharing briefly you know two minutes or

so on

your path and how that went what that

looked like

so we're talking about history in this

podcast i guess not yeah this is ancient

history by the way dust off the cobwebs

you know off your your uh your journal

from when you got started because i know

you kept a journal

yeah some clay tablets okay so let me

preface let me preface this with um

by popular request what what zach was

was saying is that we were actually

approached on linkedin

so if you if you have a request for for

a topic um you know don't hesitate to

approach one of us on linkedin and

shoot us a message and we'll if you know

we'll throw you in the schedule so

thank you for that suggestion okay

now on to mike i'm going to let you i'm

going to let you go first

your tail is older than time and my tail

is as old as time so i'm not really sure

which came first i i would say that my

tail is older than some of our audience

by many years

um so but basically back in the day

i uh started my it career by

actually it's not that old it's pretty

close to old but anyway it's uh so i

started

the day working actually i was selling

computer parts uh back when six megs

memory would cost you 800 bucks

um driving to work listening to a

cassette tape exactly

if you were lucky anyway

um and so i jumped to taking my my

my cutting edge nt 4.0 classes uh

because that's what i really wanted to

i went from there my first job interview

in the it security

or it realm was they handed me a stack

of floppies for the os and stack of

floppies for lotus notes

mail servers that was before exchange um

and basically said you got three days to

build this if you pass

then you can have a job if not well you

just wasted three days

so basically that's how i started that's

how i got into the industry there was no

vms there were no clicks there was

stacks of floppy drives and for those of

you don't know what a floppy drive is

it's a little square disc about three

inches by three inches that had a piece

of magnetic tape

and hold held a whole 1.4 megabytes of

data

so yeah it's like a zip drive but softer

yeah

exactly so um yeah and you put them in

an order otherwise you start over again

uh the the stuff that we had to do back

in the day is uh

is much different but anyway you start

from there and you just learned

everything you can learn and that's the

way it is and

i didn't really get into cyber security

until you know it's still a long time

ago about you

well we did it as part of our normal job

there wasn't really a thing called cyber

security was just part of you had to

secure your networks you had the

security it was called good engineering

right

exactly and then you know really got

into socks and all that kind of stuff in

2004 2005. so

that's where that started but yeah there

was a good 10 12 years of me just

that was just what you did so that's

that's sarbanes-oxley for those

those who don't know not not a not a

footwear not something that goes under

your footwear

compliance compliance requirements

exactly

or yeah not a sports team either in this

in this instance

so that that's my story in that show how

about you laurel well i learned um

on an abacus play tablets too

so uh

we had to make it you know we didn't

just get to go buy it you know we were

poor we had to make our own clay

yeah i started out doing stuff in you

know i guess it was about i don't know

maybe

fifth or sixth grade and then i guess it

really got fun in high school when

you know computers were just starting to

get they have like really good graphic

games and i'm talking about

castle wolfenstein and doom and so that

was really my motivation to get into itu

was that these

these video games were coming out on on

on pc platform were so awesome at the

time

in high school i volunteered to do the

uh kind of you know work with the

the lady that um her name was mrs

simmons and she was pretty much in

charge of the computer lab she's a

really

capable lady she had like a computer

science degree from like old school

when it was it was really like math and

stuff right so

um she set up like the apple twos and

stuff for the typing lab and so we got

all these like well you know

windows 351 i guess and they were gonna

start a little network with like eight

systems and so i got to help build that

and my whole purpose was so that i could

load

castle wolfenstein and skip class and

play across a woman's side in the

computer lab

um and that really kind of led to some

you know advice from a friend and

joining the military and you know kind

of taking that

that fun and technology sort of um into

the united states army

and that's i think really what i guess

sharpen the knife

if you will or it got me out of that i

still played video games on deployments

when there was time don't get me wrong

there's still that's still going to

happen however you know there were a lot

of other fun stuff to do in it and you

know like mike

cyber street at the time was just part

of it i mean you know communication

security's such a core

part of the military anyway you know

everything from radios and physical

cryptography

you you learn those types of principles

already you know it doesn't matter

really what job you're doing in the

military if you're operating a radio

you've got crypto

in your hands right they're securing

that communication line and so

you know that that was a lot of fun and

i learned a lot there

and i it was one of those things where

it was time to

kind of move on and so out of the

military

one of my first corporate jobs was

working a

network administration kind of role for

um a major gas company i don't think

they are but we were controlling all the

scada equipment

uh for for the pipeline essentially

not not the one that got hacked

