Mastering the Art of Professional Branding in Cybersecurity with Josh Mason

Episode Transcript
Available transcripts are automatically generated. Complete accuracy is not guaranteed.
Speaker 1 (00:01):
And we're back with another amazing episode of
security happy hour.
I am your host, the cyberwarrior.
This is cyber warrior studios.
As always, you know where tofind us every single week,
without fail.
Now, because it's a Thursday, iknow it's gonna be a little
while to get people in here, soplease share this video, that

(00:22):
way people know to come here,because this is not my normal
day Now, otherwise, look, i loveyou all and I promise we'll be
right back.
And We're back, and with methis evening I have a good

(00:45):
friend, my brother, fellowveteran, josh Mason.
But before we get to you, josh,we need the official sound of
starting security happy hour.
So Right there it is.
That's how you doing, josh.

Speaker 2 (00:59):
Hey, I am doing great .

Speaker 1 (01:03):
You know you like like kept me waiting till the
last minute today.
I'm like, did you lose, likeall military bearing and, like
you know, screws showing upearly anymore, i'm gonna come in
five minutes late, it'll beokay.

Speaker 2 (01:13):
I'm a captain, i just show up.

Speaker 1 (01:17):
That explains it.

Speaker 2 (01:18):
That explains when it starts.
Often it was on started when Igot there.

Speaker 1 (01:25):
That's right.
So how you, man, what's beengoing on?
Cuz I know when we first talkedWell, we first started talking
you were doing Cyber supply drop.
Am I?
am I right?
Yeah doing that.

Speaker 2 (01:41):
Yes, so I think when man last time I was on I think I
was still teaching at JacobsYeah, i Am And then I went to
I&E and built out EJPT And thenI went, tried my nice Carina bag

(02:02):
is a sales engineer at simspace and that was fun.
But now I'm a consultant atNuVic Solutions Working with our
pentester team.

Speaker 1 (02:13):
Okay, nice, Yeah there was a lot of drama with
that whole I&E job man There was.
There was some online warsgoing back and forth for a
little while there there was,yeah, cyber security drama, you
know.
But nah, man, it's good to haveyou on, as always, i always
love your posts.
You know everybody does thingsdifferent and wants to present a

(02:35):
different personality or orpresent their brand in a
different way.
So the way you go about doingthings I appreciate, and I know
a lot of other people do,because even though I'm in the
industry, even though I'm apractice manager now, i don't
put out a lot of cyber securityinformation on them Most of my
information is all just to helppeople with their mental

(02:56):
headspace, because I know thatin this industry we deal with a
lot I mean, that's across theboard But in general we see a
lot of burnout here, and sothat's kind of the way I
approach things.
I don't want to be likeeverybody else because I'm not
everybody else.

Speaker 2 (03:10):
I get that so that's.

Speaker 1 (03:12):
That's just kind of like how I've rebranded myself
over the years and You know,what I really look forward to
doing every day is helping thepeople with their, their mental
wellness and mental welfare.
Oh yeah, well, we've got a fewpeople here already, so look,
hey, if you haven't done so yet,please make sure, like comment,
subscribe.
Well, you can't comment yetbecause it's live, but you know
if you come back and watch therecording after.

(03:32):
But feel free to jump in chat,say some things, ask some
questions.
We're gonna get them as manyanswered today as we can, i
promise.
Now, saying that I did say thiswas gonna be about mentorship
and training, because I haveseen a lot of what you've been
doing.
I mean, you both love JJ Daveyand kind of what he's doing And

(03:52):
so many others out there, youknow.
So, when it comes to mentorship, you take on more that mentor,
mentor role in public, or is itmore For you?
is it more at work, kind of thepeople that you know like?
how do you go about doing it?

Speaker 2 (04:10):
It ends up being a mix It's mostly in public a
little bit of my role at Newvixsolutions I'm I ended up being a
little bit of an outlier.
So I I've been able to come infrom a different perspective
than most of our reallytechnical guys and like Kind of

(04:37):
bring a little bit of that AirForce perspective to things and
so Been able to help with likemarketing a little bit and work
on processes here and work onsome of our procedures there,
kind of just hone in some things.
It's nice because we're a smallcompany, we're growing, and so
there's been a lot of let's dothe stuff, do the stuff, do the

(04:57):
stuff.
And we're getting to the pointof like, okay, cool, what works,
what doesn't work, let's writethat stuff down and then let's
iterate off of that.
So it's been fun.
And Then you've seen a lot of mystuff on LinkedIn.
I I put out a 30-day challengebecause You know, i I believe

(05:20):
putting stuff out on LinkedIn,being part of the community and
participating, is what gets youjobs in today's Workforce.
So trying to just get people todo that.
And some folks I told them hey,if you make it through 30 days
of posting like this, then youcan have an hour of my time.
So far we've kicked off a fewof those mentoring sessions for

(05:42):
folks who have made it through.
I started short because Ididn't want to overwhelm people
with like an expectation oftrying to Right conversation
with me for an hour.
I.

Speaker 1 (05:53):
Think I'm one of the only people that can do that.
Let's be honest.
You know I can hold aconversation with just about
anyone for an hour if not more.
But no, that's awesome and Ilove seeing that because me and
you, i believe me and you and,if not While you were on the
show, at least afterwards.
Me and you have talked aboutthe importance of networking and
social media, oh yeah, and yourbrand and presentation and

(06:16):
everything else, and so havingthat challenge, i think is very
valid, because me myself rightnow, as a practice manager and
in a role where eventually, as Iopen up Physicians, i'll be
doing hiring and things of thatnature.
You know that's what I look atand that's what I tell everybody
that I've.
You know I'm interviewing forsenior positions right now.

(06:37):
You know I've told them.
I said well, what's your brand?
Where are you online?
Can I find you?
what's going on?
You know, because I care moreabout that in your community
involvement and what you giveback, especially if it's, you
know, for our juniors that arein the chat right now.
You know learning in public andPosting, commenting like am I
seeing your name?
Because if I'm not seeing yourname and I don't know who you

(06:59):
are, that means I got to go digand let's be honest, i am in
back-to-back meetings almostevery day.
It is getting very, verydifficult to maintain my ability
to dig.
It is getting very hard So.
I got very, very true the nameswe see or the names we remember
um.

Speaker 2 (07:21):
Oh, man and someone hit me up this morning and I
feel bad because I haven'treplied, but they were like hey,
i see you're posting all thisstuff.
What can I do to get started incybersecurity and even my?
What I usually do with someoneDMs me of like Go check out my
profile because I put it rightthere for you.
Oh, I.

(07:42):
Haven't even been able to Havethe time to type that out.
Yeah, so it's hard.
Yeah, i do appreciate a lot ofthe people who come up with like
real quality questions or likeor participate in the things
that we post, or Folks who arehere like listening and

(08:02):
participating in chat.
I think that's a good sign That, yep, They actually do hair
enough Right, and we do have afew.

Speaker 1 (08:10):
I got a few that just say LinkedIn user.
Peter Lee is here from LinkedIn.
I gotta be honest.
For anybody who is on LinkedInright now watching this,
understand I cannot chat back toyou, i cannot send a message to
you, and there are quite a fewhere that just say LinkedIn user
, so I don't know your name.
If you would like to be seen,you have to be doing one of two
things either following andliking my LinkedIn page or Come

(08:34):
over to YouTube, sign in andthat way we can see everything.
Those are the only two options,because if you're on LinkedIn
and you're not following me Onmy company account for sub-war
your studios then I can't seeAnything.
So just letting you all know.
But for all those that are onLinkedIn and are here, i
appreciate you all.
Very rarely just LinkedIn get alot of viewers.

(08:55):
Normally they all come over toYouTube.

Speaker 2 (08:56):
So good to see you while LinkedIn.

Speaker 1 (08:59):
There it is, there it is.

Speaker 2 (09:01):
Hey Tim.

Speaker 1 (09:02):
So it is good to see everybody here.
I appreciate you all.
I miss you, says I Follow Josh,love his content, definitely
helpful.
Misha is another one of mywarriors.
Been around for a while.
We've been talking for probablyover a year now and with ups
and down, ups and downs, highsand lows, you know she been

(09:24):
getting at it So I can'tcomplain one bit.
Been doing a ton of stuff andjust trying to find her way in.
I'm Andrea is here.
Peter Lee, i don't I best.
First time I've seen PeterAlana's here.
I love Alana, she's always.

