February 18, 2025 • 56 mins
🎙 Episode 34 - Job Hunting: Top 10 Tips to Land the Next One
Looking for your next big career move? In this episode of Cyber Security America, we break down the Top 10 Tips to help you navigate the job market and secure your next role with confidence. Whether you're a seasoned cybersecurity professional or just starting out, we’ll cover essential strategies—from optimizing your resume and acing interviews to leveraging your network and standing out in a competitive field.
đź“ş Watch the full video version on YouTube: Cyber Security America
đź“ť Read the full article on LinkedIn: Job Hunting 2025: Top 10 Tips to Land Your Next Role
👤 Learn more about the host, Joshua Nicholson:
đź”— Website: www.darkstack7.com
đź”— LinkedIn: www.linkedin.com/in/joshuarnicholson
🎧 Listen now on your favorite podcast platform!
Don’t miss this essential career guide—subscribe, watch, and read to stay ahead in your job search! 🚀
Mark as Played
Transcript
Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
(00:05):
Today's businesses are on a vigilantwatch for threats in an ongoing cyber war.
It's time to get real world solutionsto protect and secure your valuable
business information anytime, anywhere.
Welcome to cyber securityAmerica with Josh Nicholson.
So this episode is somethingthat's near and dear to my heart.
(00:26):
It's the top 10 things, top 10 tipsin the job market and how to adapt.
One of the things that we all understandnowadays that the job market is a
little uncertain that you need toensure that your skills are up to date.
There's also a process for howyou go about looking for that next
opportunity, how do you build your brand?
How do you do a number ofthose different things?
(00:47):
I thought it would be a fascinatingshow to talk about that and
to talk about what are some ofthose tips that people are doing.
I know some things I did butI wanted to talk to one of the
big recruiters of the area here.
I wanted to touch and dive in.
Now today I'm joined by Blake Williams.
Now Blake is a founder and he's aheadhunter at hyperdrive recruiting.
(01:08):
Now he's delivering revenuegenerators for the business.
And he writes resumes that double asinterviews through the HR approved.
com website.
And he's got over 13 years ofexperience recruiting and sales
and marketing, product engineering,and cybersecurity talent.
And so I wanted to bring him to theshow and be able to bring us, give us
some guidelines on what, what is outthere, how best to adapt and so forth.
(01:31):
Blake welcome to the show.
Now, did I miss anythingabout your background?
What did I miss?
You nailed it, man.
Good job.
Yeah.
Happy
to be here.
Thanks for the invite.
Awesome.
Hey, first thing, just a couple ofthings we're seeing in the news, just
from a threat intelligence perspective.
Some of you have heard ofthat AI platform DeepSeek.
It's been in the news lately.
It's this Chinese AI model that'ssupposed to be hyper accurate
(01:53):
and surprising a lot of people.
Some people said it was likethe Sputnik moment of AI.
I don't know about all that,but I do know there's been a lot
of reporting of it being down.
Several different attackscoming from IP addresses.
originating in the United States.
I think there's also a lot of researchers.
There's some research out there thatsaying that this popular generate
(02:13):
AI model allows for hallucinations.
It can easily avoid guardrails.
It's susceptible to jailbreakingand malware creation requests.
And it's more at a critical rates.
high rates of errors are being found.
We're also seeing the news highereducation being targeted right now as
they work to hijack Microsoft logons.
(02:34):
We're seeing this in higher ed.
They'll even compromise one O365environment within one higher education
institute and use that as a stagingground against another because they
obviously communicate so it's easierto have that kind of trust model.
So we're seeing a lot of that reallywant to concentrate ensuring that
you have MFA enabled on all accounts.
And then critical accounts actuallyhave step up authentication.
(02:57):
We're also seeing a lot of ransomwareright now that has not died off.
Ransomware has continued to go on rampant.
Organizations are stillgetting hit by this.
We're seeing a kind of a mix.
We're seeing some organizationshave been hit in the past, have
adapted, and they're not as bad.
They're able to recover.
Then we're seeing some that are hitfor the first time, and it's still
very basic rules are being negated.
(03:18):
So not having, have, havingadmin rights on all the desktops.
Not using something likeLAPS, not locking down Azure.
They're still comingand you're seeing those.
Some news as well, SolarWinds was takenprivate . That was news this week for 4.
4 billion dollars over to River Capital.
Now if y'all remember SolarWindsstarted off pretty much the largest
(03:40):
supply chain attack in U. S. history.
This is when the Russians were able toutilize that system in their updates.
We were able to compromise the updatingpatches of it and were able to distribute
malware in their customers environments.
We're also seeing just ahuge attack on Fortinet.
Fortinet warned just the other daythat attackers are exploiting a
(04:01):
another now patched zero day bug.
It's in FortOS and FortProxy, andit's used to hijack Fortinet firewalls
and then breach enterprise networks.
Now, successful exploitationof this authentication bypass,
you can look at more details.
It's on CVE-2025-24472.
And this allows remote attackers togain super admin privileges by making
(04:24):
maliciously crafted CSF proxy requests.
Now you could go on there to seewhether you are vulnerable and
what are some of the steps to do.
But essentially they were using thatzero day vulnerability wrecking
havoc on several organizations.
Now, according to Fortinet, theattackers exploit two vulnerabilities
to generate random admin or localusers on these affected devices.
(04:47):
So it goes back to ensuring youhave proper understanding of the
management and administration of yourdevices, and then adding them to a
new and existing SSL VPN users group.
They've also been modifying firewallpolicies and other configurations
and accessing SSL VPN instances withpreviously established rogue accounts.
This is allows them to do atunnel to the internal network.
(05:11):
Now, while Fortinet didn't provideadditional information on campaigns,
this has been noted lately.
There's several IOCs related to it, andif you have a Fortinet firewall, you
definitely want to be ensuring it's clear.
Configuration and that allthe software is up to date.
Also, I have some greatnews for the podcast here.
(05:31):
So on the YouTube show,we've hit 300 subscribers.
So really appreciate everybodyhitting that subscribe and hitting
that and sharing it out on yoursocial media platforms just a
really great accomplishment, andwe're going to hopefully have
more content as we move forward.
So Blake, really greatto have you on the show.
And I think it, we wanted to startoff, what are you seeing right now
(05:54):
in the market, you and I talked.
A couple of times before, butwhat are you seeing in the
market from a jobs perspective incybersecurity and potentially in it?
And what's some of youradvice as we go into 2025?
Yeah, it's still a tough year in itin general and in, cybersecurity,
all white collar workers weredefinitely still in a white collar
(06:14):
recession as they're calling it.
But some of the stats are,they're just tough, you gotta
be patient in this market.
And you got to go above and beyondto actually land an interview.
You can't just rely on fixing one versionof your resume and applying to jobs.
You're going to go inthe resume black hole.
Some of the stats thatwere coming out are there.
(06:37):
Yeah, they're rough.
It's, I think you have to applyon average to just under 300
jobs to actually land a job.
And there's about a 97.
No, 99.
7 percent failure ratewhenever you just apply.
There's a lot you haveto do to overcome that.
So yeah, I'm excited to diveinto some of that with you today.
(07:02):
I, I was looking at the NC techjobs report just this morning,
and there was an uptick in Januaryfor the number of IT jobs in North
Carolina is what they look at.
But This is a good indicator.
This is a good hub of tech jobsover the country, I believe.
But although it was an uptick, it'sstill very low compared to what
(07:25):
we saw pre COVID and after COVID.
And every single category of ITjobs saw an increase of job postings
with the exception of UI UX design.
And I think we know the culprit there.
Most likely starts with an A endswith an I there's a lot of folks in
(07:47):
that community that are saying that,Hey, companies like to put us in the
bucket of simply visual designers,but UX includes much more than that.
It's hard to get a company'scorporate office to agree with that.
They're going to face someheadwinds and in that particular
skillset, but otherwise it seemed.
(08:09):
We're seeing a comebackand I'm very optimistic.
No, that's
great to hear that.
I think there's a differentways to approach things as well.
One of the things I started readingwas how do you do SEO with LinkedIn?
How do I make my brand better?
Does it make sense to fill outall the categories on LinkedIn?
What are recruiters really doing all day?
Are you really mining LinkedInall day and doing Google's?
(08:31):
So you're trying to put your mind yourmind into the, Space of the recruiter.
And so just how arethey looking at things?
So would you, if I was just startingoff in the beginning, is it,
should I focus on my resume first?
Should it be I get professionalguideline design on my LinkedIn.
Should it be my interviewing skills,or it should be all of these.
(08:51):
You should take an inventory of kindof your skill sets, but you could
see somebody sitting back going,all right, the job market stuff,
how do I differentiate what is,what do I need to have on LinkedIn?
What shouldn't I say?
What are some of the biggest turnoffs,from a recruiter here's X in that
first 15 minutes and that's it.
You don't move on to the next round.
What are your thoughts on some of those?
(09:13):
Yeah, there's a lot to unpack there.
I would definitely startwith the LinkedIn profile.
I think LinkedIn presence is paramount.
Having a full profilecompletely filled out.
And then once you have a full LinkedInprofile, you can actually download that.
You can download your profile asa PDF document and, or they used
(09:34):
to have a resume builder feature.
I'm not sure if they still have that, butyou can download that and then cut and
paste some of the content into a resume.
And then, so number two isgetting your resume dialed in.
You definitely don't want to relyon a single version of your resume.
You want to tailor it foreach job that you apply to.
A lot of job seekers don't realize,there, there, there's a lot of
(09:59):
complaints about the ATS, right?
The Applicant Tracking Systemis going to screen you out.
And there's, Some instances ofthat, some are more capable than
others, but oftentimes candidatesare eliminated in the grid view.
In the grid view is a screen where yougo into the applicant tracking system.
You're looking at all the applicants.
(10:20):
A lot of time there, there areseveral hundred applicants.
So each recruiter is looking for a wayto, trim down that list and get the top 20
candidates, as fast as they possibly can.
So they're looking at three main columns,which is the job title match, the industry
match, and the location match, becausea lot of companies are returning to
(10:44):
office, so even if the job says it'sremote, often times there is a location.
Limitation, you have to be in thesame time zone or the same state
or within, within an hour of theoffice or something like that.
So people are getting eliminated.
I think 70 to 80 percent of candidatesare eliminated in the grid view
because of one of those items andthe remaining 20 percent are viewed.
(11:08):
And that's when you have to actually,think about what your resume says
when they open it, because you onlyget, it's around five seconds, right?
Looking at, okay, what's your skillset.
Where are you?
You should put those things at the top ofyour resume, like right below your name.
Tailor your resume so that job titlematches the role that you applied
(11:29):
to, because there's so many titles,especially in cyber security,
so many variations of titles.
It can't just be, Cyber securityengineer, if it's, if you don't feel,
uh, if it doesn't feel strange, ifit doesn't feel like you're lying to
adjust the title a little bit, just tomatch the role that you're applying to.
(11:49):
That'll definitely help your chances.
If you don't feel comfortable adjustingyour job title to match that role,
that's a good sign that you probablyshouldn't even apply because skillset.
But in terms of interviewing, there'sso many things to get right there.
We can do a whole podcast on that, ifyou do want to practice your interviews,
I would suggest recording yourselfover a video, interview yourself and
(12:14):
do mock interviews with yourself.
If you don't like the wayyour answer sounds, then do it
again and change your script.
And get to the point where it's somethingthat you're at least mildly okay with.
And often times candidatesforget that they talk too much.
They talk themselves out of a job.
They, you really should not speakfor more than a minute or two
(12:39):
without checking in on your audience.
Because they may want to take theconversation in a different direction.
You could wind up rambling.
You could wind up saying somethingthat's going to be a turnoff.
If you can smile, stay positive,don't say anything negative, try
to reframe some of the technologiesthat you may not have experience
with, reframe that into a positivething and, try not to talk too much.
(13:06):
Then that's going to help you out.
I picked up a couple of those keywords was don't talk too much.
You said that a number of different times.
I do think when someone's nervous,cause I've interviewed hundreds of
people they tend to keep talking.
And I think it's going to beclear that they may have a set of
questions they need to get through.
