Ready to master the art of building a professional brand online? What if you had the right mentor to guide you on this journey? We've got you covered! This episode is a conversation packed with insights and experiences about professional branding, mentorship, and mental welfare in the cybersecurity realm. My guest, Josh Mason, a fellow veteran and cybersecurity savant, walks us through his intriguing journey from teaching at Jacobs to consulting at NuVic Solutions.
Do you want to be a shining star in the cybersecurity industry? Well, it's time to hit the books and get your hands dirty. Together with Josh, we explore the importance of weapons school, humility, and credibility when it comes to mentorship. We also talk about how research, knowledge sharing, and relationship building are critical in navigating the cybersecurity landscape. Buckle up as we discuss the realities of salary expectations, the art of resume writing, and how to sniff out the big tech companies that can offer you more.
If you're feeling lost or stuck, it's time to pause, reflect, and find your 'why'. With Josh, we delve into the importance of having a strong 'why' and the power of passion in driving success. We also emphasize the importance of taking time for soul-searching and the role of community involvement in enriching your professional life. So, grab a beverage, sit back, and join us on this enlightening and inspiring journey in the world of cybersecurity.
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
Ready to master the art of building a professional brand online? What if you had the right mentor to guide you on this journey? We've got you covered! This episode is a conversation packed with insights and experiences about professional branding, mentorship, and mental welfare in the cybersecurity realm. My guest, Josh Mason, a fellow veteran and cybersecurity savant, walks us through his intriguing journey from teaching at Jacobs to consulting at NuVic Solutions.
Do you want to be a shining star in the cybersecurity industry? Well, it's time to hit the books and get your hands dirty. Together with Josh, we explore the importance of weapons school, humility, and credibility when it comes to mentorship. We also talk about how research, knowledge sharing, and relationship building are critical in navigating the cybersecurity landscape. Buckle up as we discuss the realities of salary expectations, the art of resume writing, and how to sniff out the big tech companies that can offer you more.
If you're feeling lost or stuck, it's time to pause, reflect, and find your 'why'. With Josh, we delve into the importance of having a strong 'why' and the power of passion in driving success. We also emphasize the importance of taking time for soul-searching and the role of community involvement in enriching your professional life. So, grab a beverage, sit back, and join us on this enlightening and inspiring journey in the world of cybersecurity.
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
And we're back with another amazing episode of security happy hour. I am your host, the cyber warrior. This is cyber warrior studios. As always, you know where to find us every single week, without fail. Now, because it's a Thursday, i know it's gonna be a little while to get people in here, so please share this video, that way people know to come here, because this is not my normal day Now, otherwise, look, i love you all and I promise we'll be right back. And We're back, and with me this evening I have a good friend, my brother, fellow veteran, josh Mason. But before we get to you, josh, we need the official sound of starting security happy hour. So Right there it is. That's how you doing, josh.
Speaker 2:Hey, I am doing great.
Speaker 1:You know you like like kept me waiting till the last minute today. I'm like, did you lose, like all military bearing and, like you know, screws showing up early anymore, i'm gonna come in five minutes late, it'll be okay.
Speaker 2:I'm a captain, i just show up.
Speaker 1:That explains it.
Speaker 2:That explains when it starts. Often it was on started when I got there.
Speaker 1:That's right. So how you, man, what's been going on? Cuz I know when we first talked Well, we first started talking you were doing Cyber supply drop. Am I? am I right? Yeah doing that.
Speaker 2:Yes, so I think when man last time I was on I think I was still teaching at Jacobs Yeah, i Am And then I went to I&E and built out EJPT And then I went, tried my nice Carina bag is a sales engineer at sim space and that was fun. But now I'm a consultant at NuVic Solutions Working with our pentester team.
Speaker 1:Okay, nice, Yeah there was a lot of drama with that whole I&E job man There was. There was some online wars going back and forth for a little while there there was, yeah, cyber security drama, you know. But nah, man, it's good to have you on, as always, i always love your posts. You know everybody does things different and wants to present a different personality or or present their brand in a different way.
Speaker 1:So the way you go about doing things I appreciate, and I know a lot of other people do, because even though I'm in the industry, even though I'm a practice manager now, i don't put out a lot of cyber security information on them Most of my information is all just to help people with their mental headspace, because I know that in this industry we deal with a lot I mean, that's across the board But in general we see a lot of burnout here, and so that's kind of the way I approach things. I don't want to be like everybody else because I'm not everybody else.
Speaker 2:I get that so that's.
Speaker 1:That's just kind of like how I've rebranded myself over the years and You know, what I really look forward to doing every day is helping the people with their, their mental wellness and mental welfare. Oh yeah, well, we've got a few people here already, so look, hey, if you haven't done so yet, please make sure, like comment, subscribe. Well, you can't comment yet because it's live, but you know if you come back and watch the recording after. But feel free to jump in chat, say some things, ask some questions. We're gonna get them as many answered today as we can, i promise. Now, saying that I did say this was gonna be about mentorship and training, because I have seen a lot of what you've been doing. I mean, you both love JJ Davey and kind of what he's doing And so many others out there, you know. So, when it comes to mentorship, you take on more that mentor, mentor role in public, or is it more For you? is it more at work, kind of the people that you know like? how do you go about doing it?
Speaker 2:It ends up being a mix It's mostly in public a little bit of my role at Newvix solutions I'm I ended up being a little bit of an outlier. So I I've been able to come in from a different perspective than most of our really technical guys and like Kind of bring a little bit of that Air Force perspective to things and so Been able to help with like marketing a little bit and work on processes here and work on some of our procedures there, kind of just hone in some things. It's nice because we're a small company, we're growing, and so there's been a lot of let's do the stuff, do the stuff, do the stuff. And we're getting to the point of like, okay, cool, what works, what doesn't work, let's write that stuff down and then let's iterate off of that. So it's been fun.
Speaker 2:And Then you've seen a lot of my stuff on LinkedIn. I I put out a 30-day challenge because You know, i I believe putting stuff out on LinkedIn, being part of the community and participating, is what gets you jobs in today's Workforce. So trying to just get people to do that. And some folks I told them hey, if you make it through 30 days of posting like this, then you can have an hour of my time. So far we've kicked off a few of those mentoring sessions for folks who have made it through. I started short because I didn't want to overwhelm people with like an expectation of trying to Right conversation with me for an hour. I.
Speaker 1:Think I'm one of the only people that can do that. Let's be honest. You know I can hold a conversation with just about anyone for an hour if not more.
Speaker 1:But no, that's awesome and I love seeing that because me and you, i believe me and you and, if not While you were on the show, at least afterwards. Me and you have talked about the importance of networking and social media, oh yeah, and your brand and presentation and everything else, and so having that challenge, i think is very valid, because me myself right now, as a practice manager and in a role where eventually, as I open up Physicians, i'll be doing hiring and things of that nature. You know that's what I look at and that's what I tell everybody that I've. You know I'm interviewing for senior positions right now. You know I've told them. I said well, what's your brand?
Speaker 1:Where are you online? Can I find you? what's going on? You know, because I care more about that in your community involvement and what you give back, especially if it's, you know, for our juniors that are in the chat right now. You know learning in public and Posting, commenting like am I seeing your name? Because if I'm not seeing your name and I don't know who you are, that means I got to go dig and let's be honest, i am in back-to-back meetings almost every day.