Speaker 2 (09:38):
Peter's about to retire out of the Air Force.

Speaker 1 (09:41):
At least she chose the good branch.
I retired out of the army.
I can't claim it was a good one, but I can claim it was a one.
But no, i mean with that, youknow, mentorship is huge and I
think a lot of people go aboutit the wrong way, both mentors
and mentees.
I think we both both sides ofthe coin kind of Make mistakes

(10:04):
along the way until they findtheir footing.
Oh yeah and your eyes.
What is the worst question Youcan be asked by someone?

Speaker 2 (10:12):
As a mentee or like as a mentor, from empty The what
do I do to get started?
Because it depends, that'sgonna be my answer.
It depends, like I need somelead-in, i need some warm-up, i

(10:34):
need to know, like, what thebackground is and what the goal
is.
Like because I'm Learning somebasics like, okay, if you know
nothing, go figure out what acomputer is and what TCP IP
means.
And then, if you got that, okay, now Where do you want to go
from there?
Um, yeah, i don't know.
That's one of those, it's justso vague.

Speaker 1 (10:57):
It is.
That is one of the hardestquestions for you.
When people always ask me howdo I get started in cyber
security, how do I get in it'scyber security?
How do I?
you know X, y and Z with cybersecurity and they go general
with the entire industry is whenI go Well, what do you want to
do?

Speaker 2 (11:10):
and if you don't have an answer for me.

Speaker 1 (11:12):
Then You know, depending on how you approach
this situation like if we have arapport and we've talked and I
know your background And kind ofwhat you're doing, then okay I
can give some guidance.
But if you literally justmessage me out of the clear blue
and that is your question, i'vegot nothing for you.
I'm gonna tell you, figure outwhat you want to do.

Speaker 2 (11:32):
Like, and Kev just mentioned this.
Yeah, i don't like when peoplewon't take the five minutes to
like Google, but it's even forme.
It's worse than that, becausemy page has a whole bunch of
stuff Like that I madespecifically to answer that
question.
Like here, your general broad,where should you start?

(11:54):
here, right here, it's featuredon my page.
You just find my face.
You scroll down a little bit.
So that's one of those ones.

Speaker 1 (12:00):
When I get into my DMs I'm just like What and
that's, and that's one of thebig things for me and that was
So.
So I'm gonna equate this andit's probably a bad comparison,
but I'm gonna make thecomparison anyways because I
think it's hilarious.
And so I had someone clone myaunt's Facebook account at one
point.

Speaker 2 (12:20):
I knew it was a clone .

Speaker 1 (12:21):
I knew she never recreated her account, nothing.
But I said, hey, i'm gonnaaccept this friend request and
I'm gonna let this personmessage me.
We're going and talking, andtalking, and talking and I said,
homie, have you done anyresearch?
He's like well, i'm like, no,really, have you even looked at
what I do for a living?
because it is point blank on myFacebook page everything I do?

(12:41):
Do you really want to play thisgame?
And now is when he was like hesays something.
He's just, we should worktogether.
Dude, if you can't even do yourown research, i'm not doing it
for you.
No, and I treat everything thesame way.
If you want to go into businesswith me, if you want to do
something with, what researchhave you done?
Yeah what do you bring to thetable?
and if you can't tell me that,then You better have a good

(13:06):
rapport with me and have builtup this, this friendship and
this willingness actually get toknow who I am And what I'm
about.
Because it allowed me to get toknow you.
Because if I don't know you atall, i'm gonna tell you to go
hit Google.

Speaker 2 (13:18):
Yeah, um then.
But You know, a great way toget started is, as soon as you
know what is like kind ofrequired to get into
cybersecurity, let other peopleknow.
That goes back to like thatpost on LinkedIn post, like make

(13:39):
tweets, get on Reddit or beyonddiscord, being chats on live
streams like this, and then whenpeople ask those questions, if
you can be the guy or the girlor the person Who gives those
answers, then people, then youbecome part of the chain, you
become part of that mentorshipchain and It'll strengthen you

(14:00):
up and then you get known forbeing that helpful person.
Yeah, i don't know how I gotstarted and all this right, so
sorry.

Speaker 1 (14:10):
They are Infinite and probability AI.
He has a question whatattributes do you think are most
important as a mentor, and whatattributes do you think are
most important as a protege andor mentee, however you want to
word it?
So for you, as someone likemyself that mentors a lot of
people, what do you think themost important attributes are?

Speaker 2 (14:33):
Man As a mentor.
There's sorry, i'm looking upsomething real fast, i think
back to.
You know, top gun.
The Air Force version of thatis weapons school.
It's where Your seniorinstructor pilots or you're like

(14:54):
high skilled instructor pilotsgo to then learn how to become
like the top instructor pilots.
It's Kind of like getting amaster's degree in flying over
six months, as once you'realready a Season pro, but then
you're, you're tagged as aweapons officer, you wear
special patch like weaponsschool graduate and There's a

(15:15):
motto that goes along with it,because then you're looked at as
the people who Who kind of setthe tone for what the rest of,
like the flying community lookslike and smells like and sounds
like, and I think it's humble,approachable and One other

(15:43):
Humble, approachable incredible.
So if you're gonna be a mentor,that that tends to be my thing
be humble, be approachable andBe credible.
So back things up like There's,there's some people we've seen
them that they just spew stuff.
You know like, well, where'dyou get that from?

(16:06):
I mean, there's plenty of thosefolks Who then we have to.
I know, like kevs in here, iknow you, you've run into this
where you're like no, no, no,you don't, you don't need that,
sir, you don't need a degree,you don't need to do that, this
and the other in order to getthat job.
We um like, where'd you hearthat?
Yeah, those folks who like Whobug me?

(16:30):
worry me because they're notbeing like where are they
getting their stuff?
How are they being credible?

Speaker 1 (16:37):
Yeah, for sure.
I think that's one of thebiggest things is we see such a
push and I don't know.
Sometimes, sometimes I worryabout our industry because We
all know coming up incybersecurity, coming up in it
and even for those that cantransferred over into
cybersecurity and or it later onin Their career fields, they
know that there's so muchinformation available online.
Youtube is the school ofYouTube is Fucking amazing.

(17:02):
For anybody who does not know,kev's heck IT support, bearded
IT dad or Azure IT, whatever Ican't I can't remember his name
right now Textual chatter like.
There are so so many people outthere that are doing amazing
things Free, free.
So to sit here and say you needa certification or you need a

(17:24):
degree, no, you just need toshow me you've given an effort,
look for the effort to learn,and that is where your Cyber,
your, your learning in publiccomes into play, because if
somebody says, hey, have youseen this person?
I haven't seen him, not a worry, i'm gonna do a quick search on
LinkedIn or on Google orTwitter or duck duck go or

(17:47):
something.
Yeah what pops up?
Yeah and if nothing, no content,no, nothing pops up.
Nope, never seen him, neverheard of him, don't know who
they are.
Yeah, now if I see them I seethey're commenting on your posts
, or maybe Misha's or kev tax,and they're collaborating and
they're talking and they'reworking together.
That's what I'm gonna be like.

(18:07):
Oh yeah, let me talk to Kevreal quick and see what he has
to say.
Or let me talk Yeah, we talkedto Misha.
Or let me talk to Andrea orwhomever.
I'm gonna talk to these peopleand if, if I can do that and
figure more out about a person,i can say oh yeah, I trust them.
I.
Yeah if I don't trust you, it'sgonna be a hell of a lot harder

(18:27):
to get past the interview casebecause now we're gonna take you
at your word, and I haven'tseen you deliver anything.

Speaker 2 (18:34):
Yeah, and that's.
I Don't want to sound like I'mwhining or we're whining about
stuff.
This question what attributeattributes do you think are most
important as a protege?
like you like laid it out,someone who's who's done the
work that they can, that they'vedone something?
um, one of those things withthose weapons school and struck

(18:57):
like officers are weaponsofficers.
They're instructors, and so youcome to them with like hey, i
don't know, like See what 30stuff, sorry, what dropout suit
I need to be at for this drop.
They'll be like, okay, well,what does the book say?
like what's what's differentfrom this one, from the others?
It's like, well, the book saysthat it's gonna be this or is

(19:18):
that or it's the other, but thisis like a weird case And so I'm
not exactly sure.
It's like okay, awesome, yeah,so that is a weird case.
Let me go show you.
Yeah, but you've walked in likeYou've done the legwork that
you could right that one.
It's written somewhere.
It's pretty spelled out the therest of that, yeah, that's what

(19:43):
people who've been there arefor.
So you, the stuff that's notalready written down pretty much
.