What you want to do is get throughthem and hit them and positively hit
(13:27):
them before having time afterward tohave the banter they're thinking it's
okay, so I know they're going to askabout get these through these for the
thinking is have a clear crisp responsefor that particular question and then
ask is there's anything clarifying andthen wait, is that kind of what you
think is hit it, maybe spend a minuteon it, make sure you covered the points.
(13:49):
Ask if there was any,does that make sense?
And then move on to the next andgive yourself a minute, maybe
a minute and a half in thatarea, but hit it and forget it.
Type out.
Exactly.
Yeah.
Check in with the audience.
Did I answer your question?
And my personal favorite,it's a Jedi mind trick.
End your answer by saying, andthat's why I thought I was a good
(14:13):
fit for this job in this company.
That's a good point.
That's a good point.
I think one of the things I noticedfrom interviewing is that when we
have a candidate that knows thejob description, but also knows the
company, and it has some really goodqualifying questions on how the role
will expand and map to the strategythat you had in your 10 K or whatever.
(14:33):
I've had people read the 10 K of thecompany I was with, and I thought
it was really just impressive.
And then I've had people that didn'treally understand what company they
were applying to and the name of thecompany that they were interviewing for.
It was just really weird to see
but I thought the person thatwas prepared to understand your
business understand the role.
And I think understanding the role inorder to accomplish it to the best of
(14:55):
your ability, not to understand how itwould be some personal growth for you.
Like I'm really looking to do this.
And I think you make people make itcomplicated when they talk about all
the things you want to do and how youwant to do this with your career and
do all that and to a manager I don'teven know how to satisfy half of that.
How would I does that make sense?
It's difficult to.
(15:18):
I just take the approach that I wantto come in as a humbled warrior.
I'm there for the team.
I want to win.
I'm somebody to get alongwith everybody else.
I'm not somebody that has some big careerdemand that you're going to have to mentor
me and I should be promoted in six months.
Does that make sense?
How do you relate that to aninterviewer that I'm trying to
(15:39):
express that emotion, right?
Yeah, I get what you're saying.
Yeah, it's tough, especially ifyou get excited and you want to
promote yourself and that's okay.
You just can't forget though, that thecompany doesn't really care what you're
interested in, what you can learn thisand that, they're interested in what
you can do on day one, oftentimes.
Forget what you're interestedin, what do they need?
(16:01):
So to figure that out, youhave to ask a lot of questions.
I always recommend folks to put on theirconsultant hat in these interviews.
The another Jedi mind trick isgoing to the interview thinking that
you already have two other offers.
So you remove all that pressure andnow you're taking the approach of I
(16:25):
gotta already have two other offers.
Let me go in and see whatthis company is all about.
That frees you up tojust be curious, right?
Ask just as manyquestions as they ask you.
And that puts you in more of a positionof power but now the market is so
competitive that companies are not goingto settle for a nice to have candidate.
(16:48):
They're going to settle forthe must have candidate, right?
And you may be a vitaminto their problem, right?
If your body, if you're not healthyand you're deficient in certain
area of vitaminal health, but,oftentimes the pain reliever.
Is going to be the fastest hire who isgoing to resolve the immediate pain that
(17:11):
the company has right now, not somebodywho can learn and get up to speed three
months from now, if they take vitamins.
Yeah, that's a good point.
I also I wanted to ask you afew questions on like education.
I used to tell people that, yeah I gotmy bachelor's degree and it's mostly
a, cause I learned like to learn andbe, I didn't want to be excluded from a
(17:33):
job offer because of a piece of paper.
But we're seeing that there's a lotof good job descriptions out there
that say you must have a bachelor'sdegree, but they really don't mean it.
They're just like weeding out a groupof people that says, Hey, if you
generally uneducated don't apply.
I see so many people that haveall the qualifications for that
(17:53):
role, but they don't have thedegree and they don't apply.
Because there's one, it's like thisprinciple, if I don't match everything
that's in that job description, Idon't even attempt to apply to it.
I was telling them.
I wouldn't do that at all.
I would map the majority of itseems to match your skill set.
Tell them that don't talk yourself out ofa potential great hire because somebody
used some template on the internet thatsaid some word and you don't think you
(18:17):
qualify because if they really wantedthat, why else would they write that?
How critical is it on thosepieces for those job descriptions?
Yeah, I would, job descriptions, most ofthem are either cut and paste from an old
description that a company used a year agoand, or AI generated the job description.
So I would take all those little itemswith a grain of salt, none of them are
(18:40):
It's going to be knockout questions.
If you don't have one tool, but youhave a, another tool that basically
does the same thing you understand theconcepts of what that tool is used for.
So I wouldn't see that as a deal breaker.
And also, if you don't have a degree, veryfew companies nowadays, do I ever run into
where, it's a must have that you, you needa bachelor's degree, think companies are.
(19:05):
Parted ways with that idea in thismarket, it's more about the skills
that you have, the professionalskills just having the degree is
not really going to do much for you.
Yeah.
I see where the executive's ranks,having a degree is a must have.
Everybody has degrees, a master'sdegrees in executive ranks.
But in the tech engineering ranks,you used to have them as well.
(19:27):
And now it's, you don't,you, the certifications have
become much more popular.
They're a lot more effective.
I, I did my degree in 10 years.
Imagine how much the technology atnight school, cause I got out of the
Marine Corps, but imagine how muchtechnology changed in 10 years as
you're getting your bachelor's degree.
Cause I could only, but you couldsee where the certifications keep
up with the newest technology.
(19:49):
Right out of the gate.
I love the fact that my Javaprofessor was adjunct and he did
Java programming during the day.
So it was just a very enrichingexperience from that perspective.
But I see a lot of people thatwould be, have great skills for
a certain role, especially whenyou talk about audit roles.
Like they say, Josh, I'd love tobe in cybersecurity, but man, I'm
terrible in math and I can't program.
(20:11):
They have this vision that cybersecurityis all math and programming.
It sounds horrible whenyou think of it that way.
It's not there's all thesedifferent aspects of it.
And I think there's a lot of candidateswho would be great in audit and
governance and risking compliance,for instance, they don't apply for it.
They think it's too complicated.
So I always ask them to look atyour, how, Look at your skills that
(20:32):
you have and how do you update them?
For instance, if you're lookingfor a job, you go through LinkedIn.
LinkedIn has this premium versionwhere you get a lot of training.
So in my realm in cybersecurity,you could take a lot of training,
get certifications, and it shows upas a badge on your LinkedIn page.
How important is that?
If you, as a recruiter would seesomebody's LinkedIn page and you see
(20:53):
these certifications and, or at leastthis continuing training in advanced
technologies so say it is cloud, you'reinterviewing for somebody Doesn't have
much experience, but they have a ton ofthe training courses on their LinkedIn.
Would you consider giving them a call?
I would.
Yeah.
It, it's not going to be the secret sauce.
It's going to give you a slightedge in a competitive situation.
(21:15):
Certifications alone are going tobe like the game changer that some
folks think that they are going to be.
But if it's, if there's two candidatesthat they're looking at for a
particular role, there's a top two.
And one has all these certifications,the other doesn't, I would
argue that gives the candidatewith certifications an edge.
(21:38):
Yeah, no, I would think so.
At the same time I think there'sa lot of these trick questions.
I'm curious how you answersome of these questions.
Okay, now let me whatare you the worst at?
Tell me what is thearea you can improve on?
Tell me the time you messedup and learned from it.
These negative experiences, we haveto turn them around and say some,
how you positively learn something.
(21:59):
Or the biggest, most difficultone is tell me about yourself.
I think if most of the candidates couldjust get, I'd tell me about yourself.
I don't want to know what kindergartenyou went to, but I do want to see how,
some personality of what your life,some kind of hinge of who are you
are as a person before dumping into.
What you do profession.
What are your thoughts on it?
(22:20):
Yeah.
Elevator pitch.
We talk about that a lot.
The best ones are 30 seconds.
And you don't go all the way back toyour childhood or anything like that.
And you don't ramble on.
It's just, yeah, I may.
Whatever your title is, I'vegot seven years of experience.
I've worked in this industry, thisother industry, strong in these tools.
(22:43):
And what I'm known for arethese three things, and I was
interested in your company.
I think that's perfect elevator pitch.
Absolutely.
That's what I think peopleneed to practice the most.
Because I've gone through some trainingexercise with my nephews and so forth.
When you ask somebody that and theycome up off the fly, it's just a lot
(23:03):
of ums and just not handled it right.
And so I would think you would wanna goover your elevator pitch and then go over
your elevator pitch, and then go overyour elevator pitch and then go over your
elevator pitch until it becomes natural.
Because what happens is if it's likeyou, we were talking before, if it's not
natural, your brain has to go into computemode and that's when they're going.
And you're trying to give your time.
(23:24):
You bring time to think aboutwhat's the next words, but if you
already have trained with those nextwords, it flows, it feels natural.
And there's a professionalism that says.
He knows this, he or she knowstheir stuff so well, they're
able to just rattle it off.
And so it shows expertise rather thansomeone's not making it up and BSing me.
Cause if you're BSing me, you're goingto have to stop and think about it.
(23:47):
And is that true?
Yeah.
Yeah.
AI can help you with your elevator pitch.
Just upload your resume intoGoogle or, Gemini or chat GPT.
Hey, what would be a good elevatorpitch for me that I could say inside
of 30 seconds and practice saying thatover and over again, that's going to
get you better results than actinglike this the first time you've ever
(24:09):
heard this question before, becausethen you're going to have a tendency
to ramble and your elevator pitch isgoing to go well beyond 30 seconds.
You're going to be talking, some of the.
Most annoying things I encounteras a recruiter when I ask people
that, tell me about your background.
What's your story?
And people go on and on.
I'm like, Oh God, here we go.
(24:30):
And I sympathize because Iused to be one of those people.
Before I got into recruiting,I was terrible at interviewing.
I was awful.
I got turned down by about nine staffingcompanies before one of them took
a risk on me and or a chance on me.
And, so you're not born knowing howto spit off a good elevator pitch.
(24:50):
It does take quite a bit of practice,but just remember less is more.
That's a good good piece.
I did the podcast last episodeand I did a mic check with one of
the guys, and then we want to makesure our mics worked everything.
And I said, go ahead and do yourfirst 10 minutes of your presentation.
I was so nervous.
It was, I'm in so bad.
It was just unnatural.
(25:11):
It was just a mess.
I told him about to take a deepbreath, calm down, enunciate
your words don't speed things up.
You have a tendency in thesepodcasts to speed things up, like
it's some kind of training video.
We're just talking.
Chill out.
Then three days later we didthe live taping and he was
like a hundred times better.
He was just like fully relaxed.
(25:32):
The subject matter, came intocrystallization, the unstopped, the
natural speech was there and it,I think that's the same thing with
that elevator speech is to get thenatural speech down to who you are.
When we do business development,when I sometimes I do sales, right?
Not only are you a cybersecurityengineer, but everybody in
the company has got to sell.
(25:53):
So you get on theseconference calls and so forth.
One of the things I noticed that.
The customers expect, almost the sameway as a kind of recruiter would expect.
And you tell me if you're wrong ornot, it's a level of confidence, not of
arrogance, but a level of confidence thatyou can confidently answer that question.
And do it in a professional mannerand don't tell me, Oh, I've done
(26:15):
it hundreds and hundreds of times,when they tell me they got all this
experience at hundreds of times,but they just oversell it like that.
I think they're hiding aweakness when they do that.
But if they, if you have a level ofconfidence, even if there's something
you've never done before, be confidentthat you could figure it out.
I've been on Citrix beforeI've been in Microsoft.
I can, I know I can do that.
(26:36):
To me, that's attractive becausein, especially in the IT world,
security world, you can havethings that you never saw before.
The last thing you need is a guygoing, I don't know what I'm doing.
Let's get someone else.
You need this level of confidencethat says I can take on new
challenges and so forth.
I don't know.
I just feel that a confidentperson in those interviews.
And more and having a team mentalityis really the key to, do that
(26:57):
elevator spit speech that gets thosejob description things, that that
looking for it, can make sure yourelevator speech matches those things.
And like you said, which I thought was thegreatest point of that is once you've done
the elevator speech, it matches the jobdescription at the end, say, that's why I
applied because I feel that I'm the best.
So what you're doing is you'releaving that idea in their mind,
(27:21):
that recruiter's mind, that you'rethe best person for that role.
