Your Cyber Path: How to Get Your Dream Cybersecurity Job (Kip Boyle)
Explore every episode of Your Cyber Path: How to Get Your Dream Cybersecurity Job
| Pub. Date | Title | Duration | |
|---|---|---|---|
| 02 Oct 2020 | EP 28: Five Principles to help you get your Dream Cybersecurity Job | 00:34:51 | |
“Do something you love, and you’ll never work another day in your life." Our guest hiring manager Jeffrey Jones says if you’re looking for your dream cybersecurity job, you need to keep these five principles in mind... https://www.linkedin.com/in/jeffreyjonescissp Want to get your dream cybersecurity job? Our highly rated masterclass will put you on your cyber path! https://www.YourCyberPath.com --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 29 Oct 2021 | EP 56: Cybersecurity careers in the Defense sector | 00:47:05 | |
https://www.yourcyberpath.com/56 In this episode, we provided an introduction to cybersecurity careers in the defense sector within the United States. This discussion can provide you with a great starting point for understanding how to get a cybersecurity position within this sector of the industry. The defense sector consists of three main categories of positions: military members, government civilians, and government contractors. The defense sector is a huge area of growth in the cybersecurity industry, with over 50% of all federal government cybersecurity spending being dedicated to the Department of Defense’s budget for digital security in the United States. This equates to a lot of cybersecurity work and positions being made available within the industry for qualified and cleared individuals. As we went through the episode, we covered all three areas and types of positions available in the defense industry. We discussed the advantages and disadvantages of joining the military or the reserve forces in order to get a cybersecurity position. For example, if you join the military, they will provide you with all of the training and qualifications necessary to become a talented cyber defense professional. We also covered the role of government civilians and the lengthy application process they undergo to land one of these positions. There is usually a lot of competition for these positions and a lot of “preference factors” that they use in determining who to hire for these positions. Finally, we covered the work of government contractors, which consists of the commercial companies involved with conducting business for the government. For many defense sector cybersecurity positions, it is important to maintain a Secret or Top-Secret security clearance. This is another lengthy process, unfortunately, and can take between 6 to 18 months to finalize your investigation and get awarded a clearance. Due to this, those that have already received a validated security clearance have a significant advantage in getting hired those who are waiting for one or simply do not have one yet. The requirements for the Cyber Security Workforce (CSWF) requirements and certifications were also discussed. As we discussed in the episode, there are a lot of other differences between applying for a civilian or contractor job inside of the defense industry, especially in terms of the position description and the way you will write your resume. If you want to land a contract position, you should visit the company’s website or any of the major job boards like LinkedIn, Monster, etc. If you want to land a government civilian position, then you should visit their central repository at USA Jobs. What You’ll Learn ● What is the defense sector? ● What are the three different types of positions available to work for the government? ● What type of requirements are needed to get a job in the defense sector? ● What type of roles are there in the defense sector? ● Are there any differences when applying for a civilian or contractor position? Relevant Websites for This Episode | |||
| 21 Aug 2020 | EP 25: Evaluating Team Fit and Shared Direction | 00:31:02 | |
You’ve found a great looking job. Now: How do you evaluate whether you’ll fit into the team? Do you want to go in the same direction as them? And, how do hiring managers evaluate candidates for fit and direction? Listen in to find out. Want to get your dream cybersecurity job? Our highly rated masterclass will put you on your cyber path! https://www.YourCyberPath.com --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 03 Apr 2020 | EP 9: Pandemic and masterclass | 00:03:41 | |
We’re going to launch the masterclass on April 6th, as scheduled. Cyber-attackers haven’t stopped; why should we? --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 15 Apr 2022 | EP 68: Can You Demonstrate Too Much Passion for Cybersecurity? | 00:33:53 | |
https://www.yourcyberpath.com/68 In this episode, Jason and Kip are focused on how you can demonstrate true passion for cybersecurity. They discuss the six things that you must avoid as they are considered red flags by a hiring manager. These red flags must be avoided at all costs, otherwise they will instantly land you in a hiring manager’s “reject” pile.
Make sure you avoid doing these six things during your next interview, because hiring managers are listening to see if you fall into any of these common traps. What You’ll Learn ● What not to say or do during an interview ● What questions hiring managers ask to know if you are being honest or not ● How hiring managers know if you are indeed certified or have the training you say you do Relevant Websites For This Episode Other Relevant Episodes ● Episode 21 - Your Reputation Matters to Us ● Episode 25 - Evaluating Team Fit and Shared Direction ● Episode 30 - A Cybersecurity Job That Fits You Like A Glove | |||
| 18 Aug 2023 | EP 103: SDP 4 Compromise Recording | 00:30:43 | |
https://www.yourcyberpath.com/103/ In this episode, we are back with our Security Design Principles series, this time discussing Compromise. In the constantly evolving tech world, we are constantly bombarded with new products, updates, and software changes. To navigate through this ever-changing landscape, we require a foundation of stability. This is precisely where the Security Design Principles step in. In simple words, Compromise Recording simply refers to the logging and alerting. If you are familiar with the three As of security - Authorization, Authentication, and Accounting, Compromise Recording refers to the Accounting part of security. It is important to note that you can log all the details and events you want, but if you are not looking at those logs and analyzing through them, they are just a waste of storage space. You also must make sure that you are logging the important data, not just burying yourself in a mountain of data. Finding that balance of what to log and how much to log is crucial for your work as a cybersecurity practitioner. This is how you can utilize the Security Design Principles to effectively analyze a new product. By doing this, you will fully understand how it works and make sure you have a good understanding of your organization's security. What You’ll Learn ● What is Compromise Recording? ● What is a mid market company? ● What is the practical value of Compromise Recording? ● How are the Security Design Principles beneficial in the real world? Relevant Websites For This Episode ● IRRESISTIBLE: How to Land Your Dream Cybersecurity Position Other Relevant Episodes ● Episode 96 - SDP 1: Least Privilege | |||
| 12 Jun 2020 | EP 19: Fascinate Us With Your Resume Summary Statement | 00:24:33 | |
Your Summary Statement at the top of your resume is the most important section. It’s your chance to hook us into reading the rest of your resume. Here’s how we’re hoping you’ll write it. Want to get your dream cybersecurity job? Our highly-rated masterclass will put you on your cyber path! https://www.YourCyberPath.com --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 16 Feb 2024 | EP 116 - What's next after season 2? | 00:36:49 | |
What's next after season 2? About this Episode In the grand wrap-up of season two of the podcast 'Your Cyber Path', hosts Kip Boyle and Jason Dion reflect on their four-year podcast journey. They also reveal that for the time being, there won't be a season three as originally planned. Several factors have influenced this decision, the primary being their venture Akylade – a cybersecurity certification organization. They're also experiencing increased demand for their time and energy due to factors involving Akylade and other projects. However, they highlight the intention of potentially doing a third season in the future based on the feedback and demand received. Kip Boyle will continue to mentor notes but change the frequency from weekly to monthly. Jason Dion urges listeners to check their cybersecurity course, 'Irresistible' on Udemy. They greatly encourage listeners to stay in touch and seek guidance on cybersecurity careers through email which is available at yourcyberpath.com. Relevant websites for this episode | |||
| 23 Dec 2022 | EP 86: The CIA Triad - The Basis of Cybersecurity (Availability) | 00:42:17 | |
https://www.yourcyberpath.com/86/ In this episode, Kip and Jason discuss everything that makes the A in the CIA Triad, Availability. Availability is when you like to use a system and it's there ready for you to use, because no matter how secure a system is, if you cannot access it when you need to, it serves no purpose. Kip explains how the way you think about availability is also going to change depending on the industry you're in and the niche you interact with the most. Jason mentions some terms associated with availability in certification exams like redundancy, failover, business continuity, and disaster recovery, highlighting that availability is not an all or nothing pillar, because you can't always have 100% redundancy. For the third time, Jason and Kip go over some interview questions on availability to make sure you are a little more prepared for your interviews. What You’ll Learn ● Why is availability important in cybersecurity? ● What is an impact business analysis? ● What is the difference between the different availability options? ● How can you prevent a DoS attack against an ecommerce website ● How to increase power availability in an organization? Relevant Websites For This Episode ● https://www.yourcyberpath.com/ Other Relevant Episodes ● Episode 80 - Risk Management Framework with Drew Church ● Episode 84 - The CIA Triad - The Basis of Cybersecurity (Confidentiality) ● Episode 85 - The CIA Triad - The Basis of Cybersecurity (Integrity) | |||
| 30 Oct 2020 | EP 30: A Cybersecurity Job That Fits You Like a Glove | 00:45:40 | |
Our guest hiring manager Anna-Lisa Miller shares her 4-point plan for how to get a cybersecurity job that really fits you. https://www.linkedin.com/in/anna-lisa-miller Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 22 Dec 2023 | EP 112 - Listeners' Questions | 01:07:16 | |
https://www.yourcyberpath.com/112/ In this episode, Kip and Jason jump into answer questions directly from our listeners! We share valuable advice and insights into starting and advancing in the cybersecurity field by addressing ways to overcome some common challenges such as imposter syndrome, applying skills from diverse industries, and filling employment history gaps. Further, you will get some guidance on gaining relevant experience, understanding job roles, tackling age bias, and displaying self-confidence to potential employers. We will then culminate with some valuable tips on overcoming technical skill gaps and making successful career transitions, alongside with coverage of the HIRED course and its transition from a high-cost masterclass to a more accessible Udemy course that anyone can participate in.