Speaker 1:It is getting very, very difficult to maintain my ability to dig. It is getting very hard So. I got very, very true the names we see or the names we remember um.
Speaker 2:Oh, man and someone hit me up this morning and I feel bad because I haven't replied, but they were like hey, i see you're posting all this stuff. What can I do to get started in cybersecurity and even my? What I usually do with someone DMs me of like Go check out my profile because I put it right there for you. Oh, I.
Speaker 2:Haven't even been able to Have the time to type that out. Yeah, so it's hard. Yeah, i do appreciate a lot of the people who come up with like real quality questions or like or participate in the things that we post, or Folks who are here like listening and participating in chat. I think that's a good sign That, yep, They actually do hair enough Right, and we do have a few.
Speaker 1:I got a few that just say LinkedIn user. Peter Lee is here from LinkedIn. I gotta be honest. For anybody who is on LinkedIn right now watching this, understand I cannot chat back to you, i cannot send a message to you, and there are quite a few here that just say LinkedIn user, so I don't know your name. If you would like to be seen, you have to be doing one of two things either following and liking my LinkedIn page or Come over to YouTube, sign in and that way we can see everything. Those are the only two options, because if you're on LinkedIn and you're not following me On my company account for sub-war your studios then I can't see Anything. So just letting you all know. But for all those that are on LinkedIn and are here, i appreciate you all. Very rarely just LinkedIn get a lot of viewers. Normally they all come over to YouTube.
Speaker 2:So good to see you while LinkedIn.
Speaker 1:There it is, there it is.
Speaker 2:Hey Tim.
Speaker 1:So it is good to see everybody here. I appreciate you all. I miss you, says I Follow Josh, love his content, definitely helpful. Misha is another one of my warriors. Been around for a while. We've been talking for probably over a year now and with ups and down, ups and downs, highs and lows, you know she been getting at it So I can't complain one bit. Been doing a ton of stuff and just trying to find her way in. I'm Andrea is here. Peter Lee, i don't I best. First time I've seen Peter Alana's here. I love Alana, she's always.
Speaker 2:Peter's about to retire out of the Air Force.
Speaker 1:At least she chose the good branch. I retired out of the army. I can't claim it was a good one, but I can claim it was a one. But no, i mean with that, you know, mentorship is huge and I think a lot of people go about it the wrong way, both mentors and mentees. I think we both both sides of the coin kind of Make mistakes along the way until they find their footing. Oh yeah and your eyes. What is the worst question You can be asked by someone?
Speaker 2:As a mentee or like as a mentor, from empty The what do I do to get started? Because it depends, that's gonna be my answer. It depends, like I need some lead-in, i need some warm-up, i need to know, like, what the background is and what the goal is. Like because I'm Learning some basics like, okay, if you know nothing, go figure out what a computer is and what TCP IP means. And then, if you got that, okay, now Where do you want to go from there? Um, yeah, i don't know. That's one of those, it's just so vague.
Speaker 1:It is. That is one of the hardest questions for you. When people always ask me how do I get started in cyber security, how do I get in it's cyber security? How do I? you know X, y and Z with cyber security and they go general with the entire industry is when I go Well, what do you want to do?
Speaker 2:and if you don't have an answer for me.
Speaker 1:Then You know, depending on how you approach this situation like if we have a rapport and we've talked and I know your background And kind of what you're doing, then okay I can give some guidance. But if you literally just message me out of the clear blue and that is your question, i've got nothing for you. I'm gonna tell you, figure out what you want to do.
Speaker 2:Like, and Kev just mentioned this. Yeah, i don't like when people won't take the five minutes to like Google, but it's even for me. It's worse than that, because my page has a whole bunch of stuff Like that I made specifically to answer that question. Like here, your general broad, where should you start? here, right here, it's featured on my page. You just find my face. You scroll down a little bit. So that's one of those ones.
Speaker 1:When I get into my DMs I'm just like What and that's, and that's one of the big things for me and that was So. So I'm gonna equate this and it's probably a bad comparison, but I'm gonna make the comparison anyways because I think it's hilarious. And so I had someone clone my aunt's Facebook account at one point.
Speaker 2:I knew it was a clone.
Speaker 1:I knew she never recreated her account, nothing. But I said, hey, i'm gonna accept this friend request and I'm gonna let this person message me. We're going and talking, and talking, and talking and I said, homie, have you done any research? He's like well, i'm like, no, really, have you even looked at what I do for a living? because it is point blank on my Facebook page everything I do? Do you really want to play this game? And now is when he was like he says something. He's just, we should work together. Dude, if you can't even do your own research, i'm not doing it for you. No, and I treat everything the same way. If you want to go into business with me, if you want to do something with, what research have you done?
Speaker 1:Yeah what do you bring to the table? and if you can't tell me that, then You better have a good rapport with me and have built up this, this friendship and this willingness actually get to know who I am And what I'm about. Because it allowed me to get to know you. Because if I don't know you at all, i'm gonna tell you to go hit Google.
Speaker 2:Yeah, um then. But You know, a great way to get started is, as soon as you know what is like kind of required to get into cybersecurity, let other people know. That goes back to like that post on LinkedIn post, like make tweets, get on Reddit or beyond discord, being chats on live streams like this, and then when people ask those questions, if you can be the guy or the girl or the person Who gives those answers, then people, then you become part of the chain, you become part of that mentorship chain and It'll strengthen you up and then you get known for being that helpful person.
Speaker 2:Yeah, i don't know how I got started and all this right, so sorry.
Speaker 1:They are Infinite and probability AI. He has a question what attributes do you think are most important as a mentor, and what attributes do you think are most important as a protege and or mentee, however you want to word it? So for you, as someone like myself that mentors a lot of people, what do you think the most important attributes are?
Speaker 2:Man As a mentor. There's sorry, i'm looking up something real fast, i think back to. You know, top gun. The Air Force version of that is weapons school. It's where Your senior instructor pilots or you're like high skilled instructor pilots go to then learn how to become like the top instructor pilots. It's Kind of like getting a master's degree in flying over six months, as once you're already a Season pro, but then you're, you're tagged as a weapons officer, you wear special patch like weapons school graduate and There's a motto that goes along with it, because then you're looked at as the people who Who kind of set the tone for what the rest of, like the flying community looks like and smells like and sounds like, and I think it's humble, approachable and One other Humble, approachable incredible.
Speaker 2:So if you're gonna be a mentor, that that tends to be my thing be humble, be approachable and Be credible. So back things up like There's, there's some people we've seen them that they just spew stuff. You know like, well, where'd you get that from? I mean, there's plenty of those folks Who then we have to. I know, like kevs in here, i know you, you've run into this where you're like no, no, no, you don't, you don't need that, sir, you don't need a degree, you don't need to do that, this and the other in order to get that job. We um like, where'd you hear that? Yeah, those folks who like Who bug me? worry me because they're not being like where are they getting their stuff? How are they being credible?
Speaker 1:Yeah, for sure. I think that's one of the biggest things is we see such a push and I don't know. Sometimes, sometimes I worry about our industry because We all know coming up in cybersecurity, coming up in it and even for those that can transferred over into cybersecurity and or it later on in Their career fields, they know that there's so much information available online. Youtube is the school of YouTube is Fucking amazing. For anybody who does not know, kev's heck IT support, bearded IT dad or Azure IT, whatever I can't I can't remember his name right now Textual chatter like.
