Ever wondered what it takes to switch careers, especially into a highly competitive field like cybersecurity? Imagine transitioning from a personal trainer to an IT professional and cybersecurity expert. That’s exactly what our guest, Octavius, did. He breaks down his journey, starting from the gym floor to an application support specialist position. Octavius's story is a testament to determination and hard work, proving that no career switch is impossible.
The world of cybersecurity is vast, with diverse roles including consulting, analysis, engineering, and penetration testing. Octavius sheds light on the unique challenges and requirements of these roles, and the importance of honing consulting skills to guide clients effectively. He also shares insights on mastering the tech stack, highlighting the significance of muscle memory in technical roles. The conversation underlines the need to stay abreast of the rapidly evolving cybersecurity landscape, a must-know for anyone aspiring to break into this industry.
The job market is highly competitive, and Octavius and I discuss the importance of demonstrating your skills to stand out from the crowd. We consider how hands-on learning and practical experiences can help showcase your abilities in both offensive and defensive aspects of cybersecurity. The discussion delves into a range of technical skills, from threat intelligence to reverse engineering, and the importance of open-source intelligence and understanding the intricacies of the deep web and dark net. This episode is packed with valuable insights on continual learning, career aspirations, and invaluable tips for a successful career in cybersecurity. Your journey from cybersecurity novice to expert starts here.
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
Ever wondered what it takes to switch careers, especially into a highly competitive field like cybersecurity? Imagine transitioning from a personal trainer to an IT professional and cybersecurity expert. That’s exactly what our guest, Octavius, did. He breaks down his journey, starting from the gym floor to an application support specialist position. Octavius's story is a testament to determination and hard work, proving that no career switch is impossible.
The world of cybersecurity is vast, with diverse roles including consulting, analysis, engineering, and penetration testing. Octavius sheds light on the unique challenges and requirements of these roles, and the importance of honing consulting skills to guide clients effectively. He also shares insights on mastering the tech stack, highlighting the significance of muscle memory in technical roles. The conversation underlines the need to stay abreast of the rapidly evolving cybersecurity landscape, a must-know for anyone aspiring to break into this industry.
The job market is highly competitive, and Octavius and I discuss the importance of demonstrating your skills to stand out from the crowd. We consider how hands-on learning and practical experiences can help showcase your abilities in both offensive and defensive aspects of cybersecurity. The discussion delves into a range of technical skills, from threat intelligence to reverse engineering, and the importance of open-source intelligence and understanding the intricacies of the deep web and dark net. This episode is packed with valuable insights on continual learning, career aspirations, and invaluable tips for a successful career in cybersecurity. Your journey from cybersecurity novice to expert starts here.
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
And we're back with another amazing episode of Security Happy Hour. That's right, it is me, the Cyber Warrior. This is, of course, cyber Warrior Studios, and we are coming at you live once again. You know how we do every Friday, every Friday's day. We are here, this is the spot to be, and we got huge giveaways going on this evening. Look, I got five of these signed by Daniel, the author, and one of these. So we are going to be giving away some books, we're going to be doing some big things and we got a huge conversation coming at you with our guests this evening. But I promise, if you just hang with me for about like 10 seconds that's all about it takes I'll be right back.
Speaker 1:And hey, we're back. And hey, look, check it out. Oh wait, our guest is here. Let's bring him in. And before we get started, just let's just give this shot. All right, it's not as loud as it can, but it'll have to do it. It is the official start of Security Happy Hour. Thank you all for joining us this evening. It's going to be a great show. Octavius, how you doing, brother?
Speaker 2:I'm doing good, man, I'm doing great. How you doing? Can you hear me?
Speaker 1:I'm doing good, man. Man, you have me stressing, you have me waiting till like the last minute for you to get here. I was like, actually it was like the last 30 seconds. I think you showed up.
Speaker 2:Yeah, I don't know.
Speaker 1:So you're here and that's what matters. That's what's important, because this show is all about you this evening and, of course, our guests, our warriors, as always in the chat. I love having them. It's good to have them here Before we get started, because I got to do five giveaways, so we're going to try to establish this early. I need a hashtag. Oh wait, actually, I should probably pull up the screen so I could do this the right way. I'm going to need a hashtag for them to enter. But let's do string yard. Come on, let's give away. I think it is Give away. I think that's the right page. It is, I'm good, all right, so we need a hashtag to use for these drawings. So what are you thinking?
Speaker 2:You know what? I just watched one of your videos. It's about two weeks ago. I think it's my favorite of all the videos you ever put out so far and it's called becoming great. I think I think we should be becoming great.
Speaker 1:Becoming great. All right, so we're going to put that in, start collecting comments and we're going to throw that up as a banner so people know that way they actually do it right. That is actually. Yeah, I like that one. I like that one. So there's your hashtag, that's how you get in on the books and we'll be able to take it from there. Thank everybody for joining this evening. As you will see, if you're on YouTube, I do have the option for Superchats now, just throwing it out there, y'all don't have to. As always, this is a free show. Everything is up to you guys, but we're going to keep going with the show Now. Octavius, octavius, octavius, octavius, you are in the field now, if I'm not mistaken. Am I correct?
Speaker 2:Not yet I feel like it should be, but I'm still working.
Speaker 1:All right. So why don't you give us a rundown of where you're at and how you got there right? Give us your story a little bit.
Speaker 2:Yeah, so right now I'm actually working my first IT job. So I just got into the IT field. It hasn't even been two years yet. Before that I was doing personal training, weight loss coaching, group fitness exercise, stuff like that for about seven years, like right out of college, got a bachelor's degree in exercise science. I guess I probably was interested in cybersecurity as soon as I graduated school because Mr Robot was out about that time and it's basically been just a journey since then.
