Cybersecurity Mentors Podcast

In this podcast we discuss mentoring in cybersecurity, information for those that are looking to get into cybersecurity, and tips for those that are looking to advance their careers.

All Episodes

Cybersecurity Mentors Podcast

Zero to Hero with Daniel De Leon

February 20, 2025 • Cybersecurity Mentors • Season 2 • Episode 7

In this episode we chat with Daniel, who is just starting on his journey in cybersecurity. We work to give him guidance, direction, and a roadmap for landing his first job.

• What sparked Daniel's interest in cybersecurity
• Current job enhances troubleshooting skills and problem-solving mindset
• Pursuing cybersecurity certifications one step at a time
• Importance of framing experiences effectively on resumes
• Networking and social media presence as tools for job hunting
• Resilience and adaptability are essential for a successful entry into cybersecurity

Send us fan mail via text

John: 0:03

Could you teach me First learn stand, then learn fly. Nature ruled on your son, not the mind.

Daniel: 0:12

I know what you're trying to do. I'm trying to free your mind, neo, but I can only show you the door. You're the one that has to walk through it.

John: 0:24

What is the most inspiring thing I ever said to you Don't be an idiot. It changed my life.

Steve: 0:35

Alright, welcome to another episode of the Cybersecurity Mentors Podcast. On this episode of the podcast, we like to call this Zero to Hero episode, where we're talking to Daniel DeLeon on his journey of looking to get into cybersecurity and trying to really help him pretty much from the beginning, his starting stage, to eventually. We'd love to see him go on and kill it, get a job in cybersecurity. So, Daniel, introduce us us, tell us about yourself. Why are you interested in cyber security?

Daniel: 1:12

hi, thanks guys for having me real pleasure.

Daniel: 1:15

My name is Daniel and yeah, I just really the opportunity to get into IT, to get into cyber, is a dream. It's something that came to me from really a pandemic. The pandemic really showcased a lot of stuff and it really made me reflect on what skills I have that can be transferred to other positions, other jobs, other careers, positions, other jobs, other careers. And you know, I just reflected and I noticed that there wasn't much there so I had to, you know, do something about it. And as I researched stuff and thought about what I liked and looked at my past, and there was times where in high school where I was working on computers, taking them apart, putting back together and I just remember enjoying it and doing them. So it just in the beginning it didn't really, it wasn't cyber, but slowly, as I was researching, as I was being introduced to new technologies courses, it sent me to that path and now I'm pretty hooked, trying to make every day count to move forward into that progress, into that journey, into that career.

John: 2:33

Yeah, awesome. So what do you do now, daniel?

Daniel: 2:37

So right now I work at a dealership, I take photos of vehicles, upload them to the web. So a little bit of media media, a little bit of marketing. Um, that's pretty much what I do right now okay, I'm moving around.

John: 2:51

Yeah, no, I get it, that's absolutely yeah, do you, do you have?

Steve: 2:54

I can't remember what you said about your schedule. Is it kind of a weird schedule? It's kind of you know long. I don't remember what's it look like so it's a monday to friday.

Daniel: 3:06

Um, actually it's pretty perfect, um, you know get out at four, so uh, weekends off, so I do have um. Can't complain about that schedule at all, but uh, that's. Yeah, that's how, that's my schedule for the week.

Steve: 3:21

Cool, okay. So yeah, and I've got your resume. We both have gotten it. Thank you for sending that to us. Yep, and it looks like you've done a little bit. You've started a lot on certifications that are in progress. Like you said, you've done some kind of some troubleshooting stuff and done a little bit of, like you know, office, office windows, maybe a little bit of network troubleshooting. So if you looked at like the pillars of the foundations of like it in general, right, yeah, you know operating systems, networking, um, scripting, slash application stuff, programming, slash programming what do you feel stronger in? What are your strengths and weaknesses there?

Daniel: 4:14

I would say, as far as foundational, I really try to put a big emphasis on networking and even though it's really tough, I still struggle with it. But everything's connected, everything's online, and so I would give it that a little bit of a notch. But you know, and troubleshooting, I do like troubleshooting At work. People come to me something's messed up. There's a program that we use, use and it holds all the keys and sometimes it jams up or it's just not working, so everybody just gives up on it until I need it and so I have to fix it or they'll call me and it's really just going through the basics, right? Look, check the wires, check the bag. Is it plugged in?

Steve: 5:03

and then is it plugged in.