Speaker 1:There are so so many people out there that are doing amazing things Free, free. So to sit here and say you need a certification or you need a degree, no, you just need to show me you've given an effort, look for the effort to learn, and that is where your Cyber, your, your learning in public comes into play, because if somebody says, hey, have you seen this person? I haven't seen him, not a worry, i'm gonna do a quick search on LinkedIn or on Google or Twitter or duck duck go or something.
Speaker 1:Yeah what pops up?
Speaker 1:Yeah and if nothing, no content, no, nothing pops up. Nope, never seen him, never heard of him, don't know who they are. Yeah, now if I see them I see they're commenting on your posts, or maybe Misha's or kev tax, and they're collaborating and they're talking and they're working together. That's what I'm gonna be like. Oh yeah, let me talk to Kev real quick and see what he has to say. Or let me talk Yeah, we talked to Misha. Or let me talk to Andrea or whomever. I'm gonna talk to these people and if, if I can do that and figure more out about a person, i can say oh yeah, I trust them. I.
Speaker 1:Yeah if I don't trust you, it's gonna be a hell of a lot harder to get past the interview case because now we're gonna take you at your word, and I haven't seen you deliver anything.
Speaker 2:Yeah, and that's. I Don't want to sound like I'm whining or we're whining about stuff. This question what attribute attributes do you think are most important as a protege? like you like laid it out, someone who's who's done the work that they can, that they've done something? um, one of those things with those weapons school and struck like officers are weapons officers. They're instructors, and so you come to them with like hey, i don't know, like See what 30 stuff, sorry, what dropout suit I need to be at for this drop.
Speaker 2:They'll be like, okay, well, what does the book say? like what's what's different from this one, from the others? It's like, well, the book says that it's gonna be this or is that or it's the other, but this is like a weird case And so I'm not exactly sure. It's like okay, awesome, yeah, so that is a weird case. Let me go show you. Yeah, but you've walked in like You've done the legwork that you could right that one. It's written somewhere. It's pretty spelled out the the rest of that, yeah, that's what people who've been there are for. So you, the stuff that's not already written down pretty much.
Speaker 1:Yeah, that's my knowledge is huge, right, i think, especially when you walk into a job. I walked into one, what I was at 2023, so we're looking at five years ago now, give or take. You know where I Can learn. I can learn on my feet, i can hit the ground, run it and kind of go and figure it out. But the amount of tribal knowledge of certain systems that people have is Just astounding, especially when they've been in the same role for five, ten years, three to five years, like they've been in the same company, same organization, working on the same systems. They know this shit backwards and forwards.
Speaker 2:Oh yeah.
Speaker 1:So that's how I judge people those because if they have that tribal knowledge and share it, or if they hold it because they're afraid to lose their job, Yeah that's when I judge my seniors and my engineers and things like that and look at what they're doing my pen testers, red teamers and everything because you have, even on the red team side, you have responsible disclosure. If at no time, you disclose What you have learned other than a CVSS that's out there because you want to feel special, then What have I learned from you? nothing, yeah.
Speaker 2:Yeah yeah, you're hoarding knowledge, and that is something I can never get by my oh yeah, so kept through this out, sorry, i keep seeing these things in chat That some jobs require certifications or degree. I'm like the only job that I know like no kidding requires a degree is to be like an officer in the military.
Speaker 1:It's your department of energy.
Speaker 2:Yeah, I could see that like government jobs were. Oh, I know I was, I was working there. Yeah.
Speaker 1:I was. I was working as a contractor for the Department of Energy. They were hiring a full-time position. And not only do they require a degree, they require a certain GPA.
Speaker 1:Oh yeah so I had talked to the guy I'd known the manager been working there for. I can't even tell you how long, but I knew the shit backwards and forwards. I've been doing it for a living for a while. I did it in the Air Force, had been doing it in the Air Force, in the Air National Guard. And He goes oh, you need a 3.6 GPA in order to get hired here. I Said get bet.
Speaker 2:I Didn't have any college and he was like.
Speaker 1:And he was like or a CCIE, and I'll pay you six figures. I said, homie, i'm just graduating college this year. No, no, it's not gonna happen And I have no intent of ever getting a CCIE. He goes well, then you need a 3.6 GPA. And I said, then get bet, you're not gonna hire any good people if That is your requirement to work. help desk for the Department of Energy.
Speaker 2:Oh my gosh help desk help.
Speaker 1:That. That's what it was. It was a help desk position.
Speaker 2:Jeez one in CCIE.
Speaker 1:Well, he said he would hire me at six figures with a CCIE. However, the requirement for the position was a 3.6 GPA in a bachelor's. I was like no, i think I graduated with like a two, six, seven.
Speaker 2:You know the wild part. Like every Military base across the country, help desk your tier. One is an 18 year old with, like no degree and no cert.
Speaker 1:And they're all got, are they're all defense contractors?
Speaker 2:Oh no, no, a bunch of more for me.
Speaker 1:So you have two different ones. You have your knock, you have your basically permanent tier, which is your contractors. They bring in or at least this is the way it was in the army. In the army, because in the Air Force, yeah, i was like you. You know I've worked, especially for my guardian. I was the help desk, i was everything. That's what we did in the army On active duty bases. You had your civilians that were there, and the reason they were allowed to do everything is because they were always there. They weren't gonna get PCS, they weren't gonna leave, they weren't gonna do this, but they got paid like two to three times more than what if we did?
Speaker 1:hmm, And so whenever I complained about how cybersecurity and IT and things like that were ran in the military, i Got told, while you need a different job, i said, okay, deuces med, board me, i'm out, i don't care same thing.
Speaker 2:I'm broken anyways.
Speaker 1:See you later. I you can lose. You paid over a hundred thousand dollars for my education. I'm gonna take it and put it the good use outside. See you, yep. That's the problem with the military. That's the whole different podcast and a whole different conversation of the issues I have with the military, the government and everything else like that and the way they treat them. We're not gonna get into it, but it does come down to certifications, degrees, all the nonsense that they do. We do have more questions here, so we're gonna drop his and We're gonna go to Misha's first question. When you decide on your path, when do you think it's okay to ask for a mentor? Do you learn a little bit of a time or do you do it as soon as you find your path?
Speaker 2:I'll put this out there. If you're cool with me, jump on this one. Like it's. Truth be told, i'll take mentees that even that don't even know where they want to be. I have a bunch of mentees that who have no idea Where they want to be, um, even if they haven't even decided on their path. They're just like I want to be in cybersecurity. It's like okay, that's gonna be my first question Why do you want to be in cybersecurity? What do you want to do? Like what? what's driving you to this? especially there's someone who's been doing something else for a while. I often have the question, like well, why cyber? like um, and it's fine, whatever the reason is. There's a couple people who've been like you know what? I don't know, that's where money is at.
