Cybersecurity Mentors Podcast

In this podcast we discuss mentoring in cybersecurity, information for those that are looking to get into cybersecurity, and tips for those that are looking to advance their careers.

All Episodes

Cybersecurity Mentors Podcast

Season 2 Kickoff

January 09, 2025 • Cybersecurity Mentors • Season 2 • Episode 1

Welcome to the kickoff of Season 2 of the Cybersecurity Mentors Podcast! This season begins with an exciting collaboration with the Simply Cyber Media Group, bringing you inspiring personal journeys and emphasizing the transformative power of mentorship in cybersecurity. In this episode, John and Steve open up about their career paths, share their aspirations, and provide practical advice for anyone looking to build and grow a career in this dynamic field. We'll also dive into what this podcast is all about and reveal some of the exciting plans we have in store for this season!

• Introduction of the hosts and podcast vision
• John’s journey from IT support to CISO
• Steve's experience starting from an intern to deputy CISO
• Emphasizing mentorship and real-world experience
• Importance of networking and soft skills alongside technical skills
• Sneak peek into Season Two and future topics
• Call for listener engagement and community connection

Send us fan mail via text

Steve: 0:03

Could you teach me First learn stand, then learn fly. Nature ruled on your son, not the mind.

John: 0:12

I know what you're trying to do. I'm trying to free your mind, neo, but I can only show you the door. You're the one that has to walk through it.

Steve: 0:24

What is the most inspiring thing I ever said to you don't be an idiot changed my life. Welcome to the cybersecurity mentors podcast. We're excited to have you here. This episode is a special one because it marks the beginning of a new exciting collaboration between the Cybersecurity Mentors podcast and the Simply Cyber Media group. So welcome, John. How are you feeling?

John: 0:55

Feeling good, ready for season two, excited, happy to be here.

Steve: 1:00

Yep, absolutely so. In today's episode we're going to introduce ourselves, share a little bit about our stories, explain what this podcast is about and give you a sneak peek into what's to come and share some exciting news. Sounds good, let's do it, john tell us a little bit about yourself.

John: 1:24

So this is um. I'll do the short version right. Um started out in it literally 1999, just before y2k, a long time ago, and um just doing desktop support. It support fixing laptops and printers and desktops went from there. And while I was there, um, I was trying to get into system administration. I kind of got a little bit into it and while uh working, this was at the, the city of greenville um, we had an ethical hacker break in to the city's networks and cause havoc and and pillage some things. But he sent in a report and I actually have that report right here. I'm going to grab it right quick Because this is from 2000. This is the report I have from back in the day.

Steve: 2:17

Oh, wow.

John: 2:18

This guy sent us a message, sent us this document and said hey, I broke into your network and here's how I did it and here's what you can do to fix it. Hire me, hire, you know. He was saying hire me, I'll come in and fix it for you. Yeah, um, and I was like interested in cyber security but not sure how to do it. And this was some of the things that he revealed. That was like, oh, okay, here's how you do some of these techniques. So from that it put me on the path.

John: 2:45

My next job. I was doing all-in-one jack-of-all-trades IT system administration, network administration, if it was plugged in. They tried to get me to fix it, even like phone systems. But I got some really good experience and then, while I was there, I got this is 2005,. The time frame is when I got my first CISSP. I say first because I've got it twice. So I got the CISSP because I wanted to get into security and I had a friend who was working at the university. He said hey, we built the security team. Come on, come over and meet my people and see if you can convince them that you know, maybe you can come be part of the team. And it was good that I had the cssp at that time because it was really new ish. So came over, met with them they, I convinced them somehow to hire me at clemson.

John: 3:37

Um, I started out like the engineer incident response, like basically watching everything, watching the for bad guys and stopping bad guys and building the tools and architecting the tools and all that good stuff. Um, eventually met steve um along the way. I'll let him tell his his part of that. But then eventually came, became a, had an opportunity to become a sock manager and have students to work for me, which was amazing. At first I wasn't sure about it, but it turned into the best experience, best thing I ever did.