Speaker 1 (19:48):
Yeah, that's my knowledge is huge, right, i
think, especially when you walkinto a job.
I walked into one, what I wasat 2023, so we're looking at
five years ago now, give or take.
You know where I Can learn.
I can learn on my feet, i canhit the ground, run it and kind
of go and figure it out.
But the amount of tribalknowledge of certain systems

(20:10):
that people have is Justastounding, especially when
they've been in the same rolefor five, ten years, three to
five years, like they've been inthe same company, same
organization, working on thesame systems.
They know this shit backwardsand forwards.

Speaker 2 (20:26):
Oh yeah.

Speaker 1 (20:26):
So that's how I judge people those because if they
have that tribal knowledge andshare it, or if they hold it
because they're afraid to losetheir job, Yeah that's when I
judge my seniors and myengineers and things like that
and look at what they're doingmy pen testers, red teamers and
everything because you have,even on the red team side, you
have responsible disclosure.

(20:46):
If at no time, you discloseWhat you have learned other than
a CVSS that's out there becauseyou want to feel special, then
What have I learned from you?
nothing, yeah.

Speaker 2 (21:02):
Yeah yeah, you're hoarding knowledge, and that is
something I can never get by myoh yeah, so kept through this
out, sorry, i keep seeing thesethings in chat That some jobs
require certifications or degree.
I'm like the only job that Iknow like no kidding requires a
degree is to be like an officerin the military.

Speaker 1 (21:24):
It's your department of energy.

Speaker 2 (21:26):
Yeah, I could see that like government jobs were.
Oh, I know I was, I was workingthere.
Yeah.

Speaker 1 (21:32):
I was.
I was working as a contractorfor the Department of Energy.
They were hiring a full-timeposition.
And not only do they require adegree, they require a certain
GPA.
Oh yeah so I had talked to theguy I'd known the manager been
working there for.
I can't even tell you how long,but I knew the shit backwards
and forwards.
I've been doing it for a livingfor a while.

(21:53):
I did it in the Air Force, hadbeen doing it in the Air Force,
in the Air National Guard.
And He goes oh, you need a 3.6GPA in order to get hired here.
I Said get bet.

Speaker 2 (22:04):
I Didn't have any college and he was like.

Speaker 1 (22:06):
And he was like or a CCIE, and I'll pay you six
figures.
I said, homie, i'm justgraduating college this year.
No, no, it's not gonna happenAnd I have no intent of ever
getting a CCIE.
He goes well, then you need a3.6 GPA.
And I said, then get bet,you're not gonna hire any good
people if That is yourrequirement to work.
help desk for the Department ofEnergy.

Speaker 2 (22:29):
Oh my gosh help desk help.

Speaker 1 (22:31):
That.
That's what it was.
It was a help desk position.

Speaker 2 (22:33):
Jeez one in CCIE.

Speaker 1 (22:36):
Well, he said he would hire me at six figures
with a CCIE.
However, the requirement forthe position was a 3.6 GPA in a
bachelor's.
I was like no, i think Igraduated with like a two, six,
seven.

Speaker 2 (22:50):
You know the wild part.
Like every Military base acrossthe country, help desk your
tier.
One is an 18 year old with,like no degree and no cert.

Speaker 1 (23:00):
And they're all got, are they're all defense
contractors?

Speaker 2 (23:05):
Oh no, no, a bunch of more for me.

Speaker 1 (23:08):
So you have two different ones.
You have your knock, you haveyour basically permanent tier,
which is your contractors.
They bring in or at least thisis the way it was in the army.
In the army, because in the AirForce, yeah, i was like you.
You know I've worked,especially for my guardian.
I was the help desk, i waseverything.
That's what we did in the armyOn active duty bases.

(23:31):
You had your civilians thatwere there, and the reason they
were allowed to do everything isbecause they were always there.
They weren't gonna get PCS,they weren't gonna leave, they
weren't gonna do this, but theygot paid like two to three times
more than what if we did?
hmm, And so whenever Icomplained about how
cybersecurity and IT and thingslike that were ran in the
military, i Got told, while youneed a different job, i said,

(23:55):
okay, deuces med, board me, i'mout, i don't care same thing.

Speaker 2 (23:58):
I'm broken anyways.

Speaker 1 (24:00):
See you later.
I you can lose.
You paid over a hundredthousand dollars for my
education.
I'm gonna take it and put itthe good use outside.
See you, yep.
That's the problem with themilitary.
That's the whole differentpodcast and a whole different
conversation of the issues Ihave with the military, the
government and everything elselike that and the way they treat
them.
We're not gonna get into it,but it does come down to

(24:21):
certifications, degrees, all thenonsense that they do.
We do have more questions here,so we're gonna drop his and
We're gonna go to Misha's firstquestion.
When you decide on your path,when do you think it's okay to
ask for a mentor?
Do you learn a little bit of atime or do you do it as soon as
you find your path?

Speaker 2 (24:41):
I'll put this out there.
If you're cool with me, jump onthis one.
Like it's.
Truth be told, i'll takementees that even that don't
even know where they want to be.
I have a bunch of mentees thatwho have no idea Where they want
to be, um, even if they haven'teven decided on their path.
They're just like I want to bein cybersecurity.

(25:02):
It's like okay, that's gonna bemy first question Why do you
want to be in cybersecurity?
What do you want to do?
Like what?
what's driving you to this?
especially there's someonewho's been doing something else
for a while.
I often have the question, likewell, why cyber?
like um, and it's fine,whatever the reason is.

(25:25):
There's a couple people who'vebeen like you know what?
I don't know, that's wheremoney is at.

Speaker 1 (25:30):
It's like okay, yeah, that's gonna be hard, you can
get there, but did you did yousee speaking with that of that,
not to cut you off, but thereyou go.
They see champagne Who put outa post about peace.
People chase not necessarilychasing money, but expecting to
get six figures as soon as theday in or the industry.
Me and her had an amazingconversation, i think it was

(25:52):
yesterday, like yeah, i thinkthat's one of the biggest issues
.
I did it to myself too when Ifirst retired out of the army
now green.
I had the experience.
I thought I should have beenpaid more, but that's either
here or there.
But a lot of people pushedthemselves out of jobs because
their salary requirements asjust entering the field are like
100, 110, 120 and it's like,depending on the state you're in

(26:15):
and the job you're applying for, you can't do that.

Speaker 2 (26:19):
A base level cybersecurity job, even right
now, it's like 80 90 grand ifthat on a yeah depending on
where you're at dude, like whenI got out of the Air Force, move
to Maryland, had to pay statetaxes again, like with a

(26:42):
bachelor's degree and an MBA, asecurity plus already.
My first gig was 125, whichisn't bad, but when I came back
to that area.
I realized I was making.
I I had to pay more taxes andmy take-home pay was lower, or
overall take-home pay was lowerthan the year before when I was

(27:04):
in Florida Make it last,technically, yeah.
And then I got my sys P and itdidn't like, didn't like take
off from there.
It just went up a little bit onmy next gig.
So, like That was, yeah, myfirst civilian job was just
barely over six figures with myfirst job was 60 65 thousand

(27:30):
dollars a year.

Speaker 1 (27:30):
Yeah but they were like, oh, you get bonuses, But
it's not like a guaranteedbonuses based on revenue and you
might get it, you might not getit.
It really depends on how we,how we do and I said I can't pay
my damn electric Off of a.
Maybe like, yeah, i need myannual salary to be able to
cover all my bills And that'swhen I ran into issues with my
truck.
And, yeah, i ran into otherissues when I first try to.

(27:51):
Yeah, it killed me but yeah, I.
I agree with you fighting amentors whenever, yeah.
Yeah, yeah whatever.