Relevant websites for this episode
Other Relevant Episodes
| |||
| 28 Feb 2020 | EP 4: Survey results - Your #1 Question | 00:04:39 | |
In this episode, I’m going to tell you the top question we’ve received from the survey respondents so far (all 112 of them!) To help you get your first cybersecurity job, in addition to this podcast, I’m going to publish an online course. Will you let me know your #1 question about getting your first cybersecurity job? If you do that through my online survey, then you’ll get free access to my 4-week online class that’s starting on April 6, 2020. You’ll also get a free copy of my Amazon best-selling book “Fire Doesn’t Innovate: The Executive’s Practical Guide to Thriving in the Face of Evolving Cyber Risks”. You can tell me your #1 question by going to: b.link/cyberpath If you want to give me feedback on the show, or if you want me to answer your question on a future episode, please visit the show page at: anchor.fm/YourCyberPath --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 07 Aug 2021 | EP 50: What does it take to lead a Cybersecurity Program? | 00:50:31 | |
"Recently, I was asked to be a guest speaker for Professor Kevin Cooney at Ritsumeikan Asia Pacific University, to talk with his students about Cybersecurity Management. I have split this up into two sections, the first half which is this episode is the lecture and then the next podcast will be the open Q&A I did with them. I was so honored to talk with this group of students and to learn that they have been using my book, Fire Doesn't Innovate, as one of their textbooks. --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 22 May 2020 | EP 16: Cybersecurity jobs and COVID-19 | 00:06:37 | |
It looks like a lot of seasoned cybersecurity people have recently lost their jobs due to the economic hit we’ve taken here in the US. Should you give up looking for your dream cybersecurity job? I don't think so and I explain why in this episode. --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 29 Apr 2022 | EP 69: Breaking into Cybersecurity with Nancy Hunter | 00:40:26 | |
https://www.yourcyberpath.com/69/ In this episode, the focus of discussion is what Nancy Hunter, the Vice President, Chief Information Officer, and Data Privacy Officer of the Federal Reserve Bank of Philadelphia looks for in a cybersecurity job seeker at the entry level. According to her, there are transferable skills and personality traits that they find relevant that a job seeker must have. The discussion also includes what traits and experience to look up to in a mentor, where to look for a job at entry level and several affiliates that you can work with who can share transferable skills that will be relevant to your cybersecurity job
What You’ll Learn ● What skills do small to medium companies look for at entry level ● What transferable skills and personality traits are relevant to your cybersecurity job ● What to look for in a mentor ● Why is it important to have a mentor Relevant Websites For This Episode ● Your Cyber Path (https://www.yourcyberpath.com/) Other Relevant Episodes ● Episode 22 - Impress Us with Your Resume Skills Section ● Episode 25 - Five Principles to Help You Get Your Dream Cybersecurity Job ● Episode 35 - GRC Overview | |||
| 08 Jul 2022 | EP 74: Top Five Mistakes People Make When Negotiating | 00:44:56 | |
https://www.yourcyberpath.com/74/ In this episode, the discussion between Kip and Jason is about the top five mistakes people are making when it comes to negotiating their pay. You need to know what mistakes to avoid when discussing your compensation because it can set you up for a bad experience and affect you for years. When you start a new position, this is usually when you can take advantage of negotiating your salary. It is important to note that when it comes to annual raises, the likelihood of you receiving a high percentage pay raise isn’t likely. That is why negotiating your pay from the beginning is your best bet. While June and July are traditionally not considered hiring season, in the US and Canada, this week’s topic is good preparation for the coming fall when hiring may start to pick back up and you are applying and negotiating your pay. What You’ll Learn ● Why salary information from publicly available sources are not reliable ● Who should throw out the number first ● Why you shouldn't tell your prospective employer your current salary ● Why you should factor in the whole compensation package ● Why you don’t immediately accept the first number thrown out Relevant Websites For This Episode Other Relevant Episodes ● Episode 14 – Your Salary is Off-Limits ● Episode 49 - Why Entry Level Jobs Aren’t Really Entry Level | |||
| 05 Feb 2021 | EP 37: Security Operations Overview | 01:16:22 | |
Some of the best "entry level" cybersecurity jobs are found in the Security Operations department. In this episode, Kip and Wes will give you a tour with the help of our guest, Steve Winterfeld. NEW: You can see us (and the slides) on YouTube: https://www.youtube.com/YourCyberPath Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 28 Apr 2023 | EP 95: The Cybersecurity Student Perspective with Sam Bodine | 00:44:49 | |
https://www.yourcyberpath.com/95/ In the beginning, our hosts Jason Dion and Kip Boyle talk a little bit about their new company Akylade, which is going to provide affordable cybersecurity training. They discuss their initial motivations to start the company, what the plan for the company is, and what's the road map for Akylade. Then, we get into the topic of our episode, introducing our guest, Samuel Bodine, a cybersecurity sophomore, and the leader of the cyber defense team at Liberty University in Virginia. Sam discusses the different aspects of the competitions they get into, where they simulate a business environment and bring in hackers to test their cyber defense team’s abilities to protect said environments. Sam also mentions that one of the hugest benefits that he finds in college is networking and that you can make lots of connections that could really help you down the road. On the other hand, sometimes you just have to start from nothing as he tells the story of how he walked into Lockheed Martin with a resume asking for an internship and how he got it a week later. Jason then goes over internships, how they work, and how they can be very useful for both the company and the intern. In the end, Sam mentions his trifecta for the perfect cybersecurity advancement, which is certifications, hands on practice, and real-life job experience. When you combine these three, you can have a great holistic understanding of cybersecurity. To cap it off, Jason highlights that it is crucial to show initiative and how you need to show how much you want something and how it can help you achieve it. What You’ll Learn ● What is Akylade? ● What is it like to be on a collegiate cyber defense team? ● How to build your network? ● How useful is an internship? ● What is the trifecta of cybersecurity education? Other Relevant Episodes ● Episode 80 - Risk Management Framework with Drew Church | |||
| 05 Jun 2020 | EP 18: Cybersecurity Job Market During COVID-19 Quarantine | 00:20:55 | |
What's it like to try and get a cybersecurity job during the COVID-19 pandemic? It's clear the hiring market has shifted. But how? And what does it mean to you? My guest Wes Shriner is a manager on the cybersecurity team at a Fortune 100 company. Join us as we unpack these questions and more. If you're struggling to get hired checkout out our masterclass "How to Get Your Dream Cybersecurity Job (As Told by Hiring Managers)" at https://www.YourCyberPath.com --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 24 Dec 2021 | EP 60: Top five jobs to two step your way into the cybersecurity industry | 00:20:49 | |
https://www.yourcyberpath.com/60 In this episode, we discuss the top five positions that allow you to two-step your way into a new role in the cybersecurity industry. Often, people have a difficult time breaking into the cybersecurity industry due to the lack of entry-level positions or they can’t afford to take start at the beginning of a traditional career path by making $15/hour working in the help desk. By utilizing a two-step approach to landing a cybersecurity position, you can leverage your existing skills to move laterally into a similar position in a cybersecurity adjacent role and then gain experience to land a full role in cybersecurity. This episode focuses on the top five roles used in the two-step approach. The first is network and system administration since it serves as the traditional feeder role for people entering cybersecurity. The second is IT and cybersecurity auditing which utilizes skills from bookkeeping, finance, and accounting. The third is software development which can be leveraged into bug bounty hunting or DevSecOps positions. The fourth is project management when applied to cybersecurity and IT projects. The fifth is physical security which can be used to gain a security clearance and land a cybersecurity position in the defense contracting world. These positions often allow someone with a few years of experience in another field to take a position in or around the cybersecurity industry at their current pay level without having to start over at the beginning. The two-step is a great approach to use for mid-career professionals looking to move into the cybersecurity industry. What You’ll Learn · What is a two-step into a cybersecurity position · Which positions and prior experience can help your two-step into cybersecurity · How can you move into a cybersecurity position without starting at the help desk Relevant Websites For This Episode · Your Cyber Path (https://www.yourcyberpath.com) · Dion Training (https://www.diontraining.com) | |||
| 18 Jan 2021 | EP 35: GRC Overview | 01:01:52 | |
Today, we’re going to focus on the Governance, Risk, and Compliance function. Also called “GRC” with help from our friend and expert Shan Sankaran. NEW: You can see us (and the slides) on YouTube: https://www.youtube.com/YourCyberPath Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf Here's the story of Steve McMichael, who went from accounting to an excellent GRC job: https://www.YourCyberPath.com/steve --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 02 Apr 2021 | EP 41: Inside Secrets from a Network Pentester | 00:59:42 | |
Kip and Wes are on the vacation this week, so instead, you get a very special episode where we are sharing with you an interview we have done in one of our recent Your Cyber Path Office Hours in our Masterclass, How to get your Dream Cybersecurity Job. We are interviewing my friend, Mike Sheward who is a highly experienced network penetration tester, he finds vulnerabilities in web apps and the infrastructure they are hosted on. --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 01 Sep 2023 | EP 104: Confidently Presenting with Meredith Grundei | 00:49:43 | |
https://www.yourcyberpath.com/104/ In this episode, our awesome host Jason Dion is back again with another episode of the Your Cyber Path podcast. This time, he’s accompanied by an amazing guest, Meridith Grundei. Meridith is a renowned public speaking coach and owner of Grundei Coaching who specializes in public speaking and presentation skills. Meridith explains that understanding your client and doing your due diligence of research and studying will help you immensely in your attempts to simplify any complex concept to any level of audience. You need to figure out your objective, point out all the key takeaways, and choose the ones that support your argument. It is crucial for you to find out what sets you apart as a presenter and understanding that will help you be more engaging during your presentations. Starting with a story or an open-ended question usually tends to make people lean in and give more attention, and finding an emotional connection with your audience will get them to invest more cognitive attention to your talk. It’s also important to not try to be different for the sake of being different, but to try to innovate to be better. One example of being different is trying to adapt your stories to different audiences. Make sure you always try to make the audience feel like they’re the hero, because most of the time, the audience doesn't care about the speaker but about themselves, and so shifting the focus towards the audience really helps keep them engaged and invested in your presentation. Meridith also emphasizes that if you are going to practice only two things, these should be your introduction and call to action, as your introduction will give you a good boost into your presentation and the call to action makes sure your talk is well concluded. Moving to a different point, recognizing that anxiety and fear is a natural reaction can help you significantly. Doing things like breathing exercises and turning the anxiety into excitement in any way can drastically ease out any anxiety and fear you might have. Finally, you need to realize that with more practice, you are going to understand yourself better, and understand how you can improvise with different situations that can happen during your presentations. What You’ll Learn ● How do you communicate complex concepts in a simple way ● How to give engaging and interactive presentations ● How to keep your audience invested? ● How can you deal with fear and anxiety of presentations? Relevant Websites For This Episode Other Relevant Episodes ● Episode 64 - Can You Demonstrate Too Much Passion for Cybersecurity? | |||
| 07 Aug 2020 | EP 24: How to Navigate a Skills Gap | 00:20:09 | |
What if you have a gap between your current skills and the employer’s required skills for your dream cybersecurity job? How do you navigate that gap? Listen in to find out. Want to get your dream cybersecurity job? Our highly rated masterclass will put you on your cyber path! https://www.YourCyberPath.com --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 26 Nov 2021 | EP 58: How to Get Hired With No Experience | 00:47:06 | |
https://www.yourcyberpath.com/58 In this episode, we’re going to learn how one person was able to overcome the catch-22 of getting a cybersecurity job when you don’t have experience, but you cannot get experience because no one will hire you. Our guest, Ed Skipka, a professional vulnerability management analyst, shares his personal experience of how he overcame this catch-22 and provides some great recommendations for others who find themselves in this same position. So, how does someone get the position if you didn't already have experience? During the interview, Ed answers this by talking about how he landed that first IT job. Many of our listeners struggle with getting their first job, and hearing how others have navigated this challenge in the hiring process can help you get some ideas that you can apply to your own job search. Ed shares his certification experience and the different positions he chosein order to land his first “real” cybersecurity role. Ed went from zero experience and working in a bike shop to being a vulnerability management analyst in 18 months. His story shows that you can break through the catch-22 through certifications, networking, and your own personal ambition. Ed also talks about how he wanted to move up within his current company, but when there were no roles for him there he didn't give up and landed a position at a new company. The moral of Ed’s story is that even if you are "just" working a field service role, you never know where your NEXT role is going to come from, so always impress your bosses, your customers, and those you interact with daily. Network, network, network. Relevant Websites For This Episode
| |||
| 28 May 2021 | EP 45: Live Resume Review | 00:42:24 | |
Today Kip Boyle is joined with Glen Sorensen to look at three anonymous, but real, resumes of people trying to get their dream cybersecurity job. What makes a good resume? How can your resume start making you appear irresistible to hiring managers? Listen to today's podcast for the scoop. Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 10 Dec 2021 | EP 59: Five things to know before you get into cybersecurity | 00:30:39 | |