John: 4:12

Then I passed on the SOC manager duties to Steve eventually and then moved into a director of engineering and operations, so a director role, even though I didn't really want to be a director. But they're like, yeah, you need to be a director. Okay, so did that for a little while, then kind of became a deputy CISO role basically, and then eventually CISO. So I've been from 1999 to 2024. So that's how long it took me. Well, I've been a CISO for a few years now, but that's how long it takes. Not always, but that's how long it took me, but yeah so that's my story.

Steve: 4:52

Yeah, so, john. So you started basically from what Engineer analyst and then worked your way up all the way to be a chief information security officer.

John: 5:03

Yeah.

Steve: 5:04

I mean, that's a lot of experience.

John: 5:05

All the way.

Steve: 5:06

Yeah, that's a lot of experience and knowledge, so that's great. Yes, so for me, I've been in cybersecurity for over 10 years now, started as the first ever student intern for the security department at Clemson University, so I'm pretty proud of that, woohoo, yeah, yeah, so, yeah. So got the opportunity to intern with John. Actually, john I was interning with him, took me under his wing, kind of showed me the ways, he was the sensei. So I was very fortunate, you know, and it's something that a lot of people don't have when they're trying to start a career in cybersecurity. But yeah, john, I was lucky to have John and finished school there at Clemson, graduated, went to work for a local hospital in our area, worked there for a couple years, started as a security analyst and then just kind of worked my way up. It was a very, very small team. It was a total of three people, including the manager, so it was one manager, two analysts and I was one of them, and it was a brand new program. So I really, really enjoyed it because I was able to be there at the ground floor, really helped develop that team. When I left, that team had grown to about 12 people, so I had positions from, like I said, analysts to focused on the vulnerability management program there kind of helped stand, stood that up and run it for a while, did a little bit of pen testing, but just kind of bounced around, did some Palo Alto firewall stuff there as well. So just kind of, wherever they needed me I was able to kind of just fill in and, you know, just do what I needed to do there.

Steve: 6:52

After that I was lucky enough to come back to Clemson to be the SOC manager. So I managed student interns for a good bit, really helped John kind of grow and develop that program to what it is today. And yeah, I was very fortunate, met a lot of cool, interesting people, was able to help a lot of people get into the world of cybersecurity. We would have interns come in and they thought that they wanted to do cybersecurity, they thought it seemed cool, they saw it on a TV show, they saw it in a movie or whatever. They would come in and work with us and really discover what cybersecurity was about. Um, at that point. And yeah, they were able to successfully go through our program, finish, graduate and now have amazing jobs and are are in cybersecurity, giving back to the community.

Steve: 7:44

Um, so after that I left clemson, uh, took a different position elsewhere where I kind of did more GRC stuff for that company but learned a lot, did a lot, was moved into a director position there as well.

Steve: 8:03

But I just you know, there was just something about it, man, john kind of lured me back in to come back to Clemson and take over as the director there for security infrastructure and, yeah, infrastructure and operations after John moved into the CISO role. So, yeah, so I've been in cybersecurity for a while, also started from the bottom and worked my way up. Now I'm the deputy CISO at Clemson University with John, so we're tag team in that and, yeah, man, man, it's been great and it's been an amazing adventure. Learned a lot, still learning and, uh, yeah, just continuing to now give back to others who are either in security or they're trying to get into security, just help them evolve and advance their careers and get to where they want to go. And you know we both have had interesting experiences. So there's just a lot of knowledge here that we're trying to give back.

John: 8:59

Yeah, that's awesome. And when I became CISO I was like I got to have somebody that is my right hand guy or person, and so I did. First call was hey, steve, guess what?

John: 9:13

Yeah, guess what I'm ready, I'm in the position, let's go, um. So it worked out. You know it could have went a different way, but luckily it worked out. Um, and you know, being able to give back, it's awesome to give back to the local students that we see. But now we've kind of branched out to help others, right, because not everybody can go to where we are and see us and be able to work with us, um.

