Have you ever wondered what makes a leader in the cyber security world? Dive into a robust discussion with our insightful guests - Natalie, August, and Hollis - where we tackle the burning question. We uncover August's journey from being a sock operator to a mentor focused on unlocking leadership potential in entry-level recruits. His new show brings a refreshing perspective on maintaining talent.
This episode doesn't stop there. We also address the complicated issue of micromanagement in IT, questioning the outdated nine-to-five culture. With Natalie's expertise on IT management, we share untold stories of the challenges faced in the industry. We further explore the need for regular breaks to boost productivity and address mental strain, breaking the stereotype of the constant grind.
In the concluding segments, we delve into the intriguing role AI and machine learning play in security products. We untangle the knots of leadership, management, and mentorship in cyber and IT space. The conversation shifts to the perspective on certifications, their value and challenges. And finally, we underscore the fundamental aspect of every workplace – recognizing and appreciating employees. We close the loop by discussing the importance of competitive pay for junior security analysts and fostering an environment of love and support. So, brace yourselves for a rollercoaster of insights that is certain to stir your thoughts and ignite conversations.
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
Have you ever wondered what makes a leader in the cyber security world? Dive into a robust discussion with our insightful guests - Natalie, August, and Hollis - where we tackle the burning question. We uncover August's journey from being a sock operator to a mentor focused on unlocking leadership potential in entry-level recruits. His new show brings a refreshing perspective on maintaining talent.
This episode doesn't stop there. We also address the complicated issue of micromanagement in IT, questioning the outdated nine-to-five culture. With Natalie's expertise on IT management, we share untold stories of the challenges faced in the industry. We further explore the need for regular breaks to boost productivity and address mental strain, breaking the stereotype of the constant grind.
In the concluding segments, we delve into the intriguing role AI and machine learning play in security products. We untangle the knots of leadership, management, and mentorship in cyber and IT space. The conversation shifts to the perspective on certifications, their value and challenges. And finally, we underscore the fundamental aspect of every workplace – recognizing and appreciating employees. We close the loop by discussing the importance of competitive pay for junior security analysts and fostering an environment of love and support. So, brace yourselves for a rollercoaster of insights that is certain to stir your thoughts and ignite conversations.
Merch: https://cyberwarriorstudios.com/store
Youtube: https://youtube.cyberwarriorstudios.com
Twitch: https://twitch.tv/CyberWarriorStudios
Twitter: @CyberWarriorSt1
Discord: https://discord.gg/eCSRzM6mJf
And it's me. It is the Cyber Warrior. This is Cyber Warrior Studios and I know you're all here for another amazing episode of Security Happy Hour. And, yes, I got a big show planned. We got a lot of big things going on and some amazing guests, some you've seen before, some you haven't, so it's gonna be an amazing show. Don't forget like comment, subscribe and Super Chat will always take precedence during the live chat for questions. So just so you're aware. Otherwise, enjoy the show, take care, and I'll be right back. And I'm back. See, it was quick. It's like 10 seconds. It doesn't take that long. You'll be all right. Anywho, look, it's another amazing episode of Security Happy Hour.
Speaker 1:First and foremost, I would like to thank our guest, natalie, and August for joining me, and we do have one more joining once he gets done troubleshooting whatever issues he may be having to get us started. August, you've never been on the show before, so why don't you ask him? He's gonna be on the show. He's gonna be on the show. He's gonna be on the show. He's gonna be on the show. He's gonna be on the show. He's gonna be on the show. He's gonna be on the show. He's gonna be on the show, so why don't you introduce yourself?
Speaker 2:My name is August. I currently work in information security with a specialty and incident response for an unnamed company. I think that's the end of my intro.
Speaker 3:We're gonna have to work.
Speaker 1:I'm doing quite a bit how you doing.
Speaker 3:Doing good. I'm doing good over here.
Speaker 1:So we are waiting for Hollis, and I'm sure he's gonna join us shortly. So, to start, before we get into the primary topic, which is gonna be leaders in cyber, or leadership in cyber, depending on which platform you look at, because titles and character links why don't you, in August, tell us about the new show coming up?
Speaker 3:Yeah, so when I because I used to run a sock, surprise, surprise. So when I ran sock, I actually came across this happening quite a bit with our entry level talent where we would have, we had some people that would come in, that were they were, at one point they were very junior and then as they came up through the ranks they thought that they were still junior to an extent. But, like, once you hit an engineer level or higher, like you're now looked up to by a lot of people in the company, all the new things coming in, once you've been at a company for about a year, you've become a leader and they didn't realize that. So they were kind of like very short with a lot of, a lot of people. And it took me, like as a leader, to recognize it and say, hey, we can't talk to entry level talent that way, because we're never gonna be able to retain them.
Speaker 3:If you do, think about and I actually the one kid that did this, I was like you know this one coworker of ours I was like, think about when you were first hired so, and so did, said that to you when you were first hired would you still be working here today? And he was like oh my God, I never thought of it that way. So it's just a matter of them not realizing that they are, and they are leadership at a certain level. You don't have to be management to be leadership, but leadership is very important in the field and it's very important to retain some of the top tier talent out there.
Speaker 1:Yeah, definitely, and one of the big things for me. You know you also got to know your audience. So, depending on where you work, depending on who's around you and the personalities around you, you can get away with saying certain things and they won't get mad at you. They'll take it with, you know, either a grain of salt or with respect, or whatever the case may be, because, let's be honest, everybody knows me. I talk shit, that's just what I do. All right, especially at work, we have fun, and I talk shit on my boss on a regular basis and he talks shit back. It's kind of how we operate. Then again, that's the military mindset. But you know again, if you are saying certain things, there's issues. So, you know, dealing with juniors, especially breaking in, can always be. You got to kind of total line and figure out what to say and what not to say. August, what has been your experience with leadership so far in cyber?
Speaker 2:Mine's a little bit briefer than y'all's, considering I have just recently broken in the grand scheme of things, but a lot of it was when I first started at Quantum Security, before I'm in the role that I'm at now.
Speaker 2:It was almost a brand new sock. So there wasn't a lot of processes and procedures for training the analysts, including myself, because right when I started I was, you know, bottom of the tier. But about six months later we picked up a few people around my level not quite at the same and a few interns that were escalating tickets to me and it's almost like they were scared to mess up or ask questions. And that's kind of where this comes in developing processes and procedures for training your junior analysts and mentoring them. Because even once you're in 10 years you still need a mentor, right, everybody needs mentors, and it's just not saying there aren't already people doing that. But I feel like there's a gap between a lot of the mid-level and higher-level talent just because it's so hard to get in an entry level. So that's kind of why I'm here to provide a bit newer perspective, considering that I would still almost consider myself entry level until I hit about three years.
Speaker 1:Right. I mean, if you look at a lot of the entry-level jobs, it is zero in three years, ain't it? Yep and that's something that people have, or one in three, depending. Yeah, it's really what it is, and I think I'm right over two.
Speaker 2:I'm a little over two years now, I mean. That being said, I am taking escalation still where I'm at. But that's just how it falls. Small teams, small security, that's how it works.
Speaker 1:Yeah, yeah, and that's one of the you know from a junior's perspective. It's always good to have that insight because you know leaders a lot of time, depending on your organization, they're like oh, give us feedback, talk to us open door policy. Me and Natalie and I don't know about you all, I guess but I'm sure me and Natalie heard that a lot Military open door policy ain't gonna change shit, right, you go in, you talk to them, you tell them what's wrong and they're like yeah, okay, I got you, nothing changes. They act the exact same way and it stays the same. Nothing ever changes. And you'll see that in some organizations.
Speaker 1:So that's one of the things that I try to bring to the table with my team and I know my buddy does the exact same thing where those conversations that we have in one-on-ones, we take it to heart and we're like okay, so I need to fix this. And I tell my teams that all the time If I need to fix something, you have to tell me, because if you don't tell me, I can't fix what I don't know Right and so and that's been my issue with a lot of things Like if somebody doesn't tell me what I did wrong and you just like quit talking to me. I don't know what I did wrong so I can't adjust or fix or change anything. But before we go any further, finally his troubleshooting is done and Hollis has arrived. How you doing Hollis? Woohoo, all right, now I can't hear you.