Cause you even thoughtabout this role versus you.
Is that right?
Is it's just a planning that'swhy I applied for this is because
I feel I'm most qualified for it.
All right.
Does that make sense?
It does.
Yeah.
Yeah.
Those are just some little tricks.
But yeah, I was trying to think back.
So what was your what was that question?
(27:42):
Cause I, I was thinkingmy answer and I forgot it.
What was the core questionthere of this one?
Yeah.
So I think it's a confidence levelwhen you answer a question versus
you could see where you don'twant to come across arrogant.
Oh yeah.
Yeah.
Okay.
I know where
I was going to go with
that.
Yeah.
(28:02):
Everyone's looking for the a humblesubject matter expert type person.
And yeah, if you hear, Oh, I'vedone it a thousand times, you come
off as arrogant, maybe someone whodoesn't play well with the team
someone who is, my way or the highway.
And this is how we do it.
This is how we've alwaysdone it kind of person.
(28:23):
And I think companies are veryresistant to hire people like that.
It does help if you memorize threeor four stories of actual situations
that happen in your career.
And don't be vague when you're answering,especially these behavioral questions.
What I would do in thatsituation is blah, blah, blah.
(28:45):
What I typically do isthis, that, and the other.
If you can prepare.
Much like your elevator pitch, three orfour stories of things actually happen.
Those are going to be much more powerful.
And, even if it doesn't exactly relateto the direct question they gave you,
maybe if you can just massage the questionor massage that story a little bit to
(29:08):
fit a little bit, you can still use it.
And those are going to be muchmore powerful than anything else.
And, the stories.
Typically you would paintthe picture of I was back.
It reminds me of my timeat this particular job.
And we were on a team of seven andwe were faced with this project.
We were trying to getsuch and such working.
(29:29):
We kept running into errors.
And what I suggested was.
We try so and we did that,but it ended up failing.
And what we learned wasthat's not the right approach.
So from that point forward, Ilearned that this is how you
typically handle those situations.
But, some, Those stories arebetter and just try to come off
(29:53):
as a very collaborative teamplayer in these interviews.
Because the soft skills are going todictate your success more than any other.
Technical skills.
I think the soft skills are about80 percent of your job success.
And, only 20 percent is going torely on your technical ability
(30:14):
with a certain tool or whatnot.
No, it makes sense.
And I think one of the pieces when theyput specific tools in there, it's backup
is exact or it's service now, whatever.
A lot of times, I think that's dataleakage, it gets threat actors an idea
of what the infrastructure looks like.
So it's not a good security practice toput all that in those recruiter things.
You're pretty much telling themeverything that they run internally.
(30:35):
I've even seen people put version numbersof the software in the job description.
So all you got to do is Google dorkor do some OSINT searches and you're
able to see all this information.
So you definitely got to be careful.
Now, what are the.
What are the top job boardseverybody should be on?
Obviously LinkedIn is there, they gotIndeed, they have stuff like that.
But is there some area that you wouldsay that you're going to cover your
(30:59):
bases the most if you at least havethese platforms that you're using?
What would be your suggestions?
Yeah, there's thousands ofdifferent job boards out there.
The Biggest players.
I would go first to Indeed.
Excuse me.
I would go first to LinkedInIndeed's the second, and then
you can do like zip recruiter.
I'll just be careful about putting likemy real cell phone number on my resume, if
(31:23):
you upload it to some of those platformsto be found, maybe just spin up like
a Google voice number, a burner phonenumber, so you don't get blown up by
foreign recruiters for the rest of yourlife in your core cell phone number.
But.
Number one is LinkedIn and if yousee a job on LinkedIn, you know
some, sometimes it, the link willtake you to the company's website.
(31:46):
So you can apply on the company'swebsite through their, in-house
integration with their own a TS.
But if it wants you to apply throughLinkedIn, kinda shy away from that.
I would rather go find that job onthe company's actual career site.
Because then you're going to get thatdirect path through their parsing
(32:08):
technology into their ATS without sometype of integration that has to happen.
Who knows what's going to happen to theformatting of your resume if you do that.
That's what I would say.
Reply directly on the company's website.
You can find the jobs anywhere.
Go any job board out there.
It doesn't even matter.
Find them all over theplace, but don't apply there.
(32:30):
Go find it on the company'swebsite and apply directly.
That's a good, that's a good point there.
I was always wondering one, one techniqueI would use, I would see the recruiter
that posted on LinkedIn and I would goto her profile or his profile and just
go look at it and even follow them.
And that way they go, Hey,somebody just followed me.
Let me see that.
(32:50):
Oh, that happened to havethe skill sets for this job.
I happen to be applying for it.
Hey, how are you doing?
I don't know.
Does that technique work?
Cause to me that, thatseems to make sense.
I'm not going straight to thisrecruiter that, that published this
job, but it's a way of passivelygetting in front of them and letting
them know you may be interested.
I don't know.
Does that kind of stuff work?
Do you recruit or see who'slooked at your profile and see if
(33:13):
that's a job you got for that or?
Yeah, totally.
Totally.
Yeah.
And now if you're in talent acquisitionat a company that's hiring a lot,
those people are going to be bombarded.
Like it's wild.
Everybody's applying and thentrying to connect and sending
little LinkedIn messages.
Hey, I just applied for this job.
But if you can primethe relationship first.
(33:36):
By looking at the contentthat they've posted.
And if you can comment on theircontent and something thoughtful,
not just Hey, this was great.
Thanks.
Actually think of a thoughtful way tocomment because they're going to get
an email, a notification when peoplecomment on their posts and everybody
(33:57):
loves the likes and subscribesand the comments and all that.
So you're going to really get noticed.
Thanks.
If you comment on their content first,then send the direct message, and, or
then send the connection request becausethey're going to see your name again.
You just commented on their post.
They saw your name and your comment,and they've already probably visited
(34:20):
your profile now, when you go to requestconnect, they might accept it now, right?
Because you've engaged with their content.
So I would say do that.
And then also.
Instead of typing a message in theDMS, trying to get their attention.
I try to coach people to use theLinkedIn mobile app where you can
(34:42):
actually send an audio or evena video message to that person.
You can record up, but up to a one minuteaudio message using the LinkedIn mobile
app and a two minute video, you can uploadit there or record it live on the app.
Yeah,
those are going to stand out.
The sales community and the recruitingcommunity uses that more than I think
(35:04):
the job seeker community, but it is away to stand out and it's a way that
you can send a little micro interview.
To that person, you start out,you don't immediately pitch.
Hey, I just applied for this job.
Maybe you want to say,Hey, I loved your content.
I saw that you posted about thisand I, so I wanted to connect,
(35:25):
thanks for accepting my request.
Oh, and by the way.
I saw you guys were hiringfor such and such role.
I did just submit my resume.
I thought I was a good fit becauseI had X, Y, and Z, and I love
the, your company's mission.
But either way, I'm reallythankful that you connected.
I look forward to following your content.
I hope you guys find a goodmatch for the role either way.
(35:46):
I'd love to interview,but good to connect.
That's a good way to position it.
Absolutely.
Yeah, they get to hear your voice.
If you send a video, it's evenbetter because they get to, actually
like a two, you get to share yourelevator pitch in this video.
So that would be the top things to dohere is A, get your elevator pitch down.
B, I know the resume has got to beclean because like when I go to upload
(36:08):
the resume, when I was in the jobmarket, I'm no longer in the job market.
I'm having a great timeover at Surefire Cyber.
But when you're in the job markethere, you've got to upload it.
And you'll notice how, if the resume isin the wrong format or it's in Microsoft
word or some of that, and you go toingest it and then your dates and times
and everything's all over the place.
It's you have to have your resume inthe right format to just go through
(36:30):
the Indeed or some of these job boards.
You, for instance, a lot of them havethe same backend recruiting model,
same software company and so forth.
But I applied for one at ExxonMobil.
Then you apply for another one.
It's the same backend.
You can see you got to createan account all over again.
But it just seems to be, Alittle problematic in, in, in
(36:50):
some of that regards, Yeah, I
hate those.
Yeah.
And companies like Workday or theworst, they make you upload your
resume and they're like, fill outthis massive form, basically like
rewriting your entire resume.
And I think companies, unfortunatelywe've gone through this period of time
where every company was trying to make itsuper easy to apply, like one click apply,
(37:12):
Hey, just put your name and your emailand upload your resume and we're good.
But now I think we're going to go backin the other direction because the volume
of applicants is getting so insane.
And then there's also AI auto appliedtools that are applying to hundreds
of jobs a week on your behalf.
And that's just reallybogging down the system.
(37:33):
So I feel like companies are goingto start to incorporate more forms.
You're going to have to do more to applyto a role, just to cut down on some
of the volume, because it's insane.
It makes sense.
I also saw where you could do a lotof help on your LinkedIn profile.
Some people I know that only have 200,300 followers, but some SEO techniques
(37:53):
I've learned, like for instance, takingyour profile picture before you upload it.
A lot of times it's picture1.
jpg or whatever, but actuallyrename it to your name.
I put Joshua underscore Royunderscore Nicholson underscore
CISO underscore security.
That's what works.
And so when they see that theyindex your page, it has an
understanding what that image is.
(38:14):
And so if you Google search formy name, you can click images.
You would see my face nine timesout of 10, more than you would see.
There's apparently a lot ofJoshua Nicholson's kid friggin
arrests in the United Statesbecause I see them on the alerts.
I do a Google alert and thisguy got arrested for mouth that
one, they're ruining the name.
But you could see where a lotof that starts to, to matter
(38:35):
from an SEO perspective.
Then following in groups.
Making sure you post at least once a weekon some article, maybe it has nothing,
you have no super insight to it otherthan this is an interesting article,
but getting something out there, thethinking and the recruiters are seeing
you, but just being engaged from thatperspective, I think makes you more
(38:55):
marketable as well as how often doy'all look at those recommendations?
If I recommend somebody on LinkedInand I've said they were really
good at this other company.
Is that a key piece that,most recruiters key in on?
I do look at them.
Yeah, they're powerful, especiallyif they're recent and they're from
a recent supervisor, those are gold.
Unfortunately, a lot of companieswon't typically use those as your
(39:17):
references that you would have to share.
If they ask you for two professionalreferences, you can't just go and just
look at my LinkedIn, they're right there.
They're going to still want to, youto give them their name, title, phone
number, email, and they may or may notcall them, but yeah, and the way to get
those references is give the references.
Or the, excuse me, therecommendations, right?
(39:38):
People typically followthe law of reciprocity.
So if you want somebody to recommendyou on LinkedIn, just go ahead
and write them a recommendation.
And then you can just say, Hey man, I hada really good experience working with you
at so and so I wrote you a recommendation.
Just so everybody could see and if youwant to write me one, that'd be cool too.
(39:59):
No, I, no, I think that's great.
I think that's one thingyou want to be able to you
definitely want to be able to do.
I like to follow recruiters too.
So that way, when they post theyhave some job, I'm able to see that
they have some job and every goesout there and people hit and they hit
job alert to all their friends and.
And so I do caution people when they go,Hey, I want to get into cyber security.
So I'm going to go do this bigdegree and master's program for it.
(40:21):
Stop.
By the time you got through all that,you would have missed the market.
I think you need to go on andsome of a different route.
And so it's interestinghearing just people that want
to do kind of these changes.
Artificial intelligence is big,but everybody's like, How in
the world would I do anything?
Any of those things are just movingquicker and faster than than I would want.
(40:43):
But what do you see thatare like the hottest jobs?
If you have this skill set, it'spretty easy to, Land the job.
What are your thoughts onsome of those career fields?
Yeah, just in general, I would sayto niche down, there's a very few
generalist jobs out there anymore.
You got to specialize in a hot area,specifically like cloud security
(41:03):
or, pen testing, incident responsesomething to do with like data privacy.
You want to become that go toperson in a very specific skill
set to help you stand out.
If it's just a generalist typething, you're really going to have
trouble standing out in the crowd.
And you definitely want toshowcase your skills, right?
Like you were talking about postingon LinkedIn and you got to remember
(41:28):
there's over a billion users on LinkedInand less than 1 percent of LinkedIn
users actually post any content.
So if you can just postonce a week, you're.