John: 9:39

So we're kind of doing this in a broader scale and that, and that's cool too, because there's people all over the world that they're looking to get into cyber security. We're not the the all knowing, right, but we're kind of the guides, like, hey, don't do that, do this, don't follow that, follow this, right, and just helping people where maybe others, they just don't know where to go and there's a lot of information that's out there that's very confusing. It's an overboard of information that it's hard to weave through that. So we're here to also help simplify some of that and weed it down and narrow it down to here's what you should focus on, right, and not just this, but here's the things that keep it simple.

Steve: 10:26

Yeah, yeah, so, yeah, so let's move into what this podcast is about. So, yeah, so let's move into what this podcast is about. I think so we have. You know we're here to help people start, grow and thrive in a cybersecurity career through real world advice, experience and mentorship. So what does that mean? That means that you and I are living, breathing cybersecurity every day, day in and day out. We're hiring managers. You know we're hiring people. We lead teams. We've started from, you know, beginner level positions and have had multiple different positions on our way up to where we are now. So there's a lot, a lot, a lot of real world experience that we have that we want to share and give back. Now we're doing that in many different ways.

Steve: 11:14

Obviously, if this is not the first time that you've listened to us or seen us and you've watched some of the episodes in season one, then you know that we're focused on cybersecurity career guidance right, we're here to help you, guide you along the way. If you're trying to start a career in cybersecurity, Also grow it. You know, if you're trying to go from technical to management or go up to be a CISO, I mean, there's definitely there, we can help there. Mentorship you know, we share strategies, we share success stories of mentorship, practical tips for resumes, interviews, just networking. Networking is king.

Steve: 11:57

That is literally the title of one of our episodes last season. You should go check it out and just insights from professionals that are out there that are living, breathing cybersecurity as well. That might have different stories or different adventures, journeys, you name it, but they're getting on here and they're sharing their story from how they got started to where they are now and it's exciting. It's exciting and it's good to just hear that, hey, if so-and-so did it, I can do it too. So yeah, john, are we missing any others?

John: 12:31

No, we're going to pull in some of the not just our knowledge and wisdom, but some of these other folks, and in season one we had some amazing people come in that we it was great to learn from them and their story. But you know, we're going to jump into also some more hands-on and season two cover some tools, some techniques, some skills, more skills oriented and in our, our forte is operational, is that analyst side, right? That's that's where we came up. Um, I've always been a jack-of-all-trades. In it and in security you have strengths, but that I've always kind of done a little bit of everything and in my opinion, it helps me, especially in these roles, because I need to be able to work in different areas and understand different areas. But we're mostly focused on stopping bad guys, detecting threats, mitigating those threats. So that's mostly what we're going to cover and focus on. As far as tool sets and skills that we're going to dive into.

Steve: 13:40

Yep, absolutely. And again, if this is your first time listening to us seeing us definitely recommend a couple episodes for you to check out to just get an idea of the kind of content and kind of where we're coming from and what to expect. We did a live mentoring session with Grant Adams just a glimpse into real, just real life mentorship sessions. We reviewed his resume, we talked about his goals, we advised him on what to do next. We talked about his goals, we advised him on what to do next, kind of did a little bit of a roadmap, if you would say, on what he should do, where he should focus, and that was actually a pretty good session as well.

John: 14:21

Yeah, shout out to Grant, who has just recently got a job. That's right so we helped him with his resume, just saying, and they watched his episode and they're like man, this guy is amazing. We've got to hire him.

Steve: 14:33

We've got to get him.

John: 14:34

Yeah, we've got to hire him. We want him. I don't know if that's what happened, but hey, it's corollary, you know? Look, he went on the episode and nah he's doing great he's doing great and excited to see him get back into cybersecurity. That's Back into cybersecurity. That's the cool part about his story. You can go watch it and see where he is and how his journey has taken him.