Speaker 3:I can't hear you.
Speaker 2:Maybe, maybe where's it at. It's funny when the IT guy can't fix his own mic. I do apologize.
Speaker 4:I was in the middle of a circuit. We had some issues with OSPF get across ABPLS In troubleshooting that it took a little bit of time. It's completely my fault.
Speaker 1:It's always DNS, blame DNS. Anyone in networking knows that. It's always DNS Jeez.
Speaker 4:Yeah, I agree.
Speaker 1:I do apologize as we're getting into it. Why don't you give us a little rundown on who you are? Like I said, we've got a lot of conversation to go through. We're going to talk about leadership in cyber we already started but I'd like to get your viewpoint kind of on who you are, what's your background and what your career goals and what you're looking forward to going forward.
Speaker 4:Yeah, so of course my name's Hollis. I've been in IT about seven or so years. I've kind of wore a lot of hats I've been help desk, I've been assistant administration, I've been in cyber and I'm in networking Currently. I do a lot of VoIP issues and anything with WAN or anything around routing. Like Clare III, I do do a lot of mentoring to my juniors and in that right what I'm really looking forward to in the future is, I hope, to get into architecting BNSE and network analysts. I've really just got my eyes on designing and developing my own solutions to businesses problems.
Speaker 2:That's my hope and my aspiration, and as I go forward.
Speaker 4:I'm hoping to either lead people more forward into that or insecure networks, that's awesome.
Speaker 1:Yeah, networking. I started in networking and help desk, did a little bit of both and just kind of fell out of love with networking. I still understand it. It just got way too complicated for me. I'm like now we're getting into too many things that I need to know, that I don't want to know, that I don't care about, I'm done, I'm going to stick to operating systems. I'm good at this. This is where I thrive. So what has been your experience so far with the leadership within IT and cybersecurity? Have you noticed any trends? Have you noticed anything both pros and cons of what you've seen throughout the industry in your career so far?
Speaker 4:Yeah, so a big part of my career. I've had a few leaders so far that have been amazing. So Natalie was a fantastic leader. I've also got my current boss right now. His name's Leo. Both of those exemplify the kind of things that I drive for and that I live for is I don't expect anyone to fully just be in this all the time. I want people to be able to look at this and take things as they come and then take breaks. I want people to be able to actually live their lives and do things with themselves. So, for example, natalie and my boss at the moment when work gets done, work gets done. As long as work gets done and if the work is done in a good manner and as it's there, you're fine.
Speaker 4:But in other positions I've had a couple of what I would say, is a little bit of micromanagement, and so, whether that's an issue on myself or an issue on the team around them that they've had previously, I think in some aspects there's been some bosses in IT that don't come from an engineer background, or they don't come from an analyst background and they more come from an MBA or some type of business background.
Speaker 4:And so they don't get the real aspect of those individuals that actually perform the operations and that actually perform the things around them, and so they don't have that look into it and that ability to actually manage the people around them. I'm not saying that they're bad at it, but I'm saying that they're what I wouldn't call exactly fit. I believe Natalie's like a perfect fit for a leader in IT and in management, just because she has that technical aspect and background, is she can understand the issues that come forth to a person and actually know like, hey, this is what's going to take their time and what's going to lead them in a different way.
Speaker 3:So Natalie's second, after everything and again you talk about some things.
Speaker 1:One of the big things is micromanagement, and one of the biggest issues I have seen within this space when it comes to just working in general is still this idea of nine to five or eight to five or whatever the case may be. And you talk to a lot of people that have been in this space for a while, especially those that research how the mind works and how you can work best within a certain timeframe. You only get out of any person according to research and books and I'm not the one that did the research, I just overheard this or was told this four hours, four hours is really solid work that you get from any person. After that they need to take a break and usually it's four or more hours and then they can go back at it. So this idea that we need to be in front of our computers like all day, all morning, all afternoon, until five o'clock, just needs to go out the window, especially in this space when, if you're delivering, especially if you're in like networking or cybersecurity, like I don't know anything, engineering, even as an analyst, a sock analyst that gets a little tricky because you need to have a backup and alternate things like that. You're 24 seven usually, but you need to be able to understand that if work gets delivered, it gets delivered, and as long as it's quality, that's what matters.
Speaker 1:It's not, oh, it took him three weeks to do this, so it's a shitty product because it's late? No, did he meet the deadline or did she meet the deadline or whatever? Like that's what's important. And is it quality work? Not, oh, they were checking out early every day. Okay, was the work done for the day? Like, if something's not due for three weeks, I don't count on someone being here eight to five every single day. Sorry, just not the way shit works, because unless you have work to do, see, I don't care. As long as your work for the day is done, I don't care. And that's how I think a lot more people need to get into it, just because this idea in our industry of, oh, you got to be at a computer for eight hours a day, no, most people are spent. Like I get off of work and I'm like I'm going to bed, I need a nap, I can't do this, no more. So, yeah, because it's mentally draining.
Speaker 3:That's what a lot of people don't realize is that it's mentally taxing, like we're not doing a laborious job because we sit at a desk all day, but it's still laborious on our brains. So you need those breaks to give yourself that pocket of time to go do something else, get your brain off of it. And sometimes your greatest ideas come when you're taking those like 10-minute breaks, 20-minute breaks, whatever it is you know.
Speaker 1:Oh, definitely, and you know, you said it right, we're not physical labor and by all means, I can't do physical labor anymore.
Speaker 1:So you know, I respect those that do and I think they have a hard job. I think that the physical demands that come from it are ridiculous and the hours they work are something I would never want to do. But we all choose what we do in life. This is the route I chose to go. It's the route we all chose to go. So it's a different field and I think people try to conflate. You know, oh well, I have to do this, so you should have to do it. It doesn't work that way. That is never the way you want to go about something. Because if we thought, oh well, it was always this way, so it should be this way, and we applied that to today, nothing would ever be secure, because even the internet networks weren't designed with security in mind. They were designed to do the Blinky Lights leak, yes, ok, hey, we're good, we're good.
Speaker 3:Policy chases the Blinky Lights.
Speaker 1:It's what it was. I mean, you look at these conferences and this is the problem with some of your CISOs and CIOs and directors that have, you know, your MBAs. They go there, they hear about the new hot shit and it's like, oh, blinky, lights, blink and it's powerful, cool, I want to buy that. Let's go, we're going to buy this and we're going to implement it with no team to actually implement it.
Speaker 3:A new buzzword.
Speaker 1:Right when AI came out in ML and they were like oh yeah it's machine learning, are you sure? Oh yeah, it's AI. Are you sure? Because we're looking at different concepts and nine times out of 10 is behavioral analytics. That's what it is. It's behavioral analytics is the machine, it's the user that is currently logged in doing something they don't normally do. Yes, behavioral analytics. And it takes at least a month to really get a solid baseline off of what a behavior is.
Speaker 3:Yep, it's not longer depending on how many devices that you're monitoring and all that too, Like it really could take, you know, six months for some companies, depending on their size.
Speaker 1:Yeah, yeah, and there's a lot of good products out there for it. Don't get me wrong, I just don't think and I wish I don't see him in chat. I wish Sergeant AR was here. Infinite and probability AI, because he loves his data science and his numbers. I would really like to know if any EDR, any software out there right now, is truly using AI or ML, like truly by definition, using AI or ML.
Speaker 3:I've seen a lot of behavioral analytics. Truly is, I think it's using pieces of it to do some of the legwork, but it's not truly using machine learning and AI to do all the work, Like it's implementing parts of it but it's not implementing all of it, you know so.
Speaker 1:Right, because it's looking at actions. It's looking at what's going on. So if somebody pivots to a different computer, then it's oh, this is against the norm. This isn't you know, it's roles and use cases and things like that. But in my eyes, ai is learning. That's the point to artificial intelligence. Ai can learn, and so it's not learning that that's bad. You programmed it to know that that's bad. So it's not AI. It's already been programmed to know that this action is bad. And so that's when I look at it, I'm like is it really learning or is it just programmed to know that X, y and Z is bad? Because if it knows that, then it's not learning. You programmed it to know that.