https://www.yourcyberpath.com/59 About This Episode In this episode, we learn about the five things you should know before getting a job in the cybersecurity industry. First, we discussed what the reality is in terms of entry-level cybersecurity jobs. Even entry-level cybersecurity roles require previous experience in a related position. These include network administrator, system administrator, or auditor, and show employers you are ready to move into cybersecurity. Unlike many industries, there is no direct entry-level positions in cybersecurity, and this can confuse a lot of people and make it difficult to get their career started. To land an entry-level cybersecurity position, you will need extra knowledge and expertise before you can get hired. Second, we discussed the relative importance of a cybersecurity degree in landing your first cybersecurity position. Contrary to popular belief, a higher-level education without any matching experience is not the key to landing your first position. In fact, in most cases, certifications are more likely to help you land an interview than a degree. Third, we discussed the importance of experience in landing your first position. As a hiring manager, the three things that are evaluated are your experience, certifications, and degrees, in that order. We also discussed some ways for you to gain experience even if you haven’t landed your first position, yet. Fourth, we discussed some realistic salary expectations for you to have when looking for your first cybersecurity position. Many new entrants to the cybersecurity industry have misguided expectations of the salary they can command in their first position. When determining your initial salary, employers will consider your experience, certifications, and degrees, as well as the location of the corporate headquarters, your local office, or your home office when making an offer. Finally, we discussed some different jobs that exist in the cybersecurity industry world that go beyond penetration testing. For some reason, most new entrants to the cybersecurity industry believe that penetration testing is the only cybersecurity role, but that simply isn’t true. In the final part of this episode, Jason and Kip discuss some of their favorite cybersecurity roles that people can find as they enter the industry. * There are no real entry-level cybersecurity jobs * A cybersecurity bachelor or master’s degree is not essential to getting hired * You must have some experience to land your first position * You need to have realistic salary expectations * There are more than just penetration testing roles in cybersecurity
What You’ll Learn · A more realistic view of the cybersecurity industry · What to expect in a typical cybersecurity role · What things hiring managers consider in hiring a candidate · How your salary is determined for a position · How to best position yourself to land your first role in the industry Relevant websites for this Episode Your Cyber Path (https://www.yourycberpath.com) | |||
| 14 Apr 2023 | EP 94: Ten Security Design Principles (SDP) | 00:33:10 | |
https://www.yourcyberpath.com/94/ To start off this episode, our hosts go on a short chat about ChatGPT and how it can be useful for cybersecurity professionals and job hunters. They also highlight the difference between transitional and transformational tech. Then, they get into the episode topic which is an introduction for a 10-part series that is going to come out in the following months which is Security Design Principles. Kip mentions in the beginning how these design principles are not laws, but they are very important guardrails for the safety of any system, while Jason highlights that they are best practices that every organization should aim to implement to avoid future implications. Defense in depth is like layering your protections, and it has become extremely important to do since the deperimeterization of our networks where we have devices all over the place, and not just in separate perimeters. Security Design Principles are independent of technology. They are about strategies that can be applied to guide your work in many aspects. Then, our hosts go over some simple examples of the Security Design Principles like Fail-safe Defaults and Least Privilege. In the end, you must realize that when you plan for implementations ahead of time, it is always a huge time, money, and effort-saver for you and your organization. What You’ll Learn ● Is AI going to take over jobs? ● What certifications mention Security Design Principles? ● What is defense in depth? ● What is the principle of fail-safe defaults? Relevant Websites For This Episode | |||
| 04 Sep 2020 | EP 26: Job Application Rejection | 00:32:20 | |
You submitted your resume and job application but they never call you. Did you do anything wrong? It’s possible. Listen to find out what to check for... Want to get your dream cybersecurity job? Our highly rated masterclass will put you on your cyber path! https://www.YourCyberPath.com --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 16 Sep 2022 | EP 79: Mid-Career Transition Success Story with Steve McMichael | 00:40:56 | |
https://www.yourcyberpath.com/79/ In this episode, Kip and Jason are joined by Steve McMichael who has rapidly climbed the cybersecurity career ladder. Within 2 years, Steve was able to move up to the position of Director of Governance, Risk, and Compliance for a large, publicly traded company after transitioning from a position in accounting and financing. They talk about governance, risk, and compliance (GRC) and how those are applied within enterprise-level organizations. Steve also talks about how GRC is conducted at his organization and how they work across numerous departments to achieve their goals. In general, getting into a governance, risk, and compliance position can get you exposure across a large breadth of your organization. Compliance positions also give you direct access to a lot of the executives within the company, allowing you to rapidly scale upward in your career. Also, Kip discusses what skills are required of a good Chief Information Officer (CIO) and how working in a governance, risk, and compliance role can help you get to a CIO role in your career. What You’ll Learn ● What is governance, risk, and compliance (GRC)? ● Are GRC positions underrated? ● How to get a job as a Chief Information Officer (CIO)? ● ·What are some key success factors required in a GRC role? ● ·What is digital transformation versus automation? Relevant Websites For This Episode ● Secure Talk Podcast Episode with Steve McMichael Other Relevant Episodes ● Episode 69 - Breaking into Cybersecurity with Nancy Hunter ● Episode 60 - Top Five Jobs to Two-Step Your Way Into the Cybersecurity Industry | |||
| 17 Feb 2023 | EP 90: How to Get Your First Job as a Pentester with Chris Horner | 00:36:09 | |
https://www.yourcyberpath.com/90/ In this episode our host Jason Dion goes over the very exciting topic of how to get your first job as a Pentester with Chris Horner, banking expert turned Security engineer and Penetration tester and together they go through Chris's background, how he got into banking and why he made the switch to Cybersecurity. Chris discusses his transition story and how it's not the cliche zero to hero in 90 days, explaining that it took him a long time to transition where he is today, highlighting that his networking experience and soft skills were a huge aid on his job hunting journey. Jason then shares his opinion on Chris's journey highlighting many important parts, like how to deal with time limitations during your studies and how to choose the right path to start you Cyber career. Chris then shares his experience with the eJPT certification exam and how he was able to pass it, giving us examples of the training he used and how he prepared for it. Then Chris and Jason go over Chris's Job responsibilities and how he goes about every one of them, what he enjoys, what he finds tedious and what parts of the job he finds challenging. In the end Jason and Chris discuss the hiring process from two different perspectives, the hiring manager perspective and the applicant perspective discussing the different challenges that both people go through. What You’ll Learn ● How important are soft skills for someone in the cybersecurity industry? ● How to choose the right certifications to start your pentesting career? ● What is the eJPT test like? ● What is it like working as a Pentester? ● How long does it take to get your first Job in Pentesting? ● How to fight self doubt and continue your cyber career journey? Relevant Websites For This Episode ● https://www.offensive-security.com/labs/ ● https://www.linkedin.com/ in/chrismhorner/ ● https://www.diontraining.com/courses Other Relevant Episodes ● Episode 82 - From Truck Driver to Cybersecurity Analyst with Mike Hillman ● Episode 79 - Mid-Career Transition Success Story with Steve McMichael ● Episode 76 - Which Certification Roadmap Or Path Should I Use? | |||
| 18 Mar 2022 | EP 66: How to Be Irresistible to Hiring Managers | 00:42:31 | |
https://www.yourcyberpath.com/66 In this episode, we are focused on how to make yourself into an irresistible candidate for hiring managers. Today, Naomi Buckwalter, another hiring manager, joins Kip and Jason. What do hiring managers really look for candidates? What makes them irresistible to hire? All the hiring managers in this episode are saying that soft skills, aptitude, and integrity matter. Hence, to be irresistible, you should be the person you have written on your resume. Experience is also important. If you want to be a penetration tester, then you need to collect some experience (either paid or unpaid) in this field so that a hiring manager will take a chance on bringing you onto their team. From day one, you need to bring value to the company through your existing knowledge and experience, which is why hiring managers primarily value your past experience. What You’ll Learn ● What qualities hiring managers are looking for ● What soft skills are ● How important integrity is in the hiring process Relevant Websites For This Episode Other Relevant Episodes ● Episode 19 - Fascinate Us with Your Resume Summary Statement | |||
| 14 May 2021 | EP 44: Replay of "All the Jobs in a Large Cybersecurity Organization" | 00:39:13 | |
Kip Boyle and Wes Shriner are on vacation this week, so we're going to revist one of their most popular episodes together. Do you know all the different jobs inside a typical large company cybersecurity department? And, which ones are a good fit for you? In what was the first of a brand new series of episodes, Wes and Kip will take you on a grand tour so you can find out what's going on behind that locked cybersecurity career door... Download the slides here: https://try.yourcyberpath.com/cyber-org Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 13 Oct 2023 | EP 107: SDP 6: Fail-safe Defaults | 00:26:55 | |
https://www.yourcyberpath.com/107/ In this episode, we go back to the Security Design Principles series, this time we are discussing Failsafe Defaults. Failsafe defaults simply means that the default condition of a system should always be to deny. An example of a failsafe default is the security reference monitor (SRM) that has been implemented in Windows operating systems since Windows NT. The SRM prevents access to any actions like logging on, accessing a file, or printing something unless the user presents a token to prove that they should have access to a file or an action. There will always be two choices for failsafe defaults - to fail close or to fail open. The DoD and government organization side will tend toward using the fail close option, while the commercial and more streamlined companies will definitely prefer to fail open. There will always be this challenge between security and operations. More security means less operations and more inconveniences, while prioritizing operations means that security will not be the best. It all depends on your organization and its goals. Understanding failsafe defaults and other security design principles will help you become a better analyst and produce more secure, robust, and functional systems. What You’ll Learn ● What is Failsafe Defaults? ● What are some examples for Failsafe defaults? ● What is the Security Reference Monitor? ● What is the difference between failing close and failing open? Relevant Websites For This Episode ● Akylade Certified Cyber Resilience Fundamentals (A/CCRF) ● IRRESISTIBLE: How to Land Your Dream Cybersecurity Position ● The Cyber Risk Management Podcast Other Relevant Episodes ● Episode 103 - SDP 4: Compromise Recording | |||
| 03 Sep 2021 | EP 52: Replay of "Security Awareness Training" | 01:04:10 | |
This week we are highlighting one of our popular episodes! First covered back in Episode 40, we covered the topic of Security Awareness Training, and wanted to revisit it again in this epsiode. Looking for a nontechnical job in Cybersecurity?! This might be a good option for you! In today's episode, we have a very special guest, Gabriel Friedlander, the founder of Wizer Security and Co-founder & CTO of ObserveIT. Join experienced hiring managers, Wes Shriner, Kip Boyle, and Gabriel Friedlander as they explore Governance Risk and Compliance (GRC) and Security Awareness and training from the Common Security Service Catalog. They will be exploring: ✅ Cybersecurity Awareness Month ✅ Required Training ✅ Behavioral Training ✅ Skills Training Loved this episode and want to learn more about Wizer?! Check out more here: https://www.wizer-training.com/ Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: | |||
| 07 Jan 2022 | EP 61: Skills-based Certification and Training with John Strand | 00:37:46 | |
https://www.yourcyberpath.com/61 In this episode, we talked with John Strand (Founder of Black Hills Information Security and Antisyphon InfoSec Training) about the importance of skills-based certification and training. John’s goal is the provide world-class skills-based training to everyone at an affordable price using a unique pay-what-you-can model. Skills-based certification is different from traditional certifications in that they do not use multiple-choice exams to test your knowledge of the material and instead require candidates to prove their knowledge through real-world, work-related exercises. These skill-based certification courses are short in duration and extremely hands-on in nature. During this discussion, we explain the differences between ANSI-based certifications and non-ANSI certifications. The importance of certifications in general to the hiring managers and human resources teams is also discussed because large organizations rely on these ANSI-based certifications. Smaller organizations, though, like Black Hills Information Security who has under 100 employees, don’t necessarily rely on certifications to find qualified candidates. Cyber deception was also discussed, which is a way of setting up honey tokens in your domain servers to identify hackers, attackers, and penetration testers when they try to break into your system. John provides three quick tips to implement cyber deception in your network today! What You’ll Learn · The importance of skills-based certifications · The difference between ANSI and non-ANSI certifications · How to use honeytokens and canary tokens to detect an attacker quickly Relevant Websites For This Episode · Black Hills Information Security (https://www.blackhillsinfosec.com) · Antisyphon Training (https://www.antisyphontraining.com) · Canary Tokens (https://canarytokens.org) · Try Hack Me (https://tryhackme.com) · Hack the Box (https://www.hackthebox.com) · Holiday Hack Challenges (https://www.holidayhackchallenge.com) | |||
| 10 Jul 2020 | EP 21: Your Reputation Matters to Us | 00:35:02 | |