Daniel: 5:04

Yeah yeah, so from there reboot it's just um, yeah, and it just takes something simple like that and um. But I do, like the, I do enjoy troubleshooting, even though sometimes I get stuck, but I still don't give up. Just you know, google's your friend, right?

Steve: 5:21

oh, yeah, oh yeah, and youtube there's such a thing as youtube university real, yeah, yeah, so, so, and we may have skipped this a little bit, let me back up a little bit. Your goal, like what would you say your initial goal would be or is um?

Daniel: 5:40

it would be my goal, honestly, is to be in a SOC analyst role, and after researching it, there's other areas that I do find intriguing. But to me that's central and I believe it's a building stage for me to progress into other areas. Just researching that position it's really interesting and plus, I do like defending. That's another thing that, when I think about myself and reflect, I always like tower defense games and just you know, even in sports, just defending, and so you know, knowing the stock analysts are part of that blue team, um, yeah, it really I really like it a lot, awesome, perfect that makes me think of something.

Steve: 6:35

Um, what just defending? Like in old school, like the strategy games, um, one of the ones I was like addicted to. We talked about world or warcraft. Well, warcraft 3 was like a game that I played forever ago and it was like you build your stat, you build your whole base. And I was terrible at it because all I would do is build my base, I would build the, I would like I'm gonna build these towers and everything, and people just come in because they made all their army and just run over with me.

Steve: 7:06

They just run me over and I'm like hey, man my, I thought my base is gonna be amazing and you can't just like in security, you can't, in my opinion, you can't just do both. You gotta do offense and you gotta do defense to be good um yeah so, but, I do. I I would say you know I like both, but I I like I like helping people.

Steve: 7:24

Say you know I like both, but I like helping people, I like you know the mission of protecting people and protecting your you know organization the data and everything, and so, when it comes down to it, you know you are actually going up against an adversary and it happens, right, I do, I do. That's part of the reason I like security. You, you know it happens. It's one of those things you are doing. You are protecting your organization, your people, your data, and so it's fun. I mean, I like it.

Daniel: 7:56

Sometimes it's stressful, but oh, yeah, I get what you're talking about. Yeah, um, what about you?

John: 8:02

steve sorry oh no, go ahead, daniel, you were gonna say something. No, when you, when you talk about that, um it about you, steve sorry oh no, go ahead daniel, you were gonna say something.

Daniel: 8:06

No when you. When you talk about that, um, it made me think about the cdk, um, the ransomware, and it did affect us and we saw it firsthand and it was, yeah, it was crazy just seeing them running around yeah, that's true, I forget about that with the dealerships yeah so did you guys?

Steve: 8:22

were you guys shut down? Like what did you that system? Was it affecting?

Daniel: 8:27

no dealerships, you know, they don't, they don't want to stop, so it's just pen and paper, just oh, yeah, wow, keep going, yeah, yeah you have to make your money right yeah yeah no

John: 8:40

no, but I was going to say, uh, for I, the SOC analyst position, soc position to me is probably the best position to get started. You know, I think that's how I started, I mean, like you know, on the defensive side of the house, you know, focusing as a security analyst. And then I dabbled in some red team at one of my jobs, but not enough to say, oh, I've been a pen tester, a true pen tester. But, like John said, it's good to know both offense and defense. It just makes you a well-rounded cybersecurity professional. But yeah, I mean, I think SOC is definitely a great, great position to get started. And yeah, I mean's, let's get started. Yeah, let's do it?

Steve: 9:30

um, so, based off of well, tell me about your, your certificates and the in progress what? What does that look like and what do you focus? Or is there one of those you're focusing on? So you got a plus listed, security plus, network plus. Is that accurate and which one of those are you? Are you trying to do them all? What are you trying to?

Daniel: 9:51

do. I'm trying to do them also, um, but it's, it's tough, like, like, um, especially learning something brand new from scratch. Um, I did, um. I am in progress with A+ and I should be getting that pretty soon. I am getting the voucher for Security Plus and I really want to finish what I started with TCM and just take the month of February and March to study for it and then get that cert and that plus will be like the last one of it. Okay, but it's, yeah, it's been tough, like it's been tough, but as you slowly start doing it, things just start clicking and things just start coming full circle and it's been pretty cool seeing the progress like that that I've been seeing in myself.

John: 10:52

No, that's great and, yeah, I think, definitely A+. So your background in previous roles, previous, I guess, positions that you've had, have they been very technical IT somewhat or not really.

Daniel: 11:11

I would say somewhat, but not really. It's mainly been, hey, kind of being the youngest person in the room so hey, you should know about it and that's how I kind of get thrown around the room. So hey, you should know about it and that's how I kind of get thrown around and, um, it just that's about the level of expert, my experience, um aside from at work.