Speaker 2 (28:03):
That one's another weird one.
Sorry the pay.
I have a friend.
She just got her master'sdegree in cybersecurity from WGU
and as a Sock analyst she'sgetting like 40.
So like it's, it can be rough,like yeah, we're starting out,
there's no guarantee you'regonna make.

Speaker 1 (28:19):
I was technically in management here in Pittsburgh at
65 thousand dollars a year.
Yeah, i was.
I was a level 11 or whateverfucking title they wanted to put
on it.
It was a civilian job, it wasjust a way the company did their
tiers Technically management,making sixty some thousand
dollars a year.
So no Me.
I took the job because I neededa job.

(28:41):
I needed because in thisindustry you need the experience
to then get better jobs.
But my second job took me to 95and then a year later took me
over six figures.
So it took me three years to beretired out of the army, with
every damn letter after my name.
That is humanly possible.
So for anybody that gets asecurity plus or maybe a

(29:02):
one-sand start and expects to bemaking 150 plus a year, i'm
sorry.
Go live in California for that,where you're still broken on
the street Like that.
That's not gonna happen, unlessyou have the experience in a
way to break in or you'venetworked enough that somebody
can bring you into that rate.
Yeah, just it took me one two,three, roughly three or four

(29:25):
years after we're tying out ofthe army and working civilian
jobs to even get close to 150.
Oh yeah, i think that's a goodpoint To 150.

Speaker 2 (29:33):
Oh yeah.

Speaker 1 (29:34):
So just saying it takes a while, you can't do it
right away, and people that havebeen lied to and say it's
possible, those people that livein California and that is the
basically minimum wage.

Speaker 2 (29:46):
Yeah.

Speaker 1 (29:47):
Hey Jack.

Speaker 2 (29:47):
So hey, david.

Speaker 1 (29:51):
Jacks is here.
Oh nice, i love seeing Jackshere.
Jacks is awesome, oh yeah, um,let's see.

Speaker 2 (29:59):
So I don't know where .

Speaker 1 (30:00):
James is.
He says his base for cyber ismore around 55 to 70.
That sounds about right,depending on your state.

Speaker 2 (30:07):
But what I would entry in.

Speaker 1 (30:09):
I will say this With the exception of your fangs,
which so many people don't workout, your google's, your
facebook's, your or whateverthese big billion dollar
organizations, your, you canwork remotely and get what their
actual wage is.
Google will pay you based onyour state, and I know that

(30:30):
because I argued with them and Isaid give me California,
sallery and Pittsburgh, and theysaid no.
So I said no, it ain't nevergonna happen.
Um, but a lot of your smallerorganizations and mssp's and
things like that, we will justgive a flat rate, regardless of
where you and they'll put it onthe job application.
Now We do that.
Your where I work atstratoscale.

(30:52):
It literally is We're gonnagive you the.
The range goes from this amountto this amount And depending on
your experience, and da, da, dada, this is where you're gonna
fall, yep.
So we don't lie, we don't hideit.
This is, this is what it is.
Some people give the range andwe're like dude, i can't meet
that.
Like And and people that comein lower Dude, then you're gonna

(31:13):
get it.
You're gonna be happy when wegive you your salary because
it's gonna come in a hell of alot higher.
Like right this stuff is put onthe applications is put out
there on the job descriptions.
It is what it is, but 55 to 70,that's not bad, depending on
where you're at, for a startingjob in cybersecurity.
It's actually pretty good as ajunior analyst and I'll even say

(31:33):
junior g or c to be honest.
So, um, but yeah, so that, allright, let me unstart that one.
Let me unstart that one, uh, uh.
Do you do When people ask ageneral question of how do I get
in cybersecurity?
How long do you tell them towait to choose their direction,
or do you tell them to startright off?

(31:53):
That's for you, homie.

Speaker 2 (31:56):
All right.
So I always tell people tostart aiming for something.
Um, there's again, there's somereason why they picked
cybersecurity, whether it waslike mr Robot, or they want to
be a sock analyst, or even formoney.
Um, whatever it is, go afterthat, go after that, aim for

(32:18):
something.
Um, it's one of those things.
Uh, i see people bounce aroundand like they're trying this
training and that training andthis training and that training,
and Um, then they'd wonder whythey can't get a job.
It's like well, you're a legit,a generalist, like I'm, i do

(32:43):
all the like, all sorts ofthings, but like You gotta have
at least like one thing thatyou're more than everything else
.
Just a little bit.

Speaker 1 (32:58):
Yeah, i don't disagree because there's.
So when I started out Again,coming from the army, a lot of
our research, even my researchgrowing up, when I was in high
school, coming out, while comingout of high school into college
, i did a lot of offensivesecurity.
I thought hacking, pentesting,i thought it was the shit.
So I learned there was a hellof a lot of paperwork behind it.
So you know, when I came out Ihad already had those.

(33:22):
Certifications were easy for me.
Every, every certificationsands brought in front of me
knocked it out, not because itwas easy, but because I had been
doing it for years.
So it was easy to me.
The shit you learn is not easyif you've never done it.
Putting that out there, don'tthink that I'm just like some
Amazing No, no, no.
I have been doing researching,learning for years, every day,

(33:46):
two hours a night, without fail,if not longer, and and so for
me, the offensive side I loved,but what that translated to is
when I started learning thedefensive side, i was able to
speak the language because Iunderstood what I need to find.
If I'm going to sit there anddo a brute force attack, i need
to be sitting there looking forsomebody banging on the door

(34:07):
with the same IP address overand over and over and over and
over again.
But I don't care about that.
I care about that IP addressnow gaining access after failing
so many times.

Speaker 2 (34:19):
Now I've got an issue .

Speaker 1 (34:20):
I've got something I got to be concerned about.
So I care about the correlation, i care about how these things
work together.
So, yes, i got my incidenthandler search.
Yes, i had my GSEC search fromSANS.
Actually I still have it.
Till the end of the year I havethese things.
But it wasn't that, it wasunderstanding that through

(34:40):
offensive security I can now doBlue Team.
But in order to do true redteaming, you need to understand
the Blue Team.
Because how can you actually goin silently I say true red
teaming, not pen testing, truered teaming which is being
silent?
How can you do that if youdon't know what your EDR tools

(35:04):
are?

Speaker 2 (35:05):
Oh yeah.

Speaker 1 (35:06):
What your SIM tools are, what your firewalls and
your TANIAMs and all these otherthings out there.
If you don't know what they areand what they can do, how can
you hide from them?

Speaker 2 (35:17):
Yeah, this is the end of the second week for one of
our teams doing a red teamengagement And they had a
foothold yesterday and thismorning they lost it Oh.

Speaker 1 (35:34):
Man, that's rough.
So was it a restart and theydidn't have persistence, or do
you know?

Speaker 2 (35:40):
I don't I mean, but here's the thing, here's what I
can guess it is.
It might have been Defenderfinally picked something up, or
like Carbon Black noticed weirdactivity.
Yeah, but it's exactly that Ifyou don't know what an EDR is

(36:02):
and what it's looking for andlike how to hide, then you can't
really like do any of that well, And I'm going to give a little
bit of tidbit of advice for mypotential red teamers out there.

Speaker 1 (36:19):
Your EDR tolls hook into the kernel, so hiding from
them requires you to be very,very stealthy and be able to do
things without triggeringbehavioral or machine learning
or anything like that.
Or somebody leaves somethingopen that you can disable it.
So I'm saying there's only twoways.

(36:41):
You're either good at what youdo or you know how to shut it
off.

Speaker 2 (36:45):
Yeah.

Speaker 1 (36:46):
And some of them out there, or some EDRs and some
companies will allow you to shutoff the most sophisticated EDR
on the market.
They'll give you access tosomething stupid and you'll be
like and turn this service off.
I'm good to go Now.
I can do whatever the hell Iwant, just say it.
Oh yeah, jax, i don't knowwhere you're at, but hey, have a

(37:09):
good one and I'll talk to youlater.

Speaker 2 (37:12):
Sounds like she's in England.

Speaker 1 (37:14):
Yeah, it's 1230.
So I don't know where she'straveling to.
But yeah, red teaming is roughbecause people confuse red
teaming with pen testing.
I consider them two completelydifferent things.
There it is A red team wants tobe quiet.
A pen test is going to useMetasploit, nmap, any tool they

(37:37):
can burp suite.
You name a tool that is loud,noisy and all you got to do is
hit an auto button and a pentester is going to use it.