Speaker 4:So yeah, and I think that in looking at generator by AI, the big thing that really comes into mind when that topic comes up is that they haven't had the time to actually train this AI on the business that we're currently in. Right, we're not transitioning from like I'm in sawmills to chemical plants, like there's different attack vectors, and so how are you going to get this one product that has all this information unless you've been in here, right, and you have all these companies private data? So unless that's happening, I don't really see a true AI coming in and being put in these products at this moment.
Speaker 2:I think, if anything, microsoft would be the first one to do it Integrate it with Defender, because they harvest data like almost nobody else does.
Speaker 1:That's a lie. Google and Amazon harvest data more than anybody. Well, I don't know. Meta gives them a run for their money, so we'll see. But before we go on, because I forgot to do it, hold on there. It is All right. Cool, I had to do the official sound First. Take off that security app. Yeah, I brought through it earlier, but I do so. Do you think this is going to be a problem going forward for even leaders? Because you see a lot of leadership they're the ones that are responsible for acquiring software and hardware, right, they, they're the decision makers and they're the ones that talk to their bosses and say, hey, we need this amount of money for this product because of this reason. So he is here. Yes, I love it. I'm going to put that up in a second AR. Do you think that, lacking that knowledge of what these things are and the actual, you think they're getting hooked on the buzzwords without actually researching what they are?
Speaker 3:When you're going to those conferences, absolutely Like, because you just everybody's like oh, you want your t-shirt, ok, just give us your name and your phone number. And then like, next thing you know, you come back from a conference and you have like 50 people hitting you up wanting to have a meeting scheduled with you or whatnot Like. And it's like Some leaders don't do a good job of saying like, hey, this isn't for us right now. We don't, we don't have the time to do this, we don't have the money, we don't have the resources to sit here and evaluate your tool, and maybe we don't even have the need for this tool to begin with. So, like, a lot of leaders really really are terrible at doing that.
Speaker 3:And then there are some leaders that are like you know, we don't need this, I'll give you my information for the free shirt, and then you know just black hole the email or whatnot. But some of them are like I've had leaders before that were even above me that they'd come back from a conference and I'd have a list of 20 different tools to go look at. And I'm like I don't have time to look at these tools. You're gonna hire 10 more people for me, like I, yeah, like. Are you gonna train them to like what are you talking about? 20 tools like no.
Speaker 1:So. So my buddy did chime in. He is here. That is what it that. That is what is currently the issue with AI and cyber a lack of data and I can't disagree with that, because that's what it takes for something to learn is ingesting all this data. So I think this is where we look at an issue of Leaders buy something that says AI, ml or behavioral analytics. That's the only one that, when it says behavioral analytics, that I truly buy it. That's when I'm like okay, you know your shit, I'm actually going to listen to you.
Speaker 1:When you start spewing AI, I'm like okay, how's it learning? Well, it learns all of the users. Okay, see, that's behavioral analytics. That's not AI. Ai is a completely different beast. Like, it can learn everything. It can learn everything, not just user behavior. So I think this is where they're Convoluting terms, just throwing buzzwords out there, but I don't know if it's necessarily the company. I think it's marketing. I think the, the, the marketing is like somebody came out and said oh yeah, mine does AI. So now every product in the world has to say they do AI or ML or whatever the next buzzword, and I think it's more marketing than anything.
Speaker 4:Yeah, and I mean to drive that forward right and a lot of these, these products and things that are kind of brought forward to me and networking right, like, of course, those products like account that are really good for Wi-Fi analysis. In seeing some of those products, like even they're integrating and saying now that, oh yeah we have AI to determine how this AP is gonna react here.
Speaker 1:This AP is gonna react here and I'm like, okay, that's, that's, that's great, but how did you pull the data of?
Speaker 4:how was this AP gonna send a signal and it's gonna react against this kind of glass. Our glasses curve this way or this way and I'm like I don't really believe you have all this data for that Right.
Speaker 1:Right. So in Brad said it and he's right. I've heard this said before. Most I AI currently used in security products are not actually AI but machine learning, because it's two different concepts and and I think he's absolutely right most people that say AI or machine learning. So I want to talk about something even more important, though actually that's a lie, I can't say it's more important, but I think it's more important, and that is a new podcast coming out. I've heard rumors.
Speaker 1:I've heard rumors there's a security podcast coming out, I don't know where, I don't know who told me or sent me logos, but you know, I've heard stories that there's something new coming down the line in like two weeks.
Speaker 3:I'm just saying we can a half man, we can a half. It's called recorrelated podcast and it will be launching July 31st at 5 30 eastern standard time, 4 30 central standard time. You can do the math for the other ones.
Speaker 1:And what and what's it about? So what is going to be the premise behind this podcast?
Speaker 3:The premise behind it is leadership in cyber and leadership in IT and how to face different struggles that you know first off, identifying what's the difference between leadership, management and and you know mentorship, and then also like really delving into how to face certain issues that, like I've been a leader for a lot of years but I faced when I was in IT, cyber security and all that. I face a lot of different issues that I never faced before when I was in the military and I obviously I faced different issues then that I didn't face, that I don't have to face now, which grateful for, but like I had to face a lot of different issues that were weird and like when I was a new manager I had nobody to go to, like I was just making it up as I was going. Everybody's like yeah, yeah, this is great and I'm like cool, good, because I'm just making it up, man like.
Speaker 3:I had logic my way through it, but like I didn't have anybody, that's like, oh yeah, well, here's some some ideas of some like type of statistics that you might want to keep in mind or what kind of Metrics you might want to have at all times on your team.
Speaker 3:That kind of stuff. You know, really using certain business tax, like using business need to sell a tool that you might need or to gain a tool that you might need To your arsenal tools not that you're going to gain 50 of them that way, but like maybe one or two select ones if you don't have any tools or something like that or an upgrade to a tool, and using the business need to actually sell it. You know, using Appliance to sell it, because compliance is a business need and kind of really speaks to that. Using the risk and and knowing how to kind of curb your argument that way and really like what, what leaders should be paying attention to. That's different in cyber or it. Then what is going on in other like in retail leadership. You know that kind of or deal. So I think these conversations are going to be really great and they kind of already talked about like where it all started at like how it all, the idea of it all, came about.
Speaker 1:But yeah, and I think that's. I think that's awesome and, again, this is something that Me and you have talked about, and I'm so happy to see that you're doing this and where it's going to go, because I think there's there's always a different perspective, and I think the more people we have interviewing and talking to, other the more voices we can get hurt, the more people can get out there and be seen and be listened to, because in this industry we see so many people that go to the known right.
Speaker 1:So the Dave Kennedys of the world, you know, phillip Wiley said whatever, and I love, I love them to death. I think they're great people have had, you know, phillip, on my show. But there's always more people and I think we need more to get more voices heard, to get differing opinions and actually see how things you know can play out.
Speaker 3:Yeah.
Speaker 1:Hollis, how'd you are actually? You know what I haven't heard from August in a while. August has been way too quiet August. How'd you get dragged into this podcast? I'm just gonna ask.
Speaker 2:Natalie bold, natalie bold me into it pretty much you, yeah, I can just typical army pick it on Air Force.
Speaker 2:That's really what happened.
Speaker 2:No, I think Hollis let me know before that Natalie texted me about it and I'll be honest, at front I was a little hesitant about it, but I really liked both of their enthusiasm and that's what brought me here.
Speaker 2:I do think it's good to have a little bit, because both of them are a lot more experienced than I am, right, like I'm the oldest out of us three, but I'm also the least experienced, at least in this field, and the field of our field changes really fast, right, so it's really hard for juniors to keep up and you know, I'm two years in and I still honestly, have no idea what I'm doing like 75% of the time.
Speaker 2:And I've been blessed enough with my leadership that I've been guided, even when I'm feeling that that imposter syndrome real bad and it's just this is a way for me to give back right, like to help guide someone that's kind of probably in my shoes or a little bit, you know, a little bit earlier in their career, just because it's no one's alone here, right, like it's all a teamwork. Obviously we all contribute, all of us need to work together, right, this is we don't have the time for the infighting and the bickering that a lot of careers do. We don't have the time for that because criminals aren't doing that. They're doing everything they can to break into an organization and they're not. They're not held by what we are. So that's kind of why I'm here. It's my way to give back.