Speaker 1:It's like okay, yeah, that's gonna be hard, you can get there, but did you did you see speaking with that of that, not to cut you off, but there you go. They see champagne Who put out a post about peace. People chase not necessarily chasing money, but expecting to get six figures as soon as the day in or the industry. Me and her had an amazing conversation, i think it was yesterday, like yeah, i think that's one of the biggest issues. I did it to myself too when I first retired out of the army now green. I had the experience. I thought I should have been paid more, but that's either here or there. But a lot of people pushed themselves out of jobs because their salary requirements as just entering the field are like 100, 110, 120 and it's like, depending on the state you're in and the job you're applying for, you can't do that.
Speaker 2:A base level cybersecurity job, even right now, it's like 80 90 grand if that on a yeah depending on where you're at dude, like when I got out of the Air Force, move to Maryland, had to pay state taxes again, like with a bachelor's degree and an MBA, a security plus already. My first gig was 125, which isn't bad, but when I came back to that area.
Speaker 2:I realized I was making. I I had to pay more taxes and my take-home pay was lower, or overall take-home pay was lower than the year before when I was in Florida Make it last, technically, yeah. And then I got my sys P and it didn't like, didn't like take off from there. It just went up a little bit on my next gig. So, like That was, yeah, my first civilian job was just barely over six figures with my first job was 60 65 thousand dollars a year.
Speaker 1:Yeah but they were like, oh, you get bonuses, But it's not like a guaranteed bonuses based on revenue and you might get it, you might not get it. It really depends on how we, how we do and I said I can't pay my damn electric Off of a. Maybe like, yeah, i need my annual salary to be able to cover all my bills And that's when I ran into issues with my truck. And, yeah, i ran into other issues when I first try to. Yeah, it killed me but yeah, I.
Speaker 1:I agree with you fighting a mentors whenever, yeah. Yeah, yeah whatever.
Speaker 2:That one's another weird one. Sorry the pay. I have a friend. She just got her master's degree in cybersecurity from WGU and as a Sock analyst she's getting like 40. So like it's, it can be rough, like yeah, we're starting out, there's no guarantee you're gonna make.
Speaker 1:I was technically in management here in Pittsburgh at 65 thousand dollars a year. Yeah, i was. I was a level 11 or whatever fucking title they wanted to put on it.
Speaker 1:It was a civilian job, it was just a way the company did their tiers Technically management, making sixty some thousand dollars a year. So no Me. I took the job because I needed a job. I needed because in this industry you need the experience to then get better jobs. But my second job took me to 95 and then a year later took me over six figures. So it took me three years to be retired out of the army, with every damn letter after my name. That is humanly possible. So for anybody that gets a security plus or maybe a one-sand start and expects to be making 150 plus a year, i'm sorry. Go live in California for that, where you're still broken on the street Like that. That's not gonna happen, unless you have the experience in a way to break in or you've networked enough that somebody can bring you into that rate.
Speaker 1:Yeah, just it took me one two, three, roughly three or four years after we're tying out of the army and working civilian jobs to even get close to 150. Oh yeah, i think that's a good point To 150.
Speaker 2:Oh yeah.
Speaker 1:So just saying it takes a while, you can't do it right away, and people that have been lied to and say it's possible, those people that live in California and that is the basically minimum wage.
Speaker 2:Yeah.
Speaker 1:Hey Jack.
Speaker 2:So hey, david.
Speaker 1:Jacks is here. Oh nice, i love seeing Jacks here. Jacks is awesome, oh yeah, um, let's see.
Speaker 2:So I don't know where.
Speaker 1:James is. He says his base for cyber is more around 55 to 70. That sounds about right, depending on your state.
Speaker 2:But what I would entry in.
Speaker 1:I will say this With the exception of your fangs, which so many people don't work out, your google's, your facebook's, your or whatever these big billion dollar organizations, your, you can work remotely and get what their actual wage is. Google will pay you based on your state, and I know that because I argued with them and I said give me California, sallery and Pittsburgh, and they said no. So I said no, it ain't never gonna happen. Um, but a lot of your smaller organizations and mssp's and things like that, we will just give a flat rate, regardless of where you and they'll put it on the job application.
Speaker 1:Now We do that. Your where I work at stratoscale. It literally is We're gonna give you the. The range goes from this amount to this amount And depending on your experience, and da, da, da da, this is where you're gonna fall, yep. So we don't lie, we don't hide it. This is, this is what it is. Some people give the range and we're like dude, i can't meet that. Like And and people that come in lower Dude, then you're gonna get it. You're gonna be happy when we give you your salary because it's gonna come in a hell of a lot higher.
Speaker 1:Like right this stuff is put on the applications is put out there on the job descriptions. It is what it is, but 55 to 70, that's not bad, depending on where you're at, for a starting job in cybersecurity. It's actually pretty good as a junior analyst and I'll even say junior g or c to be honest. So, um, but yeah, so that, all right, let me unstart that one. Let me unstart that one, uh, uh. Do you do When people ask a general question of how do I get in cybersecurity? How long do you tell them to wait to choose their direction, or do you tell them to start right off? That's for you, homie.
Speaker 2:All right. So I always tell people to start aiming for something. Um, there's again, there's some reason why they picked cybersecurity, whether it was like mr Robot, or they want to be a sock analyst, or even for money. Um, whatever it is, go after that, go after that, aim for something. Um, it's one of those things. Uh, i see people bounce around and like they're trying this training and that training and this training and that training, and Um, then they'd wonder why they can't get a job. It's like well, you're a legit, a generalist, like I'm, i do all the like, all sorts of things, but like You gotta have at least like one thing that you're more than everything else. Just a little bit.
Speaker 1:Yeah, i don't disagree because there's. So when I started out Again, coming from the army, a lot of our research, even my research growing up, when I was in high school, coming out, while coming out of high school into college, i did a lot of offensive security. I thought hacking, pentesting, i thought it was the shit. So I learned there was a hell of a lot of paperwork behind it. So you know, when I came out I had already had those. Certifications were easy for me. Every, every certification sands brought in front of me knocked it out, not because it was easy, but because I had been doing it for years. So it was easy to me.
Speaker 1:The shit you learn is not easy if you've never done it. Putting that out there, don't think that I'm just like some Amazing No, no, no. I have been doing researching, learning for years, every day, two hours a night, without fail, if not longer, and and so for me, the offensive side I loved, but what that translated to is when I started learning the defensive side, i was able to speak the language because I understood what I need to find. If I'm going to sit there and do a brute force attack, i need to be sitting there looking for somebody banging on the door with the same IP address over and over and over and over and over again. But I don't care about that. I care about that IP address now gaining access after failing so many times.
Speaker 2:Now I've got an issue.
Speaker 1:I've got something I got to be concerned about. So I care about the correlation, i care about how these things work together. So, yes, i got my incident handler search. Yes, i had my GSEC search from SANS. Actually I still have it. Till the end of the year I have these things. But it wasn't that, it was understanding that through offensive security I can now do Blue Team. But in order to do true red teaming, you need to understand the Blue Team. Because how can you actually go in silently I say true red teaming, not pen testing, true red teaming which is being silent? How can you do that if you don't know what your EDR tools are?
Speaker 2:Oh yeah.
Speaker 1:What your SIM tools are, what your firewalls and your TANIAMs and all these other things out there. If you don't know what they are and what they can do, how can you hide from them?
Speaker 2:Yeah, this is the end of the second week for one of our teams doing a red team engagement And they had a foothold yesterday and this morning they lost it Oh.