Your reputation is so important to the hiring manager. And one of the biggest drivers of your reputation is your personal brand. On a related note, how did you left your last job. Did you leave it well? Want to get your dream cybersecurity job? Our highly rated masterclass will put you on your cyber path! --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 04 Mar 2022 | EP 65: How to Best Prepare for a Role in the SOC | 00:42:15 | |
https://www.yourcyberpath.com/65 In this episode, we are focused on preparing for a role in a security operations center (SOC). To be effective in a SOC, you need to understand how everything works, including promotions, how to work with other people, the skills you need to be hired in the first place, and a good understanding of the tools to use to perform the job successfully. When working for a security operations center, you usually need to be willing to work 24/7/365, since cybersecurity analysts often work on shifting schedules. After all, the bad actors out there don’t stop hacking just because it's 2am on a Saturday morning. If you’re a jobseeker, it is imperative to ask for the organization's staffing so that you can know what that schedule will look like. For example, you could find yourself working 8-hour or 12-hour shifts, and it could include holidays and weekends. There are 5 skills and tools that you need to be able to do your job well - knowing how to read log analysis, packet analysis, how to use security information and event monitor, vulnerability scanning and patch management. In this lesson, we dive into each of these to give you the resources needed to learn these skills and be effective when working in a security operations center. What You’ll Learn ● What skills are needed to conduct log analysis ● What full packet capture is ● How to use a security information and event monitor system ● Why cybersecurity organizations need vulnerability scanning and patch management Relevant Websites For This Episode Other Relevant Episodes ● Episode 30 - Cybersecurity Job That Fits Like A Glove ● Episode 31 - All The Jobs in A Large Cybersecurity Organization | |||
| 21 Jul 2023 | EP 101: SDP 3 Economy of Mechanism | 00:23:58 | |
https://www.yourcyberpath.com/101/ In this short episode, we are back discussing the Security Design Principles, with the third principle, Economy of Mechanism. Jason and Kip explain the principle of Economy of Mechanism and how you want to apply it in your career as a cybersecurity professional without falling into the trap of overcomplicating things and most importantly, staying within the limits of your budget. You should always keep things simple and practical and focus on providing value instead of following tedious complex processes. Economy of Mechanism can be simplified in the following, “You don’t want to build a $100,000 fence to protect a $1000 horse”. Context is everything here, you need to understand what you are protecting and how your protections should be relevant to that. What You’ll Learn ● What is the Economy of Mechanism? ● What happens when you overcomplicate technical controls? ● What are some examples of Economy of Mechanism? Relevant Websites For This Episode ● https://www.yourcyberpath.com/ ● https://www.udemy.com/course/irresistible-cybersecurity/ ● https://www.yourcyberpath.com/ask/ Other Relevant Episodes ● Episode 94 - Ten Security Design Principles (SDP) | |||
| 03 Feb 2023 | EP 89: Getting My First Job in Cybersecurity with Ayub Yusuf | 00:30:01 | |
https://www.yourcyberpath.com/89/ In this episode our host, Jason, interviews Ayub (@WhiteCyberDuck) about how he got into the Cybersecurity industry This time we go over a very common case where people tend to study something in college that does not relate to Cybersecurity and then shift over to the Cyber world after graduation. Ayub mentions that you are going to have to deal with a lot of silence and rejections when applying for your first job and that it took him 134 applications to get only 5 interviews. A CTF or Capture the Flag is a special kind of information security competition. There are three common types of CTFs: Jeopardy, Attack-Defence and mixed. Those can be really useful to hone your practical skills as well as your teamwork abilities and can show your future employer that you are able of working alone as well as in a team Jason and Ayub go over resumes and how you should go about creating a master resume and then tailoring this template to suit each job application. You should always make sure to do a lot of networking and show interest in the community to be able to build a network of people who could be future employers or simply just help you throughout your cybersecurity careers. Ayub also mentions that a lot of people make the mistake of paying lots of money for very expensive boot camps when they could easily learn these skills on youtube or other free platforms. In the end You should always remember to not get frustrated especially when trying to get your first job, because it always gets easier as you progress your experience. What You’ll Learn ● What kind of CTFs should you do? ● Should you use the same resume for all your job applications? ● How can you make a name for yourself in the Cybersecurity world? ● What are some examples for low cost training? Relevant Websites For This Episode ● https://www.antisyphontraining.com/soc-core-skills-w-john-strand/ ● https://www.meetup.com/topics/cybersecurity/ Other Relevant Episodes ● Episode 61 - Skills-based Certification and Training with John Strand ● Episode 64 - How I Got My First Cybersecurity Analyst Job with Sebastian Whiting | |||
| 11 Dec 2020 | EP 33: Cybersecurity Organization Budget and Staffing | 00:33:47 | |
If you want to know where's the most opportunity in a typical cybersecurity organization, follow the money. In this episode, Kip and Wes unpack where the money is spent which will help you figure out where break-in. NEW: You can see us (and the slides) on YouTube: https://www.youtube.com/playlist?list=PLK1Bn1577F9nbrTcYHYKdXtl4aw79HjZn Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 01 Apr 2022 | EP 67: Why Location Matters When Looking for Your First Cybersecurity Role | 00:43:37 | |
https://www.yourcyberpath.com/67 In this episode, we are focused on what the real world looks like in cybersecurity supply and demand and the role of geography and location when looking for a cybersecurity job. Jason Dion will walk us through cyberseek.org for a cybersecurity job. He will discuss how to explore the heatmap of the site so that you will understand why you need to consider the location, given data about a certain position, and even certifications when hunting for a job. For those who don’t want to relocate but would want to be hired, Jason also advised how to figure out first what kind of company you want to join. He mentioned three company dynamics that you might need to consider - remote only, remote-first company, and remote eligible. He and Kip will then discuss the differences between the three. What You’ll Learn ● Why take advantage of cyberseek.org when job hunting ● How to use the heatmap ● What data is available in the heatmap ● Which certifications are most relevant to cybersecurity Relevant Websites For This Episode Other Relevant Episodes ● Episode 16 - Cybersecurity Jobs and Covid-19 ● Episode 18 - Cybersecurity Job Market During Covid-19 Quarantine ● Episode 49 - Why Entry Level Jobs Aren’t Really Entry Level | |||
| 25 Nov 2022 | EP 84: The CIA triad - The Basis of Cyber Security (Confidentiality) | 00:28:53 | |
https://www.yourcyberpath.com/84/ In this short episode, Jason and Kip discuss the first aspect of the CIA Triad which is Confidentiality. They break down the critically important confidentiality point and how it works in the real world, highlighting that it's not about the information itself but more likely about where that information is in the flow. They also mention how confidentiality is brought up in certification exams and how it's always connected to encryption. They finish up by doing some mock interview questions about things like secure erase, encryption, and secure file transfer to simulate situations that you could face when applying for cybersecurity jobs. What You’ll Learn ● What are the three states of data? ● What questions related to confidentiality could you meet in your certification exams? ● What interview questions could you get on confidentiality and how to answer them perfectly? ● What is the difference between SFTP and FTPS? Relevant Websites For This Episode ● https://www.yourcyberpath.com/ Other Relevant Episodes ● Episode 62 - The NIST Cybersecurity Framework | |||
| 19 Jan 2024 | EP 114 - NIST CSF Versus The Top 18 | 00:50:07 | |
About this episode In this episode, Kip Boyle and Jason Dion discuss the importance of cybersecurity in the current digital landscape and focus on comparing two different standards: The NIST Cybersecurity Framework and the CIS Top 18. The NIST Framework was created to assist organizations in becoming cyber resilient and offers an adaptable and comprehensive approach to cyber risks. The CIS Top 18, on the other hand, provides an actionable and practical checklist of controls that is prioritized and sequenced. Both of these frameworks provide us with cybersecurity measures that can be used for different applications. They can be used individually, or they can work together by complementing each other in a comprehensive cybersecurity strategy. It is important to realize that the CIS Top 18 can end up being quite expensive for smaller organizations to operate, though, which is why many people are choosing the NIST CSF instead. You should always consider various factors, such as organizational size and specific needs, the type of threats faced, and the budget available for implementation when selecting the framework for your organization. Relevant websites for this episode The NIST Cyber Security Framework (CSF) - https://www.nist.gov/cyberframework The 18 CIS Critical Security Controls - https://www.cisecurity.org/controls/cis-controls-list Other Relevant Episodes EP 62 – The NIST Cybersecurity Framework EP 79 – Mid-Career Transition Success Story with Steve McMichael EP 83 – Automating NIST Risk Management Frameowrk with Rebecca Onuskanich | |||
| 26 May 2023 | EP 97: Passwordless Authentication with James Azar | 00:52:51 | |
https://www.yourcyberpath.com/97/ In today’s episode, we discuss the emerging topic of passwordless authentication with our guest James Azar, CTO and CSO of AP4 group who are well known for their work in critical infrastructure. Passwords have been here for decades, but with the ever-changing nature of the technology industry, passwords are becoming a little weak for our needs. Our hosts take the time to discuss what passwordless authentication is, how it can be implemented, and why there is a move towards passwordless. After that, they go over the issue of balancing security and user experience and making sure our customers are satisfied and provided with solutions that fix their problems without sacrificing security. Following that, they discuss some of the challenges that are associated with utilizing passwordless authentication, including different organization policies, user acceptance, and the lack of usability it could pose. James then goes on to highlight that passwordless authentication is only as good as the user, and it always goes back to the human factor - it only changes the sophistication of the attack. In the end, James highlights that the biggest decisive factor on whether an organization will move to passwordless authentication is going to be cost. What You’ll Learn ● What is passwordless authentication? And why is it relevant? ● How is passwordless authentication implemented? ● How to balance security and good user experience? ● What are the challenges of using passwordless authentication? ● What is Zero Trust? Relevant Websites For This Episode ● https://www.udemy.com/course/irresistible-cybersecurity/ ● https://www.cyberhubpodcast.com/ Other Relevant Episodes ● Episode 88 - The CIA Triad – The Basis of Cybersecurity (Authentication) | |||
| 31 Mar 2023 | EP 93: CyberWIDE Panel - LevelUp - InfoSec Certifications Soup | 01:27:52 | |
https://www.yourcyberpath.com/93/ In this special episode, we are going to share with you a live webinar hosted by the North Texas Information Systems Security Association. They invited our own Jason Dion and Kip Boyle for the CyberWIDE Panel’s InfoSec Certification Soup to discuss careers, hiring, resumes, and of course, certifications. We begin the episode with a brief discussion of how Jason and Kip got into the world of cybersecurity, moving over to some valuable information about how you should go about starting your cyber career and how to know which career is fit for you. Jason also shares an important tip, which is to always keep your resume short and only include your most important certifications relevant to the job posting. Hiring managers will usually spend 6 to 60 seconds looking at your resume, so keep it concise and to the point, 2 pages at most. Then, Kip and Jason discuss their opinions on how important programming is for your cybersecurity career, mentioning that it might be very important for some roles while for other roles you might just need to know basic scripting. In the end, Jason and Kip go over some viewer questions and discussions, like how important soft skills are, how to show up for the interview, and how to get a mentor - highlighting that being coachable is the most important thing as your attitude will affect how beneficial mentorship is going to be for you. What You’ll Learn ● How to know if you are fit for cybersecurity ● Are all certifications valued equally? ● Do you need programming skills to work in cybersecurity? ● How important are your soft skills and getting mentored? ● How is AI going to affect cybersecurity analyst jobs? Relevant Websites For This Episode ● AASLR: Tailor Your Resume to Get Noticed, with Kip Boyle ● CTF Time ● John Strand’s Antisyphon Training ● SANS Cyber Diversity Academy ● MetaCTF Connect with Kip ● https://twitter.com/KipBoyle ● https://www.linkedin.com/in/kipboyle/ ● Fire Doesn’t Innovate by Kip Boyle
Connect with Jason ● https://twitter.com/JasonDion ● https://www.linkedin.com/in/jasondion/ ● https://www.diontraining.com/home
YourCyberPath ● https://www.yourcyberpath.com/ ● https://www.youtube.com/@YourCyberPath/streams ● https://www.facebook.com/YourCyberPath/
Connect with ISSA and North Texas ISSA ● https://www.linkedin.com/company/information-systems-security-association-issa-/ ● https://www.linkedin.com/company/north-texas-issa/ ● https://www.linkedin.com/company/cyberwide/ ● https://www.linkedin.com/in/adelinamariegarcia/ ● https://www.linkedin.com/in/richat/ Other Relevant Episodes ● Episode 58 - How to Get Hired With No Experience ● Episode 81 - How to Negotiate a Pay Raise with Edward Skipka ● Episode 82 - From Truck Driver to Cybersecurity Analyst with Mike Hillman | |||
| 24 Jul 2020 | EP 23: On Your Resume - Job History | 00:35:05 | |
What goes in the job history section of your resume? How much detail should you include? And, how do hiring managers evaluate that section? Want to get your dream cybersecurity job? Our highly rated masterclass will put you on your cyber path! https://www.YourCyberPath.com --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 16 Oct 2020 | EP 29: Job Hunting on LinkedIn | 00:35:06 | |
The best way to get your resume in front of a hiring manager often requires you to connect with that person, or a member of their team. Our guest Glen Sorensen tells us how to do that on LinkedIn in four easy steps. https://www.linkedin.com/in/glensorensen861398/ Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 18 Sep 2020 | EP 27: Optimize your LinkedIn profile for job hunting | 00:36:31 | |