Gonna really stand out.
Less than 1 percent Yeah, 1%
I have so much.
LinkedIn is begging for content.
(41:48):
What's
that?
No, I was just saying, when Ilook at my LinkedIn wall, it
seems like it's more than 1%.
There's just so much outthere, but what would you say?
Yeah.
Yeah.
It's crazy.
That's the stats.
And from all the gurus and people thatI know that are in these LinkedIn,
think tank communities there,they're saying LinkedIn is begging
for content, even video content.
So you want to showcaseyour skillset, if you.
(42:11):
Maybe you have a YouTube channel, right?
To show, Hey, I'm going tolearn this new tool today.
Never seen it before, but let'sexplore it together and just, I'm
sure it would require you to cut itquite a bit, do some research and film
something and do more research and filmsomething else and tinker and then cut.
All those things, people shouldbe able to spend time with
(42:34):
you, at least your digital.
The digital version of yourselfon LinkedIn and YouTube.
And then, you definitely want to beable to showcase some of your skills in
a portfolio or, in your GitHub, right?
You need a GitHub.
You can't just say you have skills.
You have to prove you have skills.
You need evidence that, that you'vecontributed to an open source
(42:58):
project, or you've got, you've.
Made a video where you builtyour own personal security lab or
just anything in your portfolio.
Like you've helped a bug bounty communityor something of that nature and filmed it.
And then you can take these longform versions of your content.
If you got a 30 minute video on YouTube,maybe you can just throw that in the
(43:21):
Opus clip and get a one minute, realfor your other social media platforms.
There's LinkedIn's makinga big push with videos.
Now it shows up like much like reels.
You can scroll through themand, go through the rabbit
hole, just like Tik TOK now.
Anything you can do to standout, is a key in this market.
(43:41):
No, I agree.
I also I like what you were sayingbefore, cause I had done this is tailoring
my Resume into a couple of buckets.
One, I would have a generalresume that was more generalistic.
It was broad.
The job description was a littlevague, so I didn't have much to go on.
So I went with my standard resume.
Then let's just take my background.
(44:03):
I'm cybersecurity incidentresponse, security engineer.
However, I do executive work.
I've been a CISO.
I can move on that in that area.
So you can see those are totallydifferent, two different worlds.
I love the technical side.
It's fun doing the risk management,not so much, but I can as well.
What will happen is I justspit two different resumes.
(44:23):
So when I was going after jobs that hadincident response role and director level
role for that, I had that resume putthose skills and certifications towards
the top quicker, faster, better, andthen change my cover letter for that.
And then for the jobs that were CISOrelated, going back into management and
not just an engineering role, you wantedto tailor it towards more business skills
(44:45):
and more collaboration and working acrossorganizations and budgets and so forth.
Because I noticed that this is a role.
If you're too technical, theyactually try to exclude you.
They think you're an engineerand you haven't developed
into a full blown executive.
And so you're going to get in frontof people and then look like crap.
So the thinking is tailored twodifferent resumes, two different
(45:06):
personas, and then look at for those,these common terms instant response.
Sometimes it's called forensics or youcan see they use different terms in these
job titles And so that was my thinking,having three resumes that at least fit
me because it was two major dimensionsI had, and then the third one being
general, and then the cover letter.
How important is a love cover letter?
(45:27):
Because to me, the cover letter for animportant job, I'm not talking about the
one you send out to everybody becauseyou apply to 100 different times, but the
ones that You wanted to differentiate,you knew somebody there, like I've used
a cover letter before at one of these bigcompanies that I knew people working at.
So I said, Hey, not only do I believemy skills match the requirements that
you have, I know that this would be agood fit as I talk to blah, blah, blah.
(45:50):
And this guy really filled me in on theculture and what it's like to work there.
And I just solidified my mindthat I would be a great fit
for this role that you have.
And to me, you can putthat in a cover letter.
You can't put that in a resume and thatat least gives you some insight to who
this guy is, the guy or girl is andwhat they're, where would these fit?
Is that right?
What are your thoughts on cover letters?
(46:12):
I don't know any recruitersthat read cover letters.
Maybe if you're applying directlyto the hiring manager or an
executive at the company, theymay, actually give them a look.
But.
For the recruiting community,I know that they're not read,
they're just skipped over.
So there's some debate on that.
It depends on the person that is hiring.
(46:35):
So it's your personal choice if youwant to invest time in writing them.
I would use the summary section ofyour resume as the cover letter.
Most people will write a summary.
And that's like the moststatic portion of their resume.
They never change it.
I would argue you should, that shouldbe like the part that you change the
(46:56):
most for each job that you applied to.
And I like the strategy that you usethere where you've got a technical.
Version of your resumeand more business facing.
So you've got two core resumes there.
That's where you can start.
But then for that particular jobthat you're applying to look in the
requirements section and figure out,okay, what's important to this company.
(47:19):
And let me highlight the thingsthat I have from there in my
summary and even bold some of thewords that they're using so that.
Without scrolling, the moment theperson on the other end opens the
resume, boom, it's all right there.
Those are some of the things thatI suggest doing when I'm coaching
people and writing resumes.
(47:40):
The resume that I give people I'msaying like, look, this is your
base model here, but, you're goingto customize this for every role.
And yeah, you're going to windup with a lot of resume files.
Just create a folder.
This Joshua Nicholson's resume 2025dash this particular company name,
all right, and refer back to that,but just keep them all in a folder.
(48:04):
You'll have a lot of versions,but it'll increase your chances.
That's good feedback.
I do that.
And I thought it was just whata cumbersome way I'm doing this.
And it was because I was changingthe verbs in the writing and I
wanted to keep track, but I keptdoing that exact same thing.
And that would do.
Version 3.
And then, so I knew whatnumber was my latest.
(48:25):
And then I would put the actualcompany name, at, towards the end
of that I always found it too.
And you tell me how thisworks is that after I got.
Interviewed by a recruiter, it seemed toalways work well to just send a follow
up email 30 minutes later that justsaid, Hey, thank you for your time today.
I had a great conversation.
I believe that I am a match for thisposition because of X, Y, Z. Summarize
(48:49):
that and send them a thank you letter.
What are your thoughts on that?
Is that a good closer rather than justnot saying anything and not following up?
No, highly recommend sending followup emails after every interview.
And it's not like it's going toactually get you the job, but
it solidifies in their mind howinterested you are in the role.
(49:11):
And they're going to be much morelikely to push for you if they know you
have a lot of enthusiasm for the job.
And they can feel that in your follow up.
Very few people do that.
It's a lost art to do that followup, butI would do it every time and I'll also
try to do that as a recruiter too, if I'm,if I have a candidate that interviews and
(49:32):
I know I need to follow up with them andthen follow up with the hiring manager
and figure out, Hey, was it a good fit?
Was the feeling mutual, all this?
If I can get the candidate tosend me a quick thank you note,
it doesn't have to be a book, justa. A couple of sentences, right?
It's just a gesture.
It's not, something thatyou have to write a novel.
As soon as you're engaged,
(49:53):
you're bought into this.
You're on the journey ofthis, taking this job.
And you can see yourself in that role.
I think it's extremely powerful.
And people don't consider that enough.
Especially if they had otherpeople that were there.
That they add the network engineerand the CISO and some other people.
I go hit him up at LinkedIn afterwards.
Great opportunity toconnect to someone else.
(50:14):
And I, and LinkedIn reallysucks when you go to add people.
It doesn't allow you to puta lot of notes in there.
So like when I get added tosomeone new, I just met somewhere.
I'll send them a message through LinkedInreally quick going, Hey, it was great
meeting you at the ISACA conference orwhatever it is, because then now I go
back to that person, I hit messages.
I can see.
Where I learned them from where I metthem from I'm just surprised LinkedIn
(50:37):
doesn't have better functionalityin that area where I can track
That kind of stuff easier, right?
But, what are your thoughts in that area?
Yeah, I send connectionrequests all the time.
People I'm trying to get theirattention or headhunting or whatnot.
I never put a message in that box.
I like to leave a littlebit of mystery there.
(50:59):
But when, if you're at a conference or youjust meet somebody, that's why you need
the LinkedIn app on your phone, right?
I don't have business cards anymoreand I'm probably not going to remember
all the people that I met, but whenyou meet somebody, just go ahead
and pull them up on your phone.
Hey, let me connect with you onLinkedIn right now, boom, press connect.
All right, cool.
Yeah.
I use the card too with my podcastwith a QR code on the back.
(51:21):
Oh
yeah.
Yeah.
They can
get to the right one.
They're not Googling.
But.
And I want to tell you, Blake, I reallyenjoyed this podcast with you coming to
out of time here right at that hour mark,but I think we covered a lot of good
ground and learned some really interestingthings on how best to position yourself.
So I think some of the key takeawaysI heard from you is a work on that
(51:42):
resume, ensure it's clear, concise andshort 15, 20 pages is not going to be.
Not going to be read.
I think some of the other thingsI heard from you is that you
want to work on your LinkedIn.
You want to make sure youraccomplishments are there.
You want to make sure you can fill it out.
Ask for some recommendations,give some recommendations and
(52:02):
then post somewhat frequently.
So you're out there on those boards.
Add yourself to these groups,the job seekers, networking,
whatever the hell it is, group.
Add yourself to it, contributeto other people's content.
Get yourself out there.
I think another thing I heard fromme is just practice that elevator
speech over and over again.
You can tune and have morethan one elevator speech.
(52:23):
Like I was talking about before I havea technical background and I have a
managerial background, and maybe youwant to have two different elevator
speeches for both of those, depending on.
You don't want to waste in my mind,I think I don't want to waste the
recruiters time with them tryingto get answers to the question.
I know they need to get by wasting theirtime about talking about things that have
(52:44):
nothing to do with the answers they need.
So for instance, if they're tryingto get through to figure out these 5
questions to see if you're qualified.
I talk about a lot of other things.
I want to make sure that recruiter getstheir questions out of the way right away.
And now I can move on to things thatmake it make you really think I'm for
that role, I've already checked the box.
Here's the extra stuff.
Does that, is it some way you thinkas well, or what are your thoughts?
(53:08):
Yeah.
In addition to that I wouldn't forgethow important commenting is on LinkedIn,
now, and another thing we didn't talk toomuch about is like the networking stuff.
You gotta network.
Like your career depends onit because it does, right?
The livelihood go to the events, right?
If you're in the cybersecurity.
(53:29):
Community attend the, the cyber events.
I think you and I met at aconference called khaki con.
And so here we are, right?
So that turned into arelationship that we have.
So don't just rely on your digitallife, meet people in person, where
they go, where they hang out.
But also remember that LinkedInis a very powerful tool.
(53:53):
And if you can't getsomeone to reply to you.
Maybe if you comment and engage withthe stuff that they're putting out
there because it takes a lot of courageto post on LinkedIn you're nervous.
Oh, man, people are gonna judge meSo if you go ahead and think it put
yourself in their shoes, man They hadto have some courage to even put this
out there, because Now they're open for,people's judgment here on the internet.
(54:19):
So if you can comment on their stuff,be their cheerleader, root them on,
engage with a little bit, then they'reimmediately going to like you more
and be more likely to, connect yourrequest reply to your DM, and then
maybe invite you in for that interview.
That's great advice.
Thank you so much for joining Blake.
(54:39):
Now, where can we learn more about you?
Do you have your own website?
I know you're with hyper drive.
So I just follow you on your LinkedInis the best way to keep tabs on it.
Yeah.
LinkedIn is a good place to start.
I run hyper drive recruitingalso have a resume writing
business called HR approved.
And.
That was born out ofhyperdrive recruiting, right?
(55:02):
H R hyperdrive recruiting, HR approves.
I'd put that stamp onevery resume that I submit.
This resume is HR approved.
So that became the name ofthe resume writing business.
And then I've also got two podcasts.
I've got the Imperial.
Security bureau podcasts,where we interview leaders in
cybersecurity and engineering and AI.
(55:23):
And then I also have theHR approved podcasts.
We're interviewing people in recruitingjob hunting, career coaching.
And we talk about HR technology, newtechnologies that are coming on the market
locked in AI and my credibility, some ofthese most recent guests that I had on.
So yeah, you can find me.
(55:43):
All over the place, man, probablytoo many places, but there you go.