Speaker 2:Like I got my A-plus in like 2017. Couldn't get anything because I didn't have experience, kind of backed off a little bit, went back to my fitness studies and then a pandemic came kind of woke me up again and I said, okay, we're going into this IT thing and then into cybersecurity. So I got into some like a big learning program that was big for me and after that I was applying and interviewing, and applying, interviewing and a recruiter for my current company finally reached out to me and I landed where I'm at right now as an application support specialist. It's basically like kind of like a third tier support, from what I see, kind of like third tier support kind of thing. So, and then I didn't study in a lot of cyber stuff and trying to get my way into cyber.
Speaker 1:Yeah, and it's going to take time, I mean, but the fact that you're still in IT, you're still pushing forward. That's one of the things that I've noticed that a lot of people neglect and it's not out of necessarily choice. A lot of the people I've interviewed recently are transitioning into cyber later in their career, so they don't necessarily have that time advantage of being able to come from IT like help desk, sysadmin or anything like that into the industry. But they've done their research, they've done their learning, they know what they're doing and so really getting into the field is what they're trying to do. But yes, there is this disconnect in certain organizations where not having that IT experience at a bare minimum overshicc you from getting a junior level job.
Speaker 1:And then, of course, we see the job application or the job descriptions out there that say, hey, you need five years of experience to be a junior level cybersecurity person. Well, what experience? Oh, you need five years experience with Splunk. What Pomi I'm just getting in. I can't have five years of experience on something that I've not been a lot of touch for five years. Like I don't get it. Yeah, most definitely.
Speaker 2:Yeah, for sure. And like you said, man, it just spoke to me like I don't have the time. That's why I work so hard and study so much and practice so much. I have to catch up with people who got this education a while ago, so they got the education and they got the experience over me. So just got to catch up, study as hard as I can. I can't be sitting around in a support position for five years. I got a little faster than that.
Speaker 1:Yeah, and one of the people when I know you've seen him on the show, I know you've seen me talk about him and things like that KevTech IT support. He came from support and he just got his first cybersecurity job recently I believe it was this year. So he's another good one and I talk about him all the time, like you know, talking to him, doing resume reviews and things like that, and you know me, you reach out to me, I'll review your resume, we'll talk about it. You know those are things that that'll really help and I think, because you already have started in that area in IT, it'll make it a lot easier for you to transition. It does have. It's a lot easier doing it that way than coming in without any knowledge at all.
Speaker 2:To be honest, Mm, hmm, so I'm learning this. I'm learning this. I had got free session with cyber, cyber insecurity.
Speaker 1:Oh, a good one, yeah, yeah.
Speaker 2:Yeah, I got a free 30 minute session with him and he kind of said some of the same things that it's going to take a while for you to begin, but you got to start already. You give yourself the knowledge you need and you also are in the IT field. So he said you got to leg up on a lot of people that's trying to get in. But you know good advice. But I think your work at it and I hope I'm not not even saying this, but I think your work ethic and control how long it takes you, not saying you could just outwork the system, but you definitely can push yourself ahead. Like you said in the coming great video. It's about what, what, what kind of action you're going to take.
Speaker 1:And that is and we got a question here from a reach. I can't I hope I'm pronouncing that right. He's on twitch and I'll get to you in a second brother. You know, really everything comes down to you, and so when you're getting into cybersecurity, you have two options. You can let negativity holds you back and you could, you know, let the disappointments and, oh, you know, all this stuff bother you and I'm sorry I got to respond to a message real quick, it's. It's that it's hard to do to try to talk to them also, but you can. You can really look at it and and you can let the negativity, you can let the disappointment, you can let all this stuff gets you and hold you back, or you can make the active choice that you're going to do better, you're going to overcome and you're going to rise above.
Speaker 1:I think that is one of the things that separates those that break in and do great versus those that just want to be a victim or want to always feel like, oh, I can't get anywhere because of this. That are the third. Look, there's a lot of issues out there. Yes, we know this. We talk about it all the time. It is a guarantee. There's a lot of issues in this industry in terms of hiring, especially junior personnel, but ultimately it comes down to you. It comes down to what you're willing to put into it.
Speaker 2:Yeah, man, you have control, man, it's a, it's a mindset that you have to believe you can manifest whatever you want around you and it's not gonna come because you want it. Come because you want it and because you work for it. So just take control and work for it. I didn't say, you know, I didn't like my job before, I wasn't getting paid enough to live and handle my responsibilities and, like I said, when the pandemic hit, I just woke up and took control and said okay, this is what I'm gonna do and this is what I'm going to go, and I'm not going to stop until I get there.
Speaker 1:Yeah, definitely. So we got a good question here, though, and I know kind of you're trying to break into, so it'll kind of be both of us answering this but can a person who does not have prior practical experience work as a security consultant, or does this differ on the procedures or requirements of each organization? What is your take on that? Trying to break in, how do you feel you know, being a consultant in the industry would differ from working from an organization, and do you think it's possible to be a consultant without having any prior experience? Really, any practical experience, will say, within companies?
Speaker 2:Mm. Hmm, you know, from my understanding and my research of the industry and you know the levels and everything it seems like being a consultant is not an entry level kind of thing really, at least you know, unless you just come in and you really really know what you're doing and you can prove it off top. But it seems like from my research that something you kind of have to work up to, especially in that environment. Like you said, you're dealing with multiple customers and multiple customers, so I imagine that could be fast paced and kind of stressful for a new person. So unless you just super talented and you just learn super fast, my understanding is that it'll be pretty tough to break in as a consultant. But tell me what you think about that. I'm on the right track.