Speaker 2 (37:46):
Yeah.

Speaker 1 (37:46):
A red teamer.
Their goal is to get by allyour defenses and not get caught
.
A pen tester is going to tellyou hey, I got stopped like
three times and isolated.
Can you turn this shit off now,because my tools aren't getting
by it, Which validates thatthey work against script kitties
, but not necessarily thatthey're going to work against an
actual attack.

Speaker 2 (38:08):
A lot of red teams will eventually get to a point
where they ask for a zoom breach.
Yeah, because you want, wetried this, tried this and tried
this and tried this and failed.
That's valuable.
But then at a certain pointit's like, okay, what you really

(38:28):
want is to know all of thisstuff.
So we fished, we checked allthe publicly facing stuff.
Now let us in so we can do therest, because you do care about
that as well.
Because just because we didn'tfind it doesn't mean someone
else isn't going to find it.
Yeah, or that you patch andit's a bad patch, or you add

(38:50):
software next week that letseveryone in Why chain man?
There's always something.
There's always going to besomething.

Speaker 1 (38:59):
And this is something that a lot of people don't want
to hear, especially when youwork in cybersecurity and work
for cybersecurity firms andyou're like oh yeah, we can help
protect you, secure you.
Da da da.
Nothing is 100% guaranteed inthis industry.
If any company, any tool, anyvendor, anything comes out there
and tells you oh yeah, 100%, dada da, you will not get

(39:19):
breached, they're lying to you.
It is a marketing ploy becausewithout the people, the
personnel, the IR, the IH,everything, it's an entire
process, an entire system.
If that system isn't spot onwhich none of them are.
Let's be honest Facebookfucking went down, google's gone
down, amazon's gone down.

(39:40):
All these huge corporationshave gone down.
You're going to tell me yoursmall little mom and pop shop is
going to be able to defendagainst someone sending a
fishing link?
Good luck.

Speaker 2 (39:49):
Oh yeah, man, one of my friends.
They asked me to help source aweb developer for their company.
They're doing well, but it'sonly a couple of people full
time.
They basically are middlemenfor a couple of organizations
doing shipping.

(40:11):
I was sitting with my friend'swife and my wife are close
friends and our kids are in homeschool co-op together.
We were sitting one day and Idescribed all the things I could
go wrong very quickly and itscared the crud out of her And

(40:31):
she's like how do we keep frombeing hacked?
And I was like that's not thequestion that I would want to
answer for you.
Instead, what will happen ifyou're hacked and what can you
prep for in case and or slashwhen that happens?
And I think that's morevaluable.

(40:52):
What backups do you have?
What's your process going to be?
How much can you save orrecover in a different way?
Truth be told, one of the firstthings that we learned at cyber
warfare school in the Air Forcewasn't at all about networks or

(41:14):
computers or security.
It was about continuity,business continuity and coming
up with contingency plans anddifferent COAs for maintaining
continuity of operations.

Speaker 1 (41:31):
And I think this is one of the only times, man, it's
going to cut me deep to admitthis.
I never, never, want to admitthis, but that is one of the
things that the military gotright.
And a lot of businesses failAnd the military got it right.
And you got to look atcontinuity of operations.
You got to have a BCP, you gotto have a DRP.
You have to have all thesethings.

(41:53):
And if that's not in place,then it doesn't matter what
security told you you put inplace, because it's going to
eventually fail.
Something's going to slipthrough the cracks, some
vulnerabilities and come outthere.
And when your shit gets pwnedat ransomware, what are you
going to do?
I've got a company right nowthat I'm dealing with that.

(42:13):
I'm like, got to figure out.
You know, homie, you went witha different IR company.
I can't help you.
All I can do is wait for thatcompany to finally hand it back
over to us So I can sit thereand say, okay, let's bring you
back up to full speed, becausewe've got to do a whole bunch of
rebuilding.
So again, bcps, drps, all thesethings it's not the only thing

(42:38):
the military got right over tocivilian sector in that, in
cybersecurity.
Because, in cybersecurityitself.
The civilian sector, with theirlack of needing clearances and
all this other nonsense, willhave the military beat any day
of the week.
And PT tests You need a PT test.
Look, i am 255 pounds and sixfoot three.

(43:00):
I could not pass a PT test atthis day, but guess what?
I could sit there and help yourun your security.

Speaker 2 (43:07):
Oh yeah, nope, oh, this is very, very true.
Oh yeah, no idea what my mileand a half time is right now,
and I'm happy with that.

Speaker 1 (43:20):
You're probably like at mine, which is like I don't
know, wow, we'll get there 13,maybe 15 minutes, you never know
.
And that might be on a good day.
We have a few other things todo I don't miss that feeling.
Me neither.
I used to smoke before andafter my runs.
Don't get it twisted.

Speaker 2 (43:41):
And.

Speaker 1 (43:41):
I'm still a smoker, so not running and then having
to do that now, yeah, it'll beall bad things.
So I know James asked this tome, but I'm also going to ask it
to you How do you recommendapproaching someone to ask them
to mentor, and what is differentfrom that?
And when you just ask someone adirect question?
So I'm going to let you handlethis first, Josh, and then I'll

(44:01):
take it.

Speaker 2 (44:02):
Yeah, Yeah.
So like there's, I'll go with.
What I've done for my mentorsis hey well, truth be told,
before I even send them a directmessage, like I'll go with Neil
.
So Neil Bridges, Great guyBefore I started.

Speaker 1 (44:23):
If you're not connected Neil, connect to Neil.
Neil's a great guy, him, andthere's a few others out there,
but Neil is definitely one thatyou want to connect with.

Speaker 2 (44:30):
Yeah, or Jerry, jerry , before I started sending the
messages directly, like I showedup on their streams when they
posted things, like I followedthem and like put a notification
on LinkedIn.
So, like when they postedthings, like it would come up
either first or I'd get anotification for it and
participate in that conversationbecause I found it very

(44:52):
valuable.
Then it got to the point oflike this is more than what I
want to ask in the comments,this is going to be personal.
And so then I was like, hey,neil, i was wondering, like
you've made this post about this, and I kind of wanted a more
personal answer than I think youwould have expected if I had

(45:15):
asked or talked to you in thecomments.
And he came back and was like,yeah, like, get on Discord,
let's talk about this.
And that's kind of told.
How that started is.
I had asked questions in stream, i had commented on posts on
LinkedIn and was on Discord, andit was finally like, yeah, get

(45:39):
over here, like, let's talkabout it.
Like, what are your careergoals?
What do you want to do?

Speaker 1 (45:44):
So, yeah, That's the big thing I have found for me.
So and so this is where I'mgoing to tell you, james, even
my first few jobs outside of thearmy.
now I'm different.
I am a whole different breedthan a lot of the people you
will see me talk to on thisstream And in general, i grew up
in IT.
I grew up fixing computers.
I'm 36 years old, had my firstcomputer and fixed it when I was

(46:06):
like seven, eight, maybe nineyears old with my dad.
I grew up in this industry Igrew up on.
Wi-fi came about and Americaonline of punters and all this
other stuff been there.
So for me it's a littledifferent, right?
I didn't look for a mentor onhow I get into the field,
because I didn't need a mentorto get into the field.
I was already going to themilitary, knew what I wanted to

(46:27):
do and just followed my path andwent with it.
But what I did do and this iswhat I tell everybody, whether
it's a mentor or you're tryingto find a job I reach out to
people and talk to them, figureout who they are, what they're
about, what companies they workfor.
What can you tell me about thecompany you work for?
I get in the nitty gritty thatway, when shit hits the fan and

(46:49):
I need something like a job, ican say, hey, look, i'm looking
for work.
Do you got anything?
I will not lie.
The person I work for now I'veworked for twice before because,
a he's prior military, so wehad something to bond over, and
B because we had been talkingsince before I retired out of
the army.
When I got my first job withhim, it was because the

(47:14):
recruiter came to me.
He was like, hey, we hire cybermilitary veterans and we place
them in positions, all right,cool.
What do you got?
Oh, we got this job here andthe one person already knows you
And I was like somebody knowsme.
Who the fuck knows me?
I'm nobody.
I'm literally just coming fromthis role.
I've been out of the army forsix months.
What the fuck are you talkingabout?
Actually, i've been out forprobably about eight to nine

(47:37):
months And then I looked up whoit was and realized that, oh,
i've been talking to this manfor like probably the past year,
since I knew they were going tomed board me and put me out.
I was like I'm really bad withnames, but because I had stopped
talking to him because I hadfound a job, wasn't even
thinking about it, didn't eventrigger, and so I looked it up
and then I've worked for himagain after that And then I

(48:00):
worked for him again.
Well, no, and so these thingsjust happen where, if you
develop a rapport, if you builda community, if you talk to
people as humans and notsomething that you want
something from, that is thebiggest thing.
You want nothing from themother than let us build a
relationship.