LinkedIn: How’s your profile? What are you putting out there about you? This is your personal brand, so you need to be thoughtful about what hiring managers are seeing when they look at it. Listen to find out what to do! Want to get your dream cybersecurity job? Our highly rated masterclass will put you on your cyber path! https://www.YourCyberPath.com --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 27 May 2022 | EP 71: What Does a Cybersecurity Hiring Manager Really Want From You on Day 1? | 00:30:54 | |
https://www.yourcyberpath.com/71/ In this episode, we are focused on how to make a good impression on your first day at work. Kip and Jason talk about what you can do to impress the organization that you will be working with. Show the hiring manager who you are while on the job and make a good impression. Know that it's not just your people skills that matter, but also your professionalism, like showing up on time, dressing appropriately, being courteous, and being friendly to everyone. Demonstrate your technical skills and be results-driven. Know where to look and be self-sufficient. Kip and Jason also discuss how people work in cybersecurity; that people might be working more with technology instead of working with the people in the team. Listen to what they say about this. What You’ll Learn ● How to make a good impression on day one ● Why professionalism is important ● What other things to know aside from professionalism ● How to function when working with a team Relevant Websites For This Episode Other Relevant Episodes ● Episode 39 - It All Begins with Policy | |||
| 04 Feb 2022 | EP 63: Top Five Reasons Why You’re Not Getting a Job Right Now | 00:30:57 | |
https://www.yourcyberpath.com/63 In this episode, we discuss the top five reasons why you may not be getting a job in the cybersecurity industry right now. After working in the cybersecurity industry for many years, Kip and Jason have identified the five most common reasons that a person does not land their dream cybersecurity position. Job seekers often do not see the bigger picture or understand the challenges that the hiring manager has in filling the position, which is one of the main things that keeps them from their dream job. To help you understand why you might not be getting hired right now, Kip and Jason discuss how a lack of experience, lack of certifications, lack of salary knowledge, lack of soft skills, and a lack of understanding of your own strengths can lead to rejection when applying for a position. Luckily, there are things you can do to help increase the odds of getting hired, as discussed in this episode. What You’ll Learn · Why experience matters most to hiring managers · Why certifications are important in the cybersecurity industry · Why asking for too much or too little money can hurt your chances at landing a position · Why soft skills are more important than your technical skills · Why understanding yourself is important to a long and satisfying career in cybersecurity Relevant Websites For This Episode · Your Cyber Path (https://www.yourcyberpath.com) · Your Cyber Path Hiring Quiz (https://www.yourcyberpath.com/hiring quiz) · Glass Door (https://www.glassdoor.com) · DISC Profiles (https://www.discprofile.com)
Tags: Experience, Certifications, Salary, Soft Skills Other Relevant Episodes · Episode 55 – Which cybersecurity certifications should you get · Episode 49 – Why entry-level jobs aren’t really entry level · Episode 46 – ATS Secrets - Boost your Resume with these Clever Tips Episode 30 – A cybersecurity job that fits you like a glove | |||
| 16 Apr 2021 | EP 42: Strategy through Architecture | 01:04:09 | |
Kip Boyle and Wes Shriner talk more about the Service Catalog specifically number 10, Security Strategy in Architecture with the help of our guest, Peter H. Gregory. He is has written about 50 different articles and books on Cybersecurity. He is a wealth of knowledge! So strap in and let's learn all about Security Strategy in Architecture! There are 3 Types of Architects that we will go over: ◾ Enterprise Architect, Security ◾ Security Strategy Architect ◾ Security Solution Architect Note: there is a 4th but it is actually covered in service catalog #11 Solution Engineering and Architecture. But we will go over this in a later episode! Comment below and share what you thought about today's episode! LinkedIn Profile of our Guest: https://www.linkedin.com/in/petergregory/ And/or learn more about him here: https://en.wikipedia.org/wiki/Peter_H._Gregory Download the slides here: https://try.yourcyberpath.com/cyber-org Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 10 Jun 2022 | EP 72: DISC Profiles | 00:35:49 | |
https://www.yourcyberpath.com/72/ In this episode, the discussion between Kip and Jason is about DISC profiles. You need to understand how important it is to choose the right job for you based on your personality. These are some of the questions you might want to ponder to help you decide what you want. Do you like to interact with people throughout the day? Do you just want to sit in front of your computer and be left alone all day long? Are you a team player? Do you get tired of talking to people? A Dominance Influence Steadiness Compliance personality test is what you need to take to understand what type of personality you have, and what kind of job would work for you. Kip and Jason discuss the details of each profile and how they play in an organization. What You’ll Learn ● Why is it important to think through what job suits your personality ● What are some of the useful questions I can ask myself ● What does DISC stand for ● How do these varied personalities play in the organization I belong to Relevant Websites For This Episode Other Relevant Episodes ● Episode 21 - Your Reputation Matters to Us ● Episode 25 - Evaluating Team Fit and Shared Direction ● Episode 30 - A Cybersecurity Job That Fits You Like A Glove | |||
| 25 Mar 2021 | EP 40: Security Awareness & Training | 01:04:22 | |
Looking for a nontechnical job in Cybersecurity?! This might be a good option for you! In today's episode, we have a very special guest, Gabriel Friedlander, the founder of Wizer Security and Co-founder & CTO of ObserveIT. Join experienced hiring managers, Wes Shriner, Kip Boyle, and Gabriel Friedlander as they explore Governance Risk and Compliance (GRC) and Security Awareness and training from the Common Security Service Catalog. Download the slides here: https://try.yourcyberpath.com/cyber-org Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 06 Jan 2023 | EP 87: The CIA Triad - The Basis of Cybersecurity (Nonrepudiation) | 00:25:19 | |
https://www.yourcyberpath.com/87/ In the fourth video of this five-part series discussing the CIA-NA pentagram, Kips and Jason talk about nonrepudiation. In simple terms, nonrepudiation means you can't say you didn't do the thing that you did. Jason and Kip go over some examples of nonrepudiation in both the physical realm and the digital world highlighting that you should always use some type of example when you're asked about a specific term like nonrepudiation. They also dive deep into digital signatures, public keys, and how these are utilized in software companies and the reasons they are used. In the end, they discuss some hashing algorithms, how they work, and what are the best practices when using them - emphasizing that you can't have all the security and usability at the same time and you're always going to have to balance these two with each other and find something which works best for you. What You’ll Learn ● What is nonrepudiation? ● What kinds of interview questions could you get related to repudiation? ● What is the difference between the different availability options? ● How can a software company provide repudiation for their code? ● How do you calculate a hash value? Relevant Websites For This Episode ● https://www.yourcyberpath.com/ Other Relevant Episodes ● Episode 84 - The CIA Triad - The Basis of Cybersecurity (Confidentiality) ● Episode 85 - The CIA Triad - The Basis of Cybersecurity (Integrity) ● Episode 86 - The CIA Triad - The Basis of Cybersecurity (Availability) | |||
| 04 Aug 2023 | EP 102: Passing CISSP and CISM exams with Ed Skipka | 00:39:38 | |
https://www.yourcyberpath.com/102/ In this episode, we are back with one of our favorite guests, Ed Skipka, to talk about his latest achievements, studying and passing both CISSP and CISM exams. To start, Ed goes on about how you should find your own way of studying and figure out the most efficient way to digest information, whether that is online video training, reading books, or attending bootcamps. Finding a study route that you enjoy is one of the easiest ways to ensure you stay on track. He then goes on to explain how he approached the study materials and how he used multiple resources and figured out a way to grade himself and pinpoint his weaknesses to be able to work on them without spending too much time on topics he already had good experience and knowledge with. Ed also mentions that it’s crucial that you don’t go into studying for the exam being afraid of it. It's indeed a tough exam. However, staying consistent day in and day out and being methodical about how you study should help you break down those fears. After that, Kip and Ed discuss how he approached studying for CISM and why he chose to tackle that certification right after CISSP, highlighting that due to the overlap of information between the two certifications, he was able to conserve a lot of time and energy. In the end, Ed mentions that you should not just take the certification for the sake of taking them, but you should use them to widen your knowledge and to know why and how things are happening and how to relate that to your current job and future positions. What You’ll Learn ● How long do you have to study before taking the test? ● How to organize your time to study for the exam? ● How to approach the study Materials? ● What are the differences and similarities between CISM and CISSP? ● What are some tips of success for the CISSP and CISM exams? Relevant Websites For This Episode ● https://www.cyberriskopportunities.com/cyber-risk-resources/cyber-risk-management-podcast/ ● https://www.udemy.com/course/better-testing/ Other Relevant Episodes ● Episode 55 - Which cybersecurity certifications should you get? ● Episode 58 - How to Get Hired With No Experience ● Episode 81 - How to Negotiate a Pay Raise with Edward Skipka | |||
| 17 Sep 2021 | EP 53: The Ethics of Cybersecurity: How to Buy Cyber Insurance for your Law Practice | 01:01:06 | |
"This week we have hosts, Kip Boyle, CEO of Cyber Risk Opportunities, Jake Bernstein, CISSP from K&L Gates, and Chris Brumfield, CPCU, ARe, a Professional Liability Advisor and no-fee independent insurance broker present a rapidly changing yet crucial cyber risk management tool in this CLE recording from September 15th, 2021. All cyber risk managers need to understand Cyber Insurance, and so should all of us! This is the second CLE we have hosted in a webinar format, and will be doing another one on December 15, 2021! If you want to be a part of this comment below and we will make sure we get you on the list!" | |||
| 27 Nov 2020 | EP 32: Cybersecurity Service Catalog and your dream job | 00:55:22 | |
There are 23 different services performed by a typical large company cybersecurity department. Which ones are best for people who are new to the career field? Wes and Kip tell you in today's episode. NEW: You can see us (and the slides) on YouTube: https://www.youtube.com/playlist?list=PLK1Bn1577F9nbrTcYHYKdXtl4aw79HjZn Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 02 Sep 2022 | EP 78 : Current State of the Cybersecurity Industry with Deidre Diamond of CyberSN | 00:47:29 | |
https://www.yourcyberpath.com/podcast/78/ In this episode, Kip and Jason, with special guest Deidre Diamond from CyberSN, talk about the current state of the cybersecurity industry in regards to hiring. CyberSN is a digital platform that aims to match potential employers with skilled candidates in order to help close the cybersecurity talent gap. Deidre Diamond, the founder of CyberSN, has spent decades as a cybersecurity staffing and leadership expert. She is a passionate advocate for building diverse, multi-talented teams, and her company works hard to match the right candidates with their dream employers. CyberSN is a platform that allows you to create an online profile that is used to instantly match you to potential cybersecurity jobs around the world that would be a good fit for you. Currently, CyberSN has over 100,000 active cybersecurity positions available as part of their platform. CyberSN also has created a unique cybersecurity role taxonomy to identify positions based on 45 different functional roles across 10 different categories. This taxonomy helps to ensure that the right candidates are being placed against the right positions for better long-term success. Kip, Jason, and Diedre also explore the current state of the industry after the unique situations caused by the global pandemic. As Diedre points out, she has seen a growing upward trend in new cybersecurity roles, which demonstrates that employers are adding additional cybersecurity positions to their organizations. These positions are focused on leadership and education, which is a sign of a future increase in entry-level positions, since these positions require more leadership/management and training that do higher level positions. Another interesting trend noticed by CyberSN is that the salary gap between leadership and individual contributor roles has again shrunk, leading to similar pay ranges for both types of positions. This means that employees no longer have to move into management to receive higher pay. Instead, we are currently seeing both leadership and individual contributors breaking the $200,000/year mark in terms of their compensation packages. Finally, we will cover the concept of recruitment of individuals into different cybersecurity positions, and how the recruiters are compensated by your future employer when they place you into a role. What You’ll Learn ● What kind of job roles exist in cybersecurity? ● What is the average salary for various cybersecurity roles? ● How do recruiters get compensated for placing you into a position? Relevant Websites For This Episode: Other Relevant Episodes ● Episode 60 - Top five jobs to two step your way into the cybersecurity industry ● Episode 32 – Cybersecurity Service Catalog & Your Dream Job | |||
| 20 Jan 2023 | EP 88: The CIA Triad - The Basis of Cybersecurity (Authentication) | 00:37:12 | |
https://www.yourcyberpath.com/88/ In this episode we arrive at the end of our five-part series talking about the CIA NA Pentagram, this time discussing the last pillar, Authentication. Authentication is always associated with passwords and how you can prove that you are who you say you are. When you hear Authentication, always have things like tokens, digital certificates, multi factor authentication or two factor authentication in mind but remember that Authentication will keep changing and evolving over the years and new ways, techniques or protocols could be introduced to the field. Jason and Kip go over the different authentication factors and how you might be asked about them, on a job interview. Then they go over different concepts and protocols like SSO, SSL, TLS and how they relate or can be used for authentication. In the End, Kip goes over password managers and what is the criteria for choosing a good password manager. What You’ll Learn ● What is Authentication and how does it look like in the real world? ● What is Zero trust? ● What is the difference between the different availability options? ● What are the five factors of authentication? ● What is SSO? Relevant Websites For This Episode ● https://www.yourcyberpath.com/ Other Relevant Episodes ● Episode 84 - The CIA Triad - The Basis of Cybersecurity (Confidentiality) ● Episode 85 - The CIA Triad - The Basis of Cybersecurity (Integrity) ● Episode 86 - The CIA Triad - The Basis of Cybersecurity (Availability) ● Episode 87 - The CIA Triad - The Basis of Cybersecurity (Nonrepudiation) | |||