Speaker 1:Yeah, actually you are. So I've been a consultant. I've been in several different roles. It wasn't until this year that actually became a manager, and consulting is one of those things. You have to have the experience to be able to talk to clients. That's not to say that you can do it, that's just to say very, very, very, very, very rarely will you hear of an organization hiring a junior level consultant that has no experience, because there's a difference between a junior analyst, a junior engineer, and then a junior consultant. And that includes pen testing as well, because pen testing is even then still a little different. You can get a junior pen tester with with no experience. At least you should be able to.
Speaker 1:I know trusted second a few other organizations that will hire that way. You know you have no experience but you kind of have the, the certifications, the background. You've been doing your, your labs, you can talk to it and you know what you're doing. But if you're in a truly consultant role where your job is to guide clients, then it becomes very difficult to guide clients on something you've never seen. And if you don't have the ability to speak to any of the tech stack at all, because all you know is your certifications and what they taught you, then I can't. I cannot hire a junior consultant. I can hire a junior analyst. I can hire a junior I mean we call them consultants where I work but essentially it's somebody that has experience in the field.
Speaker 1:But even as a junior consultant, you need to have experience. There's a difference between consultant, analysts and engineer. There's consultant will always need some experience in the in the industry. So I hope that helps. Again, I get what you're coming from and I know you have it here. You have professional certifications such as security plus EJPT, but those will not give you, those will not give you the knowledge you need to talk to clients. Sorry, it just won't, not, not from a consultation standpoint. Again, it took me years to be able to speak to this. I've been, I've lived this industry since I was a kid. Like I'm 36 years old and I came up in IT and cybersecurity and all that stuff. So it's different for me than people trying to break in. But that's the only advantage I have is like I found IT as a kid Not as good.
Speaker 2:I've been out there in the wild and ran across a lot of stuff. As a consultant, they're going to expect you hey, this popped up and you have to jump in there and deal with it and it's going to be stuff from a while that your books might not have taught you.
Speaker 1:And that always comes down to and this is one of the things that I love about cybersecurity is there are different areas for everybody. So me, I can research and find answers quickly, anything I need, and an Octavius. I don't know what your learning style is, but you know this. It aided me for a while after I went through Army training, for a bunch of sense training is. I can learn like this you show it to me, you give me it on screen, you tell me to do it, I can do it, I can figure it out and it'll. It'll happen in minutes, hours, whatever. It's not going to take me that long.
Speaker 1:In this industry, there are jobs where you have the ability to take time to learn and understand things. Then there are positions like consulting, incident response, even pen testing at times, where you have to be able to learn on the fly and go. If you cannot do that, if your mind and again, it's not, it's not a blow to anybody, it's not supposed to be something negative but if your mind just does not click in that way where you can learn and go quick and literally like hey, we were briefed, I need to know what to do, all right, cool, do a real quick Google search. Let's figure it out. Let's figure out what the ransomware is. Let's figure out what happened. Let's go about our business. If you can't handle that environment, then you will not be good in certain roles doesn't mean you're not good for cybersecurity.
Speaker 1:And when I first broke in, when I was in the army and actually getting the certifications, I was pissed. I was like, if you can't learn this certification, get the hell out. Like literally, you have two weeks ago bounce deuces. I don't want to see you here. But then I learned.
Speaker 2:Yeah, that's tough, different areas.
Speaker 1:Because I came from military like learning it on my own and military and everything else and then actually experiencing the field in the civilian sector completely different can of worms. And then as I got older I got a better understanding and so I think there are rules for everybody. You just have to find your niche.
Speaker 2:Yeah, that's interesting.
Speaker 1:Um, OK, we'll save that one.
Speaker 2:Can you elaborate a little bit on some of those different types of roles, like kind of what would they look like? So you mentioned incident response. You're going to have to be able to jump in there and hit the ground running and know what to do. What would be some of those? Slower pace you get more room to learn, kind of roles, your analyst and engineer roles.
Speaker 1:generally speaking, if you can get into a junior level engineer and analyst role, it gives you that room to grow and really expand within the industry and understanding Even a junior pentester role. You're supposed to be coming into one of those roles, really never doing it in enterprise, maybe doing some hack the box or try hacking or something like that. But you're not supposed to be coming into something where you're a red team and you're going to get in there quietly and nobody can ever find you. No, no, no, a junior pentester no end map, metasploit and maybe a few other tools to be able to break into things, possibly even burpsuit and things like that. But those hands-on technical roles of implementing and analyzing those are generally like.
Speaker 1:You have that time to figure it out, especially as a junior when you're looking at your fast-moving things. Ir is not something you can really get into as a junior and B if you can't learn on the fly, because there are so many different nuances to malware that in order for you to figure out where things started, you need to be able to figure out what's going on and be able to do the research, bring a company back up and running, deliver evidence, do incident handling Like, you have to either have all the knowledge already or know how to find it, because if you don't, then you're putting a company that is already down, they're going to lose more money because you're taking too much time, and so you have to look at it from that aspect of things.
Speaker 2:OK, one quick follow-up then, Derek. So do you think people have the ability to say, practice enough malware analysis and even write enough malware on their own and do whatever they can on their own so they can be in the headspace to be able to jump in and figure stuff out Like yeah, they're working from a different level than somebody who hasn't done all that work.
Speaker 1:Yes, and that is because think of your brain, think of the way we think about things as muscle memory. So if you do something so many times, it becomes muscle memory. You know what triggers the look. For I have my grant. I have my reverse engineering malware certification from SANS.
Speaker 1:If I were to step in in the reverse engineer malware to this date I'd be lost. I wouldn't know what to do because since I got it, I haven't touched it. I learned about it, I studied it, I figured it out, was able to pass certification, but because I haven't touched it in so many months or years, I forget when I got it, I wouldn't be able to do it right now. All right, now could I pick up the books, read and figure out, know exactly what I'm looking for? Yeah, sure, but that's because of the muscle memory that was ingrained within me. But I couldn't do it without research, but I know where to find the answer.