Steve: 14:54

Yeah, that's right. Another one would be when we spoke to Melissa and Kelly and we talked about their journeys, so they shared their inspiring stories. They're former interns of ours in cybersecurity and now they are leading the way and strong, strong young ladies in cybersecurity, so that was also very inspiring and awesome to see. And then decoding cybersecurity job postings with Joe Hudson, you know, that's just. That was something that I think everybody needed, or everybody at least. When you're starting, you're trying to figure out okay, well, I'm doing all these things to prepare, but now I'm trying to get a job. What do I do now? Like, how do I decipher these job posts that are out there, how do I pick, how do I decide which ones are right for me? And just working with recruiters the good, the bad, the ugly and then just what to expect. That was another great episode.

John: 15:53

Yeah, it was one of our top episodes from season one and I think it was great. It's applicable to everybody, right, either if you're just starting out or to the CISO level. There were nuggets in there of great advice from Joe, so really thankful for him to come on and share his wisdom and his experience.

Steve: 16:14

Yep, absolutely, and there's many more. We had, I think, 17, 18 episodes last season.

John: 16:19

John.

Steve: 16:20

Yep, and yeah, like I said, there's many, many more, many just really cool interviews that we did with a couple of pretty important people, if I say so myself.

John: 16:33

Excluding us. Excluding us, yeah, yeah.

Steve: 16:35

I mean, yeah, excluding us, but yeah, no, it was great, it was just it was. It was. It was a great, it was a great season. I mean honestly, it couldn't have been better. It was our first season doing this, first season in the podcast and we were very fortunate and lucky to be able to talk to a lot of the people that we did and talk to a lot of uh, of you, the listeners, who you know joined our discord and reached out to us for help and assistance.

John: 16:59

you know, that's why we're here yeah, absolutely looking forward to the next season yeah, so what makes us different?

Steve: 17:07

I mean, I'm sure you know our listeners are wondering well, why should I, why should I listen and pay attention to, to john and steve, when there's you know others doing the exact same thing? So what would you say, john?

John: 17:18

yeah, I mean, I think one thing, like you said it earlier, is that we, like we're living and breathing cyber security every day in our jobs.

John: 17:28

Sometimes I wish that I could just have a camera on the wall behind me when there's things that happen that I could record like okay man this is a thing that, if you were new or new-ish to cyber security, this is one of those moments that you can learn from, because those happen on a you know on a regular basis that we've had to.

John: 17:50

We've got the war wounds, we've got the scars of battles, of things that we've had to deal with and and incidents and just all the things that you know. And for me especially, um, as a CISO, there's so much more I'm learning, but I've also gained so much in even a short period of time of like wow, there's, there's. It's hard to to prepare to be a CISO until you've been a CISO, like and I'm trying to help Steve pass on that but it really is hard because it just changes everything. But I think that's one of the biggest things is like we're not just some, we're not just some YouTuber, right, this is like hey, talking about cyber security and I you know and and don't have the, the, the experience to back it up that.

John: 18:35

That's a big one.

Steve: 18:36

Yeah, no, yeah, you're right and, like I said earlier, I think both of us combined there's just a lot, a lot of wisdom and many, many years in the field, and we're continually just continuing to grow and improve and learn but also help others. So I think if anything were to set us apart, it's just the fact that we are in it. We're in there, we're in the trenches, we're putting out fires, fighting fires, and we're turning around and sharing our knowledge with you. Everybody that's listening, everybody that either wants to start a career or grow a career in cybersecurity. We may have a little golden nugget for you here or there that can help you, and it's just, you know, it's things that maybe for you and I, john, are things that we kind of look over or don't really, you know, consider as important at this point in our careers, but for somebody who's just starting, it could be life-changing. It could definitely be a game changer for them and their strategy or just their journey overall.

Steve: 19:41

So we're here, to help and we're here to help you. That's really what it is just to give back to the community.

John: 19:48

Yeah, I think another thing that makes us unique is that we hire people right. We are hiring managers, so we have interviewed many, many people. We've helped many people also get jobs in cybersecurity that we have helped mentor or guide or connect them to others. But we review resumes, you know, on a semi-regular basis. It's not every day, but we've hired people, many people over the years, so we know what we're looking for, we know what we want to see, we know where we want you to be. I don't think many people have that same experience or can speak from that position or that perspective. So I think that's another thing that makes us unique.