Speaker 1:So I mean, look, hackers don't care how many certifications you have, they don't care what your blackout dates are, they don't care what your management window windows are. I commented a zero.
Speaker 2:I commented on someone that said something similar to that on LinkedIn. While I do agree with you that criminals or hack black cats don't need that right, but look at it this way it's a lot easier to break a window than it is to replace one or secure a window or cut a whole Penetration testing in that window without breaking it. And that's where I think the fields differ, right like. You have to learn how to properly secure something versus just I'm just going to brute-fork this or I'm going to do this zero day and break everything. And I do think we need more entry level talent, not based on certifications, but that's an entirely different discussion and then we could talk about that for weeks. I'm sure everyone has input for that.
Speaker 1:Well, that's, that's. That's a gear multi-year conversation, I think. Natalie, how many times we talk about that? I swear almost every episode that comes up.
Speaker 3:Yeah, yeah, I really hate, first off, I really hate certifications. They are good to an extent, but they're not good at building the base, foundational knowledge, because a lot of people don't study for them properly, so they just the cram for the test and then after the test they forget everything that was on it and then they forget all the materials. So they haven't actually built that base foundation. And I think that certification mills tend to do that a lot and just like regular certifications like requiring a certification for an entry level job will cause somebody to just rush and study for it and pass the certification, and now they have it for three years. But do they really have that knowledge?
Speaker 1:Well, that's been my biggest thing, and Hollis will touch on you in a second because I want to get your feedback on the podcast. But to me, when it comes to certifications, right, I have more letters after my name than a lot of people, except for DR. I'm not a doctor. I don't like to pull that much, but you see a lot of these baseline certifications that people take, test dumps and things like that, so they never actually know the material. So a little bit of background.
Speaker 1:Before I got into cybersecurity as a job or a career, I was studying it, I was on Linux, I was on backtrack, I was doing, I was breaking into things, I was running my labs, I was doing all this stuff. So by the time I got into it as an official career field in the army, when I went through all my sans training, I knew every toll and knew how to use every tool they taught us I had done. I had a new end map backwards and forwards at that time. I don't know anymore. They keep changing and they keep removing options from me and I got to download older versions. But you know, I knew end map, I knew metasploit, I knew I knew all these things. And so when I went through the course, people are like, how do you know all this? Well, because while you're, you know, watching TV, you're going out and doing other things. I don't know, I don't know. Hi Hollis is, I don't know, girlfriend, wife uh, something, hollis is better half, don't want to put some protection.
Speaker 2:anagans Sister, I don't know. He is from Alabama.
Speaker 4:It's just, it just had to bring it up, didn't it?
Speaker 2:I did Any chance I get. I'm going to jab you about it.
Speaker 3:I'm going to be a good friend of Hollis?
Speaker 2:Yeah, I was at. Hollis, not Liz. Liz is the same.
Speaker 1:But yeah, I knew it. I knew it because I've been studying it for years, literally from the time I I I found out about cracking Wi-Fi up until I got my god to say ends I had been studying all of this shit. And so people are like, how did you notice? Because while you're watching scrubs, I've been studying it for a long time, I've been learning and I knew it all. Well, I didn't know it all, but I knew what. I knew all of what I was going through at that time, because it was G, sec, gci, hg, ced, uh, I forget what the hacking one is without a certification. And then Python came out, but it was GP, gpyc is what it became. And so I I worked on all that, so I knew it. I've been working on it for a long time.
Speaker 1:I didn't need to test them. I didn't need someone to give me the answers. It's sit in front of it, do it and you can. You can word the questions any which way you wanted to, but there was no fail for me. I wasn't going to fail. Whereas security plus A plus net plus, you can go online and find the answers to everything.
Speaker 2:It's a completely different beast On the flip side. You know, you usually get caught out in interviews right Like oh, I caught.
Speaker 1:I called people out in the military for that shit.
Speaker 2:Like as soon as you ask someone something that's outside of the norm, of something that would be on the test versus something that if they'd actually study the book or the reading materials they wouldn't you you can immediately almost tell who is bullshitting and who's not right.
Speaker 1:Yeah, I had someone in the military asked. I asked her what 4443 was. I don't know. Now, why the hell? Are you an NCO working the help desk? Yeah, I didn't go over. Well, I didn't care. I was like you have no business being here at all. You need to go lose your rank and lose everything because you're a cheating son of a bitch and you lied.
Speaker 2:That's I mean.
Speaker 1:It's a cheating scandal that happened across multiple branches, that answers were given out for a lot of things, and the the DOD absolutely ruined cop Tia because then they came out with these boot camps that literally just taught the answers to the test. That was their whole premise and the DOD bought it. And so I had someone that if you had a certain voucher code because when I was in a guard they did a boot camp, alright, and they gave vouchers for these boot camps, so you can go, take the voucher code and then the one that was provided by the boot camp, you've got a completely different test, meaning you didn't get the answers. You had to pass it on your own fucking knowledge and these people fail. So again, the DOD ruined, just like wow, we're not going to get to it. Anyways, how did you get sucked into the?
Speaker 4:podcast. Yeah, so Natalie, originally hit me up with the idea, and so I was like I'm gonna never take part in helping you with the podcast and so me like not knowing what helping that. I was like yeah, sure, I'll, I'll go for it. Um, and then, months later, she was like so co-host, right. And I was like uh, I mean I can speak, but like, and then, once, once we got August into it, right, because she asked me she was like hey, you know, I'm not gonna be super close.
Speaker 4:August has been kind of like a brother to me and kind of watching him come up in the industry. Uh, it's kind of driven us further for me because, uh, you know him and I just exchanged banter back and forth all the time.
Speaker 1:I'm just Natalie. She's the only banter. He's like a brother to you. You live in Alabama, I'm sure it's just Damn it, nothing more.
Speaker 2:You walked us right into that thing.
Speaker 4:But uh, yeah, I mean uh, well, with all that right. Uh, the the first thing I did when August was like first starting out, I bought him a book. I was like, hey, I think you'd love this book and I think you would have a good time with this. Uh, and ever since then, watching him grow and then seeing him getting into lifting like I've gotten into lifting Uh, you know I just it for not the best of my life.
Speaker 4:I mean, he's great. Um, you're a lot of love, um, as well as like it, natalie, like Natalie helped me grow into, like the positions that I've gotten into. Uh, they're both fantastic people and you know, I'm just, I'm glad to actually be a part of this and be able to hear what they think more and get more out of them with this.
Speaker 1:You know, and there's nothing wrong with that, because it's awesome, because I got, you know, my sister, amanda and Chad and yes, I call her my sister Um, who's my sister? I'm the Google Cyber Security course and and it was one of those things where I saw what she did, um, I knew who she was and what she was capable of, and I said you need to do this. And so my next school is to get her a job like the FBI or something like that, because her investigative skills are none A lot of people's out of the water. I'm sorry Y'all ain't got nothing on her. It'll be done tonight, of course, it'll be done tonight. Alright, I got so much. Look, I help people, that's what I do. She's like, ah, it'll be done. Well, alright, I'm gonna move on. So I got a book that somebody didn't claim that I'm gonna send to her.
Speaker 1:But, yeah, I, um, I think it's one of those things, you know, we gotta help each other out, we gotta lift each other up, and this is the thing about leaders, right? You? There's a difference between a leader and a manager. A leader is gonna bring you up with them. A leader is gonna, you know, guide you. A manager is just gonna tell you what to do. A manager is gonna sit there and not actually. I look at it this way In the in the army, we had NCOs that told people what to do and sat on their ass, and then you had NCOs that actually did the job while you were doing it, because I'm not gonna have you do something and I'm not willing to do it. No, if you're doing it, I'm doing it. Those, those be the rules. This is the rule.
Speaker 1:I always live my life and so I hated when people would be like, oh go do this, alright, cool, I got you and then they go sit on their ass in the AC and not do anything Literally nothing. Like I've seen these NCOs. I've seen a lot of NCOs legitimately do nothing but play on their phone. That was all they did and I'm like so we're out here busting our ass and you're in there on your phone. I'm not that type of leader I wanted to be and so it's. It's hard because I see a lot of managers. They want to manage, they don't want to leave Two completely different things, and I think in this industry we need more leaders and less managers, because the leaders bring people up with them. Managers a lot of times are afraid to lose their job or afraid someone's gonna take over their job. So they hold their job.