Speaker 1:So if you develop the muscle memory to be able to do something and you can do it well and maybe you step away from it for a little while, but because you already have that muscle memory, that's like me stepping back on a football field. I could step on a football field and play linebacker all day. My body may not like it, but I could do it. But when you have that ingrained within you and it's been beaten into you so much because you've done it or you've researched it or you've studied it, then yes, it's possible. But you have to develop that muscle memory to be able to react quick, think, know and know exactly what you're doing. If you don't develop that, then no. But if you work on developing it, it is completely possible. You just have to develop that capability. It's not something that's impossible, it's just you have to learn how to use your muscles in that way, which takes time.
Speaker 2:Yeah, that's good man.
Speaker 1:So we got another question here and actually James asked this to me, but he said either of you Would either of you say. Ultimately, skills that you can demonstrate are more likely to get you worked in search or degrees.
Speaker 2:I'm going to let you go first Octavius, handle that one homie. Ok, ok, let me process that one one time. Ultimately, skills that you can demonstrate are more likely to get you work in search or degrees. So I think my first idea is from all my research and digging, there are search that give you qualification and at the same time demonstrate skills like blue team level one. I haven't I've taken the blue team level one and attempted the exam. We can talk about that if you want to, but we got the side of the thing.
Speaker 1:Did you pass that?
Speaker 2:one. No, sir, I'm going to just be honest which I failed the twice on both of my free attempts. Oh, that happens. I did much better the second time. But yeah, that's another story.
Speaker 2:But yeah, I do think there are service like blue team level one, that demonstrate skill, which is kind of why and maybe I shouldn't have did that, but I kind of pursued it before security plus, because when I started looking into cyber I realized where I wanted to go was a technical, hands-on kind of route and I knew security plus was a good foundation of knowledge. But I wanted to get my hands on the keyboard and know how to do stuff and know how to use the tools and stuff. So, looking to the search that do demonstrate. And if you can't do that, if you're in school or whatever, I would say, do both. If I could go back, I would major in IT, computer science, and I would do as much practicing and learning and studying outside as I could and try to get certs. If it's all out there and you can do all of it to get ahead of everybody, why not do that?
Speaker 1:Yeah, definitely. I think it's a combination of the two right? So, and Griffin InfoSec put it earlier in the YouTube chat, sgt degrees gets you through some of your HR doors Not all, especially not if you're looking. If you talk to me, networking is really key to doing a lot of things these days, so that's not a necessity, but if you are applying to jobs, not networking to get a job, then yes, it is a necessity. There's a lot of systems you're not going to get through because you don't have those. However, it's not an immediate check off the box. It's not going to happen.
Speaker 1:I personally will take skill sets. I will take. If I am looking for a certain tool set that somebody knows. I will go out of my way to find someone with that tool set. So, for instance, I recently hired someone that I needed to know New Splunk that is. I needed to know they knew it. I have a lot of work coming in that Splunk work. I need to know someone that knew it, backwards and forwards. So that's what I was looking for.
Speaker 1:I didn't care about certifications, I didn't care about degrees, I didn't care about anything about that. I needed to know they can mentor people, they can motivate people and they knew Splunk, that was it. What work have you done? Oh, I've done this, this and this was Splunk, cool bet. How do you feel about mentoring juniors? Oh, I'm all about it. We could do that, cool bet. Let's go with it. Look at their experience, what they've done, how they get back to the community and ask the thing as I am looking for the whole person, and sometimes I'll have to throw a tool set into it, depending on where you're going to be in the echelon of things but I'm looking at the whole person, man. But again, industry as a whole, it depends on the company you're looking at. It truly does. Different companies will do different things.
Speaker 2:Yeah. It's awesome, go ahead. We need more people out there with that mindset man, not saying that people should just be given opportunities with no skills and no knowledge, but there's definitely people that bring more to the table. Like you said, the intangible skill set will be able to mentor and have the motivational and positive mindset with the team and for the most part, I believe me or anybody else, can learn that technical stuff with enough practice.
Speaker 1:Yeah, yeah, the technical side. There's a lot technical you can do. That doesn't require anything more than practicing at home KevTech IT support. I always go back to him because of the labs, because of the videos that he does, and he goes above and beyond what I do. And when you look at things like that, if somebody were to come to me and think of like, oh yeah, I did KevTech IT supports, I went through these videos, these videos, these videos Is that the third? I would go look at them. I'd go figure out exactly what he taught, so I knew what he was doing and what they learned.
Speaker 1:But when you do things like that and show me that you're learning on your own, that does more for me. And there's a reason. And the reason is because it shows you have the ability to learn on your own, you have the drive and the passion to really carry yourself forward in this field, whereas those that are like, oh yeah, I got my degree, ok, what have you done since that? Yeah, ok, so you have no YouTube, no blog, no LinkedIn, no social media presence and you haven't worked a job. So what's your degree mean to me? Because I know what they teach in degree programs and it's little to nothing, except for the bare minimum foundations, which means I'll pay you $60,000 a year to go ahead and be an analyst.
Speaker 1:I hope that's what you're looking for. You're not getting six figures. You're not getting anywhere near right away. Right, like, what have you done? I'm going to bring you in the bare minimum and I am going to ride you just because you thought your degree meant more, because you haven't done any work on your own.