All right,
everybody, Blake Williams.
Appreciate y'all.
Make sure you hit that subscribebutton, and share this out on all your
social media platforms, and be safe.
Have a good evening.
Thank you.
(56:04):
Thanks for listening to this episodeof Cybersecurity America on the
Voice America Business Channel.
We hope you've learned some valuableinformation to help you be a better
executive leader and navigate today'scomplex world of cybersecurity.
Until next week, stay secure.
Today's businesses are on a vigilantwatch for threats in an ongoing cyber war.
It's time to get real world solutionsto protect and secure your valuable
business information anytime, anywhere.
Welcome to cyber securityAmerica with Josh Nicholson.
So this episode is somethingthat's near and dear to my heart.
(00:26):
It's the top 10 things, top 10 tipsin the job market and how to adapt.
One of the things that we all understandnowadays that the job market is a
little uncertain that you need toensure that your skills are up to date.
There's also a process for howyou go about looking for that next
opportunity, how do you build your brand?
How do you do a number ofthose different things?
(00:47):
I thought it would be a fascinatingshow to talk about that and
to talk about what are some ofthose tips that people are doing.
I know some things I did butI wanted to talk to one of the
big recruiters of the area here.
I wanted to touch and dive in.
Now today I'm joined by Blake Williams.
Now Blake is a founder and he's aheadhunter at hyperdrive recruiting.
(01:08):
Now he's delivering revenuegenerators for the business.
And he writes resumes that double asinterviews through the HR approved.
com website.
And he's got over 13 years ofexperience recruiting and sales
and marketing, product engineering,and cybersecurity talent.
And so I wanted to bring him to theshow and be able to bring us, give us
some guidelines on what, what is outthere, how best to adapt and so forth.
(01:31):
Blake welcome to the show.
Now, did I miss anythingabout your background?
What did I miss?
You nailed it, man.
Good job.
Yeah.
Happy
to be here.
Thanks for the invite.
Awesome.
Hey, first thing, just a couple ofthings we're seeing in the news, just
from a threat intelligence perspective.
Some of you have heard ofthat AI platform DeepSeek.
It's been in the news lately.
It's this Chinese AI model that'ssupposed to be hyper accurate
(01:53):
and surprising a lot of people.
Some people said it was likethe Sputnik moment of AI.
I don't know about all that,but I do know there's been a lot
of reporting of it being down.
Several different attackscoming from IP addresses.
originating in the United States.
I think there's also a lot of researchers.
There's some research out there thatsaying that this popular generate
(02:13):
AI model allows for hallucinations.
It can easily avoid guardrails.
It's susceptible to jailbreakingand malware creation requests.
And it's more at a critical rates.
high rates of errors are being found.
We're also seeing the news highereducation being targeted right now as
they work to hijack Microsoft logons.
(02:34):
We're seeing this in higher ed.
They'll even compromise one O365environment within one higher education
institute and use that as a stagingground against another because they
obviously communicate so it's easierto have that kind of trust model.
So we're seeing a lot of that reallywant to concentrate ensuring that
you have MFA enabled on all accounts.
And then critical accounts actuallyhave step up authentication.
(02:57):
We're also seeing a lot of ransomwareright now that has not died off.
Ransomware has continued to go on rampant.
Organizations are stillgetting hit by this.
We're seeing a kind of a mix.
We're seeing some organizationshave been hit in the past, have
adapted, and they're not as bad.
They're able to recover.
Then we're seeing some that are hitfor the first time, and it's still
very basic rules are being negated.
(03:18):
So not having, have, havingadmin rights on all the desktops.
Not using something likeLAPS, not locking down Azure.
They're still comingand you're seeing those.
Some news as well, SolarWinds was takenprivate . That was news this week for 4.
4 billion dollars over to River Capital.
Now if y'all remember SolarWindsstarted off pretty much the largest
(03:40):
supply chain attack in U. S. history.
This is when the Russians were able toutilize that system in their updates.
We were able to compromise the updatingpatches of it and were able to distribute
malware in their customers environments.
We're also seeing just ahuge attack on Fortinet.
Fortinet warned just the other daythat attackers are exploiting a
(04:01):
another now patched zero day bug.
It's in FortOS and FortProxy, andit's used to hijack Fortinet firewalls
and then breach enterprise networks.
Now, successful exploitationof this authentication bypass,
you can look at more details.
It's on CVE-2025-24472.
And this allows remote attackers togain super admin privileges by making
(04:24):
maliciously crafted CSF proxy requests.
Now you could go on there to seewhether you are vulnerable and
what are some of the steps to do.
But essentially they were using thatzero day vulnerability wrecking
havoc on several organizations.
Now, according to Fortinet, theattackers exploit two vulnerabilities
to generate random admin or localusers on these affected devices.
(04:47):
So it goes back to ensuring youhave proper understanding of the
management and administration of yourdevices, and then adding them to a
new and existing SSL VPN users group.
They've also been modifying firewallpolicies and other configurations
and accessing SSL VPN instances withpreviously established rogue accounts.
This is allows them to do atunnel to the internal network.
(05:11):
Now, while Fortinet didn't provideadditional information on campaigns,
this has been noted lately.
There's several IOCs related to it, andif you have a Fortinet firewall, you
definitely want to be ensuring it's clear.
Configuration and that allthe software is up to date.
Also, I have some greatnews for the podcast here.
(05:31):
So on the YouTube show,we've hit 300 subscribers.
So really appreciate everybodyhitting that subscribe and hitting
that and sharing it out on yoursocial media platforms just a
really great accomplishment, andwe're going to hopefully have
more content as we move forward.
So Blake, really greatto have you on the show.
And I think it, we wanted to startoff, what are you seeing right now
(05:54):
in the market, you and I talked.
A couple of times before, butwhat are you seeing in the
market from a jobs perspective incybersecurity and potentially in it?
And what's some of youradvice as we go into 2025?
Yeah, it's still a tough year in itin general and in, cybersecurity,
all white collar workers weredefinitely still in a white collar
(06:14):
recession as they're calling it.
But some of the stats are,they're just tough, you gotta
be patient in this market.
And you got to go above and beyondto actually land an interview.
You can't just rely on fixing one versionof your resume and applying to jobs.
You're going to go inthe resume black hole.
Some of the stats thatwere coming out are there.
(06:37):
Yeah, they're rough.
It's, I think you have to applyon average to just under 300
jobs to actually land a job.
And there's about a 97.
No, 99.
7 percent failure ratewhenever you just apply.
There's a lot you haveto do to overcome that.
So yeah, I'm excited to diveinto some of that with you today.
(07:02):
I, I was looking at the NC techjobs report just this morning,
and there was an uptick in Januaryfor the number of IT jobs in North
Carolina is what they look at.
But This is a good indicator.
This is a good hub of tech jobsover the country, I believe.
But although it was an uptick, it'sstill very low compared to what
(07:25):
we saw pre COVID and after COVID.
And every single category of ITjobs saw an increase of job postings
with the exception of UI UX design.
And I think we know the culprit there.
Most likely starts with an A endswith an I there's a lot of folks in
(07:47):
that community that are saying that,Hey, companies like to put us in the
bucket of simply visual designers,but UX includes much more than that.
It's hard to get a company'scorporate office to agree with that.
They're going to face someheadwinds and in that particular
skillset, but otherwise it seemed.
(08:09):
We're seeing a comebackand I'm very optimistic.
No, that's
great to hear that.
I think there's a differentways to approach things as well.
One of the things I started readingwas how do you do SEO with LinkedIn?
How do I make my brand better?
Does it make sense to fill outall the categories on LinkedIn?
What are recruiters really doing all day?
Are you really mining LinkedInall day and doing Google's?
(08:31):
So you're trying to put your mind yourmind into the, Space of the recruiter.
And so just how arethey looking at things?
So would you, if I was just startingoff in the beginning, is it,
should I focus on my resume first?
Should it be I get professionalguideline design on my LinkedIn.
Should it be my interviewing skills,or it should be all of these.
(08:51):
You should take an inventory of kindof your skill sets, but you could
see somebody sitting back going,all right, the job market stuff,
how do I differentiate what is,what do I need to have on LinkedIn?
What shouldn't I say?
What are some of the biggest turnoffs,from a recruiter here's X in that
first 15 minutes and that's it.
You don't move on to the next round.
What are your thoughts on some of those?
(09:13):
Yeah, there's a lot to unpack there.
I would definitely startwith the LinkedIn profile.
I think LinkedIn presence is paramount.
Having a full profilecompletely filled out.
And then once you have a full LinkedInprofile, you can actually download that.
You can download your profile asa PDF document and, or they used
(09:34):
to have a resume builder feature.
I'm not sure if they still have that, butyou can download that and then cut and
paste some of the content into a resume.
And then, so number two isgetting your resume dialed in.
You definitely don't want to relyon a single version of your resume.
You want to tailor it foreach job that you apply to.
A lot of job seekers don't realize,there, there, there's a lot of
(09:59):
complaints about the ATS, right?
The Applicant Tracking Systemis going to screen you out.
And there's, Some instances ofthat, some are more capable than
others, but oftentimes candidatesare eliminated in the grid view.
In the grid view is a screen where yougo into the applicant tracking system.
You're looking at all the applicants.
(10:20):
A lot of time there, there areseveral hundred applicants.
So each recruiter is looking for a wayto, trim down that list and get the top 20
candidates, as fast as they possibly can.
So they're looking at three main columns,which is the job title match, the industry
match, and the location match, becausea lot of companies are returning to
(10:44):
office, so even if the job says it'sremote, often times there is a location.
Limitation, you have to be in thesame time zone or the same state
or within, within an hour of theoffice or something like that.
So people are getting eliminated.
I think 70 to 80 percent of candidatesare eliminated in the grid view
because of one of those items andthe remaining 20 percent are viewed.
(11:08):
And that's when you have to actually,think about what your resume says
when they open it, because you onlyget, it's around five seconds, right?
Looking at, okay, what's your skillset.
Where are you?
You should put those things at the top ofyour resume, like right below your name.
Tailor your resume so that job titlematches the role that you applied
(11:29):
to, because there's so many titles,especially in cyber security,
so many variations of titles.
It can't just be, Cyber securityengineer, if it's, if you don't feel,
uh, if it doesn't feel strange, ifit doesn't feel like you're lying to
adjust the title a little bit, just tomatch the role that you're applying to.
(11:49):
That'll definitely help your chances.
If you don't feel comfortable adjustingyour job title to match that role,
that's a good sign that you probablyshouldn't even apply because skillset.
But in terms of interviewing, there'sso many things to get right there.
We can do a whole podcast on that, ifyou do want to practice your interviews,
I would suggest recording yourselfover a video, interview yourself and
(12:14):
do mock interviews with yourself.
If you don't like the wayyour answer sounds, then do it
again and change your script.
And get to the point where it's somethingthat you're at least mildly okay with.
And often times candidatesforget that they talk too much.
They talk themselves out of a job.
They, you really should not speakfor more than a minute or two
(12:39):
without checking in on your audience.
Because they may want to take theconversation in a different direction.
You could wind up rambling.
You could wind up saying somethingthat's going to be a turnoff.
If you can smile, stay positive,don't say anything negative, try
to reframe some of the technologiesthat you may not have experience
with, reframe that into a positivething and, try not to talk too much.
(13:06):
Then that's going to help you out.
I picked up a couple of those keywords was don't talk too much.
You said that a number of different times.
I do think when someone's nervous,cause I've interviewed hundreds of
people they tend to keep talking.
And I think it's going to beclear that they may have a set of
questions they need to get through.
What you want to do is get throughthem and hit them and positively hit
(13:27):
them before having time afterward tohave the banter they're thinking it's
okay, so I know they're going to askabout get these through these for the
thinking is have a clear crisp responsefor that particular question and then
ask is there's anything clarifying andthen wait, is that kind of what you
think is hit it, maybe spend a minuteon it, make sure you covered the points.
(13:49):
Ask if there was any,does that make sense?
And then move on to the next andgive yourself a minute, maybe
a minute and a half in thatarea, but hit it and forget it.
Type out.
Exactly.
Yeah.
Check in with the audience.
Did I answer your question?
And my personal favorite,it's a Jedi mind trick.