Speaker 3:They're not looking Well, and not only that. Sometimes, like what I've seen and like you can be a leader and a manager at the same time, you can still hold a management title as still be a leader and use leadership tactics and leadership techniques to help you grow as a manager, right, but the manager, the manager title doesn't go away.
Speaker 1:There's no such you're not gonna find unless you're a lead, like in a company with a authority, with leader in it. Manager, I am a practice manager, yep, but I'm a leader. I'm not gonna sit there and do have my people do something that I'm not willing to do and, let's be honest, I'm not willing to do a lot but I still do it, because if they gotta do it, I gotta do it. But you're not wrong, that it's. It's very. You can be both, but it's very hard to be both. You're only both entitled. Well, one's entitled, the other one's in what, how you approach your, your team, yeah, once in philosophy, much more.
Speaker 3:and and your, your practical side of you.
Speaker 1:You're not gonna be the one, that's gonna be the one that you're gonna be. So I look at it, I look at, I do. I will always look at leaders and managers different. A manager doesn't want to help, and so directors and there's a lot of excuse me directors there's a reason. There's only certain people I work for. I don't go into companies blind anymore. I love working for him. I've worked for him at two other companies. I will continue should he ever decide for some obscure reason, to leave. I will follow this man because they're he will always look out for his people. He is not in a position to do any hands-on work anymore Like he's way above that level. At a director and above level, you kind of don't do that shit and make sure they are taken care of Bar none above anybody. I've worked Bar none.
Speaker 3:Hey, that's one of our podcast episode.
Speaker 1:Yeah, one of those people that I will follow him wherever he goes. Now I, I I yelled at him and I gotta address me. So comment here in a second. I've actually called him because I've had a number for years. I've called him like dude, you're fucking, like literally you brought me in and you're like I'm not gonna do it. But it's one of those things where I respect his drive and his passion, what he's capable of, and so when he leaves, he will literally call you and be like hey, you want a job? It's gonna pay you like 80 grand more.
Speaker 2:And you're like yeah, bet, I'm there, yeah, I'm out, I'm coming right now.
Speaker 1:Alright.
Speaker 1:So Misha did say this. Um, I disagree with you, seborrure studios. I think it's because of the fact that you're the leaders. Um, to be fair, most of my management experience came from the military. Um, in the civilian world, I've worked at one, two, three, four different places. Now I'm on my fourth place since I retired out of the army in 2017. So, past five years, I'm on my fourth job. Actually, is that five years? I'm on my fourth job. Um, one shitty manager. Two, two great leaders.
Speaker 1:Because, well, at the second job, I had an amazing manager, slash leader, whatever you want to call him. He was the manager of all of us, but he led. He was willing to do the work if need be. Uh, he was on the calls with me at three o'clock in the morning whenever we were handling IR. The current boss I have now I had with my boss at the third job I had he shit happens, um, and so he was great when he was there.
Speaker 1:I had someone else. He was a piece of shit. I hope he's watching. He'll know who he is. Um, and then I hope you see this. Oh, dude, if he's watching, because he's playing these, watch my shit, and I hope he does, I don't fucking care. He fired me for no fucking reason. I was two and a half years. Um, my boss there was amazing. And then I mean, there were, there were things me and him talked about issues within the organization, but as an organization, as him as a boss, absolutely amazing. And then I went back to who I worked for twice before and so because I love working for and I'm like, yeah, and I know when, when things like bonuses come down a lot, and he'll be like you know, you know, you know, you know, you know, you know now, like they're getting paid and like see, this is why I love you, this is this is why we work great together, because I'm gonna make a deal and you're gonna do it. I'm like that, let's figure it out. We'll find motherfucking white. We're gonna make this work.
Speaker 4:Yeah, for sure, and like I'd like to take a second to caveat off that right, like In saying that there's people, there's managers, that don't want to become leaders, I would also suggest you that there's analysts and people like myself that don't want to become a leader. There's people that don't actually want that opportunity and they're just into it. So I will tell you that I don't think a manager can be made into a leader, and I will say that, yes, they have to want it if they want that. But a lot of times that people are put into management are generally put there in my eyes in this situation, because they're just kind of their move there right.
Speaker 4:Not whether they're a good person or a good leader or whatever they're just they're put there.
Speaker 1:That's the only move they have within the organization to make more money. Yeah, that's what it comes down to is money. Organizations need to give you a place to level up technically, even if that's a creative rule. When I was at my last organization, I kept going back and forth. I didn't know if I wanted to be in manage. I didn't. I didn't know if I wanted to deal with the headache, but then finally I got to a point where I was like I'm tired of doing all the technical work all the time. I love motivating people, I love mentoring people, I love helping others, but actually dealing with clients trying to get the technical work done is a fucking headache that I don't want to deal with on a regular basis. And so when I finally decided that and me and my buddy talked and he goes, I got a job for you. Bet I'm there like I'll go run a team for you and this is what we're gonna Money. Let's go, I'm all about it, have fun.
Speaker 1:I hate and again, nothing against where I previously worked. I love to work in forum, but it's just a More money and be. It was a different role and it was something I wasn't gonna be able to do, because where I previously worked, we were so small that even managers or leaders or whatever title you wanted to fucking give them we're still doing all the work, and I didn't want to get promoted To then have them deal with people and still do all the work like it just made no sense. And so I finally got no position where I can ease off the workload like I'm only. You know, my bonus is like I'm only gonna put in 20, like 20 hours, I think, or something like that of time versus actual consultants, or no, I'm 20% billable and I might Rather have that then 50 or 70 is now I can actually do these meetings that require me to sell shit.
Speaker 2:The add-on to what y'all are saying too. I think that us all being veterans, leading veterans as a civilian is probably not the easiest thing to do, so that also have something to do with it. It's and I'm not downplaying or or down bad talking, talking down to civilians either it's just that veterans are different breed. Um, honesty is a really big thing for us, and up frontness and not not everyone can handle how brash veterans are, especially like Civilian people that have never had to work with or for or above veterans before. It's. It's a little bit of a different game for us than it is for someone else.
Speaker 3:Well, you have to think of it too. Is that like when we were training, we were training to go to let this? I was, and I know, derek, you were All this and August, I'm not sure when you guys were in but like we were training for war, right? So like you had to trust your leadership to, regardless what your job was, you had to trust your leadership to do what was necessary so that you could make it home right Like it, make right the right decisions versus like. So we bring that kind of mentality to, to the civilian sector now and they're like we're not trading for war, like we're not going nowhere. We are chair warm rangers here.
Speaker 2:I think that even if you're not training for war, there's because I was Air Force. Y'all can make your jokes, that's fine, I was in the Air.
Speaker 1:National Guard. Before I went out to do the army Over the shit, I went through an active duty any day of the week in my five-star hotels. Now I'll take them.
Speaker 2:I worked on nukes. Like we don't, we don't really deploy right. Like where am I gonna deploy as a nuke troop? Nowhere.
Speaker 1:So you're gonna another state.
Speaker 2:Why was Anderson Air Force base Guam? This is pretty tough. Let me tell you, taking all that aside, that the military mindset is a lot different, and that's something I've had to adjust to is Lowering my expectations for a lot of people outside of the military thing, just because you can't Expect everyone to perform at the same level that someone that's a veteran would.
Speaker 1:So I got, I got two questions here. And you're not wrong, veterans are a different breed. They're always gonna be a different breed, but they don't. They don't work everywhere. You can't have veterans in certain positions, not because they're incapable, just because certain ones drank the Kool-Aid way too much, and and when you become like uber marine or uber army and your whole personality is ooh raw, I jump out of planes or, you know, I Make things go boom-boom. I'm sorry You're not gonna fit into a lot of places like I'm sorry, but that's the way it is.
Speaker 2:On the flip side of that.
Speaker 1:I never jumped out of planes. I was broken as it is and I never wanted to. It's perfectly good airplane. I don't need to be jumping out of it, just Not my style. But hey, that's me. I Love the Air Force. It was what my first branch before they said hey, we're not cross training prior service into active duty. Yeah, I said okay, fuck you up there in the army.