different one different one this is

it's your 2003. no no no it's not

the other thing i thought was funny is

that i put um i helped

i helped build the very first firewalls

that were established in one of our

major bases

i'm not going to say the military army

base

and i found out like 10 years later

there was some breach

to it from a person of mine and i was

like i wonder if they changed those

passwords i hope they hope they did some

basic things right or maybe they still

put something new in but i

i did i had a little heart fail and i

was like was that me did i do something

wrong but no it totally wasn't it was a

completely new set of equipment

but they're going to be cutting it up

and you do push-ups now that you're

civilian

push-ups with the hose in your face

because 10 years ago

hey screwed up the firewalls exactly 10

years ago oh gosh

anyways but you know that that network

that network administration job

you know really turned into a cyber

security job when another organization

needed a security manager because they

were trying to process credit cards

and visa at the time using their cisp

um framework was requiring them to do

basically a whole bunch of nist stuff

right and so that's that's really kind

of where

i turned from doing you know good core

network engineering and uh

you know i'd consider to be cyber

security um corporate on the corporate

level

and that's kind of where the cold

governance piece came and got to see pci

get developed from there

and oh gosh now it's just a nightmare

i don't want to remember it's amazing

how far we've come i mean

you know kids come out of college or

people come out of college and they've

got these specialized things and

have no idea no concept of what the

other you know

what we went through to build all this

stuff um you know the trial and error

that's out there because

you know you've had to you know build

things from scratch it's crazy i think

about i got to i got to play on the very

first cisco router that cisco ever made

you know i mean it's just like it's a

bizarre and i was like

my buddy was like you should invest in

these guys just put some money in in

cisco they're going to be big one day

and i'm like

it's just another piece of network gear

like who cares

i gotta share one of my my first hacks

and you guys let me know if this is

if this is truly a hack or not but um i

grew up on the apple right start out

apple 2e

and then um got the first you know one

of the early macintosh with the black

and white screen and

around that time um res edit came out so

i don't know if you

remember res edit for for mac you know i

this was probably

i don't know maybe mid 90s what i could

do is go in

and change the um basically edit the

operating system right and

graphics and different

types of like error messages and that

sort of thing but

you could also edit all the fonts and so

what you could do is switch

like you could switch the little font

graphic

for the keys on the keyboard right so

you could switch like the d

and k font for example and then pop

the keys off the keyboard and switch

them as well so they

so the keyboard works right but it's but

it's a weird layout now and so i did

that in my computer lab

at school and they weren't too happy

about that but that was um

that was a lot of fun back then when it

was that simple yeah

i would i would call that that that app

res was called it's a tweak what they

call a system tweaker

so yeah yeah yeah system tweaks right

and so

i wasn't i wasn't privileged enough to

have a

mac i i had a trash 80. so whatever but

anyways

um yeah we had we had once we got into

windows 95 right we had two key

we had tweaking apps to do all kinds of

stuff to the desktop and everything else

but yeah apple was always on top of that

yeah a lot of a lot of fun i think they

thought that today a misdemeanor

yeah oh yeah it's not not yeah that that

violates the computer fraud and abuse

act

so uh could say well that was uh that

never happened i just um

just a joke just you heard about it from

some guy yep i heard that you

that could be done um reading that on a

blog

nowadays so nowadays i think it's a bit

different right so back when you guys

back in ancient times

um and uh kind of the dark ages when you

guys started

and you kind of worked your way up all

through the ranks of i.t

and then eventually security became its

own domain

right and the people recognize that hey

there's

the skill sets are getting broader and

broader so people need to be focused and

nowadays

a lot of people are going um maybe have

some light i.t background or going into

the security field or even no i.t

background and going into the security

field

and so there are questions out there

about how do i know what i want to do do

i want to

be on the red team side doing the

attacks pen testing stuff like that or

do i want to be on the blue team side

defending the networks uh you know

and i i don't know what if there's a

right answer for that but maybe we

should dive into talking a little bit

about

certs and some things you can do another

common question is

uh college degree versus certifications

do i need to have a degree

to get into the field those types of

things what would your

what would your recommendations be in

terms of

um identifying what you like to do

and what kind of where your skill set or

where your natural abilities

land themselves and then you know how to

go down that path from a

from a education perspective well i can

speak to the college thing

is the only one on this podcast with a

college degree

that happens to be in history i'm going

to say college degree not that important

for

i.t security so um

yeah i mean you know the mysteries of

rome you know true

true yes i i learned important things

about serfdom in russia in the 18th