Speaker 2:Oh yeah, I'm going to make you a mastermind set, man. I love it, I love it and I have a question for you to quickly follow. A question on that note. Right there you mentioned going through the degree. So I'm in a program right now where I'm taking college courses, but they're non-credit, with college professors, and they prepared us for some certifications and stuff, and so I'm doing my two classes. I'm very hands on. I'm taking Lenox, red Hat Lenox and Cisco CyberOps class. I love that one, you do, man. I'm loving it. Man. I don't know if it's because the stuff is making sense, because I read the same shit over and over and it's finally clicking now, but I'm loving the CyberOps. But my question is how can I, I guess, without plagiarizing the content, how can I show hands on projects of what I'm doing in there without giving away the course content?
Speaker 2:OK, so knowing that I don't want to, just come out on the end and say, hey, I finished this class. I want to show what I learned during the class. I want to take in your face.
Speaker 1:Yeah, so a good way to do something like that. So if you're learning something like so, ccna, cyberops, cisco bought Snort, so there's a free version of paid version A good way to go about what you would be learning in a class like that would be to set up the free version of Snort and develop a blog or post on LinkedIn or YouTube or whatever A way to show okay, hey, I wrote this role to detect this. I ran a Metasploit thing to do this. The role picked up. It triggered this, like okay, so this is what I'm doing, this is what I've learned, this is what I know. And this is why learning in public is so important, because it shows not only do you understand the tool and the language that it uses, but how to take an offensive attack and detect it in that way.
Speaker 1:So now you're learning both sides of the fence. You're learning the offensive side, because you're learning how to use things like Metasploit and Nmap and whatever other tool, it doesn't matter SQL map and a bunch of others, and then you're learning how to use Snort, which I believe, if I'm not mistaken, I believe Snort roles are written in a similar way as Splunk roles, I believe and I could be wrong on that In the chat, please somebody correct me. It's been a while since I've used both of those, but if they are now, someone can take it. What you're doing for Snort, look at it, understand it and be like, oh shit, this will work for Splunk, which means now they know how to write rules for Splunk, which means now, okay, full circle, but full circle, and that's how it works. And so by doing these things, that's how you do it, without giving away the material or the certification content or anything like that. It is by doing it on your own, but using the knowledge they showed you, if that makes sense, right?
Speaker 2:settle. Yeah, yeah, yeah, that's perfect, like set up my own environment and just replicate what I'm learning in there.
Speaker 1:Yeah, yeah and yes, snort logs can be ingested from Splunk for sure. So, yeah, it's what about using a smith? Did you type that wrong? Homie God, paul, I think he typed that wrong.
Speaker 2:I don't know what a smith is. I'm not raising any doubts for me.
Speaker 1:But no. So it's one of those things. There's ways that you can do it and I, honestly, in my position now, when people apply, I Google their name, I Google, I look them up on LinkedIn. I do all these things. See, I wanna figure out what they're doing, what they've done and who they are. Splunk Enterprise is also free for 60 days.
Speaker 1:Oh, skit, all right, cool, he did the type of that, not smith skit. So, yeah, whole cyber human initiative community challenge. Yes, paul puts out challenges for whole cyber human initiative. Holy crap, that's a lot of words, homie, You're killing me, but he does that. And so, yeah, there's a whole thing you can do. Security Onions another good one. Actually, I just talked to an organization today. I talked to one of their founders and they are doing a massive security onion deployment. So that's another big one you can get into If you can do. I have a whole lab on setting it up. Security Onion has GitHub repos out there to setting up a whole terraform, like in the cloud lab, security Onion, and we're talking machines and the whole operating infrastructure and everything. So there's a lot of different ways you can do it. Just record it, put it on video or write about it. Take screenshots of everything you're doing, like, hey, I did this, this, this and this. This is what I found.
Speaker 1:This is what I did, da da da da and that's how you get seen and that's how you get this visibility. You know, this episode is all about going from noob to warrior. To go from noob to warrior is putting yourself out there and actually putting in the work. You're doing it on Tavius. It's just a matter of putting it out there.
Speaker 2:If you understand what I'm saying. Oh yeah yeah, neil told me the same thing, man. He said just get it out there more People. Somebody in the chat said learn out loud if people don't know what you're doing. It's good for your own self-fulfillment, which is the first thing that matters to me. But we out here in the world where it takes money to live, so if nobody knows what you're doing, then it defeats the purpose. You're not getting a job, you're not getting no money, you're not living the lifestyle you want, so it's pointless if people don't know what you're doing.
Speaker 1:Yeah, precisely, and that's the biggest thing, and I love it. Amanda, I know what Amanda does. She's a warrior. I got, I brought her into the fold just about two months ago, I think it was maybe three. She said you're Googling people and not tagging me in. She's one of those FBI investigators Like not officially, but she's one of those people that can find anybody doing anything anywhere at any time. So you know, kind of like my wife, never been trained or anything and just can find anything they freaking want anytime they feel like it.
Speaker 2:I don't know how to. They're natural O-Set people. Man, I love that kind of stuff too. Yep, do you know? Are there any roles like they focus solely around O-Set or mainly around O-Set, like as the primary skill set?
Speaker 1:So that's what me and Amanda have been looking into Beyond something like law enforcement. So you're looking like FBI or state police, things like that. I know there are, I just don't know where it exists. Or wouldn't be a career field, right, it wouldn't be a terminology, it wouldn't O-Set in and of itself wouldn't exist. I would say potentially, maybe something like where I work.
Speaker 1:If you have, or threat intel, it's another good one, right, intel would be a good way to get into O-Set because you're doing all open source intelligence. So if you're looking at different organizations, if you're looking at different people, if you're looking at corporate espionage, things like that, yeah, a threat intel would be a good way to find it. Understanding the dark web, understanding the dark net two different things or actually deep web and dark web, those are two different things. The deep web has no DNS entries, it's all IP addresses. The dark web is all through Tor or I2P, things like that. That'd be a good way. Now you really have my attention, a whole cyber human initiative. I need to hook you up with Amanda for short. I can't even fathom what she can do, like me and her have talked on many occasions and blows me away. But, yeah, a threat intel, o-set those go hand in hand.