Speaker 1:Man, that's rough. So was it a restart and they didn't have persistence, or do you know?
Speaker 2:I don't I mean, but here's the thing, here's what I can guess it is. It might have been Defender finally picked something up, or like Carbon Black noticed weird activity. Yeah, but it's exactly that If you don't know what an EDR is and what it's looking for and like how to hide, then you can't really like do any of that well, And I'm going to give a little bit of tidbit of advice for my potential red teamers out there.
Speaker 1:Your EDR tolls hook into the kernel, so hiding from them requires you to be very, very stealthy and be able to do things without triggering behavioral or machine learning or anything like that. Or somebody leaves something open that you can disable it. So I'm saying there's only two ways. You're either good at what you do or you know how to shut it off.
Speaker 2:Yeah.
Speaker 1:And some of them out there, or some EDRs and some companies will allow you to shut off the most sophisticated EDR on the market. They'll give you access to something stupid and you'll be like and turn this service off. I'm good to go Now. I can do whatever the hell I want, just say it. Oh yeah, jax, i don't know where you're at, but hey, have a good one and I'll talk to you later.
Speaker 2:Sounds like she's in England.
Speaker 1:Yeah, it's 1230. So I don't know where she's traveling to. But yeah, red teaming is rough because people confuse red teaming with pen testing. I consider them two completely different things. There it is A red team wants to be quiet. A pen test is going to use Metasploit, nmap, any tool they can burp suite. You name a tool that is loud, noisy and all you got to do is hit an auto button and a pen tester is going to use it.
Speaker 2:Yeah.
Speaker 1:A red teamer. Their goal is to get by all your defenses and not get caught. A pen tester is going to tell you hey, I got stopped like three times and isolated. Can you turn this shit off now, because my tools aren't getting by it, Which validates that they work against script kitties, but not necessarily that they're going to work against an actual attack.
Speaker 2:A lot of red teams will eventually get to a point where they ask for a zoom breach. Yeah, because you want, we tried this, tried this and tried this and tried this and failed. That's valuable. But then at a certain point it's like, okay, what you really want is to know all of this stuff. So we fished, we checked all the publicly facing stuff. Now let us in so we can do the rest, because you do care about that as well. Because just because we didn't find it doesn't mean someone else isn't going to find it. Yeah, or that you patch and it's a bad patch, or you add software next week that lets everyone in Why chain man?
Speaker 2:There's always something. There's always going to be something.
Speaker 1:And this is something that a lot of people don't want to hear, especially when you work in cybersecurity and work for cybersecurity firms and you're like oh yeah, we can help protect you, secure you. Da da da. Nothing is 100% guaranteed in this industry. If any company, any tool, any vendor, anything comes out there and tells you oh yeah, 100%, da da da, you will not get breached, they're lying to you. It is a marketing ploy because without the people, the personnel, the IR, the IH, everything, it's an entire process, an entire system. If that system isn't spot on which none of them are. Let's be honest Facebook fucking went down, google's gone down, amazon's gone down. All these huge corporations have gone down. You're going to tell me your small little mom and pop shop is going to be able to defend against someone sending a fishing link? Good luck.
Speaker 2:Oh yeah, man, one of my friends. They asked me to help source a web developer for their company. They're doing well, but it's only a couple of people full time. They basically are middlemen for a couple of organizations doing shipping.
Speaker 2:I was sitting with my friend's wife and my wife are close friends and our kids are in home school co-op together. We were sitting one day and I described all the things I could go wrong very quickly and it scared the crud out of her And she's like how do we keep from being hacked? And I was like that's not the question that I would want to answer for you. Instead, what will happen if you're hacked and what can you prep for in case and or slash when that happens? And I think that's more valuable. What backups do you have? What's your process going to be? How much can you save or recover in a different way? Truth be told, one of the first things that we learned at cyber warfare school in the Air Force wasn't at all about networks or computers or security. It was about continuity, business continuity and coming up with contingency plans and different COAs for maintaining continuity of operations.
Speaker 1:And I think this is one of the only times, man, it's going to cut me deep to admit this. I never, never, want to admit this, but that is one of the things that the military got right. And a lot of businesses fail And the military got it right. And you got to look at continuity of operations. You got to have a BCP, you got to have a DRP. You have to have all these things. And if that's not in place, then it doesn't matter what security told you you put in place, because it's going to eventually fail.
Speaker 1:Something's going to slip through the cracks, some vulnerabilities and come out there. And when your shit gets pwned at ransomware, what are you going to do? I've got a company right now that I'm dealing with that. I'm like, got to figure out. You know, homie, you went with a different IR company. I can't help you. All I can do is wait for that company to finally hand it back over to us So I can sit there and say, okay, let's bring you back up to full speed, because we've got to do a whole bunch of rebuilding.
Speaker 1:So again, bcps, drps, all these things it's not the only thing the military got right over to civilian sector in that, in cybersecurity. Because, in cybersecurity itself. The civilian sector, with their lack of needing clearances and all this other nonsense, will have the military beat any day of the week. And PT tests You need a PT test. Look, i am 255 pounds and six foot three. I could not pass a PT test at this day, but guess what? I could sit there and help you run your security.
Speaker 2:Oh yeah, nope, oh, this is very, very true. Oh yeah, no idea what my mile and a half time is right now, and I'm happy with that.
Speaker 1:You're probably like at mine, which is like I don't know, wow, we'll get there 13, maybe 15 minutes, you never know. And that might be on a good day. We have a few other things to do I don't miss that feeling. Me neither. I used to smoke before and after my runs. Don't get it twisted.
Speaker 2:And.
Speaker 1:I'm still a smoker, so not running and then having to do that now, yeah, it'll be all bad things. So I know James asked this to me, but I'm also going to ask it to you How do you recommend approaching someone to ask them to mentor, and what is different from that? And when you just ask someone a direct question? So I'm going to let you handle this first, Josh, and then I'll take it.
Speaker 2:Yeah, Yeah. So like there's, I'll go with. What I've done for my mentors is hey well, truth be told, before I even send them a direct message, like I'll go with Neil. So Neil Bridges, Great guy Before I started.
Speaker 1:If you're not connected Neil, connect to Neil. Neil's a great guy, him, and there's a few others out there, but Neil is definitely one that you want to connect with.
Speaker 2:Yeah, or Jerry, jerry, before I started sending the messages directly, like I showed up on their streams when they posted things, like I followed them and like put a notification on LinkedIn. So, like when they posted things, like it would come up either first or I'd get a notification for it and participate in that conversation because I found it very valuable. Then it got to the point of like this is more than what I want to ask in the comments, this is going to be personal. And so then I was like, hey, neil, i was wondering, like you've made this post about this, and I kind of wanted a more personal answer than I think you would have expected if I had asked or talked to you in the comments. And he came back and was like, yeah, like, get on Discord, let's talk about this. And that's kind of told.
Speaker 2:How that started is. I had asked questions in stream, i had commented on posts on LinkedIn and was on Discord, and it was finally like, yeah, get over here, like, let's talk about it. Like, what are your career goals? What do you want to do?