century

um you know things like that that uh you

know i use today

when i'm putting together my

documentation

yeah well here here's what i'll say

right is it to your point right i think

i think it depends on your learning

style okay and so i think

some people are better guided learners

and some people are better self

kind of self-taught learners right and

so there's two tracks you know i think

college or you know more of those types

of courses are going to be you know

for the guided learning individuals to

do better and you know group sessions

with labs and that sort of thing right

whereas the

you know if you're already got some tech

behind your your belt

and you're you're pretty savvy already

then there's lots of you know just

solo learning resources that you can

leverage now back when mike and i

got into this you know microsoft came

out with their you know microsoft

certified systems engineer track

and it required you to take three major

operating systems

and then two electives at the time and

so that those elections are typically

networking essentials and like

iis server or exchange or something

something ridiculous right some other

microsoft component and that's how you

you know you kind of you kind of worked

your way from there and then of course

ise squared was the i think some of the

very first cyber security related

i guess certification that came out and

so they're still out there

yeah they're global and then you know

isakka you know for certifications i

guess

to touch on that you know ifc squared

isaka sands

i think all these places are going to be

good good

locations to get your certs and you know

mike i don't know i mean

uh i think i think it's i mean i don't

know do you have any suggestions on you

know

i know we you know your history degree

doesn't doesn't

kind of doesn't matter right it's really

irrelevant i guess the only thing that

does help me do

is write i mean i've learned to write at

a college level which helps me with

writing documentation and that's really

the only value i see from that education

that being said

you know you can get a cease from ec

console and then you go on to more

advanced tracks from there

um those are great things to have though

but those are tests they're learning

their books are so not hands-on tests so

you know i had and i don't know if they

still even offer this the cpt test was a

certified penetration tester

tester test which basically they gave

you two vms and said you got to hack

these

um you had to root these two unix

servers in order to get a certification

that i found far more valuable

i mean i learned some things in the ceh

class that taught me how to do that

stuff

um so those are those are the kind of

base certs to get

um the ceh is a good one

you know um but you want experience you

want hands-on experience you want to be

able to

to go ahead and do this but i still go

back to the fact of you know things that

laurel and i learned

growing through the ranks of this um

you know you have to understand how the

enterprise works and integrates and

how systems work and why they work

before you can truly understand how to

hack into them

or break into them and that's that's my

firm belief to this day if you don't

understand

you know how the data transverses the

entire environment

and why those ports are open and that

sort of thing and all you know how to do

is write some cool scripts that can

you know enumerate data

you're not understanding how to truly

protect

an environment yeah there's a difference

between like what the nation state like

you know this

you know this this hacker collective

like where you know we're seeing active

today right like there's a there's a big

difference between what

what they're doing and what even

capabilities that you know stuff like

we're checking for right i mean it's

just a different

mindset you know and so

if you if you're trying to get into the

penetration testing game you know like

mike said it's good to have some

fundamental

i.t stuff under your belt already you

know building basic windows servers

doing basic networking stuff right i

mean if you

you know if you if you can't you know i

mean i don't want to throw sudden

netting in there as a

as an example but if you don't know

basic subnetting like what a slash 26 or

slash 25

is then it's going to be more difficult

for you to do this but it's not

impossible

and there are a lot of tools out there

and so if you you know

i think you know mike talked about the

cpt

and um the ethical hacker course

offensive security

offers really some top-notch top-notch

courses and they give you

some guided learning but you also have a

lab so you have a capture the flag which

you've got to do now that's a paid for

track right if you want something free

hack the box is an absolutely free

platform

they're it's run by penetration testers

typically um

and so they're automatically always

changing

there's an open forum to build a new

capture the flag models so i i urge

everybody who really wants to do this if

you if you can

if you can break through the membership

capture the flag and become a member of

a pack of bots of you then you're well

on your way

and if you need to learn how to do those

things half the box has an academy.eu

and they've got some pretty good courses

in there to get you on your way but um

you know and it's i guess you know

further on this

just drop a couple tools in your lap um

you need to either be on

you know be able to use cali repaired os

yeah

okay um and in order to run those

efficiently you probably also should use

something like virtualbox or

you know whatever it is that you know

options you have on windows um

you'll want to be very familiar with the

metasploit framework which is going to

be a part of cali and parrot