Steve: 20:33

I agree. And if we really think back, john, you've been mentoring since what?

John: 20:38

2013, yeah, 2013 you were the first, so yeah, I was the first since 2013, yeah, and I started mentoring in 2017 when I when I came back, when I joined clemson yeah, so yeah, we've been doing this for for quite some time, man seriously, yeah, yeah, no and uh, some of the other things and we had here too, I think is awesome is like we do think about the technical and the soft skills.

John: 21:08

Right, a lot of people might just think about just the hey, you got to learn this tool, this is the tool, this is the technique. But if you don't know how to interact, to communicate well with others and talk to humans, yes, then it's going to be challenging and you're not going to get the job, or you're not going to get promoted, or you're going to be stuck doing whatever that thing is that you do. So, um, those are, as there are, equally as important, right, you know, you need to be able to level up in both, and we have that's something we really harp on and we really talk about. A lot is that don't just, don't just learn the tools, don't just learn the skills, the technical skills. You need to learn the soft skills yeah, absolutely, absolutely.

Steve: 21:53

We, and we have an episode in season one where we talk about this specific topic and just interviewing. But also, you know how important soft skills are compared to technical skills and how, in certain situations, we have hired individuals who have the soft skills but don't quite have the cybersecurity skills there yet. But we could tell that, hey, they could pick that up, they could learn that. So for us as hiring managers, it came to the point where it was like a scale we weighed the soft skills a lot higher than the actual cybersecurity experience that they brought with them. But that was because we saw the potential in them and they really did a great job selling themselves. So it's those kinds of things that we see, that we try to teach our interns as well, and then we also now try to teach our listeners and just make sure that they understand the importance and they don't think, oh, all I need to do is get my Security Plus certification and then I'm golden, I should get a job. That's not really how it works. So anyway, yeah, just keep listening to us and we got you. You'll be like grant adams we got your back, we got your back, that's right. That's right, awesome. No well, like I said, there's been a lot of good, solid information already shared through season one.

Steve: 23:20

We talked about a couple of the few episodes why networking matters. Um, you know, networking is king. It's really, it's really a good episode. I would recommend all of you to go back and listen to it If you're interested. If you can't wait for Season 2, episode 1 to come out and you are already excited and you want to learn some more of some of the stuff that we've previously discussed, please go back and listen to that. Another good episode was our boot camps worth it in 2024. Our cybersecurity boot camps worth it in 2024. Our cybersecurity boot camps worth it in 2024. That was a good one.

Steve: 23:54

And then we had an interview with David Kennedy. Just an amazing dude, a lot of experience. I mean he's been killing it, just helping shape the world of cybersecurity. So that was another good one.

John: 24:07

Yeah, I'm still amped from that episode, oh yeah, absolutely, it was a good one. Yeah, you know um. So future plans like what are we, what do we look at? That's the season one we learned a lot and um, great, it was it. It was better than I thought. You know, who knows, we didn't know what we're doing.

Steve: 24:24

We we're still figuring this out, right, we hey, we had a great time, we enjoyed ourselves, we did, we did we did.

John: 24:30

But yeah, what's what? Um, what do we tell people about Get Ready for Season 2?

Steve: 24:35

No, I mean, I think. So. Let me think of this. How can I, let's use All right, so this is not going to be like Joker and then Joker 2. All right, which was a no, this is going to be more like john wick, and john wick too. What do you think? Nice, there you go. Is that a good analogy?

John: 24:57

there. Yeah, yeah, yeah, I like it. I like it, yes, um, or star wars and a new hope and the empire strikes back. Right, like empire strikes back. It's like everybody's like man, that's the best. Star wars, um, no, you know, we'll see if it's the best, I don't know. But but I think it's going to be good because we've we've got a lot um that we've got experience with. We have a good focus for this this season. I think we've already kind of been. We've curated some, some uh candidates for, for guests that I think everybody's going to be excited about. Um, but yeah, no, I think I think season two I hope it will be will be even better.