Speaker 2:Uh no, also lazy veterans too, though. So not every veteran is gonna come out and be a workhorse right Like I know some people that I've worked with that have a bad taste in their mouth because veterans expect to Ride the reputation of I'm a veteran, I've done my time right, so I guess I should add in that too. There's also. We call I don't know what the army called, and we called them shitbags in the Air Force, but um, you know, we got a few terms for them.
Speaker 1:There's there's quite a few we can come up with, um, although also called them rocks.
Speaker 1:Yeah, you know, none of those terms we came up with are probably politically correct. We're just gonna say there were. There were quite a few, um, and I don't give a damn like that's what they were. I don't know if they were like shit bag, lazy piece of shit rock, dumb as a rock. Um, I can come up with a few more. Mostly they were the ones that went and cleaned the rocks, flipped them over, paint them again and then move them and then clean them again and then go mop the grass, cut the grass with some scissors, and I wish they still did that. That'd be great. I digress. Um, we have a question here from Andrea. Do you think leaders are born or developed within their environments? Haulist, you go first.
Speaker 4:Yeah, so when I when I look at a person that's going into a leadership position, I think people can be trained for it. I think people can learn that and adapt to it.
Speaker 4:But I do think there are some people that are just born with that inhibition. There are some people that are just born with that ability to take a situation, take people around them and say, hey, we have this issue, we have this problem, can you walk with me? Uh, and I think that's what differentiates a leader from a manager is having like derrick's other type of videos. Is the walk with me situation, uh, being able to take people around you and move them forward with you? Uh, I think that's something that, like I said, some people are kind of born with it. It's something some people can learn.
Speaker 4:It's kind of a harder trait to learn and it's something that I've explained to my current boss is that, uh, while I love, uh, technology, uh, he wanted me to kind of move more forward into leadership, I I don't see technology like. I see people. I see people as more of a challenge. Uh, I see them. As you know, I could learn them and I can learn how they are and what they do and like move them forward with me. But you know, there's some people that don't want to walk the same way as me. There's some people that don't want to walk in the same pace as me.
Speaker 2:And I think that's what really separates a leader and a manager.
Speaker 4:Um, but uh, you know being bored or developed with it uh, I'd really give it a 50-50 right. Um I think it's a thing where there there are people, like I said, that are born with it. There's other people that you know. They pick it up, they take the task and they say you know what, I may be a good analyst, but I can be good with people. Uh, but it's just a. It's a tough line and it's a tough line to ride, but um.
Speaker 4:It's, it's, it's a line that at some point I'll have to face. But uh, right now I keep pushing a line away.
Speaker 1:Eventually, you'll get there. Eventually you'll get there. So, natalie, what do you think? Our leaders are born or are they developed within their environments?
Speaker 3:Um, okay, so I think it's a little bit of both. Um, some people are natural born leaders and you cannot take it away from them. They like they. They will find their way into leadership every time without even trying it. And like they're the ones that they constantly are finding their way into leadership, um, leadership positions. They haven't tried to find their way into a leadership position, but the next thing they know they're just like promoted into a leadership position.
Speaker 3:Um, but you can learn different ways to lead and it takes a little bit longer to develop it from their environment. But I've also, I think that I've developed my leadership style From seeing great leadership and also seeing really bad leadership. Like, I've seen some really terrible leaders and I was like that Is not what I want to be when I become a leader. So take note of this now self, because and I would write it down I'd be like don't do this, because that was what I wanted to be the furthest from when I became a leader.
Speaker 3:Um, so I I've always said I am a byproduct of really great leadership and really poor leadership, and that's kind of how I've developed my leadership style. Um, but you can also take somebody who has no natural likes who doesn't really have the natural instincts and and still develop them. If you work with them enough and you really get them to understand why we're doing the things that we're doing, you can still develop into a leadership or into a leader role. Um, as you know, without having that natural instinct, it's just a lot easier when you do have that natural instinct to lead others.
Speaker 1:Yeah, definitely, I completely agree. Um, there's a lot of differences, it's just. It varies and I'll give my take on it here in a minute, but I want to let august go. Go ahead, august.
Speaker 2:I think it's both like nap, like Natalie said, um, I do think there are people that are born for it. That's just how they are and how they're going to find their way. Is that right? But on the flip side of that, I do think it can be taught, um, by circumstances or by happenstance, right, like something happens and they have to and they either learn or fail.
Speaker 2:Uh, the third part of that is, I think that the people that I'm going to pick on hauls a little bit here. Hauls said he doesn't want to step into a leadership role. Right, and I think that's what would make him a good leadership role, because he doesn't want that role, and and he would set an example, or a good example not just an example by being the leader that he would have hoped he had when he was younger. Right, and I think anybody can maybe not anybody, but I think most people can recognize what are good and what are bad leadership traits, and especially in cyber or information security, whatever you want to call it. Um, it's a small field and Obviously, a lot of us are either neuro divergent or introverted. I'm not, I'm extroverted, but I think that takes a certain kind of person and To lead someone like that, because you have to bring someone at least enough out of their shell To be able to instruct them and guide them. So I I think that's a roundabout way to answer the question.
Speaker 1:Natalie knows all about me bringing people out of their shell. How many people have I had on this show that are like, oh, I don't want to talk, I don't know, and I'm like, uh, fuck you, you're coming on.
Speaker 3:And also holless says he doesn't want to be in leadership, but I know for a fact that holless is a great leader.
Speaker 1:Called it. Well, here's the thing. So so, but but Austin said it right. Who's Austin?
Speaker 4:My bad dude.
Speaker 1:I ain't got my name. It's not as bad, as it isn't as bad as what I do to when. All well, you're right, I'm just giving you a hard time. What August said it right is you know, absolute power crops, absolutely.
Speaker 1:So if you don't want power, if you don't want to be in charge, you usually make the best leader because you don't want that power. You were Good enough to do the job that your, your team, the people around you, your community Chose to put you in that role, and so you will do things to make sure that those under you Are taken care of, whereas if you choose or if that is your absolute Goal was to be in power and have power and make decisions, you'll burn a lot of bridges and hurt a lot of people just to get there. First, the people that don't want it. They're not burning bridges, they're not trying to hurt people, and once they get there, they want to continue to keep their hands on keyboard and do the work and mentor others. So it's those that don't necessarily want it to make the best leaders. Just the way it works. Sorry, sorry, paulus, but you're gonna end up in leadership solely because I'll keep fighting it.
Speaker 2:I'll fight it to the end. I'm gonna send your boss a LinkedIn message tomorrow.
Speaker 1:Paulus, you're being promoted especially because you know. August is gonna create a sock puppet account now of Austin. Similar is gonna be the name.
Speaker 3:I'm just glad it wasn't me. They called him Austin, because I usually do. I usually will impex him like Austin.
Speaker 1:I don't know where that came from. August Austin, I don't know. They sound like I had the aw right. I hear good man.
Speaker 2:It happens all the time.
Speaker 1:So we got, we got started AR here. Infinite probability, ai Heard. The need for cybersecurity analysts is due to lack of retention. What can a leader do to improve retention and what would cause you specifically to stay loyal to a company? Uh, august, go first.
Speaker 2:So this actually happened to me pretty recently. I I'm not gonna name where I work or where I turned down a role, but both Paulus and Nat no, I turned down a role. That was probably. The compensation was quite significantly higher than I'm making now. But the reason that I did that is because the company that I'm at is paying for sands once a year. We're also paying for Um. I also have access to immersive labs. I'm not micro managed. My bosses recognize when we do good work. They also Voice that recognition to not just our team but to higher leadership. That is one of the things. Um, I forgot everything I just said sands, immersive labs.
Speaker 1:August. Are you sure you fence over this?
Speaker 2:Man, I completely lost my training thought. So training is one of them, uh, recognition is one of them. Appropriate compensation is one right like to an extent, once you're at three to four years, your salary is going to be fairly similar across most companies. Um, obviously some are going to pay more than the others, but realistically, like being heard and being recognized are two major things. And and a boss asking if you need anything, which sounds trivial, right, but that hasn't happened to me at the two companies that I've worked at in security. I've been more than happy with both that I worked at, but when I worked at help desk before, it wasn't like that at all. It was more of You're doing your job. That's cool.