| 09 Jul 2021 | EP 48: Anatomy of a Ransomware Attack | 01:00:42 | |
Due to recent Cyber Attacks, we are going to share a replay of a continuing legal education course that Kip Boyle and Jake Bernstein have recently done. In this session, they will walk you through two different ransomware attacks that they have handled in ordinary language. This will include how the attack started, how the client recovered, and what the role of the attorney is throughout the incident. Download slides from previous episodes here: https://try.YourCyberPathcom/cyber-org --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 05 Jan 2024 | EP 113 - SDP 9 Least common Mechanism | 00:13:43 | |
In this episode, Kip and Jason cover the Security Design Principle of “Least Common Mechanism”. The Lease Common Mechanism is the ninth security design principle and focuses on how you can best protect older, legacy systems in large organizations and within the government. Security Design Principle #9 is a crucial concept in the field of cybersecurity. It advocates for minimizing the amount of mechanisms shared by different users or processes, thereby reducing the chances of a security breach. This principle is rooted in the idea that shared resources or functionalities can become potential vulnerabilities, especially if they are used by multiple entities with varying levels of trustworthiness. The principle is based on the understanding that any shared mechanism or resource is a potential attack surface. When different programs or users rely on the same functionality or data paths, a breach in one can easily become a gateway to compromise the others. For instance, if a shared library has a vulnerability, every program using that library is at risk. Therefore, by reducing the number of shared components, the principle of Least Common Mechanism aims to limit the potential damage that can be caused by a security flaw or breach. Implementing this principle involves designing systems where the functionalities are as isolated as possible. This can be achieved through techniques like sandboxing, where programs run in isolated environments, or through the use of microservices architectures, where applications are broken down into smaller, independent services. Each service or program having its unique mechanisms greatly diminishes the risk of a widespread security incident. The principle also underlines the importance of not only securing shared resources but also constantly monitoring them. Regular audits and updates of shared components are vital to ensure they remain secure. In essence, the Least Common Mechanism principle is about understanding the risks associated with shared resources and proactively designing systems to minimize these risks. Relevant websites for this episode Other Relevant Episodes
| |||
| 15 Sep 2023 | EP 105 : SDP 5 Work Factor | 00:34:29 | |
https://www.yourcyberpath.com/105/ In this episode, we are returning to the Security Design Principles series, this time with Work Factor. Work factor refers to how much work it’s going to take an adversary to attack your assets and succeed in doing so. This is coming directly from the world of physical security that was imported into the cybersecurity realm. What you need to understand is you don’t need perfect security. You don’t have to create an impregnable system (if that even existed) to be able to protect yourself from most dangers. You just need to become a more difficult target than other organizations. And this is where work factor comes in. While you need to make it difficult for attackers to consider you as a target, you also need to make sure you are not spending too much time and money doing so, to the point where you are building a $1000 fence to protect a $100 horse. Balancing security and business value is a critical aspect when planning out your security posture. Another important aspect that a lot of people usually ignore is the anticipated resources available to the attacker. Understanding how your adversary works and what kind of resources they might be able to utilize can help you determine how much protection you need to put in. What You’ll Learn ● What is Work Factor? ● Do you need perfect security? ● How do you value how much protection you need? ● What kind of attacks endanger small to mid-sized businesses? Relevant Websites For This Episode ● IRRESISTIBLE: How to Land Your Dream Cybersecurity Position ● The Cyber Risk Management Podcast Other Relevant Episodes ● Episode 103 - SDP 4: Compromise Recording | |||
| 27 Oct 2023 | Episode 108: Self-Care | 00:46:27 | |
https://www.yourcyberpath.com/108/ In this episode, we discuss a critically important topic which is Selfcare. Cybersecurity is a great career, however it is not 100% stress free, burning out and working yourself into oblivion is very common. In this episode our hosts Jason and Kip give you some tips to make sure you have your selfcare in check. The first thing you should do is take time off. It's common to see people who don’t take any time off, and over time it can easily get to you without you being able to realize how much your stress is building up. Next up, always have an emergency fund. It should be between 3 to 12 months of savings. Having this money on the side can help you get out of bad situations and maybe even have the chance to do something fun every once in a while. The last tip we have for you is to make sure you separate self compassion from self judgment. You need to realize that beating yourself up is really stressful and can easily drive you crazy. Always treat yourself with patience, empathy, warmth, and understanding that you would expect from a friend. You should always adopt a growth mindset, which can strengthen your abilities and give you much needed resilience to stress and burnout. What You’ll Learn ● Why is selfcare important? ● How to handle your time off? ● What strategy can you use to save money? ● How to avoid self judgment? Relevant Websites For This Episode ● Akylade Certified Cyber Resilience Fundamentals (A/CCRF) ● IRRESISTIBLE: How to Land Your Dream Cybersecurity Position ● The Cyber Risk Management Podcast Other Relevant Episodes ● Episode 100 - Special with Kip and Jason ● Episode 95 - The Cybersecurity Student Perspective with Sam Bodine ● Episode 97 - Which Certification Roadmap Or Path Should I Use? | |||
| 26 Jun 2020 | EP 22: Impress Us With Your Resume Skills Section | 00:21:38 | |
The Skills Section of your resume needs to match up to the job you're pursuing. What goes in there? How much detail should there be? How do cybersecurity hiring managers evaluate that section? What common mistakes should you avoid? We'll cover all that and more. Plus, a listener request. Want to get your dream cybersecurity job? Our highly-rated masterclass will put you on your cyber path! https://www.YourCyberPath.com --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 25 Dec 2020 | EP 34: Security Engineering, Architecture, and Test Overview | 00:44:49 | |
What jobs are in the Security, Engineering, Architecture, and Test organizational unit? In this episode, Kip and Wes break it down with our guest, Brad Gobble, an experienced hiring manager for this org unit. NEW: You can see us (and the slides) on YouTube: https://www.youtube.com/playlist?list=PLK1Bn1577F9nbrTcYHYKdXtl4aw79HjZn Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 25 Jun 2021 | EP 47: How to Use Your Transferrable Skills | 00:35:48 | |
Our guest Marc Menninger joins Kip Boyle in this episode. Marc is the Director of Information Security with A Place For Mom. He is also a cybersecurity hiring manager. Listen to the tips he gives on how to use your transferrable skills and present yourself during an interview! Download slides from previous episodes here: https://try.YourCyberPathcom/cyber-org Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 10 Apr 2020 | EP 10: Chose Your Dream Cybersecurity Job by Title | 00:09:09 | |
Knowing the title of your dream cybersecurity job is important because, without a job title, you might spend a lot of time going to school or getting certifications, only to find out that, as viewed by a hiring manager, your resume is unfocused on a specific objective. And that could undermine your ability to present yourself as a strong candidate for a job when other people with laser-focused preparation are submitting their applications for the same job. --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 23 Jun 2023 | EP 99: How to use ChatGPT in your Job Search with Sean Melis | 00:48:01 | |
https://www.yourcyberpath.com/99/ In this episode, we are going over the latest trend in AI and NLP, ChatGPT, with our guest, Sean Melis, seasoned multi-modal developer and designer and the founder of bot•hello. In the beginning, Sean explains how chatbots work and the main difference between them and ChatGPT, explaining that ChatGPT leverages a huge dataset, unlike chatbots that use canned responses. However, it is worthy of mention that although ChatGPT is very beneficial and could prove useful to a lot of people, it is still a computer. It might not always understand the context or the intonation behind a question and that’s the reason why it generates responses that sometimes don’t make much sense. After that, Sean and Jason go over how you can use ChatGPT to tailor your resume and make it suitable for specific jobs and how you can understand and work around its limitations. In the end, Sean highlights some advice on how to use ChatGPT and encourages everyone to experiment with it as it could be very helpful to save money and time. What You’ll Learn ● What is ChatGPT? How does it work? ● Is ChatGPT perfect? What are its limitations? ● How can you use ChatGPT on your job hunt? ● What is prompt engineering? Relevant Websites For This Episode ● https://www.udemy.com/course/chatgpt-101-supercharge-your-work-life-500-prompts-inc/ Other Relevant Episodes ● Episode 56 - Cybersecurity careers in the Defense sector ● Episode 58 - How to Get Hired with No Experience ● Episode 89 - Getting My First Job in Cybersecurity with Ayub Yusuf | |||
| 14 Oct 2022 | EP 81: How to Negotiate a Pay Raise with Ed Skipka | 00:46:54 | |
https://www.yourcyberpath.com/81/ In this episode, we listen to Kip and Ed go over how Ed managed to get a 25% pay raise in a very short period of time and the whole details of his situation. Edward Skipka, a vulnerability management analyst, goes over his experience and how he managed to double his pay in just over two and a half years. He highlights that doing your best and solving problems can take you to another level within your company. Kip mentions how some skills, like curiosity, can’t be taught and that people with such skills are able to progress in their careers much faster than they think. You will also learn how important it is to leverage yourself in your current position, how to be able to not take anything personally, and how to know your value and be able to get paid what you’re worth in the industry. What You’ll Learn ● Can you get into cybersecurity without a technology background? ● How to make yourself valuable to hiring managers and recruiters ● How to leverage your position to get paid more Relevant Websites For This Episode Other Relevant Episodes ● Episode 74 - Top Five Mistakes People Make When Negotiating ● Episode 73 - Top Five Things That Will Separate You From Other Applicants | |||
| 07 Jul 2023 | Episode 100 - Best of YCP | 01:43:42 | |
https://www.yourcyberpath.com/100/ We're celebrating the 100th episode of Your Cyber Path podcast with a special edition episode. It's going to be a little different this time. We are going to sit back and reflect on all our 100 previous episodes and take in the things that we learned, so basically welcome to the highlight reel of the Your Cyber Path podcast! Our hosts are Kip Boyle, a cybersecurity hiring manager who started in the Air Force, and Jason Dion, who has over 20 years of experience in the defense industry, including positions at the Navy and NSA. Ayub Yusuf, also known as the WhiteCyberDuck, stresses the significance of tailoring your resume to align with the specific job requirements you are interested in. Doing so will enhance your prospects of advancing through the initial stage of the recruitment process. With the help of ChatGPT and Bard, you can take advantage of the latest AI technologies to effortlessly create resumes and streamline the task of resume making. Our next tip comes from Episode 45, with experienced hiring manager, Glenn Sorensen. Demonstrate enthusiasm and interest in your job applications. This is what hiring managers seek. Also, connect your previous roles and present a complete picture of your experience. Clip three features Ed Skipka, a favorite guest on the show, discussing how he entered cybersecurity without a background in IT. He emphasizes the importance of networking and showing a desire to learn to excel in your career. John Strand, owner of Black Hills Information Security, discusses the pay-what-you-can model in the fourth clip. He emphasizes how this model contributes to the expansion of diversity within the cybersecurity sector and how diversity, in turn, enhances the growth of cybersecurity. Ultimately, this fosters higher quality problem-solving abilities within our cybersecurity teams. After that we discuss a clip from Episode 74, Top Five Mistakes People Make When Negotiating. Negotiating for the right package can be difficult, but having more information can give you an advantage. Kip suggests that it would be a smart strategy to not disclose your salary history. Instead, you should inquire with your potential employer about the job's market value. This will equip you with valuable knowledge and give you a stronger stance to discuss your salary. The next clip discusses how to succeed in your first 90 days of a job, specifically in cybersecurity. It emphasizes the importance of programming skills in this field. Some jobs require high-end coding skills, while others do not require any coding skills at all. To determine the requirements for the positions you are interested in, research the specific roles. Our guest in the last video, Arthurine Brown, talked about her daily routine and shared some of the lessons she learned while working as a business information security officer at Altria Client Services. Arthurine works in a unique role that combines being an information security analyst with understanding how this information is used to accomplish tasks. This shows how the way we add value to businesses is changing due to fast technological advancements. What You’ll Learn ● Who are our Hosts, Kip and Jason? ● What do hiring managers look for in a resume? And how to relate your previous experience to Cybersecurity? ● How do I get experience If I can’t get hired? ● What is the role of Certification, Degrees, and Experience? ● How can diversity help Cybersecurity grow? ● How can you approach salary negotiations? ● Is programming important in Cybersecurity? ● How can we add business value as cybersecurity practitioners? ● What are some things to keep in mind during your career as a cybersecurity practitioner? | |||
| 09 Dec 2022 | EP 85: The CIA triad - The Basis of Cyber Security (Integrity) | 00:40:05 | |
https://www.yourcyberpath.com/85/ In this episode, Kip and Jason discuss the second pillar of the CIA pentagram, Integrity. The whole idea of integrity is making sure any entity that you interact with has not been modified after creation and exists where it needs to be. Jason mentions how it's not always a perfect balance between all the pillars of the pentagram but depending on the real-world situation, the solution tends to lean towards one or more of the pillars. Kip explains how digital signatures work and what are the best use cases for them, while Jason dives in deep explaining how hashes work and how to best utilize them. Again, Kip and Jason go over some interview questions to give you an idea of what kind of questions you might encounter, and what a good answer sound like. Jason then finalizes the episode with a great reminder to always make sure you to test restore backups every few weeks when setting up integrity and backups in your organization. What You’ll Learn ● What are some real-world examples of integrity? ● What is hashing? and how do we use it? ● What are digital signatures? ● How can you verify a file's integrity? Relevant Websites For This Episode Other Relevant Episodes ● Episode 62 - The NIST Cybersecurity Framework ● Episode 84 - The CIA Triad - The Basis of Cybersecurity (Confidentiality) | |||