Steve: 25:35

Absolutely, I think, so I'm excited for it. Yeah, and like you mentioned earlier, something different from season one and season two we're going to dive a little bit deeper into the more cybersecurity tools, techniques, that side of the house a little more, so that'd be something good for everybody watching and listening.

John: 25:54

Yeah, absolutely no. I think that's going to be good. I think that also being part of the bigger community now with the Simply Cyber community, and having all that community join the party and join the party pal and being able to be part of of you know, some of them already are listeners, which is great, and I've met, I've met some of them and got great feedback from them, which is, which is really good, um, but being able to reach others, which is amazing, from from simply cyber's reach and and jerry's reach that he has, will be really cool and just more community involvement and connection with that community and just to get to know them and and, uh, build it up, be part of that group.

Steve: 26:40

Absolutely, man. I'm excited, all right. Well, everybody listening, we're super excited. We are ready for season two. We invite you all to continue to listen and become members of our community. If you have any questions, any topics, any ideas, mentorship requests, whatever it may be, please reach out to us. We do have a Discord. We will share that with you all. We are on LinkedIn, so please reach out to us. What are some of our other areas, john?

John: 27:16

yeah, so we've got the podcast itself has a linkedin page that you can go follow, and we've got a mailing list that we it's kind of our vip lists of tools and other things and just lessons learned that we'll drop in there to share with people. We've got lots of ways and then now even through Jerry's Discord community and his community and YouTube community, then there'll be more ways for people to connect and then also leave us feedback. That's the best thing. Right is being able to connect with us.

Steve: 27:52

Yes.

John: 27:52

Which people truly do. They do connect with us through these different ways and we talk to them, we review their resumes, we give them advice. We just try to help out, and that's the awesome part about this community and being able to connect with them.

Steve: 28:09

Yeah, and celebrate our wins Again. Grant Adams man, congratulations. This community and being able to connect with it yeah, and celebrate our wins again. Grant adams man congratulations. And to others that have also recently received jobs, that have worked with us or just talked to us in the past, congratulations, and hopefully we can continue to do that during season two yeah, it's gonna happen.

John: 28:27

You could be the one. You could be the one. You're you listening right now and you're thinking, man, I just want to get a job, I just want to get my foot in the door. Listen, we have done this. We know how to do this. We have the ways we know the ways yes. And we can help you Absolutely.

Steve: 28:47

Yeah. And if you're torn, if you know that you want to get into cybersecurity but you're torn between, hey, should I follow plan A? Should I go down plan B's route? Just shoot us a message and we'd be happy to discuss your options and just give you some guidance on what we think would be the best way for you to tackle your next challenge while you're trying to start your cybersecurity career or grow within the cybersecurity career yeah, let's do it do it awesome.

Steve: 29:16

So, yeah, so we are here to help you navigate your cybersecurity journey, so let us know how we can help. We are happy, happy, happy to be there for you. So yeah, that's it, john, signing off, signing off. Look forward to more to come, to be there for you.

John: 29:30

So yeah, that's it, John. Signing off, Signing off. Look forward to more to come to be continued.

Steve: 29:36

That's right. So remember, every challenge is an opportunity to learn and grow. Keep pushing forward and we'll be here with you every step of the way. See you, see you later. Thank you for tuning in to today's episode of the Cybersecurity Mentors Podcast.

John: 29:55

Remember to subscribe to our podcast on your favorite platform so you get all the episodes. Join us next time as we continue to unlock the secrets of cybersecurity mentorship.

Steve: 30:05

Do you have questions or topics you'd like us to cover, or do you want to share your journey? Join us on Discord at Cybersecurity Mentors Podcast and follow us on LinkedIn. We'd love to hear from you. Until next time. I'm John Hoyt and I'm Steve Higuretta. Thank you for listening.