Speaker 1:Oh, you got the experience of a grunt, or a soldier.
Speaker 4:You know, you know all about that.
Speaker 1:But uh, I'm not gonna get a holless. No, your last holless. You're going up last, you're going last. I'm just talking about man.
Speaker 3:I would say as a leader, you can value your people. If you value your people and you let them know that you value them, you value their time, not just during work, but also like don't ask them to work outside of their working hours unless it's absolutely necessary. You value them to get them the training you value them to where you're actually shouting them out, you're valuing them. There's a lot of different ways that you can show that you value your people and some people they don't want their shout out because that's just that's not their thing. Like I'm that person. Like I hate being crazed. I hate it because I get embarrassed. I'm like I don't even know what to say, I'm awkward. But you can value people in different ways.
Speaker 1:I know why, but we'll talk later.
Speaker 3:But if you value your people and you let them know that, like, come hell or high water, I don't care if this business says like, excuse this. They're like oh, we want you, as a leader, to speak this company line, I won't do it. I will go to my people and say what I'm supposed to tell you is X, y and Z. We can't really talk about what I really think, but this is what I'm supposed to tell you and my people will know like, oh, okay, luckily I don't get asked to do that anymore. But like, when it comes down to it, I care about my people enough that I put their needs above everything else within reason. Obviously, we're not bankrupting companies and we're hearing something like that.
Speaker 3:But like, you know, then you need to take two hours to do something good to it. Go, I'll see you in two hours. The haul is used to work after hours. Sometimes that'd be a house. What are you doing online? Why are you here?
Speaker 1:My role on PTO. This is my role. Anytime someone takes PTO. I better not see your ass log on to Teams or send an email or anything. If you take PTO and I see your ass show up, I'm gonna make you take more PTO, dude, no, take your time off. That is your time, not the company Go. And I got yelled at recently because I was on PTO and my buddy who's my, he runs the MSS, the operation site he goes what are you doing online, dude? I was just checking. What are you doing online, son of a bitch? Fine, all right, log off, leave me alone.
Speaker 3:That's the hardest thing as a leader is to practice what you preach. But it's very important.
Speaker 1:Oh, I try, I try, I try. I'm gonna let haul us go. I'll give my two cents, I'll haul us. Go ahead, brother.
Speaker 4:Yeah. So in terms of what August and Natalie were saying, I think they're both very accurate in saying that the person needs to feel valued being in. I feel like I'm gonna be the forever analyst or the forever operations guy. I fully believe in the fact that as long as I have a boss or a manager or whatever you want to call them at this point, as long as they value my work and they value the time that I put in.
Speaker 4:I mean, if I'm getting compensated and I'll even quote unquote fairly and I feel like I'm being compensated appropriately.
Speaker 2:I'll follow it in his earth right.
Speaker 4:Like if you give me this task, this project, and you're like you know what great job you're doing, great, or like you know, take this time that you need, or whatever, like I'm here for you, right, like me, and you, we can talk, right, we can do it all right, like.
Speaker 2:I'll build the world for you at this point.
Speaker 4:So I mean, I really I fully believe that the person needs to just be valued, and then you know just the ultimate like respect of it all, and I just there's people that show it, and those people I'll say that, for lack of a better term, I'll find them in the world right.
Speaker 2:Like well, you can walk across hot coal at this point right.
Speaker 1:I'll be there, yeah, definitely.
Speaker 1:So here's the thing, the way I see it, is like this Lack of attention for security analysts is definitely on the leadership, because leadership will implement tools that will make things happen. Because one of the common occurrences with a security analyst is gonna be like log overload right, you're getting overloaded with logs and alerts and everything else and you just can't process it all and it's a lot of noise. You're trying to sort through it and your boss, your leader, isn't giving you the time to actually take care of yourself and understand that I need to step the fuck away. I need to get away from this computer. I need to quit staring at the screen because something's not configured right and it's not my job to configure it. So, as a security analyst, I think that's one of the biggest issues is people have been promoted or gotten to positions too early and don't know how to configure things the right way. Or companies have been like oh yeah, we're gonna buy this and not get pro-serve and we're gonna put our security engineering team on it that has never touched this product, doesn't know how to work with this product and they're gonna be the ones to configure it. So now you got analysts looking at this going. I'm out, I'll do this, see you later. So we talk a lot about that.
Speaker 1:But then you all are talking about recognition and stuff. Look, it wasn't until I got out of the army that I found recognition matters and it was because in the army no one ever got it right. In the army it was like oh, you getting it. Yeah, I'm cool, you were an E6, so you get the lowest metal possible. This is what you get as an award for doing your job in PCSing and order point. First job I got I was there sponsoring. I left, took, take it there were pain in my ass, I bounced. Second job I had I have two awards right now sitting on my bookshelf. One is for my second company I worked for out of the army. I actually got a security engineer of the year award for that company and I did not realize how much that would mean to me until it happened Like I had never gotten that recognition, never been known to be someone that actually knew his shit or was able to actually deliver, and so when it happened, a switch flipped and it was like holy crap, this company means more to me now because they're recognizing what I am doing and it made me believe more in the leadership above me and the things like that.
Speaker 1:So I don't believe in loyalty to a company, I believe in loyalty to leadership and again, I talked about this earlier Boss I have. Now I will follow to any company he goes to. But I don't believe in company loyalty. Because he leaves, that means there's something wrong and it's to that I hold loyalty to because he always looks out for his people. So if he leaves, that means they're fucking over their people and that's when I'm like see ya, come out. So for me, recognition eh, I still love it, I think it's great.
Speaker 1:But I'm loyal to a person, not to a company. And that's the big difference in this industry versus the old days when you had mines and GM and all that other stuff where they were on assembly lines. You were loyal to a company because you got a pension and da-da-da, pensions don't exist for us. You're 401K transfers, so you're not gonna get a pension. Pensions don't exist. We're gonna go where the money is and I'm gonna go where my leader goes. The person that's gonna take care of me, that's where I'm gonna go to. Then I know he's gonna pay me, then he's gonna take care of me. I know if he leaves, that's for a good reason, because he talks to leadership and he's above me, so I'm out. See ya, I'm gonna go follow him, yeah, just tell them that you're gonna start a metery when you leave.
Speaker 2:Thanks, Hollis.
Speaker 1:My friend I got a good question here and I'll run this round the table because I'm gonna say it depends. This might answer right away and I'll give reason for that. But what do you guys think is fair pay banned for a junior security analyst? And as, Natalie, you're the one in leadership, it's like myself. I'll let you go first.
Speaker 3:I would say it depends on what part of security you're in and also-.
Speaker 4:It's just junior security analyst.
Speaker 1:So we'll say in a stock, yeah, but if you're a stock analyst or you're doing GRC security analyst. Never heard of one of those. Maybe a new one on me.
Speaker 3:Because GRC analyst is still a junior security analyst depending. So if we're talking about like a stock analyst, I mean it also depends on where you're located at and what skills you actually bring to the table and what transferable skills you have as a junior. If you can bring a strong argument. I mean I've seen juniors start out with decent salaries and I've seen juniors that started out with less than less than okay salaries, like salaries. I was just like I'm not okay with that. That's not okay.
Speaker 1:As far as the pay ban, though, what would you say, like, as far as your pay range, what would you put on a junior security analyst? And again to your point depends on experience, depends on knowledge, depends on a lot of things, but what range would you put on a junior analyst?
Speaker 3:I'd say 50 to 70,000 a year.
Speaker 1:Okay, I can see that and I get your point. There's different roles, different positions, different areas of expertise.
Speaker 3:Yeah, like if you're on call, that should be a little bit higher probably.
Speaker 1:Yeah, what about you, august? What have you seen and what do you think?
Speaker 2:I think fair and reality are two different things in this aspect. Right, because the reality of the situation is that the junior market is very oversaturated and it also depends on your transferable skills. So reality, I would go. Reality, I would say between 45 to 75,. Right, and that's market dependent, that's your background dependent, that's where you're at, that's remote, that's on site right Now. Fair, realistically, a living wage I would say between 55 and 80. But that also falls back on where you're at, if you're remote, if you're on site, if you're commuting to work.