| 12 Nov 2021 | Ep. 57 Best time of the year to get hired | 00:16:36 | |
https://www.yourcyberpath.com/57 About This Episode In this episode, we are discussing the different hiring seasons in the cybersecurity industry. After all, understanding the different hiring seasons is essential to reaching your goal of getting hired into your dream cybersecurity role. Many people don’t realize that there are high periods and low periods of hiring throughout the calendar year, so in this episode we are going to discuss the three key hiring periods that occur each year and the reasons behind them. Looking for a job can be challenging, so it is often difficult to land your dream job immediately. By understanding the hiring cycles and where they exist on the calendar, you are going to be able to increase your odds of landing a position faster. Depending on the specific portion of the cybersecurity industry you want to work in, there are better and worse times to submit your application. For example, if you want to get a position working for the government, one of the biggest hiring seasons tends to be in October and November because the Government’s new fiscal year begins on October 1st each year. Throughout this episode, we will focus on the three distinct hiring seasons and which is used in which parts of the industry. This includes the January/February, April/May, October/November hiring seasons. Of course, you can find a job at any time during the year, but certain times are better than others as you will learn in this episode. While timing can help increase your odds of success, remember that you still need perseverance, adding value to the organization, and being confident in overcoming challenges to ultimately be successful in your job hunt. What You’ll Learn
Relevant Websites for This Episode | |||
| 03 Mar 2023 | EP 91: Mobile Device Security with Haseeb Awan | 00:38:09 | |
https://www.yourcyberpath.com/91/ Haseeb Awan is the Founder & CEO at EFANI Secure Mobile. In this episode, we'll hear about Haseeb's cyber path, and we'll explore some of the biggest mobile phone risks and what you can do about them. In the beginning, Haseeb tells the story of how his phone number was compromised not once, not twice, but three times, with basically the same type of attack and how that forced him into cybersecurity. Then, Kip and Haseeb go over some of the risks that mobile users can be a victim of and the ways your mobile number could be compromised from social engineering, bribery of account executives, to SIM swapping, and man-in-the-middle attacks. In the end, Haseeb finishes off by discussing how cybersecurity is growing and that cyber risk is greater than ever and that more countries and organizations are building cyber armies. What You’ll Learn ● How did Haseeb get into Cybersecurity? ● What is SIM swapping? ● What is an IMSI catcher? ● What is location tracking? ● Who should worry about their mobile security? Relevant Websites For This Episode ● https://www.amazon.com/This-They-Tell-World- Ends/dp/1635576059 ● https://www.linkedin.com/in/haseebawan/ Other Relevant Episodes ● Episode 59 - Five things to know before you get into cybersecurity ● Episode 78 - Current State of the Cybersecurity Industry with Deidre Diamond of CyberSN | |||
| 15 May 2020 | EP 15: Hunt for Jobs Like a Pentester | 00:06:51 | |
Do you want to do your job search with the same intensity, skills, and tooling as a network penetration tester looking for vulnerabilities? If so, then you need to check out Jason Blanchard’s livestream at https://www.twitch.tv/banjocrashland He's on twice per week: Tuesdays from 4 pm to 6 pm Pacific time (7-9 pm ET) and Fridays from 10 am to noon Pacific time (1-3 pm ET) --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 08 May 2020 | EP 14: Your Salary History is Off-Limits | 00:08:45 | |
It's unfair, and illegal in some places, for an interviewer to ask for your salary history. Today I'm going to tell you why and what to do if you are asked anyway! --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 23 Jul 2021 | EP 49: Why Entry Level Jobs Aren't Really Entry Level | 00:20:40 | |
In today’s episode I want to answer a common question that I get: “Why do all the cybersecurity job postings ask for 5 years of experience but they're labeled as entry level positions?” Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 22 Jul 2022 | EP 75: The Value of University Degrees in Cybersecurity | 00:32:22 | |
https://www.yourcyberpath.com/podcast/75/ In this episode, Kip and Jason talk about the value of university degrees in the cybersecurity career. This topic does come up all the time in discussions or when people come up to Kip or Jason and ask them the same thing. And there really is no single answer that would fit everyone because a degree can either hurt or help, depending on the context. Some people ask whether certifications are better than degrees and vice versa, or whether they need a degree or not. But it really depends on what job it is you are trying to get, which sector this job belongs to, and where in the world you are located. Some have even made the mistake of "over-degreeing" and have become the proverbial "guy with more degrees than a thermometer", which some hiring managers also avoid. A prevailing frame of thought in the US, as well as in most countries, is that a college degree will be a "ticket" to get you places. In cybersecurity, this is not a true thing because no such guarantee exists. What You’ll Learn ● Where is the value in a college degree ● Where is a college degree important ● What type of positions are important ● Where do you hit a level that needs a degree to get to the next step Relevant Websites For This Episode: Other Relevant Episodes ● Episode 55 – Which cybersecurity certifications should you get? ● Episode 58 - How to Get Hired With No Experience ● Episode 73 - Top Five Things That Will Separate You From Other Applicants | |||
| 21 Feb 2020 | EP 3: My Cyber Path (Part 2) | 00:08:41 | |
In this episode, I tell you the second part of my story about how I got into cybersecurity. And why I stayed, despite the stress and the constant threat of burn-out. To help you get your first cybersecurity job, in addition to this podcast, I’m going to publish an online course. Will you let me know your #1 question about getting your first cybersecurity job? If you do that through my online survey, then you’ll get free access to my 4-week online class that’s starting on April 6, 2020. You’ll also get a free copy of my Amazon best-selling book “Fire Doesn’t Innovate: The Executive’s Practical Guide to Thriving in the Face of Evolving Cyber Risks”. You can tell me your #1 question by going to: b.link/cyberpath If you want to give me feedback on the show, or if you want me to answer your question on a future episode, please visit the show page at: anchor.fm/YourCyberPath --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 17 Mar 2023 | EP 92: Password Managers | 00:34:11 | |
https://www.yourcyberpath.com/92/ In this short episode, our hosts Jason Dion and Kip Boyle discuss the critically important topic of password managers. In the beginning, Jason quickly describes password managers, their use cases and how they work, highlighting both the security and convenience aspects of using a password manager. Then, Kip goes over how to choose a password manager and what criteria you should consider when choosing the best software, emphasizing that attack resistance comes first, and all other criteria comes second to it. After that, our hosts discuss the different features of different password managers, why they utilize them, and the best ways to make sure you have great security and productivity online. In the end, Jason makes some notes about paid versus free password managers and VPNs, and discusses the newest trend of passwordless authentication. What You’ll Learn ● What is a password manager? ● How do you choose a password manager? ● What is the difference between free password managers and paid ones? ● What is passwordless authentication? Relevant Websites For This Episode Other Relevant Episodes ● Episode 40 - Security Awareness & Training ● Episode 84 - The CIA Triad – The Basis of Cybersecurity (Confidentiality) | |||
| 29 Sep 2023 | EP 106: All About Internships | 00:38:00 | |
https://www.yourcyberpath.com/106/ In this episode, we are discussing the much-anticipated topic of Internships! Internships are not that common in cybersecurity and that's because they are a huge long-term investment, which is risky for lots of organizations especially in the private sector. Some of the issues that come along with internships are the time and resources that must be invested, and on the side, the risk of all these resources being blown away when the intern decides to not continue with the organization. You can also expect not to see two internship programs that are similar to each other. They are always different and very customized to fit the organization providing these internships. Internships can also be a great help to break barriers that a lot of entry level workers face when trying to get a job for the first time in many different fields, not just cybersecurity. There are also other benefits to internships, including better networking opportunities and more improvements to your team's communication skills, and the way they work with different skill levels, which can enlighten you about areas of weaknesses and points of improvement. What You’ll Learn ● Why are internships hard to get? ● What are the differences between paid and unpaid internships? ● How do internships help break barriers in cybersecurity? ● What are the benefits of internships? Relevant Websites For This Episode ● IRRESISTIBLE: How to Land Your Dream Cybersecurity Position ● The Cyber Risk Management Podcast Other Relevant Episodes ● Episode 95 - The Cybersecurity Student Perspective with Sam Bodine | |||
| 20 Aug 2021 | EP 51: What does it take to lead a Cybersecurity Program? Part 2 | 00:47:13 | |
In episode 50, we showed you the first half of Kip's presentation with Ritsumeikan Asia Pacific University, where Kip talked with the students about Cybersecurity Management. This is the second half of this 2 part series, where we did open Q&A. They asked a lot of good questions! If you missed the first half, check out EP 50 here: https://youtu.be/HmS4AuGrD-c Interested in my book?! It is available in paperback, kindle, and audible. Check it out here: https://www.amazon.com/Fire-Doesnt-Innovate-Executives-Practical-ebook/dp/B07M7KTZWX Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 05 Mar 2021 | EP 39: It all begins with policy | 01:15:10 | |
All security begins with a Policy! In today's episode, we will be exploring a Policy Administrator position and what you should know about it with the help of our friend Torin Larsen. Download the slides here: https://try.yourcyberpath.com/cyber-org --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 13 Mar 2020 | EP 6: Survey results - Your #3 Question | 00:06:38 | |
In this episode, I tell you the third most frequent question we’ve received from the survey respondents so far. To help you get your first cybersecurity job, in addition to this podcast, I’m going to publish an online course. Will you let me know your #1 question about getting your first cybersecurity job? If you do that through my online survey, then you’ll get free access to my 4-week online class that’s starting on April 6, 2020. You’ll also get a free copy of my Amazon best-selling book “Fire Doesn’t Innovate: The Executive’s Practical Guide to Thriving in the Face of Evolving Cyber Risks”. You can tell me your #1 question by going to: b.link/cyberpath If you want to give me feedback on the show, or if you want me to answer your question on a future episode, please visit the show page at: anchor.fm/YourCyberPath --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 06 Feb 2024 | EP 115 - SDP 10: Separation of Privileges | 00:15:46 | |
SDP 10: Separation of Privileges About this Episode In this episode of the Your CyberPath podcast, Kip Boyle and Jason Dion delve into the concept of the separation of privilege as a vital component of their series on security architecture and design principles. Jason and Kip talk about how the separation of privilege illustrates its significance through real-world examples. They also help showcase its application in technologies, military operations, and financial transactions. Jason also draws from his military experience to underscore the critical role of separation of privilege in SOVOT (System Operations Verification and Testing) environments. Finally, they underscore its importance in password management systems. They emphasize its pivotal role in upholding cybersecurity standards. Understanding these principles is essential for building robust security frameworks. Relevant websites for this episode The NIST Separation of Duty (SOD) - https://csrc.nist.gov/glossary/term/separation_of_duty Other relevant Episodes EP 94: Ten Security Design Principles (SDP) EP 96: SDP 1: Least Privilege EP 98: Security Design Principles 2: Psychological Acceptability EP 101: SDP 3: Economy of Mechanism EP 103: SDP 4 Compromise Recording EP 105: SDP 5: Work Factor EP 107: SDP 6: Failsafe Defaults EP 109: SDP 7: Complete Mediation EP 111: SDP 8 open Design EP 113: SDP 9 — Least Common Mechanism | |||
| 24 Nov 2023 | EP 110: Am I too old to work in Cybersecurity | 00:34:04 | |
https://www.yourcyberpath.com/110/ In this episode, hosts Kip Boyle and Jason Dion discuss the topic of ageism in cybersecurity careers. They address a listener's question about whether it is too late for a career change into cybersecurity at the age of 60-65. The hosts acknowledge that ageism does exist in the industry, but they provide tips and strategies for older individuals to overcome this challenge. First, they advise career changers to identify their transferable skills and highlight them on their resumes. They also recommend choosing job titles carefully, avoiding entry-level positions that may be more suited for younger candidates. Instead, older individuals should target higher-level positions that align with their experience and expertise. The hosts also discuss the importance of addressing ageism during the interview process. They suggest talking about new technologies and demonstrating a willingness to adapt and embrace change. Additionally, they advise older candidates to choose employers wisely, considering organizations that value and appreciate the skills and experience they bring to the table. Overall, the episode provides practical advice for older individuals looking to transition into cybersecurity careers and navigate the challenges of ageism in the industry. What You’ll Learn ● Am I too old to do a career change into cybersecurity? ● What are some strategies to overcome age-related challenges when pursuing a career change into cybersecurity? ● Should I highlight my transferable skills when changing careers? ● What should older individuals consider when targeting job positions in the cybersecurity field? Relevant Websites For This Episode ● Akylade Certified Cyber Resilience Fundamentals (A/CCRF) ● IRRESISTIBLE: How to Land Your Dream Cybersecurity Position ● The Cyber Risk Management Podcast Other Relevant Episodes ● Episode 64 - How I got my first cybersecurity analyst job with Sebastian Whiting ● Episode 66 - How to be irresistible to hiring Managers ● Episode 38 - Wes’ Cybersecurity Job Hunt | |||