End your answer by saying, andthat's why I thought I was a good
(14:13):
fit for this job in this company.
That's a good point.
That's a good point.
I think one of the things I noticedfrom interviewing is that when we
have a candidate that knows thejob description, but also knows the
company, and it has some really goodqualifying questions on how the role
will expand and map to the strategythat you had in your 10 K or whatever.
(14:33):
I've had people read the 10 K of thecompany I was with, and I thought
it was really just impressive.
And then I've had people that didn'treally understand what company they
were applying to and the name of thecompany that they were interviewing for.
It was just really weird to see
but I thought the person thatwas prepared to understand your
business understand the role.
And I think understanding the role inorder to accomplish it to the best of
(14:55):
your ability, not to understand how itwould be some personal growth for you.
Like I'm really looking to do this.
And I think you make people make itcomplicated when they talk about all
the things you want to do and how youwant to do this with your career and
do all that and to a manager I don'teven know how to satisfy half of that.
How would I does that make sense?
It's difficult to.
(15:18):
I just take the approach that I wantto come in as a humbled warrior.
I'm there for the team.
I want to win.
I'm somebody to get alongwith everybody else.
I'm not somebody that has some big careerdemand that you're going to have to mentor
me and I should be promoted in six months.
Does that make sense?
How do you relate that to aninterviewer that I'm trying to
(15:39):
express that emotion, right?
Yeah, I get what you're saying.
Yeah, it's tough, especially ifyou get excited and you want to
promote yourself and that's okay.
You just can't forget though, that thecompany doesn't really care what you're
interested in, what you can learn thisand that, they're interested in what
you can do on day one, oftentimes.
Forget what you're interestedin, what do they need?
(16:01):
So to figure that out, youhave to ask a lot of questions.
I always recommend folks to put on theirconsultant hat in these interviews.
The another Jedi mind trick isgoing to the interview thinking that
you already have two other offers.
So you remove all that pressure andnow you're taking the approach of I
(16:25):
gotta already have two other offers.
Let me go in and see whatthis company is all about.
That frees you up tojust be curious, right?
Ask just as manyquestions as they ask you.
And that puts you in more of a positionof power but now the market is so
competitive that companies are not goingto settle for a nice to have candidate.
(16:48):
They're going to settle forthe must have candidate, right?
And you may be a vitaminto their problem, right?
If your body, if you're not healthyand you're deficient in certain
area of vitaminal health, but,oftentimes the pain reliever.
Is going to be the fastest hire who isgoing to resolve the immediate pain that
(17:11):
the company has right now, not somebodywho can learn and get up to speed three
months from now, if they take vitamins.
Yeah, that's a good point.
I also I wanted to ask you afew questions on like education.
I used to tell people that, yeah I gotmy bachelor's degree and it's mostly
a, cause I learned like to learn andbe, I didn't want to be excluded from a
(17:33):
job offer because of a piece of paper.
But we're seeing that there's a lotof good job descriptions out there
that say you must have a bachelor'sdegree, but they really don't mean it.
They're just like weeding out a groupof people that says, Hey, if you
generally uneducated don't apply.
I see so many people that haveall the qualifications for that
(17:53):
role, but they don't have thedegree and they don't apply.
Because there's one, it's like thisprinciple, if I don't match everything
that's in that job description, Idon't even attempt to apply to it.
I was telling them.
I wouldn't do that at all.
I would map the majority of itseems to match your skill set.
Tell them that don't talk yourself out ofa potential great hire because somebody
used some template on the internet thatsaid some word and you don't think you
(18:17):
qualify because if they really wantedthat, why else would they write that?
How critical is it on thosepieces for those job descriptions?
Yeah, I would, job descriptions, most ofthem are either cut and paste from an old
description that a company used a year agoand, or AI generated the job description.
So I would take all those little itemswith a grain of salt, none of them are
(18:40):
It's going to be knockout questions.
If you don't have one tool, but youhave a, another tool that basically
does the same thing you understand theconcepts of what that tool is used for.
So I wouldn't see that as a deal breaker.
And also, if you don't have a degree, veryfew companies nowadays, do I ever run into
where, it's a must have that you, you needa bachelor's degree, think companies are.
(19:05):
Parted ways with that idea in thismarket, it's more about the skills
that you have, the professionalskills just having the degree is
not really going to do much for you.
Yeah.
I see where the executive's ranks,having a degree is a must have.
Everybody has degrees, a master'sdegrees in executive ranks.
But in the tech engineering ranks,you used to have them as well.
(19:27):
And now it's, you don't,you, the certifications have
become much more popular.
They're a lot more effective.
I, I did my degree in 10 years.
Imagine how much the technology atnight school, cause I got out of the
Marine Corps, but imagine how muchtechnology changed in 10 years as
you're getting your bachelor's degree.
Cause I could only, but you couldsee where the certifications keep
up with the newest technology.
(19:49):
Right out of the gate.
I love the fact that my Javaprofessor was adjunct and he did
Java programming during the day.
So it was just a very enrichingexperience from that perspective.
But I see a lot of people thatwould be, have great skills for
a certain role, especially whenyou talk about audit roles.
Like they say, Josh, I'd love tobe in cybersecurity, but man, I'm
terrible in math and I can't program.
(20:11):
They have this vision that cybersecurityis all math and programming.
It sounds horrible whenyou think of it that way.
It's not there's all thesedifferent aspects of it.
And I think there's a lot of candidateswho would be great in audit and
governance and risking compliance,for instance, they don't apply for it.
They think it's too complicated.
So I always ask them to look atyour, how, Look at your skills that
(20:32):
you have and how do you update them?
For instance, if you're lookingfor a job, you go through LinkedIn.
LinkedIn has this premium versionwhere you get a lot of training.
So in my realm in cybersecurity,you could take a lot of training,
get certifications, and it shows upas a badge on your LinkedIn page.
How important is that?
If you, as a recruiter would seesomebody's LinkedIn page and you see
(20:53):
these certifications and, or at leastthis continuing training in advanced
technologies so say it is cloud, you'reinterviewing for somebody Doesn't have
much experience, but they have a ton ofthe training courses on their LinkedIn.
Would you consider giving them a call?
I would.
Yeah.
It, it's not going to be the secret sauce.
It's going to give you a slightedge in a competitive situation.
(21:15):
Certifications alone are going tobe like the game changer that some
folks think that they are going to be.
But if it's, if there's two candidatesthat they're looking at for a
particular role, there's a top two.
And one has all these certifications,the other doesn't, I would
argue that gives the candidatewith certifications an edge.
(21:38):
Yeah, no, I would think so.
At the same time I think there'sa lot of these trick questions.
I'm curious how you answersome of these questions.
Okay, now let me whatare you the worst at?
Tell me what is thearea you can improve on?
Tell me the time you messedup and learned from it.
These negative experiences, we haveto turn them around and say some,
how you positively learn something.
(21:59):
Or the biggest, most difficultone is tell me about yourself.
I think if most of the candidates couldjust get, I'd tell me about yourself.
I don't want to know what kindergartenyou went to, but I do want to see how,
some personality of what your life,some kind of hinge of who are you
are as a person before dumping into.
What you do profession.
What are your thoughts on it?
(22:20):
Yeah.
Elevator pitch.
We talk about that a lot.
The best ones are 30 seconds.
And you don't go all the way back toyour childhood or anything like that.
And you don't ramble on.
It's just, yeah, I may.
Whatever your title is, I'vegot seven years of experience.
I've worked in this industry, thisother industry, strong in these tools.
(22:43):
And what I'm known for arethese three things, and I was
interested in your company.
I think that's perfect elevator pitch.
Absolutely.
That's what I think peopleneed to practice the most.
Because I've gone through some trainingexercise with my nephews and so forth.
When you ask somebody that and theycome up off the fly, it's just a lot
(23:03):
of ums and just not handled it right.
And so I would think you would wanna goover your elevator pitch and then go over
your elevator pitch, and then go overyour elevator pitch and then go over your
elevator pitch until it becomes natural.
Because what happens is if it's likeyou, we were talking before, if it's not
natural, your brain has to go into computemode and that's when they're going.
And you're trying to give your time.
(23:24):
You bring time to think aboutwhat's the next words, but if you
already have trained with those nextwords, it flows, it feels natural.
And there's a professionalism that says.
He knows this, he or she knowstheir stuff so well, they're
able to just rattle it off.
And so it shows expertise rather thansomeone's not making it up and BSing me.
Cause if you're BSing me, you're goingto have to stop and think about it.
(23:47):
And is that true?
Yeah.
Yeah.
AI can help you with your elevator pitch.
Just upload your resume intoGoogle or, Gemini or chat GPT.
Hey, what would be a good elevatorpitch for me that I could say inside
of 30 seconds and practice saying thatover and over again, that's going to
get you better results than actinglike this the first time you've ever
(24:09):
heard this question before, becausethen you're going to have a tendency
to ramble and your elevator pitch isgoing to go well beyond 30 seconds.
You're going to be talking, some of the.
Most annoying things I encounteras a recruiter when I ask people
that, tell me about your background.
What's your story?
And people go on and on.
I'm like, Oh God, here we go.
(24:30):
And I sympathize because Iused to be one of those people.
Before I got into recruiting,I was terrible at interviewing.
I was awful.
I got turned down by about nine staffingcompanies before one of them took
a risk on me and or a chance on me.
And, so you're not born knowing howto spit off a good elevator pitch.
(24:50):
It does take quite a bit of practice,but just remember less is more.
That's a good good piece.
I did the podcast last episodeand I did a mic check with one of
the guys, and then we want to makesure our mics worked everything.
And I said, go ahead and do yourfirst 10 minutes of your presentation.
I was so nervous.
It was, I'm in so bad.
It was just unnatural.
(25:11):
It was just a mess.
I told him about to take a deepbreath, calm down, enunciate
your words don't speed things up.
You have a tendency in thesepodcasts to speed things up, like
it's some kind of training video.
We're just talking.
Chill out.
Then three days later we didthe live taping and he was
like a hundred times better.
He was just like fully relaxed.
(25:32):
The subject matter, came intocrystallization, the unstopped, the
natural speech was there and it,I think that's the same thing with
that elevator speech is to get thenatural speech down to who you are.
When we do business development,when I sometimes I do sales, right?
Not only are you a cybersecurityengineer, but everybody in
the company has got to sell.
(25:53):
So you get on theseconference calls and so forth.
One of the things I noticed that.
The customers expect, almost the sameway as a kind of recruiter would expect.
And you tell me if you're wrong ornot, it's a level of confidence, not of
arrogance, but a level of confidence thatyou can confidently answer that question.
And do it in a professional mannerand don't tell me, Oh, I've done
(26:15):
it hundreds and hundreds of times,when they tell me they got all this
experience at hundreds of times,but they just oversell it like that.
I think they're hiding aweakness when they do that.
But if they, if you have a level ofconfidence, even if there's something
you've never done before, be confidentthat you could figure it out.
I've been on Citrix beforeI've been in Microsoft.
I can, I know I can do that.
(26:36):
To me, that's attractive becausein, especially in the IT world,
security world, you can havethings that you never saw before.
The last thing you need is a guygoing, I don't know what I'm doing.
Let's get someone else.
You need this level of confidencethat says I can take on new
challenges and so forth.
I don't know.
I just feel that a confidentperson in those interviews.
And more and having a team mentalityis really the key to, do that
(26:57):
elevator spit speech that gets thosejob description things, that that
looking for it, can make sure yourelevator speech matches those things.
And like you said, which I thought was thegreatest point of that is once you've done
the elevator speech, it matches the jobdescription at the end, say, that's why I
applied because I feel that I'm the best.
So what you're doing is you'releaving that idea in their mind,
(27:21):
that recruiter's mind, that you'rethe best person for that role.
Cause you even thoughtabout this role versus you.
Is that right?
Is it's just a planning that'swhy I applied for this is because
I feel I'm most qualified for it.
All right.
Does that make sense?
It does.
Yeah.
Yeah.
Those are just some little tricks.
But yeah, I was trying to think back.
So what was your what was that question?
(27:42):
Cause I, I was thinkingmy answer and I forgot it.
What was the core questionthere of this one?
Yeah.
So I think it's a confidence levelwhen you answer a question versus
you could see where you don'twant to come across arrogant.