Speaker 2:When I was interviewing for SOC analyst physicians, it was anywhere from as low as 23 an hour to up to about 70,000. And that was in Dallas, fort Worth area. So the reality of the situation is employers are gonna drive that price right now and that's probably not the nicest thing to say. But the market for entry level talent is very flooded and I say that as entry level talent. Right, because I still don't have three years, so I'm still entry level. Yeah, that's. I guess that probably answers it in a roundabout long way, but it's a tough situation for entry level analysts right now.
Speaker 1:It's yeah, yeah, paulus. What about you man?
Speaker 4:Yeah, so I'll give my perspective as one of the lowest paying states. Really, I'd honestly say you're probably looking at as low as a help desk, right, If you're a junior SOC analyst or a junior security analyst you're coming in with about as much experience as an entry level help desk analyst. At least, that's my assumption, right.
Speaker 4:It's probably a bad assumption, or it could be a bad assumption, but I would say it could be anywhere from $17 an hour, because when I've interviewed before for a junior SOC analyst in Alabama here specifically in Bruton, if you want to look up the town it was $17 an hour and then I've seen it go as high as like $80,000 a year for salary. So it's fully a it depends, and we're in an employer driven market at the moment, so it's up in the air. Honestly, I would say argue for yourself and try and get something livable. Do what I did. When I saw $17 an hour I said no, I gotta go, I can't pay rent.
Speaker 2:I don't want to look at logs for $17 an hour I mean I don't have enough time or enough, like patients.
Speaker 4:So it's an, it depends, and so I'm saying $17 an hour to $80,000 a year?
Speaker 1:Yeah, definitely All right. So I'm gonna hit my point on this Again very much depending on where you live. It's gonna go by cost of living in your area and, again, it also depends on the cost of living and the places you're applying to. One of the things that will make known. I looked at Google. Google came to B-Side Spitsburg and they sponsored it one year I think it was last year, the year before it, I mean, they sponsored it this year.
Speaker 1:I didn't see a table, though, but I talked to them and they came to me and they said, hey, yeah, well, you can work remotely now. And I said cool, do I get California salary? They said no. I said then I'm not gonna work for you. I'm not gonna work for a company that I know can afford $300,000 a year for someone that lives in California and you're only gonna pay me X amount of dollars here in Pittsburgh. No, it's not gonna happen. And they were like but no, no See, I know you can afford this because if somebody lives in California, you're gonna pay the salary. So, no, I know you pay based on where you live. I don't play that game. You're gonna give me what I'm worth, which is what you see is worth in any other state, and so that's how I operate. And again, it's very dependent on the organization and state that you live in and that you're applying for as a junior analyst. I will say this in all this, I know you've seen it, but I will say if you're getting paid the help desk salary for a junior analyst, somebody's screwing you over, because a help desk is supposed to be a starting point to get to that junior analyst role. So if you're making the same pay band, somebody is not willing to open the purse strings and it's not a company worth working for.
Speaker 1:For me and my eyes, no matter where you work, no matter where you live, I would say starting salary should be at least 60 to 70 grand a year. At least 60, 70 grand a year. That's just me. Some people may not agree with that, but starting out, security analyst junior, I don't care what role you are, you have experience or you have some type of education and knowledge behind it that can carry you into that pay band. Now if you come in saying I know nothing about security, I know nothing about IT, you're not even getting hired. I'm sorry You're just now see ya, but I'll bring you in somewhere at the base salary of about 60 grand a year for a junior security analyst that's gonna be looking at logs all day. I got no problem with that. I'll train you, I'll get you up to the point of six figures. But 60 grand a year, that's a great job for security analyst, and no matter where you live. As far as single in college, not in college, you work for me. 60 Gs, yeah, you'll be all right, but we're well, holy shit, it's close at the time. Well over an hour. We're at an hour and a half.
Speaker 1:I got a bunch of questions here. Look, here's the way I wanna run this. If you want questions answered, please send them to me, please send them to Natalie, send them to anybody on LinkedIn, discord, twitter, facebook you know where to find me. Feel free to send me some cash app with a question in it. I ain't against that. I will answer it. For cash, too, I need money. Look, I got a wife and five kids. I got a house to pay for. So you know I'm all for money, but otherwise, look, we're gonna go around the horn. Call us your last enter. I'll let you be the first one to answer this. Any advice you have for anybody breaking into cybersecurity.
Speaker 4:Yeah, learn like you haven't learned before. Right, Take the time and take the topics and you know, take the time that you have and appreciate the topics that are given to you and then take that and apply it, whether it's addressing an issue or like you. Learn like, hey, I can lock down an active directory account. Take it and apply it through life. Take it, say like hey, I'm a lockdown social media or something. Just make those applyable situations and Continue to learn and grow and you'll be golden August go.
Speaker 2:Don't do what everybody else is doing, just taking certifications to take them. By all means, take them, especially your CCNA and your security plus and your PNT, p, pnpt or O, scp or security blue team one, I think there's also certified cyber defender. Take them, but expand on it, right? Don't just say, hey, I took this, this was awesome. You need to post something that's going to make you stand out, because getting into security as entry level is not all about what you know. Right, like, knowing what you know is great, but it's you need to get your name in front of people because no one knows you exist and told them and it's developing a reputation Because it's built. It's built on trust, that's. I know there's more to say to that, but that's. I feel like that's enough for the moment.
Speaker 1:Yeah, definitely that on you.
Speaker 3:Just don't give up. Just keep going like when somebody says no, ignore it if they, you know, say no. Any no is just the not right now, or this isn't the right time, or maybe this isn't the right company. It's not Unpermanent no, and don't never take it as a permanent no, like I always say. I was just too stupid to give up so and I eventually figured out how to get in. So I mean, just don't give up and you'll eventually get there.
Speaker 1:All right, so I love it you all are awesome Check out recorrelated podcast.
Speaker 1:When it drops, natalie, send me that. I will promote the shit out of it, the when the link in all that other stuff drops, and I'm also gonna put it into the Description of this on YouTube Once it comes out. So send me some type of link, we'll get it out there and we'll leave it in the description. Otherwise, look, I did get one question. I want to touch on this me personally because I've been doing a ton of shit. I know it's kind of like geared towards me. It's probably geared towards the rescue also, but we're coming to the end of the show. Wired celery.
Speaker 1:What steps do you take to disconnect from cyber security and have other interests in life? I will tell you this right now it is shut off social media. Me personally. I am a big proponent of mental health. I'm a big part of motivation, so I'm security of you name it. This is what I do, up and doing it for years. It's not gonna change.
Speaker 1:I literally shut off social media at certain points in the day or the week or whatever the case may be, and I cut myself off completely, the reason being Because we need to do better about ourselves in our mental health. And so when you're constantly answering emails or Teams messages or slack or discord or Twitter or whatever the case may be, you're not stepping away from the machine. Disconnects, separate from the machine. Get your ass outside, go meditate, go sit by a fire, go walk through the woods, go do what you need to do, and that is how you can succeed in this career field, because if you don't, you're gonna burn your ass out and you're not gonna be in this career field much, very long. You will burn out in less than two years. If all you do is this, guaranteed less than two years, you will burn out. And for anybody that tells me otherwise, I'll ask what the hell they're doing besides cybersecurity. And I guarantee you they give me other answers they're gaming, we're spending time with family, they're cooking, doing something. If all you do is cybersecurity, you will burn out. Get outside, step away from technology.
Speaker 1:Best advice I can give anybody get the fuck away. Get away for a few hours a day, maybe a whole weekend, a week a year, whatever the case may be. Otherwise, okay, I love you all. You're all amazing. You're all my warriors, you're all my family Shit. You know the drill. Otherwise, okay, y'all, take care. I will see you again next week for another amazing episode, because you know I'm here every week and I don't go anywhere. This is what I do. Most people like Natalie Paulus August. Please check them out, find them on LinkedIn, find them everywhere and if you would so very much like to support this channel, support the show, check the description in YouTube or LinkedIn. It's all there. It actually it's on Facebook, too. You can find all the ways to support this show. Support me and support what I do. Otherwise, take care and I will see you all next week. Another amazing episode security happy hour.