| 19 Feb 2021 | EP 38: Wes' Job Hunt | 00:41:09 | |
Wes recently went looking for his dream cybersecurity job. We’re going to tell you his story. There are quite a few lessons he learned and will share with you. You can see us on YouTube: https://www.youtube.com/YourCyberPath Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 17 Apr 2020 | EP 11: Chose the Path to Your Dream Cybersecurity Job | 00:07:25 | |
There are so many different ways you could go about preparing yourself. There are dozens of certifications, college degrees, and the thing all hiring managers ask for: experience. And, unfortunately, I hear from a lot of people who thought they were well-prepared to get their first cybersecurity job, but found themselves getting nowhere after months of interviews. I don't want that for you, so here are some specific suggestions to become a strong candidate for your dream cybersecurity job. --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 12 May 2023 | EP 96: SDP 1 (Least Privilege) | 00:31:01 | |
https://www.yourcyberpath.com/96/ In this episode, we unpack the first of the Security Design Principles, Least Privilege. If you have never heard of it before, Least Privilege is the act of giving a person the most minimal amount of privilege for them to be able to do their job. Our hosts take the time in this short episode to discuss the ups and downs of Least Privilege and why it’s not utilized as widely as it should be. Then they go over how Least Privilege should be implemented at home and at work and how much it affects your personal and professional Cyber Hygiene. In the end, Jason discusses how Least Privilege can affect Software Development and the importance of setting different accesses and permissions for different users to improve your security posture. What You’ll Learn ● What is a CR-MAP? ● What is Least Privilege? ● What are the costs of using Least Privilege? ● How does Least Privilege affect you as a user? ● How can software utilize Least Privilege? Relevant Websites For This Episode ● https://www.yourcyberpath.com/podcasts/ Other Relevant Episodes ● Episode 80 - Risk Management Framework with Drew Church ● Episode 83 - Automating NIST Risk Management Framework with Rebecca Onuskanich | |||
| 14 Feb 2020 | EP 2: My Cyber Path (Part 1) | 00:08:49 | |
In this episode, I tell you the first part of my story about how I got into cybersecurity. And why I stayed, despite the stress and the constant threat of burn-out. To help you get your first cybersecurity job, in addition to this podcast, I’m going to publish an online course. Will you let me know your #1 question about getting your first cybersecurity job? If you do that through my online survey, then you’ll get free access to my 4-week online class that’s starting on April 6, 2020. You’ll also get a free copy of my Amazon best-selling book “Fire Doesn’t Innovate: The Executive’s Practical Guide to Thriving in the Face of Evolving Cyber Risks”. You can tell me your #1 question by going to: b.link/cyberpath If you want to give me feedback on the show, or if you want me to answer your question on a future episode, please visit the show page at: anchor.fm/YourCyberPath --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 28 Oct 2022 | EP 82: From Truck Driver to Cybersecurity Analyst with Mike Hillman | 00:36:04 | |
https://www.yourcyberpath.com/82/ In this episode, we get to learn about our guest’s inspirational story as he went from truck driver to Cybersecurity Analyst in less than 15 months. Mike Hillman, former truck driver and current SOC Analyst, goes over his exact roadmap to transition into Cybersecurity without any previous experience, the certifications he acquired, and the courses he took. Jason and Kip share with us how hiring managers think when they are looking for a new hire, and highlight some of their tips to get hired with no experience. You will also learn that it takes more than just certifications to have a successful career in Cybersecurity. Having hands-on experience, as Mike mentions, is helpful and that if he could turn back time he would start hands-on practice from Day 1. What You’ll Learn ● Why choose Cybersecurity of all IT fields? ● How did Mike Transition from Truck driving to Cybersecurity Analysis? ● How to get hired with no experience? Relevant Websites For This Episode ● https://www.antisyphontraining.com/soc-core-skills-w-john-strand/ Other Relevant Episodes ● Episode 64 - How I Got My First Cybersecurity Analyst Job with Sebastian Whiting ● Episode 59 - Five things to know before you get into Cybersecurity | |||
| 06 Mar 2020 | EP 5: Survey results - Your #2 Question | 00:03:37 | |
In this episode, I tell you the second most frequent question we’ve received from the survey respondents so far. To help you get your first cybersecurity job, in addition to this podcast, I’m going to publish an online course. Will you let me know your #1 question about getting your first cybersecurity job? If you do that through my online survey, then you’ll get free access to my 4-week online class that’s starting on April 6, 2020. You’ll also get a free copy of my Amazon best-selling book “Fire Doesn’t Innovate: The Executive’s Practical Guide to Thriving in the Face of Evolving Cyber Risks”. You can tell me your #1 question by going to: b.link/cyberpath If you want to give me feedback on the show, or if you want me to answer your question on a future episode, please visit the show page at: anchor.fm/YourCyberPath --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 01 May 2020 | EP 13: Landing Your Dream Cybersecurity Job | 00:10:05 | |
It’s difficult enough to get an interview, so you want to stay strong as you transition from using a resume to get attention to selling yourself in person. --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 01 Oct 2021 | EP 54: New Cohost Jason Dion | 00:11:26 | |
For the past year, my good friend Wes Shriner has been my cohost. We’ve created some great episodes together, which I hope have helped you. These days Wes is super busy in his new role as Chief Information Security Officer, and I couldn’t be happier for him. So now that Wes has graduated from being my cohost, I’ve invited Jason Dion to cohost. Some of you may already know about Jason from his online certification prep courses. Maybe you’re already a customer of his? Well, it turns out that Jason is much more than a certification expert. He’s also an experienced hiring manager. So let’s meet Jason! Applying For Cybersecurity Jobs But Struggling To Get Hired? Take This 2 Minute Quiz To Find Out Where You’re Getting Stuck In The Hiring Process! https://www.hiredin21days.com | |||
| 30 Apr 2021 | EP 43: Threat Intelligence | 01:26:50 | |
Kip Boyle and Wes Shriner talk more about the Service Catalog specifically number 15, Threat Intelligence with the help of our two guests, Mike Sheward, an enthusiastic Information Security Leader, and Gary Brown, an Intelligence Officer, US Airforce, Ret'd. We will go over: ◾ Threat Intelligence Reporting ◾ The Intelligence Cycle ◾ Threat Intelligence Processes ◾ Positions in Threat Intelligence ◾ Diamond Model Comment below and share what you thought about today's episode! LinkedIn Profile of our Guests: https://www.linkedin.com/in/mikesheward/ https://www.linkedin.com/in/gary-brown-infosec-pro/ Download the slides here: https://try.yourcyberpath.com/cyber-org Can playing capture the flag also give you cybersecurity job hunting success on LinkedIn? Yes! Check out our step-by-step guide: https://www.YourCyberPath.com/pdf --- Send in a voice message: https://anchor.fm/yourcyberpath/message | |||
| 13 May 2022 | EP 70: How Can The Same Cybersecurity Job Be So Different Depending On Who You Work For? | 00:38:32 | |
https://www.yourcyberpath.com/70/ In this episode, we are focused on job titles. It is important to know the job you are doing, but the job title doesn't really matter that much. Do realize that there's not just one type of cybersecurity job out there. Even if you know the job by title, it doesn't mean that it is any different from another cybersecurity job. If you are keen on details, you will know what the differences are between job titles. Kip and Jason talk about five cybersecurity positions so that you will be able to identify how they are different from each other. The discussion includes various keywords to look out for, basic requirements and experience required for the job title, as well as company background to keep an eye out for. Job titles mean everything. Job titles mean nothing. ~Kip What You’ll Learn ● Why are job titles important ● Why do you have to be keen on job descriptions ● What are the basic requirements and experience to look out for ● Why is it important to know how large the organization is Relevant Websites For This Episode | |||
| 10 Nov 2023 | EP 109: SDP 7: Complete Mediation | 00:20:42 | |
https://www.yourcyberpath.com/109/ In this episode, we are returning to the Security Design Principles series, this time with Complete Mediation. Complete mediation means the system checks the user trying to access a file or perform an action is authorized to access this file or perform this action. Complete mediation is also implemented in the security reference monitor (SRM) in Windows operating systems. The SRM checks fully and completely that a user has access to perform an action each time they try to perform it. It also ties back to one of the three As of cybersecurity, which is Authorization, since the user has to prove having access to something when they request it. Complete mediation can be a huge challenge to usability, and it might be something that interferes with your operations. That’s where you need to understand that the security design principles are not a compliance list and that you should use them to enhance your systems. You should not be trying to get every principle to 100%. What You’ll Learn ● What is complete mediation? ● What are some examples of complete mediation? ● How is complete mediation implemented in Windows? ● What are the challenges of complete mediation? Relevant Websites For This Episode ● Akylade Certified Cyber Resilience Fundamentals (A/CCRF) ● IRRESISTIBLE: How to Land Your Dream Cybersecurity Position ● The Cyber Risk Management Podcast Other Relevant Episodes ● Episode 103 - SDP 4: Compromise Recording | |||
| 24 Jun 2022 | EP 73: Top Five Things That Will Separate You From Other Applicants | 00:36:27 | |
https://www.yourcyberpath.com/73/ In this episode, the discussion between Kip and Jason is about the top five things that will make you stand out from other applicants. These tips will definitely help you get ahead of the pack and have an edge in your job application. In your job hunting, you want to be an irresistible candidate from the hiring manager's perspective. These top five things will separate you from other applicants. These will make the hiring manager want to have you on their team. While your application starts with a good resume, having the right network coupled with having good people skills will give you a good boost. A lot of hiring managers are also hiring because they need people with experience to tackle some of the gaps and challenges they have in their team. Also, remember to highlight the skills that are appropriate for the position you are applying for. What You’ll Learn ● Why who you know matters ● Why you need soft skills/people skills ● Why it is important to have practical experience ● Why solving real-world problems will help ● Which technical skills/profiles will make you stand out Relevant Websites For This Episode Other Relevant Episodes ● Episode 22 - Impress Us with Your Resume Skills Section ● Episode 28 - Five Principles to Help You Get Your Dream Cybersecurity Job | |||
| 21 Jan 2022 | EP 62: The NIST Cybersecurity Framework | 00:31:34 | |
https://www.yourcyberpath.com/62 In this episode, we cover the importance of the NIST Cybersecurity Framework (NIST CSF) and its use in managing risk as a business process within your organizations. The NIST Cybersecurity Framework was developed by the National Institute of Standards and Technology in collaboration with cybersecurity experts across the world. The framework is divided into three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profile. The Framework Core contains the five concurrent and continuous functions performed by a cybersecurity organization: identify, protect, detect, respond, and recover. The Framework Implementation Tiers provides 4 levels of achievement for cybersecurity risk management. The Framework Profiles contains 23 activities and 108 outcomes that can be used to create a profile for your organization to manage its cybersecurity risk. Kip Boyle and Jason Dion spend this episode providing a great overview of the NIST Cybersecurity Framework and its benefits. The team has recently filmed a long-form course that dives into each and every part of the Framework and teaches you how to use it in your own consulting and risk management efforts. You can find the course on the Your Cyber Path website or at our distribution partner’s website, Udemy. What You’ll Learn ● What the NIST Cybersecurity Framework is ● The benefits of using the NIST Cybersecurity Framework ● The three parts of the NIST Cybersecurity Framework ● How to integrate other control methods (ISACA, ISO, RMF) into the NIST Cybersecurity Framework Relevant Websites For This Episode ● NIST Cybersecurity Framework course (https://www.yourcyberpath.com/udemy) ● NIST Cybersecurity Framework (https://www.nist.gov/cyberframework) ● Your Cyber Path (https://www.yourcyberpath.com) Tags: NIST CSF, Courses Other Relevant Episodes ● Episode 50 – What does it take to lead a cybersecurity program ● Episode 53 – How to buy cyber insurance for your law practice | |||
| 19 Aug 2022 | EP 77: Get Into the Talent Pipeline With Max Shuftan and Winnie Yung | 00:40:11 | |
https://www.yourcyberpath.com/podcast/77/ In this episode, Kip and Jason, with special guests Max Shuftan and Winnie Yung, talk about what a talent pipeline is and why hiring managers should be using a solid talent pipeline in order to bring in new people into the cybersecurity industry to meet their staffing needs. Max Shuftan, director of Mission Programs and Partnerships at the SANS institute, is here to talk about how their organization helps people get into cybersecurity through the use of their talent pipeline. Our other guest, Winnie Yung, is a graduate of SANS Institute’s Diversity Cyber Academy who has now broken into the cybersecurity industry. A talent pipeline is used to take somebody, either “off the street” or with little/lower skill levels, and then develops those people’s skills for a particular position. Once the person gains an initial foothold into the cybersecurity industry, they can then continue to build their skills and move upward to other higher level positions. These talent pipelines may exist within a single company or organization, such as how the military implements their talent pipelines, or those talent pipelines can be spread across multiple organizations using external training as part of their overall talent pipeline. Talent pipelines often help give the worker the skills they need to be able to move forward either at the place they are already working at, or it can help them land a position with a new company once they have gained the required skills. What You’ll Learn ● What is a talent pipeline? ● How do you get into a talent pipeline? ● How to network while in a talent pipeline? Relevant Websites For This Episode: ● www.sans.org/scholarship-academies/diversity-academy/ Other Relevant Episodes ● Episode 70 - How Can the Same Cybersecurity Job Be So Different Depending on Who You Work For ● Episode 69 – Breaking into Cybersecurity with Nancy Hunter ● Episode 61 - Skills-based Certification and Training with John Strand | |||