(48:20):
I know you're better.
I ain't going to say better.
I know you have been in longerthan me and have more
intelligence at this point, buthelp me get to your level.
Help me figure out where I needto go.

Speaker 2 (48:34):
Yeah.

Speaker 1 (48:34):
That's important.
I'd rather have someone comeand tell me hey, i don't know
shit, where do I start?
Because I see this term thrownall over.
can you at least definecybersecurity for me Instead?
of saying hey, how do I getinto cybersecurity?
Can you define it?
Can you put something behind itso that I know what to look for

(48:57):
?

Speaker 2 (48:58):
Yeah, exactly.
And, truth be told, i wantpeople to DM me with hey, how do
I get started?
Because for me it makes me it'sone of that self-reflection
back on the points that I wantto have as a mentor.
I want to be approachable,someone's willing to come up to
me and be like, hey, how do Iget started?

(49:18):
Good, i'm putting out the vibesI hope I'm putting out.
I want to be putting out Thatsomeone can just come up and ask
that, good, that's what I want.

Speaker 1 (49:30):
So yeah, That's what I see.
That's the way I look at it,too, because I want everybody to
know that they belong.
They belong here.
This is why I call everybodywho watches my streams or
watches the recording or any ofthe videos I do, or responds to
me on LinkedIn or on Twitter.
I am literally everywhereTikTok, facebook, twitter.
Yes, someone talked to me intocreating a clapper account,

(49:52):
although I think it's thedumbest freaking name ever for
an app.
I'm on Blue Sky.
I'm on everywhere.
Anybody reaches out to me.
It's because I want you to knowyou belong.
This industry is for everybody,and I don't dislike anybody
unless you give me a reason.
And so for me.

Speaker 2 (50:09):
I can change my mind on that.

Speaker 1 (50:12):
Right, yeah, there's a lot of people out there that
I'm just like I don't know if Ilike you, but then I start
talking to them, like, oh my god, you're an awesome person.
All right, cool, let's chat.
Let's get this out.
There's others that I'm like,dude, you're awesome.
And then we start talking.
I'm like maybe not, I don'tknow.

Speaker 2 (50:30):
I think everyone has the potential to be awesome or
super annoying And, truth betold, that can change, because I
know I've been on both sides.

Speaker 1 (50:40):
Right, we're both open to conversation, and that's
the thing.
That's the kicker.
I don't care who you are, cometo me, ask your questions, we'll
figure it out together.
This is a family, this here.
I call everybody my warriors,because you're all my family.
I want the best for everybodyhere, and Josh is the first one
to understand that, because hewas on over a year ago.
I think it's been a year.

Speaker 2 (51:02):
Yeah, I think so I think he's been on here.
Well, this is again moreBecause Cyber Supply.

Speaker 1 (51:05):
Drop was the biggest thing you were offering.
That was before I&E.
So you started I&E And youdidn't quit.
You stopped promoting CyberSupply Drop when, as you were
going into I&E- Yeah, yeah,we're still going.

Speaker 2 (51:22):
We're running in Requiter Doing internal Q&As.

Speaker 1 (51:28):
You're still my hashtags down below, by the way.

Speaker 2 (51:31):
That's awesome.

Speaker 1 (51:32):
Cyber Supply Drop is still there.
So if somebody's looking forCyber Supply Drop, you're going
to find his video eventually.
Let's kill her.
I'm glad to know you guys arestill doing it, though While I
had seen you come out, I thinkit was this year you had put on
a post about Cyber Supply Drop.

Speaker 2 (51:51):
One of the things.

Speaker 1 (51:51):
This year was either this year, near the end of last
year, that you guys were stilldoing things And I was like, ok,
good, because that would havemade me upset if he's not doing
shit anymore.

Speaker 2 (52:00):
I took a little bit of a break.
I didn't close anything down,but it's all volunteer.
Yeah, none of us are playing.

Speaker 1 (52:08):
I like my show.
Everybody who wants to doanything, it's all volunteer.

Speaker 2 (52:13):
Yeah.
So it was like, hey, peoplejust got busy with stuff and
Discord got quiet And I was justlike, all right, i'm not going
to put a ton of effort into thisright now.
We'll come back or re-attacklater, when I have energy for it
.

Speaker 1 (52:30):
Yeah, i completely get that.
I'm actually working on someother projects right now, which
anybody who follows me on aregular basis and views my
shorts and views my TikTok orInstagram Reels they see the
other projects I'm working on.
But yeah, same way, we'reattacking it hard now, but I can
slowly see things that mightfizzle out eventually, just
because we all have lives Andwhen you don't get paid for

(52:54):
something, you're kind of likeall right, i'm going to keep
going And going until finallyI'm like all right, i need to
break, yeah.

Speaker 2 (53:01):
All right, I need to breathe for a little bit.

Speaker 1 (53:03):
I need to breathe, but we do have two more
questions here.
We got some time.
Of course, this is my show.
You know it all.
What is the best guy to use tocreate a cybersecurity specific
resume?
Lee, there's no stupidquestions at all.
I just despise that question.
That's just me.

(53:23):
I'm going to let Josh take it.
I despise that question, butI'll let Josh take it.

Speaker 2 (53:29):
Noobvillageorg forward slash resumes,
everything.
The template that I use.
That I got from Stefan Samorothwhen he made my first civilian
resume for me.
Stefan, Samoroth.

Speaker 1 (53:44):
I mean, was it Stefan Samoroth from Budapest 7?
Is that what?
you said No.

Speaker 2 (53:50):
Though I have thought that myself.

Speaker 1 (53:53):
OK, cool.
I mean, i'm not one to make funof names, it's just really what
it sounded like originally.
I ain't got a lot.

Speaker 2 (53:58):
He's a West Point grant.
He's a good guy.

Speaker 1 (54:01):
Oh, that explains it.
West Point grant OK, makessense.

Speaker 2 (54:06):
He was a recruiter back in the day running his own
company and sold the company.
It's now at VP at Avant doinggood stuff.
But his advice I tagged onNiels and Cheryl Dozier's and
Jason Blanchards and Kip Boyle'sadvice and done a couple crew

(54:28):
villages alongside Kip and FrankVictory, his real last name,
which is awesome, he's amandiant, he's a good guy, yeah.
So it's a lot of that advice onthat page.
So it's the template and theguide I use.

(54:48):
Newvillageorg forward slashresumes.

Speaker 1 (54:52):
I will say this When it comes to a cybersecurity
specific resume I hate that term.
It needs to be a job specificresume, yes, which I hate even
more.
I ain't gonna lie.
I really do, because I'm thesame person that writes my
resume, sends it out to whoeverI need a job for which I don't
do anymore.
I only did that when I firstretired, but that's what I was

(55:16):
doing And it was legitimately,because whoever appreciates this
understands that this is what Ibring to the table and fucking
everybody else.
But it wasn't cybersecurityspecific.
I legitimately just looked upresume styles in the way they
were formatted and things likethat.

Speaker 2 (55:35):
And what?

Speaker 1 (55:35):
in the information.

Speaker 2 (55:37):
Yeah.

Speaker 1 (55:38):
That's all I did.
I legitimately just took aresume style, filled it out.
There's no for me, unlessyou're including a YouTube
channel or a blog link or yourLinkedIn address or something
like that in the very top header.
That gives me something to lookat and go.
I'm going to click that, butI'll type that in.

(55:58):
I don't consider cybersecurityspecific resume any different
than any other resume And that'swhy I don't really necessarily
like the phrasing of thequestion is because all resumes
look the same for the most part.

(56:19):
They should have the same thingsWho you are, what you're about,
your education, your experience, and that's it.