Oh yeah.
Yeah.
Okay.
I know where
I was going to go with
that.
Yeah.
(28:02):
Everyone's looking for the a humblesubject matter expert type person.
And yeah, if you hear, Oh, I'vedone it a thousand times, you come
off as arrogant, maybe someone whodoesn't play well with the team
someone who is, my way or the highway.
And this is how we do it.
This is how we've alwaysdone it kind of person.
(28:23):
And I think companies are veryresistant to hire people like that.
It does help if you memorize threeor four stories of actual situations
that happen in your career.
And don't be vague when you're answering,especially these behavioral questions.
What I would do in thatsituation is blah, blah, blah.
(28:45):
What I typically do isthis, that, and the other.
If you can prepare.
Much like your elevator pitch, three orfour stories of things actually happen.
Those are going to be much more powerful.
And, even if it doesn't exactly relateto the direct question they gave you,
maybe if you can just massage the questionor massage that story a little bit to
(29:08):
fit a little bit, you can still use it.
And those are going to be muchmore powerful than anything else.
And, the stories.
Typically you would paintthe picture of I was back.
It reminds me of my timeat this particular job.
And we were on a team of seven andwe were faced with this project.
We were trying to getsuch and such working.
(29:29):
We kept running into errors.
And what I suggested was.
We try so and we did that,but it ended up failing.
And what we learned wasthat's not the right approach.
So from that point forward, Ilearned that this is how you
typically handle those situations.
But, some, Those stories arebetter and just try to come off
(29:53):
as a very collaborative teamplayer in these interviews.
Because the soft skills are going todictate your success more than any other.
Technical skills.
I think the soft skills are about80 percent of your job success.
And, only 20 percent is going torely on your technical ability
(30:14):
with a certain tool or whatnot.
No, it makes sense.
And I think one of the pieces when theyput specific tools in there, it's backup
is exact or it's service now, whatever.
A lot of times, I think that's dataleakage, it gets threat actors an idea
of what the infrastructure looks like.
So it's not a good security practice toput all that in those recruiter things.
You're pretty much telling themeverything that they run internally.
(30:35):
I've even seen people put version numbersof the software in the job description.
So all you got to do is Google dorkor do some OSINT searches and you're
able to see all this information.
So you definitely got to be careful.
Now, what are the.
What are the top job boardseverybody should be on?
Obviously LinkedIn is there, they gotIndeed, they have stuff like that.
But is there some area that you wouldsay that you're going to cover your
(30:59):
bases the most if you at least havethese platforms that you're using?
What would be your suggestions?
Yeah, there's thousands ofdifferent job boards out there.
The Biggest players.
I would go first to Indeed.
Excuse me.
I would go first to LinkedInIndeed's the second, and then
you can do like zip recruiter.
I'll just be careful about putting likemy real cell phone number on my resume, if
(31:23):
you upload it to some of those platformsto be found, maybe just spin up like
a Google voice number, a burner phonenumber, so you don't get blown up by
foreign recruiters for the rest of yourlife in your core cell phone number.
But.
Number one is LinkedIn and if yousee a job on LinkedIn, you know
some, sometimes it, the link willtake you to the company's website.
(31:46):
So you can apply on the company'swebsite through their, in-house
integration with their own a TS.
But if it wants you to apply throughLinkedIn, kinda shy away from that.
I would rather go find that job onthe company's actual career site.
Because then you're going to get thatdirect path through their parsing
(32:08):
technology into their ATS without sometype of integration that has to happen.
Who knows what's going to happen to theformatting of your resume if you do that.
That's what I would say.
Reply directly on the company's website.
You can find the jobs anywhere.
Go any job board out there.
It doesn't even matter.
Find them all over theplace, but don't apply there.
(32:30):
Go find it on the company'swebsite and apply directly.
That's a good, that's a good point there.
I was always wondering one, one techniqueI would use, I would see the recruiter
that posted on LinkedIn and I would goto her profile or his profile and just
go look at it and even follow them.
And that way they go, Hey,somebody just followed me.
Let me see that.
(32:50):
Oh, that happened to havethe skill sets for this job.
I happen to be applying for it.
Hey, how are you doing?
I don't know.
Does that technique work?
Cause to me that, thatseems to make sense.
I'm not going straight to thisrecruiter that, that published this
job, but it's a way of passivelygetting in front of them and letting
them know you may be interested.
I don't know.
Does that kind of stuff work?
Do you recruit or see who'slooked at your profile and see if
(33:13):
that's a job you got for that or?
Yeah, totally.
Totally.
Yeah.
And now if you're in talent acquisitionat a company that's hiring a lot,
those people are going to be bombarded.
Like it's wild.
Everybody's applying and thentrying to connect and sending
little LinkedIn messages.
Hey, I just applied for this job.
But if you can primethe relationship first.
(33:36):
By looking at the contentthat they've posted.
And if you can comment on theircontent and something thoughtful,
not just Hey, this was great.
Thanks.
Actually think of a thoughtful way tocomment because they're going to get
an email, a notification when peoplecomment on their posts and everybody
(33:57):
loves the likes and subscribesand the comments and all that.
So you're going to really get noticed.
Thanks.
If you comment on their content first,then send the direct message, and, or
then send the connection request becausethey're going to see your name again.
You just commented on their post.
They saw your name and your comment,and they've already probably visited
(34:20):
your profile now, when you go to requestconnect, they might accept it now, right?
Because you've engaged with their content.
So I would say do that.
And then also.
Instead of typing a message in theDMS, trying to get their attention.
I try to coach people to use theLinkedIn mobile app where you can
(34:42):
actually send an audio or evena video message to that person.
You can record up, but up to a one minuteaudio message using the LinkedIn mobile
app and a two minute video, you can uploadit there or record it live on the app.
Yeah,
those are going to stand out.
The sales community and the recruitingcommunity uses that more than I think
(35:04):
the job seeker community, but it is away to stand out and it's a way that
you can send a little micro interview.
To that person, you start out,you don't immediately pitch.
Hey, I just applied for this job.
Maybe you want to say,Hey, I loved your content.
I saw that you posted about thisand I, so I wanted to connect,
(35:25):
thanks for accepting my request.
Oh, and by the way.
I saw you guys were hiringfor such and such role.
I did just submit my resume.
I thought I was a good fit becauseI had X, Y, and Z, and I love
the, your company's mission.
But either way, I'm reallythankful that you connected.
I look forward to following your content.
I hope you guys find a goodmatch for the role either way.
(35:46):
I'd love to interview,but good to connect.
That's a good way to position it.
Absolutely.
Yeah, they get to hear your voice.
If you send a video, it's evenbetter because they get to, actually
like a two, you get to share yourelevator pitch in this video.
So that would be the top things to dohere is A, get your elevator pitch down.
B, I know the resume has got to beclean because like when I go to upload
(36:08):
the resume, when I was in the jobmarket, I'm no longer in the job market.
I'm having a great timeover at Surefire Cyber.
But when you're in the job markethere, you've got to upload it.
And you'll notice how, if the resume isin the wrong format or it's in Microsoft
word or some of that, and you go toingest it and then your dates and times
and everything's all over the place.
It's you have to have your resume inthe right format to just go through
(36:30):
the Indeed or some of these job boards.
You, for instance, a lot of them havethe same backend recruiting model,
same software company and so forth.
But I applied for one at ExxonMobil.
Then you apply for another one.
It's the same backend.
You can see you got to createan account all over again.
But it just seems to be, Alittle problematic in, in, in
(36:50):
some of that regards, Yeah, I
hate those.
Yeah.
And companies like Workday or theworst, they make you upload your
resume and they're like, fill outthis massive form, basically like
rewriting your entire resume.
And I think companies, unfortunatelywe've gone through this period of time
where every company was trying to make itsuper easy to apply, like one click apply,
(37:12):
Hey, just put your name and your emailand upload your resume and we're good.
But now I think we're going to go backin the other direction because the volume
of applicants is getting so insane.
And then there's also AI auto appliedtools that are applying to hundreds
of jobs a week on your behalf.
And that's just reallybogging down the system.
(37:33):
So I feel like companies are goingto start to incorporate more forms.
You're going to have to do more to applyto a role, just to cut down on some
of the volume, because it's insane.
It makes sense.
I also saw where you could do a lotof help on your LinkedIn profile.
Some people I know that only have 200,300 followers, but some SEO techniques
(37:53):
I've learned, like for instance, takingyour profile picture before you upload it.
A lot of times it's picture1.
jpg or whatever, but actuallyrename it to your name.
I put Joshua underscore Royunderscore Nicholson underscore
CISO underscore security.
That's what works.
And so when they see that theyindex your page, it has an
understanding what that image is.
(38:14):
And so if you Google search formy name, you can click images.
You would see my face nine timesout of 10, more than you would see.
There's apparently a lot ofJoshua Nicholson's kid friggin
arrests in the United Statesbecause I see them on the alerts.
I do a Google alert and thisguy got arrested for mouth that
one, they're ruining the name.
But you could see where a lotof that starts to, to matter
(38:35):
from an SEO perspective.
Then following in groups.
Making sure you post at least once a weekon some article, maybe it has nothing,
you have no super insight to it otherthan this is an interesting article,
but getting something out there, thethinking and the recruiters are seeing
you, but just being engaged from thatperspective, I think makes you more
(38:55):
marketable as well as how often doy'all look at those recommendations?
If I recommend somebody on LinkedInand I've said they were really
good at this other company.
Is that a key piece that,most recruiters key in on?
I do look at them.
Yeah, they're powerful, especiallyif they're recent and they're from
a recent supervisor, those are gold.
Unfortunately, a lot of companieswon't typically use those as your
(39:17):
references that you would have to share.
If they ask you for two professionalreferences, you can't just go and just
look at my LinkedIn, they're right there.
They're going to still want to, youto give them their name, title, phone
number, email, and they may or may notcall them, but yeah, and the way to get
those references is give the references.
Or the, excuse me, therecommendations, right?
(39:38):
People typically followthe law of reciprocity.
So if you want somebody to recommendyou on LinkedIn, just go ahead
and write them a recommendation.
And then you can just say, Hey man, I hada really good experience working with you
at so and so I wrote you a recommendation.
Just so everybody could see and if youwant to write me one, that'd be cool too.
(39:59):
No, I, no, I think that's great.
I think that's one thingyou want to be able to you
definitely want to be able to do.
I like to follow recruiters too.
So that way, when they post theyhave some job, I'm able to see that
they have some job and every goesout there and people hit and they hit
job alert to all their friends and.
And so I do caution people when they go,Hey, I want to get into cyber security.
So I'm going to go do this bigdegree and master's program for it.
(40:21):
Stop.
By the time you got through all that,you would have missed the market.
I think you need to go on andsome of a different route.
And so it's interestinghearing just people that want
to do kind of these changes.
Artificial intelligence is big,but everybody's like, How in
the world would I do anything?
Any of those things are just movingquicker and faster than than I would want.
(40:43):
But what do you see thatare like the hottest jobs?
If you have this skill set, it'spretty easy to, Land the job.
What are your thoughts onsome of those career fields?
Yeah, just in general, I would sayto niche down, there's a very few
generalist jobs out there anymore.
You got to specialize in a hot area,specifically like cloud security
(41:03):
or, pen testing, incident responsesomething to do with like data privacy.
You want to become that go toperson in a very specific skill
set to help you stand out.
If it's just a generalist typething, you're really going to have
trouble standing out in the crowd.
And you definitely want toshowcase your skills, right?
Like you were talking about postingon LinkedIn and you got to remember
(41:28):
there's over a billion users on LinkedInand less than 1 percent of LinkedIn
users actually post any content.
So if you can just postonce a week, you're.
Gonna really stand out.
Less than 1 percent Yeah, 1%
I have so much.
LinkedIn is begging for content.
(41:48):
What's
that?
No, I was just saying, when Ilook at my LinkedIn wall, it
seems like it's more than 1%.
There's just so much outthere, but what would you say?
Yeah.
Yeah.
It's crazy.
That's the stats.
And from all the gurus and people thatI know that are in these LinkedIn,
think tank communities there,they're saying LinkedIn is begging
for content, even video content.
So you want to showcaseyour skillset, if you.