Speaker 1:R&d, malware analysts I don't know about that one. Malware analysts is interesting, misha, what do you mean? Update today's live? How about you tell me what I need to put in instead? Okay, that'd be great, but yeah, so that'd be a big one. But yeah, I mean, it's all over the place, man. There's a lot of the things we do. We do have another question here, though, from Kerry, and I feel bad because every once in a while he'll ask questions that are completely off topic, but this one is actually very much on topic Question. I haven't done much for Sturz, and even though I have the A plus where I live, they want me to relocate, trying to get into work at home or anything and nothing. Actually, that's not exactly a question, even though he said it was a question. Still love you, homie. But so if he has his A plus, where would you think he should start?
Speaker 2:A plus. Does Kerry have any IT experience at all right now?
Speaker 1:Have any what IT?
Speaker 2:I know he's done some side jobs.
Speaker 1:He's done some side projects, but yeah, I don't know if he's actually Kerry. Please chime in if you've actually worked for an organization doing IT.
Speaker 2:I would say for Kerry, if he hasn't gotten any experience yet, I will just go do kind of. What we were talking about earlier is, though, create that experience through labs and stuff like that. So I will start with tech IT and I would be going through I had me on the side. When I'm not doing tech IT, yeah, that's what I would be doing, because, with no experience, I would say the tech IT is probably going to be realistic skill sets to build for the kind of jobs you could be looking for right now, and then to try having me is going to be like a fun game of fire way to build the skills to get past, to start building the skills to get past. That that's my teacher, so I will do that combination. Kev Tech organized he said he organized his hands on stuff from YouTube into his course on Udemy. That I got for free a while ago, but I don't think it costs that much. But I will do Kerry.
Speaker 1:Yes, pci DSS is a banned phrase on here. I'm a mute. That shit no one's gonna be a lot of use. I so look, check it out. We got 26 people watching this right now. Becoming great.
Speaker 1:Hashtag becoming great can and will get you one of these or this. I don't know what order I'm gonna do it in yet, but you need to put in hashtag becoming great in order to win one. I've only got yes, you can if you're in YouTube, linkedin, twitch, facebook, any of those. I've only got seven entries so far, which means I've got six books in seven people. Six of the seven are gonna win. So if you all want to win one with the 20 some people that are in here, please put in hashtag becoming great. Does that take me to eight? Yep, oh, we're up to 10 now. All right, so even better, keep it going.
Speaker 1:But, yes, so you know, certifications are hard, because the A plus is a general IT certification and it does not. It does nothing more than teach you the hardware in the very, very bare minimum and to be an IT support. But then you have to go out there, take your A plus and actually apply it. So get a job at a small little mom and pop. Get a job at a computer repair place. Once you're there, go ahead and work into. A plus is also a media forensic cert. Oh, that's a good one, actually, yeah, it is. Go out there and, you know, find a company that could be IT help desk or desktop support or hardware support, wherever the case may be.
Speaker 1:There are ways to take that A plus certification and use it to your advantage. And then you say, hey, I want to get in a networking, get your network plus. You get into security, your security plus things like that. There's ways to move up. You just have to be willing to put in the work and do it. And again, kerry, I know you have a lot going for you. I know I know a lot about what's going on, but you got to get into somebody's smaller organizations and put yourself out there. That's the best way to do it. It's just going to take time. Honestly, county governments are a great place to get your foot in the door. Very true.
Speaker 2:I was just thinking that, yeah, I think that's true.
Speaker 1:Why can't I get all right? I guess I have nothing started anymore. All right, so becoming great out there, we got 15 minutes. I'll share this here in a little bit. What's another good one?
Speaker 2:man, what other?
Speaker 1:issues you got going on. What other comments concerns what you got, octavius?
Speaker 2:I got a question for you. What kind of legal advice can you give me, without tarnishing the exam, to help me pass the routine level?
Speaker 1:BTO 1. Now it's been a while since that came out. I was actually on the advisory board for it.
Speaker 2:I know I saw you in the release video. That's where I first saw you. Then I saw the cyber warrior thing I was like, oh no, this dude is a whole interesting kind of guy, All right.
Speaker 1:Mike, me and Josh know each other quite well. He's doing a lot of big things and I love what he's doing, but as far as doing it, man, I've seen the content and he's ultimately putting out everything you need the entire training. The only thing I would suggest is, like we've talked, about going above and beyond building your own lab, doing it on your own, finding your own detection methods and things like that. You know what I mean Actually using the tools for what they're meant for and your own environment. That would probably be the best suggestion I can offer, because if you do that, then you're setting yourself up for success.
Speaker 2:Okay, that's awesome. I definitely Can exhaust some more options to get better.
Speaker 1:They saw, yeah, I mean, it's, it's one of those things, man, it's. It's. It was designed to be junior but not to be easy, if you if you understand my meaning right like it's yeah, it's stuff you should know at that level, but it's not easy. It's not something like a security plus or a G-sec or you know, and even the G-sec and one says easier, but at least this is more hands-on. So it has its advantages and disadvantages. But the one thing I will say is, if you have any questions About the content or about where you're struggling, you can always reach out to me. We can always talk about it. We can figure it out. I'll go back and talk to Josh. I'll try to look at some old stuff and see what kind of direction I can guide you in. But you know, that's it's been. That came out I think a year or two ago, so it's been a while so many.