Speaker 2 (56:26):
Yep.

Speaker 1 (56:28):
Like resumes here in the US unless you're going for a
government job are not the samein the UK and EU.
So the UK, the EU and someother places they call them CVs
and they want government styleresumes.
Give me every single bit ofexperience you have, depending
on what level you're going for.
That shit better be 10 to 15pages long.

(56:50):
Here in the US we want yourresumes one, two pages maybe
because, I want you to put yourmost important information in
the very top in the first 30seconds.
When I scan that resume, ibetter see everything important
that's going to get you this job, or at least this interview.

Speaker 2 (57:09):
Exactly.

Speaker 1 (57:10):
After that, if I like that, then I'll read the rest.
If I don't like that, then I'mjust kind of like, all right,
cool, out the door.

Speaker 2 (57:19):
I'll tell you I cheat .
My resume has never gotten me ajob.
My connections have gotten mejobs.
My resumes, though, i tune themfor the jobs by looking at the
job descriptions, taking thephrases that they use like a
person who I am, a person whodoes, or if there's something

(57:42):
specific in there of looking forthis, i did that Here.
I'm going to take that pin itwith the exact case that I did
and that's now one of my bullets, that way if they read through
it they're like ooh, this readslike I wrote it Because I did.

Speaker 1 (58:00):
So this is the flip side to that and this is what I
will say As we get into.
So me, when I interview people,i don't necessarily do a
technical style interview.
I'll be honest and I'll put itout there.
I don't fucking care, i'm theone hiring you, so I really
don't give a damn.
The way I do interviews for meis I want to know who you are as
a person.
I'm going to ask a little bitabout your experience.

(58:22):
If there's something inparticular that I need for the
specific role, i'll ask aboutthat.
But in general, i don't fuckingcare, because you're going to
go to a board.
People are going to ping you onthe things that you stated on
your resume.
I don't need to know thatbecause I'm going to sit there
and I'm going to look at yourprofile.
If you're not learning inpublic, then I need to know
you're going to be a fit forsomeone I can interact with on a

(58:43):
day-to-day basis.
It's going to understand thatthere's more to this role than
just point and click.
I just got to do this all dayin closed tickets.
That's not what it is, but thetechnical side is what my other
managers and directors andThings like that are for?
yeah, i could care less aboutthe technical.

(59:03):
I care about you as a person.
I care about what you bring tothe table, You're gonna bring to
my team Or you're gonna bringto all these things, and if you
tell me you're a mentor, tell meyou're a teacher, you tell me
you're a consistent learner.
Those are the things I careabout.
That will never show up on aresume, because if they do, then
you're leaving something elseout.
That's not gonna get youthrough that.
A TS system that the recruiters, the HR and things like that

(59:26):
are never gonna see.
Yep, i care about that, and sothat's what I'll ask you.
So you want to get through oneof my interviews?
Tell me about what you do forthe community, plain and simple.
Oh yeah cyber security specificresume does not exist for me.
It's a resume.
It's gonna show me the toolsyou use, the education you have,

(59:46):
the jobs you've held, your nameand Anything you've done in
public, and I'll look for that.
But I don't, i don't, i don'tcare about any of that.
I'm a look, just so I know, butI really don't care.
Be honest, me personally, idon't give a damn Yeah, unless
I'm hiring for a specifictechnology.
I Really don't fucking care,just don't.

(01:00:09):
So you can keep talking.
I got some more questions here,holy shit, yeah, okay, we're
gonna keep coming.
So we're gonna hide that one.
Get rid of that, yeah they arewhat mentor or protege Made a
mistake and wanted to give up.
When mentor or protege made amistake and wanted to give up,

(01:00:30):
what do you do as a mentor orprotege?
to keep going.
So if someone wants to give up,whether it's you as a mentor or
you as a mentee or protege,yeah, how do you keep going?
or how do you instruct othersor help others that keep going?

Speaker 2 (01:00:50):
Yeah, man.

Speaker 1 (01:00:56):
This is my lifestyle and this is what I do, so this
is why I'm waiting for you tocome up with an answer.
I know how I handle it.

Speaker 2 (01:01:04):
Like you gotta tie it back.
It goes back to the why for me,like, um, momentum worry, oh,
like we could leave life at anymoment.
So we got to decide, like whatit is we're going to do with
that.
Um and so from there, like,what started you on this path to

(01:01:31):
a new job or a new career, andHas that changed At all?
like, if someone's wanting togive up, like, what are they
doing instead?
like is this something thatThat we need to?

(01:01:51):
like, how badly are they givingup?
like, do they need more help,or is it just that this is hard
and The change is they want togo for something easier?
It's, truth be told, thatnothing gets any easier.
Done a lot of things.
All of them wait this It'ssupposed to be easy.
Yeah, none, there's reallynothing.
That's easy.
We left that behind in highschool.

Speaker 1 (01:02:14):
Yeah, right there.
I get mad at my parents everyday for making me become an
adult.
Fuck this shit.
I'm done.
I quit.
Can I turn in my car?
can I?
can I get a refunds?
bullshit, i won't be an adult.

Speaker 2 (01:02:27):
Yeah, so you're not wrong.
Yeah, like what is it that'sthat's getting going in the
first place?
Let's refocus on the goal.
So you're at what we're goingafter.

Speaker 1 (01:02:42):
You know, i gotta be honest is one of the biggest
things for me is knowing yourwhy.
Yeah, your why is the mostimportant thing ever this?
and they carry you throughwhatever and and if Kev tech is
still here Actually, i know ARwatch this quite a bit, so I'll
probably bring it up, and so Igot my beer ready on my walk
with me.
Podcasts, as you all know, oranybody who hasn't listened or

(01:03:03):
watched it yet which is onYouTube and all major podcast
platforms.
That is one of the very firsttopics I talk about, because
knowing your why can get youthrough every obstacle If it is
strong enough.
If you're, why is money, andthis is why I despise people who
get this.
I well, i can't say this, butthis is why I Have a hard time

(01:03:25):
dealing with people that aregetting into cybersecurity for
money, because it's gonna take ahell of a lot of time, a hell
of a research, and you have tocontinuously learn Right?
So when you hit that firstobstacle, if you're only
reasoning for getting in asmoney and your boast Your base

(01:03:46):
salary is less than what you'relooking for, you're gonna give
up and quit.

Speaker 2 (01:03:52):
Yep.

Speaker 1 (01:03:54):
You're what?
why I keep going.
Now for me, my why is a I lovethis shit, i love what I do, i
love cybersecurity, i love allthat it entails.
And then on top of that, i havethe added bonus of Well, guess
what I could teach my kids it?
I can help my wife protecttheir shit, i can help my kids
and I can look at my computer.
And when my bit defender goesoff and says hey, you have eight

(01:04:17):
different warnings for peopletrying to use a botnet against
your computer, cold as you blockit, yes, i'll give one to you.
did your job.
I know what it's saying.
I don't got to be scared.
I can look at it, read it andgo All right, we're golden, i.
But for others, when it's like,if you don't have that Strong

(01:04:41):
enough, why your firstimpediment, your first obstacle,
your first hard time?
here I'm like you know what?
I quit.
I don't want to do this shit,no more.

Speaker 2 (01:04:49):
Yeah.

Speaker 1 (01:04:52):
Then that's when I look you and I go then.
Then we either need torediscover your why, or you need
to find a different careerfield.
Yeah because this just gonna behard, it's not easy.
Yeah it will never be easy,even now, for as long as I've
been doing it and I am now inmanagement even still, to this

(01:05:14):
day I Wake up every morningloving what I do and going this
is such a pain in my ass.
Let's get at it, let's figureit out, we're gonna make it work
.

Speaker 2 (01:05:24):
Yeah, I Mean it'd be boring if it was easy all the
time that I couldn't do an easylife.

Speaker 1 (01:05:30):
I couldn't do any job .
If my back could take it tothis day, i'd probably go be a
wrestler or do something thatrequired a whole bunch of
fucking flippy flip, becauseFuck it be hard and I just want
to learn new shit.
Let's go do it.
It's great, i'll get my asskicked for a living.
Let's have fun.

Speaker 2 (01:05:48):
Yeah.