and you're going to be familiar with

with openvas which is the basically a

linux-based

resource vulnerability scanner so the

the

the whole the whole kind of process of

identifying the attack surface and then

you know trying to attempting to

compromise right

and so um uh you know those those types

of things i think are going to be

pretty important for you to be able to

not just use but learn on

and if you know whether you go down you

know either certified

ethical hacker class or cpt or oscp for

offensive security

you're going to be required to be

capable on cali parrot

using using metasploit so um

yeah and then and then for i guess to

drop some programming stuff

if i don't think i don't think you have

to program to be in cyber security right

i mean there are

no as mike said one of the very one of

the most important foundational things i

think we do is writing

i mean by far i mean all of the

knowledge and

all of the experience that we have mean

nothing if we can't

transcribe that in a manner that is

consumable by our

our customers right and so i think the

writing

is probably one of the most important

pieces out of all this um

you know because if you've got a if

you've got a i mean whether you're

writing a penetration testing report or

or risk assessment report or um any kind

you know road mapping or anything like

that it's it's critical that your

writing skills are on point

but um you know as as you know mike said

you know i think you know college is is

is a good thing um

and you're going to be able to take

pieces of that if you've already had it

you're going to take people's pieces of

that to use

but i guess it just depends on how

motivated you are right but we have

those positions all over cyber crew not

just pin testing right

um governance i would say the one

limiter though

on college is that if you want to get

into management you're going to have to

have a college degree you know yeah

entrepreneurial aside you know that's a

different story but if you're

going to go work at a you know fortune

500 company and you want to work your

way up to cio or cso or whatever

you've got to have a degree they're not

going to let you get past and you'll

need a master's and such

you know for that and yeah there's

certainly benefits to college

um you know i it's just one of those

things where it's

it's not necessarily the right track for

everybody um

and and everybody's got to make that

that decision for themselves there's

things that you're going to get there

that you won't get just from doing certs

but if you're looking for the direct

path in i would say that

generally speaking for for security

practitioners the certifications are

going to hold more weight

and they also give the employers

a a better look at specifically what you

know right because they're more

focused in nature um as far as

certifications i mean i only have

five certs but the one for me that was

the the best i think was the actually

the comptia network

plus course because going back to

networking side of things i mean

understanding connectivity uh was huge

and so that that was good i mean i i

ceh was great um there are some others

out there that i think are great but um

yeah i think for getting started

depending on your your

background and experiencing on the

networking side that can be a great

great place to go if you're real early

in in this path and there's a bunch of

other free resources out there right

youtube has millions of hours of

videos on cyber security um of course

and then

there's a cyborg

they have free memberships for

individuals and you can get

all kinds of training modules through

that

if you're a veteran there are a bunch of

lots and lots of free resources out

there for you so if you can

self-guide um that's those can be a

great way to go

stepping into the other disciplines

though i mean of course

yeah compliance right what other skills

would you say so writing of course is

critical

um you know project management yeah i

think

project management's critical role you

know what i mean and then depending on

what how deeply you're involved with

compliance i mean you need to be able to

read and understand things like ccpa and

hipaa and understand the

the thoughts behind them and the

requirements behind them translate that

into readable language for your client

or your company or however

you want to manage it because i mean as

a cso level and sometimes i

you know i play a lawyer on tv for lack

of a better word because i interpret

this stuff and say

this is what this means um so

there's that skill set that you need to

learn as well

well great i mean there's there's a lot

more we could say on this but um

in interest to keeping the the episode

to a reasonable length let's

wrap it up here any any final comments

before we jump off

you know what send us an email if you

want some more information and

we'll respond to the email or we'll put

up another one of these podcasts

or linkedin is great too yeah yeah yeah

reach out on linkedin and i think

what's important is that you get excited

about it you know i think you should go

after whatever excites you and if you

know being in cyber security and

you know trying to help protect you know

the the businesses that

front our economy and here in the united

states then go for it and yeah reach out

to us if there's anything that we can do

to help or if we can talk about this

great well thank you for joining us on

the cyber rants podcast for those of you

who looking to get into the business

hope this was helpful

and if you like the podcast please

subscribe send us your feedback your

comments

and we'd love to hear from you have a

great day

Episode #31 - How to Start a Career in Cybersecurity

Send Us Your Questions & Rants!

Categories

Archives

Transcript