Speaker 1:I believe. Yeah, it's been a while since I looked at all the content, whole cyber human initiative. If you want to get into some more research and labs, talk to them. Paul's always doing amazing things, so you you have a great place to learn with him as well. It'll help you advance in that way. Other than that, what do we hold up? Who put up a band phrase? Don't know? No, no band phrases in this chat, okay, jack. Has a question for you, though, octavius what role is your goal and what's your? Why for getting in a cyber security? Well, thank you, jack. I love you, homie, my brother, me and then talk on LinkedIn all the time.
Speaker 2:Okay, jack. So my role, my role I Guess you can say it's levels to it. So I want to be become a consultant, but I know I have to work up to that. So right now I'm just looking to become a sock analyst and I know it could be like different levels and responsibilities to the different levels of a sock analyst. So I definitely kind of one of I don't know people say it's crazy. I'm gonna learn Basically every state that could be done in the side and then come to the center and I want to learn hack into. It's like I don't have enough time to learn all the stuff I learned. That's why I have a long term mindset that I'm always gonna keep doing.
Speaker 1:Yeah, and, and you start with one right, you start with one, you keep going. But again, what is your why?
Speaker 2:my why so? My why? Um, well, you know, once again, definitely for career. It's a career where you can climb and when you can learn and you can be rewarded in your career for learning at a skill sets and Just to dig in, like I love finding stuff, I love putting pieces together. No, it's just I feel like once I start studying it, I feel like I was born for cyber security. Just my mindset way. I think my persistence was just digging into stuff. I just think it resonates with me. Once I found it, I was like damn, I should have been doing this since I I learned how to read like this is amazing. So the why it's like what it can do for me in the world and what it could do for myself to Feel my, my hunger to learn and everything like that.
Speaker 1:Yeah, yeah, and I can't disagree with that. It is a lifelong learning career field and this is one of the things that and this is why you know, when I talk about cyber security, I talk about it in such a way it's like being I don't agree with the way they teach things in some extent, because you know I you look at doctors and you look at lawyers and things like that things are always changing. You'll ask that always have to learn, so nine times out of ten, you get paid a lot more in those roles.
Speaker 1:Not always, but nine times out of ten, cyber security is considered IT. It is is an IT field and so we don't look at it as you have to constantly be learning. But when you're in cyber especially if you're on a blue team, red team as well, but mostly as an analyst or an engineer that is designing sim infrastructure in building tech stacks and stuff you have to understand and know what the offense is going to be doing. In order to do that, you have to constantly be researching. You have to constantly be looking and digging and understanding. This is why, when I talk to people about things like the dark net or the dark web, if you don't know Tor yet, you might want to make it your best friend, because that is where Information is sold.
Speaker 1:That is where people will come into your network and if you're developing a secure infrastructure, you may not want Tor connections Allowed into your network and there are certain firewalls and certain IDS is not. While not IDS is, ids is will detect it, but there are certain IPS is in and network protection systems and things like that that will deny Tor connections and if you are not denying those Tor connections, that means somebody that is using the dark net or using onion or using whatever can get into your network, and Good luck trying to figure out who it is. It's hard number the regular VPN, let alone Tor. Unless you're the government, you're not tracking down who is running the torsion or who is coming through. Tor knows it's just not happen and so you deny them all.
Speaker 2:In a sense. So you want to have, you got to have that knowledge to explicitly block it or it's gonna be open, if you didn't know about it, to go as physically blue.
Speaker 1:Yeah, not, not just that, but you have to know what it is because you're gonna want to go there when you get into OSINT, thread intel and things like that dark net is where you should live. The dark net in the dark web Please look up the dark web. There's three layers to the internet. There's the clear net, there's the dark web and there's the dark net or deep. Actually no clear net, deep web in dark net.
Speaker 1:Correction the deep web has literally no DNS entries out there. They do not own Registrar's, they're not on any DNS server. It is literally by IP, everything is by IP and you need to know the IP to be able to get into it. And Then you have the dark net, which is all through torn proxies and things of that nature. So the deep web in the dark net is where you find most of your malicious information, is when you will do a lot of your thread intel, your OSINT yeah, your OSINT and in SIGINT and things like that clear net, the clear web, google and them catch it 90% of the time before you even ever see it. A lot of the problems you see, like the people that work for Google have a lot of mental health issues Because Got you.
Speaker 1:So that's the thing. Well, we got seven minutes left, so before I actually yeah, seven minutes. Before we do that, we got let's see how many we got in the giveaway tool 19, 19 entries. So let me bring this down. No, come down. I want a new window and let's go back. I wish I had two monitors here. Really need a better setup. So we're gonna do present Share screen and we want to share this. We want to share, all right, all right, so let's see what this looks like. All right works, good for me. So we have 19 entries for hashtag becoming great. 19, if you want.
Speaker 1:I have five of these signed by the author, cyber arms, or Daniel Deep Turley I can't pronounce his last name for life for me but so I got these and I got one of these. What I'm gonna do is I'm gonna do this one first. So Security testing with raspberry pi is going first. You have all of ten seconds to put that in. One, two, three, four, five. Come on, siri, you're messing with me. All right, there it is. You're done, no more.
Speaker 1:Let's go and begin the drawing. The first one wins the raspberry pi ball. Security testing with raspberry pi. Who gets it? Who gets it? Who gets it. Who gets it and Sorry, are Infinite probability, ai. He wins the first one, homie. I saw you entered on YouTube also, so if you win again, I'm gonna tell you no, you already won once. That is all homie, that is all you get. So you have won. And you like AI, so it'll work. You have won this one, mean you're gonna have a talk. I know who you are, I'll reach out to you. So now I got five a basic security testing with Kali Linux fourth edition, and, yes, these are all signed by the author. So let's see who wins these next five ones. So draw again.
Speaker 2:I need one of those Wow Manifested.
Speaker 1:I'm trying to tell you our guests a 911 copy of Basic security testing with Kali Linux fourth edition. So we got four more.