(42:11):
Maybe you have a YouTube channel, right?
To show, Hey, I'm going tolearn this new tool today.
Never seen it before, but let'sexplore it together and just, I'm
sure it would require you to cut itquite a bit, do some research and film
something and do more research and filmsomething else and tinker and then cut.
All those things, people shouldbe able to spend time with
(42:34):
you, at least your digital.
The digital version of yourselfon LinkedIn and YouTube.
And then, you definitely want to beable to showcase some of your skills in
a portfolio or, in your GitHub, right?
You need a GitHub.
You can't just say you have skills.
You have to prove you have skills.
You need evidence that, that you'vecontributed to an open source
(42:58):
project, or you've got, you've.
Made a video where you builtyour own personal security lab or
just anything in your portfolio.
Like you've helped a bug bounty communityor something of that nature and filmed it.
And then you can take these longform versions of your content.
If you got a 30 minute video on YouTube,maybe you can just throw that in the
(43:21):
Opus clip and get a one minute, realfor your other social media platforms.
There's LinkedIn's makinga big push with videos.
Now it shows up like much like reels.
You can scroll through themand, go through the rabbit
hole, just like Tik TOK now.
Anything you can do to standout, is a key in this market.
(43:41):
No, I agree.
I also I like what you were sayingbefore, cause I had done this is tailoring
my Resume into a couple of buckets.
One, I would have a generalresume that was more generalistic.
It was broad.
The job description was a littlevague, so I didn't have much to go on.
So I went with my standard resume.
Then let's just take my background.
(44:03):
I'm cybersecurity incidentresponse, security engineer.
However, I do executive work.
I've been a CISO.
I can move on that in that area.
So you can see those are totallydifferent, two different worlds.
I love the technical side.
It's fun doing the risk management,not so much, but I can as well.
What will happen is I justspit two different resumes.
(44:23):
So when I was going after jobs that hadincident response role and director level
role for that, I had that resume putthose skills and certifications towards
the top quicker, faster, better, andthen change my cover letter for that.
And then for the jobs that were CISOrelated, going back into management and
not just an engineering role, you wantedto tailor it towards more business skills
(44:45):
and more collaboration and working acrossorganizations and budgets and so forth.
Because I noticed that this is a role.
If you're too technical, theyactually try to exclude you.
They think you're an engineerand you haven't developed
into a full blown executive.
And so you're going to get in frontof people and then look like crap.
So the thinking is tailored twodifferent resumes, two different
(45:06):
personas, and then look at for those,these common terms instant response.
Sometimes it's called forensics or youcan see they use different terms in these
job titles And so that was my thinking,having three resumes that at least fit
me because it was two major dimensionsI had, and then the third one being
general, and then the cover letter.
How important is a love cover letter?
(45:27):
Because to me, the cover letter for animportant job, I'm not talking about the
one you send out to everybody becauseyou apply to 100 different times, but the
ones that You wanted to differentiate,you knew somebody there, like I've used
a cover letter before at one of these bigcompanies that I knew people working at.
So I said, Hey, not only do I believemy skills match the requirements that
you have, I know that this would be agood fit as I talk to blah, blah, blah.
(45:50):
And this guy really filled me in on theculture and what it's like to work there.
And I just solidified my mindthat I would be a great fit
for this role that you have.
And to me, you can putthat in a cover letter.
You can't put that in a resume and thatat least gives you some insight to who
this guy is, the guy or girl is andwhat they're, where would these fit?
Is that right?
What are your thoughts on cover letters?
(46:12):
I don't know any recruitersthat read cover letters.
Maybe if you're applying directlyto the hiring manager or an
executive at the company, theymay, actually give them a look.
But.
For the recruiting community,I know that they're not read,
they're just skipped over.
So there's some debate on that.
It depends on the person that is hiring.
(46:35):
So it's your personal choice if youwant to invest time in writing them.
I would use the summary section ofyour resume as the cover letter.
Most people will write a summary.
And that's like the moststatic portion of their resume.
They never change it.
I would argue you should, that shouldbe like the part that you change the
(46:56):
most for each job that you applied to.
And I like the strategy that you usethere where you've got a technical.
Version of your resumeand more business facing.
So you've got two core resumes there.
That's where you can start.
But then for that particular jobthat you're applying to look in the
requirements section and figure out,okay, what's important to this company.
(47:19):
And let me highlight the thingsthat I have from there in my
summary and even bold some of thewords that they're using so that.
Without scrolling, the moment theperson on the other end opens the
resume, boom, it's all right there.
Those are some of the things thatI suggest doing when I'm coaching
people and writing resumes.
(47:40):
The resume that I give people I'msaying like, look, this is your
base model here, but, you're goingto customize this for every role.
And yeah, you're going to windup with a lot of resume files.
Just create a folder.
This Joshua Nicholson's resume 2025dash this particular company name,
all right, and refer back to that,but just keep them all in a folder.
(48:04):
You'll have a lot of versions,but it'll increase your chances.
That's good feedback.
I do that.
And I thought it was just whata cumbersome way I'm doing this.
And it was because I was changingthe verbs in the writing and I
wanted to keep track, but I keptdoing that exact same thing.
And that would do.
Version 3.
And then, so I knew whatnumber was my latest.
(48:25):
And then I would put the actualcompany name, at, towards the end
of that I always found it too.
And you tell me how thisworks is that after I got.
Interviewed by a recruiter, it seemed toalways work well to just send a follow
up email 30 minutes later that justsaid, Hey, thank you for your time today.
I had a great conversation.
I believe that I am a match for thisposition because of X, Y, Z. Summarize
(48:49):
that and send them a thank you letter.
What are your thoughts on that?
Is that a good closer rather than justnot saying anything and not following up?
No, highly recommend sending followup emails after every interview.
And it's not like it's going toactually get you the job, but
it solidifies in their mind howinterested you are in the role.
(49:11):
And they're going to be much morelikely to push for you if they know you
have a lot of enthusiasm for the job.
And they can feel that in your follow up.
Very few people do that.
It's a lost art to do that followup, butI would do it every time and I'll also
try to do that as a recruiter too, if I'm,if I have a candidate that interviews and
(49:32):
I know I need to follow up with them andthen follow up with the hiring manager
and figure out, Hey, was it a good fit?
Was the feeling mutual, all this?
If I can get the candidate tosend me a quick thank you note,
it doesn't have to be a book, justa. A couple of sentences, right?
It's just a gesture.
It's not, something thatyou have to write a novel.
As soon as you're engaged,
(49:53):
you're bought into this.
You're on the journey ofthis, taking this job.
And you can see yourself in that role.
I think it's extremely powerful.
And people don't consider that enough.
Especially if they had otherpeople that were there.
That they add the network engineerand the CISO and some other people.
I go hit him up at LinkedIn afterwards.
Great opportunity toconnect to someone else.
(50:14):
And I, and LinkedIn reallysucks when you go to add people.
It doesn't allow you to puta lot of notes in there.
So like when I get added tosomeone new, I just met somewhere.
I'll send them a message through LinkedInreally quick going, Hey, it was great
meeting you at the ISACA conference orwhatever it is, because then now I go
back to that person, I hit messages.
I can see.
Where I learned them from where I metthem from I'm just surprised LinkedIn
(50:37):
doesn't have better functionalityin that area where I can track
That kind of stuff easier, right?
But, what are your thoughts in that area?
Yeah, I send connectionrequests all the time.
People I'm trying to get theirattention or headhunting or whatnot.
I never put a message in that box.
I like to leave a littlebit of mystery there.
(50:59):
But when, if you're at a conference or youjust meet somebody, that's why you need
the LinkedIn app on your phone, right?
I don't have business cards anymoreand I'm probably not going to remember
all the people that I met, but whenyou meet somebody, just go ahead
and pull them up on your phone.
Hey, let me connect with you onLinkedIn right now, boom, press connect.
All right, cool.
Yeah.
I use the card too with my podcastwith a QR code on the back.
(51:21):
Oh
yeah.
Yeah.
They can
get to the right one.
They're not Googling.
But.
And I want to tell you, Blake, I reallyenjoyed this podcast with you coming to
out of time here right at that hour mark,but I think we covered a lot of good
ground and learned some really interestingthings on how best to position yourself.
So I think some of the key takeawaysI heard from you is a work on that
(51:42):
resume, ensure it's clear, concise andshort 15, 20 pages is not going to be.
Not going to be read.
I think some of the other thingsI heard from you is that you
want to work on your LinkedIn.
You want to make sure youraccomplishments are there.
You want to make sure you can fill it out.
Ask for some recommendations,give some recommendations and
(52:02):
then post somewhat frequently.
So you're out there on those boards.
Add yourself to these groups,the job seekers, networking,
whatever the hell it is, group.
Add yourself to it, contributeto other people's content.
Get yourself out there.
I think another thing I heard fromme is just practice that elevator
speech over and over again.
You can tune and have morethan one elevator speech.
(52:23):
Like I was talking about before I havea technical background and I have a
managerial background, and maybe youwant to have two different elevator
speeches for both of those, depending on.
You don't want to waste in my mind,I think I don't want to waste the
recruiters time with them tryingto get answers to the question.
I know they need to get by wasting theirtime about talking about things that have
(52:44):
nothing to do with the answers they need.
So for instance, if they're tryingto get through to figure out these 5
questions to see if you're qualified.
I talk about a lot of other things.
I want to make sure that recruiter getstheir questions out of the way right away.
And now I can move on to things thatmake it make you really think I'm for
that role, I've already checked the box.
Here's the extra stuff.
Does that, is it some way you thinkas well, or what are your thoughts?
(53:08):
Yeah.
In addition to that I wouldn't forgethow important commenting is on LinkedIn,
now, and another thing we didn't talk toomuch about is like the networking stuff.
You gotta network.
Like your career depends onit because it does, right?
The livelihood go to the events, right?
If you're in the cybersecurity.
(53:29):
Community attend the, the cyber events.
I think you and I met at aconference called khaki con.
And so here we are, right?
So that turned into arelationship that we have.
So don't just rely on your digitallife, meet people in person, where
they go, where they hang out.
But also remember that LinkedInis a very powerful tool.
(53:53):
And if you can't getsomeone to reply to you.
Maybe if you comment and engage withthe stuff that they're putting out
there because it takes a lot of courageto post on LinkedIn you're nervous.
Oh, man, people are gonna judge meSo if you go ahead and think it put
yourself in their shoes, man They hadto have some courage to even put this
out there, because Now they're open for,people's judgment here on the internet.
(54:19):
So if you can comment on their stuff,be their cheerleader, root them on,
engage with a little bit, then they'reimmediately going to like you more
and be more likely to, connect yourrequest reply to your DM, and then
maybe invite you in for that interview.
That's great advice.
Thank you so much for joining Blake.
(54:39):
Now, where can we learn more about you?
Do you have your own website?
I know you're with hyper drive.
So I just follow you on your LinkedInis the best way to keep tabs on it.
Yeah.
LinkedIn is a good place to start.
I run hyper drive recruitingalso have a resume writing
business called HR approved.
And.
That was born out ofhyperdrive recruiting, right?
(55:02):
H R hyperdrive recruiting, HR approves.
I'd put that stamp onevery resume that I submit.
This resume is HR approved.
So that became the name ofthe resume writing business.
And then I've also got two podcasts.
I've got the Imperial.
Security bureau podcasts,where we interview leaders in
cybersecurity and engineering and AI.
(55:23):
And then I also have theHR approved podcasts.
We're interviewing people in recruitingjob hunting, career coaching.
And we talk about HR technology, newtechnologies that are coming on the market
locked in AI and my credibility, some ofthese most recent guests that I had on.
So yeah, you can find me.
(55:43):
All over the place, man, probablytoo many places, but there you go.
All right,
everybody, Blake Williams.
Appreciate y'all.
Make sure you hit that subscribebutton, and share this out on all your
social media platforms, and be safe.
Have a good evening.
Thank you.
(56:04):
Thanks for listening to this episodeof Cybersecurity America on the
Voice America Business Channel.
We hope you've learned some valuableinformation to help you be a better
executive leader and navigate today'scomplex world of cybersecurity.
Until next week, stay secure.
Popular Podcasts
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
The Joe Rogan Experience
The official podcast of comedian Joe Rogan.
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.