Speaker 1:So, yeah, That's the big thing I have found for me. So and so this is where I'm going to tell you, james, even my first few jobs outside of the army. now I'm different. I am a whole different breed than a lot of the people you will see me talk to on this stream And in general, i grew up in IT. I grew up fixing computers. I'm 36 years old, had my first computer and fixed it when I was like seven, eight, maybe nine years old with my dad.
Speaker 1:I grew up in this industry I grew up on. Wi-fi came about and America online of punters and all this other stuff been there. So for me it's a little different, right? I didn't look for a mentor on how I get into the field, because I didn't need a mentor to get into the field. I was already going to the military, knew what I wanted to do and just followed my path and went with it. But what I did do and this is what I tell everybody, whether it's a mentor or you're trying to find a job I reach out to people and talk to them, figure out who they are, what they're about, what companies they work for.
Speaker 1:What can you tell me about the company you work for? I get in the nitty gritty that way, when shit hits the fan and I need something like a job, i can say, hey, look, i'm looking for work. Do you got anything? I will not lie. The person I work for now I've worked for twice before because, a he's prior military, so we had something to bond over, and B because we had been talking since before I retired out of the army. When I got my first job with him, it was because the recruiter came to me. He was like, hey, we hire cyber military veterans and we place them in positions, all right, cool. What do you got? Oh, we got this job here and the one person already knows you And I was like somebody knows me.
Speaker 1:Who the fuck knows me? I'm nobody. I'm literally just coming from this role. I've been out of the army for six months. What the fuck are you talking about? Actually, i've been out for probably about eight to nine months And then I looked up who it was and realized that, oh, i've been talking to this man for like probably the past year, since I knew they were going to med board me and put me out.
Speaker 1:I was like I'm really bad with names, but because I had stopped talking to him because I had found a job, wasn't even thinking about it, didn't even trigger, and so I looked it up and then I've worked for him again after that And then I worked for him again. Well, no, and so these things just happen where, if you develop a rapport, if you build a community, if you talk to people as humans and not something that you want something from, that is the biggest thing. You want nothing from them other than let us build a relationship. I know you're better. I ain't going to say better. I know you have been in longer than me and have more intelligence at this point, but help me get to your level. Help me figure out where I need to go.
Speaker 2:Yeah.
Speaker 1:That's important. I'd rather have someone come and tell me hey, i don't know shit, where do I start? Because I see this term thrown all over. can you at least define cybersecurity for me Instead? of saying hey, how do I get into cybersecurity? Can you define it? Can you put something behind it so that I know what to look for?
Speaker 2:Yeah, exactly. And, truth be told, i want people to DM me with hey, how do I get started? Because for me it makes me it's one of that self-reflection back on the points that I want to have as a mentor. I want to be approachable, someone's willing to come up to me and be like, hey, how do I get started? Good, i'm putting out the vibes I hope I'm putting out. I want to be putting out That someone can just come up and ask that, good, that's what I want.
Speaker 1:So yeah, That's what I see. That's the way I look at it, too, because I want everybody to know that they belong. They belong here. This is why I call everybody who watches my streams or watches the recording or any of the videos I do, or responds to me on LinkedIn or on Twitter. I am literally everywhere TikTok, facebook, twitter. Yes, someone talked to me into creating a clapper account, although I think it's the dumbest freaking name ever for an app. I'm on Blue Sky. I'm on everywhere. Anybody reaches out to me. It's because I want you to know you belong. This industry is for everybody, and I don't dislike anybody unless you give me a reason. And so for me.
Speaker 2:I can change my mind on that.
Speaker 1:Right, yeah, there's a lot of people out there that I'm just like I don't know if I like you, but then I start talking to them, like, oh my god, you're an awesome person. All right, cool, let's chat. Let's get this out. There's others that I'm like, dude, you're awesome. And then we start talking. I'm like maybe not, I don't know.
Speaker 2:I think everyone has the potential to be awesome or super annoying And, truth be told, that can change, because I know I've been on both sides.
Speaker 1:Right, we're both open to conversation, and that's the thing. That's the kicker. I don't care who you are, come to me, ask your questions, we'll figure it out together. This is a family, this here. I call everybody my warriors, because you're all my family. I want the best for everybody here, and Josh is the first one to understand that, because he was on over a year ago. I think it's been a year.
Speaker 2:Yeah, I think so I think he's been on here. Well, this is again more Because Cyber Supply.
Speaker 1:Drop was the biggest thing you were offering. That was before I&E. So you started I&E And you didn't quit. You stopped promoting Cyber Supply Drop when, as you were going into I&E- Yeah, yeah, we're still going.
Speaker 2:We're running in Requiter Doing internal Q&As.
Speaker 1:You're still my hashtags down below, by the way.
Speaker 2:That's awesome.
Speaker 1:Cyber Supply Drop is still there. So if somebody's looking for Cyber Supply Drop, you're going to find his video eventually. Let's kill her. I'm glad to know you guys are still doing it, though While I had seen you come out, I think it was this year you had put on a post about Cyber Supply Drop.
Speaker 2:One of the things.
Speaker 1:This year was either this year, near the end of last year, that you guys were still doing things And I was like, ok, good, because that would have made me upset if he's not doing shit anymore.
Speaker 2:I took a little bit of a break. I didn't close anything down, but it's all volunteer. Yeah, none of us are playing.
Speaker 1:I like my show. Everybody who wants to do anything, it's all volunteer.
Speaker 2:Yeah. So it was like, hey, people just got busy with stuff and Discord got quiet And I was just like, all right, i'm not going to put a ton of effort into this right now. We'll come back or re-attack later, when I have energy for it.
Speaker 1:Yeah, i completely get that. I'm actually working on some other projects right now, which anybody who follows me on a regular basis and views my shorts and views my TikTok or Instagram Reels they see the other projects I'm working on. But yeah, same way, we're attacking it hard now, but I can slowly see things that might fizzle out eventually, just because we all have lives And when you don't get paid for something, you're kind of like all right, i'm going to keep going And going until finally I'm like all right, i need to break, yeah.
Speaker 2:All right, I need to breathe for a little bit.
Speaker 1:I need to breathe, but we do have two more questions here. We got some time. Of course, this is my show. You know it all. What is the best guy to use to create a cybersecurity specific resume? Lee, there's no stupid questions at all. I just despise that question. That's just me. I'm going to let Josh take it. I despise that question, but I'll let Josh take it.
Speaker 2:Noobvillageorg forward slash resumes, everything. The template that I use. That I got from Stefan Samoroth when he made my first civilian resume for me. Stefan, Samoroth.
Speaker 1:I mean, was it Stefan Samoroth from Budapest 7? Is that what? you said No.
Speaker 2:Though I have thought that myself.
Speaker 1:OK, cool. I mean, i'm not one to make fun of names, it's just really what it sounded like originally. I ain't got a lot.
Speaker 2:He's a West Point grant. He's a good guy.
Speaker 1:Oh, that explains it. West Point grant OK, makes sense.
Speaker 2:He was a recruiter back in the day running his own company and sold the company. It's now at VP at Avant doing good stuff. But his advice I tagged on Niels and Cheryl Dozier's and Jason Blanchards and Kip Boyle's advice and done a couple crew villages alongside Kip and Frank Victory, his real last name, which is awesome, he's a mandiant, he's a good guy, yeah. So it's a lot of that advice on that page. So it's the template and the guide I use. Newvillageorg forward slash resumes.