Speaker 2:Yes, sir.
Speaker 1:Let's go All right. And the nice thing is they fixed it, so it pulls your name out. So we're gonna draw again. We got Carrie. Carrie is now one one of these. All right, let's draw again. We're gonna keep it go, keep it going.
Speaker 2:Do, do, do, do, do, do, do do.
Speaker 1:Rakeem ray 마음. Um, I don't know you, homie, you're gonna have to leave a comment and I get a hold of me on discord, twitch, facebook, something. Please get a hold of me within the next by the time Hopefully by the time this ends. I've got everything in the description how to reach out to me. Please reach out to me, because I do not know who you are, but I want you to win this, so that is number Three, that's number three.
Speaker 1:I got two more. I that go. I don't know who you are either. So, please, you've got until 10 minutes after the show ends to reach out to me, or I'll be giving these away next week. I really don't care. Twitch, linkedin, instagram, twitter, facebook I'm all over the place. Please reach out to me with your name. We will get it sorted out. Let's go again. So that's three, right three, or is that for three?
Speaker 2:I Was just asking myself.
Speaker 1:Actually, no, this is it. That's all six. All six books, if I'm not mistaken. So we had a Deco, we had Raheem, we had you Octavius, we have Jack. Am I missing one? Infinite, infinite AI infinite AI won the raspberry pie book, so I do think I need one more. Do I need one more? Everybody Tell me, cuz I lost count. Do I need one more, one more?
Speaker 2:Thank you, buddy.
Speaker 1:I Carry was the other one at one Okay.
Speaker 2:Yeah, that's all five, yeah.
Speaker 1:All right, let's say my entries went down to 14. I know I called six numbers, all right, so we have six books all given away. Please get a hold of me. Let me know, octavius, we are gonna talk. Oh, I'm still going. Kev Tech I ain't done yet. We still got a few minutes for the top of the hour. We're still rolling with it, but yeah, so we're gonna go back to here and we're gonna keep it going. So, everybody, please contact me. Actually you can contact me, andrea Myler, or Actually anybody. If you know anyone in this chat, please get a hold of them and then get a hold of me or find a way. I want these to be mailed out by the end of next week. So I will mail them out by Friday of next Friday. So please get a hold of me, octavius, I know who you are.
Speaker 1:Name of books, name of books, name of art. So the first one Basic security testing with Collie Linux, fourth edition by Daniel double W. I can't pronounce that last name, but cyber arms at cyber arms is how to do it. And then the other one, that Sarin AR one, is this one Security testing with raspberry pi, which is right up his alley, because he does, of course, ai, and Raspberry Pi is good with AI. So Sarin AR, of course, won the first one. Oh that mother panter. Twice that pain in my ass. He's lucky. I love him.
Speaker 2:Right.
Speaker 1:There's a bit. Look everybody. Please seriously get a hold of me on LinkedIn under Derek Schiller Jr, the cyber warrior. Look me up, you can find it. Andrea Myler, monawa, bill Lack all these people everybody in chat knows me. Please get a hold of them on whatever platform. Get a hold of me, we'll figure it out. Otherwise, look, octavius, we are at the top of the hour. What have you been drinking tonight? I gotta ask, cuz I see a whiskey glass. I gotta know what you're drinking.
Speaker 2:It's a little out those.
Speaker 1:Okay, okay, okay, you know me, I gotta do my beer. Me and beer just get along so well. But Otherwise, look, if you have advice for anybody Trying to get into this field and I know you're still working on getting in and in chat please in chat, go ahead and give your advice as well. If you have any advice to give to somebody trying to break him up, would you say I Would say Don't just want to get into cybersecurity.
Speaker 2:Do some research on what you want to do in cybersecurity, because I think it'll speed up the process of you getting in, because you can hone in all your practice and learning on that area and just branch yourself in that area and get in Studded, being kind of scatterbrained, and just be relentless and your work ethic and it's cool to be a nerd, it's cool to study, it's cool to Commit yourself to learning for the rest of your life, whether it's for work or for spiritual development or Any areas in life that could benefit from continuous learning. So, yes, always learn and don't I mean I don't know people in different situations, but I would say don't be in a rush, look at a longer scale of time with what you're doing and expected. Work for something to get there and expect to work to stay there and that's it.
Speaker 1:Yeah, definitely. Look, first and foremost, skull cheers Pros, whatever you want to say to everybody out there, look, I love you all. Here's the thing. Octavia said it best. All right, you got to work for it, you got to want it, you got to earn it. Do your research, understand what you're getting into. Please do not go up to someone that you wish to be your mentor and say I want to get into cybersecurity. How do I do it? Where? What do you know? What have you researched? I don't want you to come at me and be like, oh well, I want it for the money. Cool, you're never gonna find what you enjoy that way. But all right, we'll go with it. But I love you all. You have all been amazing.
Speaker 1:Again, before I go, from now on, super chats are at the bottom. You can also go to any video. There are ways to give thanks, there are ways to donate to the cause. It's all in the description below, as well as in the live chat. I love you all. Take care, enjoy yourselves, have a fantastic weekend.
Speaker 1:And one more thing, octavia's while you're here, we have one more week of men's mental health awareness month. I want to say to you and to any other men in chat. I'm taking this beyond a month. We're gonna start doing this more frequently, more often. If you need someone to reach out to, please reach out to me. I am here for everybody. Burnouts real. Mental health is real. All these issues are real. They're not going away anytime soon. It's going to take a huge change in a huge ship. So if you need to talk to somebody, please reach out to me. I will always here for whoever needs it. Otherwise, look, I love you all. You're all my warriors, you're all my family and I will see you next week with another amazing episode of security. Happy out, you.