Speaker 1 (01:05:48):
I said the army, screw it.
What's good?
What's one more?
Let's go have another job.
I'm gonna be a mic, get mad ifI go try that right now, because
I'm 90% disabled, so they mightbe like homie, are you really
disabled?
Like yeah, i am, but they'regonna pay for me to get fixed,
so can I get mad?
And I'm like the VA.

(01:06:09):
They might give me the gooddrugs, i might be able to go
wrestle and get the good shit,but but yeah, man, it's.
It's crazy, my back can't takeit.
Also, i'll be a wrestler.
Peter, if you're gonna be awrestler, you need to look up
the savage gentleman I'm justgonna let you know.
That's my boy.
His wife is now on AEW, or OHfor the two.

(01:06:30):
She did her AEW debut, i think,last week, so I was there.
I got pictures on Twitter.
Look it up, all right.
So next question of course itcomes from a our, because my boy
always ask questions man.
What practice, hobbies, habitsdo you have in your personal
life that help you, help yourprofessional life?
How do you stay inspired whenfeeling burned out Goes

(01:06:54):
hand-in-hand.
Go ahead, josh.

Speaker 2 (01:06:56):
Yeah, um, yeah, goes back to that why, like, why are
you doing anything?
What?
why?
Why are you getting out of bed?
and, truth be told, if you getto the point where you're like I
don't know, that's a great timeto take a vacation and do some

(01:07:16):
soul searching And like, allright, what are we doing here?
Talk to your significant other,like talk to your mentors, your
, your shrink or your religiousleaders and like like, hey, i
don't know what I'm doing here,but, yeah, i don't know.

(01:07:38):
I've got a lot of hobbit,hobbies that I do that aren't
necessarily tied to what I do atwork, but I Also believe that,
like there's nothing that you dothat isn't related everything
else you do.
How you do anything is how youdo everything.
Marcus really is, quote Um.

Speaker 1 (01:08:02):
You love your quotes.
I.

Speaker 2 (01:08:06):
Got a calendar.

Speaker 1 (01:08:14):
I can get behind that , though, because Even for me,
you figure, when I first startedmy channel, when I first
started doing everything, i hadalready been working in
cybersecurity was doing newvideos every day, got burnt the
fuck out like literally burningthe candle both ends.
Between editing, i do everythingmyself.
So When you do everythingyourself and you're working a

(01:08:35):
full-time job, you got a wifeand kids you're sacrificing
something somewhere.
And actually that was I'm adrink again.
It was part of my walk with mepodcast this past Wednesday.
Mm-hmm, you know you're burningthe candle at both ends and
It's one of those things thatyou have to sacrifice somewhere
and you got to choose whereyou're gonna sacrifice.
Yeah, i, my hobbies are justgetting away from technology.

(01:09:00):
I don't care what it is.
Well, i say technology gettingaway from the computer because
You know there are certainthings and because of the way I
live my life and the things thatI do, i can't get away from
everything, but I can step awayfrom work, i can step away from
Everything possible and thenwhen I get the chance to
actually take a vacation and say, fuck it all, i don't care

(01:09:23):
about algorithms.
Then I'll do that, and thathappens at least once or twice a
year where I say Screw it all,i have a life, i have a family.
Throw my phone in the trackWell, not really in the trash
but turn all notifications offand I don't respond to anything.
I don't talk to anybody, idon't do anything, and they're
family.
at nights I'm usually there formy wife and my kids, but during

(01:09:45):
the day is where people go inor I give my attention.
and again, it is because I'velucked out, because I have
learned how to Get into rightcompanies, work with my time,
manage my time and be able to dovideos on top of my full-time
job.
I Mean I have two podcasts aweek.

(01:10:09):
Yeah this one and walk with me,and I can literally do those on
the record walk with me on theweekends or even the night
before.
I do this live once a week, butit's always have to work.
So other than that, my workdoesn't get mad and I've never
once actually correction.
There was one time, but priorto that, one company that I
don't speak about No one's evergot mad about me posting on

(01:10:33):
social media on Putting out aone minute video.
That literally took me Maybe aminute 30 seconds to create and
another like 30 seconds to like,maybe at most two and a half
minutes to cut down To less thana minute.
Yeah all right, cool, here yougo, post it, get rid of it, and
I'm still doing my job.

Speaker 2 (01:10:52):
Exactly.

Speaker 1 (01:10:53):
I'm not taking anything away because it could
have been on my lunch break.
It could have been afterwards.
I work all day.
I'm in back-to-back meetings,as long as I'm attending
everything Really an issue.
And so for me to be burned out,what I did is I started saying
and I will say this to everybodyif you have unlimited PTO One

(01:11:14):
week a quarter, cut everythingoff, get the fuck away.
One week every quarter, stepaway from it all.

Speaker 2 (01:11:22):
Yeah, We're about to move into an RV and start
traveling full-time.
So yeah, man, if I didn't havefive kids.

Speaker 1 (01:11:34):
That's what happens when you have five boys.
Man, it just isn't possible.
I.

Speaker 2 (01:11:39):
Know a family that has eight kids.
That doesn't I?

Speaker 1 (01:11:42):
Can't my my oldest got tired of moving.
Actually, all my kids got tiredof moving because of the army,
so Couldn't really I can'treally do that anymore.
Love to Well.
We plan on starting to do that,especially now with this job.
I got a better Situation now,so trying to get travel more

(01:12:03):
added in Well, that'd be a goodidea.
We need to make a nerdy,inspirational cybersecurity
quote calendar.
That shit would be hilarious.

Speaker 2 (01:12:17):
Make it happen so anyways let me mix the stoicism
and We'll get JJ Davy in on.
Oh yeah.

Speaker 1 (01:12:28):
I'll have them all quotes in there.
Oh yeah, i have somecybersecurity nerd quotes.
Don't be alright, we'll figureit out I.
Wanted to play Halo fucking.
Let's start on Man.
But anyway, man gosh, it's beengreat having you on.
Before we go, any words ofadvice, anything you have for

(01:12:51):
anybody that is that is tryingto break in mentor, mentee, You
name it.
Just give some words of adviceto the community.

Speaker 2 (01:12:59):
Yeah, it Did everything that you're imagining
you can do.
You can do.
Um.
The Another quote for youwhether you think you can or you
think you can't, you're right.
So Henry Ford are there.
So, whatever it is that you'retrying to reach, let's figure

(01:13:25):
out, let's make a path for it,let's make a plan.
If you don't have a target, geta target and then go after that
, and then be persistent and bepatient And you'll get there.

Speaker 1 (01:13:38):
You've been watching my videos.
I mean, all right, no, butyou're right, and I will say
this before we go.
Look, hey, you are all family,you are all my warriors,
everybody that is here tonight,whether you were linked in
through Josh or through me.
I love you all.

(01:13:59):
You're all family.
All right, understand this.
We are here for every singleone of you, no matter what you
have going on.
If you want to get into theindustry, reach out, let us know
, we'll walk you through it.
All right, josh, who is stillthe founder, i believe, of cyber
supply, drop You know We do alot of big things.

(01:14:21):
I'm gonna be doing moregiveaways.
I'm gonna be trying to get Joshmore involved in the Yankees
cyber supply.
Drop back into it.
We need a little bit, becausepeople love to help out and
that's what we do around here.
So that'll be happening.
Otherwise, look, hey, it'sgonna be an amazing weekend.
I hope you all enjoy it.
Take care, have a fantasticweek weekend.

(01:14:43):
Enjoy your Freya's day tomorrow.
Thankfully, i'm off workbecause I got to go to a
graduation and I will see youall You're in amazing warriors
next week.

All Episodes

Episode Transcript

Popular Podcasts

Crime Junkie

24/7 News: The Latest

Stuff You Should Know

.css-15opob5{left:0;position:absolute;top:0.8rem;} All Episodes

.css-14f5ked{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:2;overflow:hidden;}Mastering the Art of Professional Branding in Cybersecurity with Josh Mason

Episode Transcript

Popular Podcasts

.css-r6mb8g{margin:0;word-break:break-word;display:-webkit-box;-webkit-box-orient:vertical;box-orient:vertical;-webkit-line-clamp:1;overflow:hidden;}Crime Junkie

24/7 News: The Latest

Stuff You Should Know

All Episodes

Mastering the Art of Professional Branding in Cybersecurity with Josh Mason

Crime Junkie