Speaker 1:I will say this When it comes to a cybersecurity specific resume I hate that term. It needs to be a job specific resume, yes, which I hate even more. I ain't gonna lie. I really do, because I'm the same person that writes my resume, sends it out to whoever I need a job for which I don't do anymore. I only did that when I first retired, but that's what I was doing And it was legitimately, because whoever appreciates this understands that this is what I bring to the table and fucking everybody else. But it wasn't cybersecurity specific. I legitimately just looked up resume styles in the way they were formatted and things like that.
Speaker 2:And what?
Speaker 1:in the information.
Speaker 2:Yeah.
Speaker 1:That's all I did. I legitimately just took a resume style, filled it out. There's no for me, unless you're including a YouTube channel or a blog link or your LinkedIn address or something like that in the very top header. That gives me something to look at and go. I'm going to click that, but I'll type that in. I don't consider cybersecurity specific resume any different than any other resume And that's why I don't really necessarily like the phrasing of the question is because all resumes look the same for the most part.
Speaker 1:They should have the same things Who you are, what you're about, your education, your experience, and that's it.
Speaker 2:Yep.
Speaker 1:Like resumes here in the US unless you're going for a government job are not the same in the UK and EU. So the UK, the EU and some other places they call them CVs and they want government style resumes. Give me every single bit of experience you have, depending on what level you're going for. That shit better be 10 to 15 pages long. Here in the US we want your resumes one, two pages maybe because, I want you to put your most important information in the very top in the first 30 seconds.
Speaker 1:When I scan that resume, i better see everything important that's going to get you this job, or at least this interview.
Speaker 2:Exactly.
Speaker 1:After that, if I like that, then I'll read the rest. If I don't like that, then I'm just kind of like, all right, cool, out the door.
Speaker 2:I'll tell you I cheat. My resume has never gotten me a job. My connections have gotten me jobs. My resumes, though, i tune them for the jobs by looking at the job descriptions, taking the phrases that they use like a person who I am, a person who does, or if there's something specific in there of looking for this, i did that Here. I'm going to take that pin it with the exact case that I did and that's now one of my bullets, that way if they read through it they're like ooh, this reads like I wrote it Because I did.
Speaker 1:So this is the flip side to that and this is what I will say As we get into. So me, when I interview people, i don't necessarily do a technical style interview. I'll be honest and I'll put it out there. I don't fucking care, i'm the one hiring you, so I really don't give a damn. The way I do interviews for me is I want to know who you are as a person. I'm going to ask a little bit about your experience. If there's something in particular that I need for the specific role, i'll ask about that. But in general, i don't fucking care, because you're going to go to a board. People are going to ping you on the things that you stated on your resume. I don't need to know that because I'm going to sit there and I'm going to look at your profile. If you're not learning in public, then I need to know you're going to be a fit for someone I can interact with on a day-to-day basis. It's going to understand that there's more to this role than just point and click. I just got to do this all day in closed tickets. That's not what it is, but the technical side is what my other managers and directors and Things like that are for? yeah, i could care less about the technical.
Speaker 1:I care about you as a person. I care about what you bring to the table, You're gonna bring to my team Or you're gonna bring to all these things, and if you tell me you're a mentor, tell me you're a teacher, you tell me you're a consistent learner. Those are the things I care about. That will never show up on a resume, because if they do, then you're leaving something else out. That's not gonna get you through that. A TS system that the recruiters, the HR and things like that are never gonna see. Yep, i care about that, and so that's what I'll ask you. So you want to get through one of my interviews? Tell me about what you do for the community, plain and simple.
Speaker 1:Oh yeah cyber security specific resume does not exist for me. It's a resume. It's gonna show me the tools you use, the education you have, the jobs you've held, your name and Anything you've done in public, and I'll look for that. But I don't, i don't, i don't care about any of that. I'm a look, just so I know, but I really don't care. Be honest, me personally, i don't give a damn Yeah, unless I'm hiring for a specific technology. I Really don't fucking care, just don't. So you can keep talking. I got some more questions here, holy shit, yeah, okay, we're gonna keep coming. So we're gonna hide that one.
Speaker 1:Get rid of that, yeah they are what mentor or protege Made a mistake and wanted to give up. When mentor or protege made a mistake and wanted to give up, what do you do as a mentor or protege? to keep going. So if someone wants to give up, whether it's you as a mentor or you as a mentee or protege, yeah, how do you keep going? or how do you instruct others or help others that keep going?
Speaker 2:Yeah, man.
Speaker 1:This is my lifestyle and this is what I do, so this is why I'm waiting for you to come up with an answer. I know how I handle it.
Speaker 2:Like you gotta tie it back. It goes back to the why for me, like, um, momentum worry, oh, like we could leave life at any moment. So we got to decide, like what it is we're going to do with that. Um and so from there, like, what started you on this path to a new job or a new career, and Has that changed At all? like, if someone's wanting to give up, like, what are they doing instead? like is this something that That we need to? like, how badly are they giving up? like, do they need more help, or is it just that this is hard and The change is they want to go for something easier? It's, truth be told, that nothing gets any easier. Done a lot of things. All of them wait this It's supposed to be easy.
Speaker 2:Yeah, none, there's really nothing. That's easy. We left that behind in high school.
Speaker 1:Yeah, right there. I get mad at my parents every day for making me become an adult. Fuck this shit. I'm done. I quit. Can I turn in my car? can I? can I get a refunds? bullshit, i won't be an adult.
Speaker 2:Yeah, so you're not wrong. Yeah, like what is it that's that's getting going in the first place? Let's refocus on the goal. So you're at what we're going after.
Speaker 1:You know, i gotta be honest is one of the biggest things for me is knowing your why. Yeah, your why is the most important thing ever this? and they carry you through whatever and and if Kev tech is still here Actually, i know AR watch this quite a bit, so I'll probably bring it up, and so I got my beer ready on my walk with me. Podcasts, as you all know, or anybody who hasn't listened or watched it yet which is on YouTube and all major podcast platforms. That is one of the very first topics I talk about, because knowing your why can get you through every obstacle If it is strong enough.
Speaker 1:If you're, why is money, and this is why I despise people who get this. I well, i can't say this, but this is why I Have a hard time dealing with people that are getting into cybersecurity for money, because it's gonna take a hell of a lot of time, a hell of a research, and you have to continuously learn Right? So when you hit that first obstacle, if you're only reasoning for getting in as money and your boast Your base salary is less than what you're looking for, you're gonna give up and quit.
Speaker 2:Yep.
Speaker 1:You're what? why I keep going. Now for me, my why is a I love this shit, i love what I do, i love cybersecurity, i love all that it entails. And then on top of that, i have the added bonus of Well, guess what I could teach my kids it? I can help my wife protect their shit, i can help my kids and I can look at my computer. And when my bit defender goes off and says hey, you have eight different warnings for people trying to use a botnet against your computer, cold as you block it, yes, i'll give one to you. did your job. I know what it's saying. I don't got to be scared. I can look at it, read it and go All right, we're golden, i. But for others, when it's like, if you don't have that Strong enough, why your first impediment, your first obstacle, your first hard time? here I'm like you know what? I quit. I don't want to do this shit, no more.
Speaker 2:Yeah.
Speaker 1:Then that's when I look you and I go then. Then we either need to rediscover your why, or you need to find a different career field. Yeah because this just gonna be hard, it's not easy. Yeah it will never be easy, even now, for as long as I've been doing it and I am now in management even still, to this day I Wake up every morning loving what I do and going this is such a pain in my ass. Let's get at it, let's figure it out, we're gonna make it work.
Speaker 2:Yeah, I Mean it'd be boring if it was easy all the time that I couldn't do an easy life.
Speaker 1:I couldn't do any job. If my back could take it to this day, i'd probably go be a wrestler or do something that required a whole bunch of fucking flippy flip, because Fuck it be hard and I just want to learn new shit. Let's go do it. It's great, i'll get my ass kicked for a living. Let's have fun.
Speaker 2:Yeah.
Speaker 1:I said the army, screw it. What's good? What's one more? Let's go have another job. I'm gonna be a mic, get mad if I go try that right now, because I'm 90% disabled, so they might be like homie, are you really disabled? Like yeah, i am, but they're gonna pay for me to get fixed, so can I get mad?
Speaker 1:And I'm like the VA. They might give me the good drugs, i might be able to go wrestle and get the good shit, but but yeah, man, it's. It's crazy, my back can't take it. Also, i'll be a wrestler. Peter, if you're gonna be a wrestler, you need to look up the savage gentleman I'm just gonna let you know. That's my boy. His wife is now on AEW, or OH for the two. She did her AEW debut, i think, last week, so I was there. I got pictures on Twitter. Look it up, all right. So next question of course it comes from a our, because my boy always ask questions man.
Speaker 1:What practice, hobbies, habits do you have in your personal life that help you, help your professional life? How do you stay inspired when feeling burned out Goes hand-in-hand. Go ahead, josh.
Speaker 2:Yeah, um, yeah, goes back to that why, like, why are you doing anything? What? why? Why are you getting out of bed? and, truth be told, if you get to the point where you're like I don't know, that's a great time to take a vacation and do some soul searching And like, all right, what are we doing here? Talk to your significant other, like talk to your mentors, your, your shrink or your religious leaders and like like, hey, i don't know what I'm doing here, but, yeah, i don't know. I've got a lot of hobbit, hobbies that I do that aren't necessarily tied to what I do at work, but I Also believe that, like there's nothing that you do that isn't related everything else you do. How you do anything is how you do everything. Marcus really is, quote Um.
Speaker 1:You love your quotes. I.
Speaker 2:Got a calendar.
Speaker 1:I can get behind that, though, because Even for me, you figure, when I first started my channel, when I first started doing everything, i had already been working in cybersecurity was doing new videos every day, got burnt the fuck out like literally burning the candle both ends.
Speaker 1:Between editing, i do everything myself. So When you do everything yourself and you're working a full-time job, you got a wife and kids you're sacrificing something somewhere. And actually that was I'm a drink again. It was part of my walk with me podcast this past Wednesday. Mm-hmm, you know you're burning the candle at both ends and It's one of those things that you have to sacrifice somewhere and you got to choose where you're gonna sacrifice. Yeah, i, my hobbies are just getting away from technology. I don't care what it is. Well, i say technology getting away from the computer because You know there are certain things and because of the way I live my life and the things that I do, i can't get away from everything, but I can step away from work, i can step away from Everything possible and then when I get the chance to actually take a vacation and say, fuck it all, i don't care about algorithms.
Speaker 1:Then I'll do that, and that happens at least once or twice a year where I say Screw it all, i have a life, i have a family. Throw my phone in the track Well, not really in the trash but turn all notifications off and I don't respond to anything. I don't talk to anybody, i don't do anything, and they're family. at nights I'm usually there for my wife and my kids, but during the day is where people go in or I give my attention. and again, it is because I've lucked out, because I have learned how to Get into right companies, work with my time, manage my time and be able to do videos on top of my full-time job. I Mean I have two podcasts a week.
Speaker 1:Yeah this one and walk with me, and I can literally do those on the record walk with me on the weekends or even the night before. I do this live once a week, but it's always have to work. So other than that, my work doesn't get mad and I've never once actually correction. There was one time, but prior to that, one company that I don't speak about No one's ever got mad about me posting on social media on Putting out a one minute video. That literally took me Maybe a minute 30 seconds to create and another like 30 seconds to like, maybe at most two and a half minutes to cut down To less than a minute.
Speaker 1:Yeah all right, cool, here you go, post it, get rid of it, and I'm still doing my job.
Speaker 2:Exactly.
Speaker 1:I'm not taking anything away because it could have been on my lunch break. It could have been afterwards. I work all day. I'm in back-to-back meetings, as long as I'm attending everything Really an issue. And so for me to be burned out, what I did is I started saying and I will say this to everybody if you have unlimited PTO One week a quarter, cut everything off, get the fuck away. One week every quarter, step away from it all.
Speaker 2:Yeah, We're about to move into an RV and start traveling full-time. So yeah, man, if I didn't have five kids.
Speaker 1:That's what happens when you have five boys. Man, it just isn't possible. I.
Speaker 2:Know a family that has eight kids. That doesn't I?
Speaker 1:Can't my my oldest got tired of moving. Actually, all my kids got tired of moving because of the army, so Couldn't really I can't really do that anymore. Love to Well. We plan on starting to do that, especially now with this job. I got a better Situation now, so trying to get travel more added in Well, that'd be a good idea. We need to make a nerdy, inspirational cybersecurity quote calendar. That shit would be hilarious.
Speaker 2:Make it happen so anyways let me mix the stoicism and We'll get JJ Davy in on. Oh yeah.
Speaker 1:I'll have them all quotes in there. Oh yeah, i have some cybersecurity nerd quotes. Don't be alright, we'll figure it out I. Wanted to play Halo fucking. Let's start on Man. But anyway, man gosh, it's been great having you on. Before we go, any words of advice, anything you have for anybody that is that is trying to break in mentor, mentee, You name it. Just give some words of advice to the community.
Speaker 2:Yeah, it Did everything that you're imagining you can do. You can do. Um. The Another quote for you whether you think you can or you think you can't, you're right. So Henry Ford are there. So, whatever it is that you're trying to reach, let's figure out, let's make a path for it, let's make a plan. If you don't have a target, get a target and then go after that, and then be persistent and be patient And you'll get there.
Speaker 1:You've been watching my videos. I mean, all right, no, but you're right, and I will say this before we go. Look, hey, you are all family, you are all my warriors, everybody that is here tonight, whether you were linked in through Josh or through me. I love you all. You're all family. All right, understand this. We are here for every single one of you, no matter what you have going on. If you want to get into the industry, reach out, let us know, we'll walk you through it.
Speaker 1:All right, josh, who is still the founder, i believe, of cyber supply, drop You know We do a lot of big things. I'm gonna be doing more giveaways. I'm gonna be trying to get Josh more involved in the Yankees cyber supply. Drop back into it. We need a little bit, because people love to help out and that's what we do around here. So that'll be happening. Otherwise, look, hey, it's gonna be an amazing weekend. I hope you all enjoy it. Take care, have a fantastic week weekend. Enjoy your Freya's day tomorrow. Thankfully, i'm off work because I got to go to a graduation and I will see you all You're in amazing warriors next week.