John: 11:32

Basically yeah, yeah, okay understood, then yeah, I would say, a plus is definitely where I would focus um which sounds like that's what you're already doing. Um, how close are you to finishing that?

Daniel: 11:45

Um, I still have. So I, I got it with the. These vouchers came with a bootcamp that I did, um, about a year ago and so, um, but last year I really wasn't really focused so much on it. I was starting a business and so I was just more. It was hard to put focus on it, on studying or keeping up with the business right and um. So it's been, um, I'm, I'm, I just need like a couple little like a practice exam that they have and I just need a pass with a certain percentage, and so I just been focused on that and okay okay, yeah, and that's kind of where I was going.

John: 12:25

I was wondering if you were close enough to take some practice tests and kind of gauge and see kind of where you are. But also I'm curious about you know, how much time do you have to dedicate on, you know, just studying and doing some research and kind of learning?

Daniel: 12:43

Yeah, so right now it's been about two to four hours a day that I've been trying to put aside throughout, but I've only started doing that maybe two months ago and I've been seeing a big difference, like, instead of just one hour here, 30 minutes there. But just really try to hit that goal of two hours, at least minimum two hours yeah, that that's exactly what I would recommend and what I've recommended others.

John: 13:12

Um, you know, some people have tried. Oh well, it's. You know, saturday, sunday is you know when I focus on it, and I think it's just too much of a gap. You have, you know what, five days in between. Um, so, a little bit at a time, you know, whenever you can, a couple hours here there. I think that's perfect. What are some of the resources that you're using to study for these certs?

Daniel: 13:35

so I've just been using, like um, professor messer has been one of them and um, some udemy stuff and just really stuff on YouTube, on some of their, just just here Cause so I work, I have to be moving around, so I just put it on my, on my, on my earbuds and just start listening. And you know if I try to answer it with, with the, with the rest of the people, and it's just so I'll use resources like that.

John: 14:06

Okay, perfect, perfect. And do you have? I know Professor Messer does this do you have somewhere where you're getting some practice, tests, practice?

Daniel: 14:16

questions. Right now it's just the from Udemy or from Jason James, Jason's Deon, I believe, Dion Academy, and then what was in the boot camp. They have their own website and so I'm able to look at to do these practice exams there Okay perfect, awesome, john.

Steve: 14:42

Yeah, and we just recorded a couple of episodes they may come out before this comes out but about the skills and things you need to work on to get a job as a SOC analyst, specifically, or as a security analyst, security slash SOC analyst and we'll share that with you too, of of resources that just to help add on right. I mean, I think you're getting some of this in the TCM course and we can talk a little bit about that too. But, um, but just getting those reps right, Just trying to get reps in the tools that you're going to be using, and, uh, the programs and just the thought process of of what is it like, you know, what would it be like to work in an environment? And ultimately, when you show up for an interview, what are they going to ask me, Right?

John: 15:36

What do they?

Steve: 15:36

want to see that I can do. What are they going to be? And they're not expecting you to be all the way there, but where? Where are you Right? And they they want not expecting you to be all the way there, but where are you right and they want to evaluate you. And so, the more you can get practice with the fundamental tools, not just the IT stuff, but also the fundamental tools that you're going to use and like. A good example is like Splunk or Elastic, it doesn't matter, yeah, if you apply for a job that they use Splunk or something else. Yes, it's good If you have the skills with Splunk, because then that means you're going to be able to search faster, jump in faster, things like that.

Steve: 16:14

Learn both Right, pick two of them and learn the top two Right. It's not going to hurt, but it's the. It's that experience of using and investigating logs and walking through logs and walking through alerts. That's the stuff that you want to be able to practice as best you can, because that's what you're going to be doing, right, you're going to be in the sock. Bad things are going to happen, alerts are going to be triggering. You're going to have to triage those alerts. So, in that mindset of OK, this is what it's going to be like, and that's we can help give you what it is like. Right, we can tell you this is what it's like. Um, and if you were starting day one, you know, who knows, sometimes day one, everything's on fire.

Steve: 16:59

It could be day two, yeah, but um, you can't predict when when things are going to happen.

Steve: 17:05

So, yeah, most socks, they're not throwing you to the wolves but, um, but at least the better you are to be prepared for what you're going to need to do in those roles.

Steve: 17:17

So what my whole point is is that we're going to we'll share that with you, that we put together, that we just we just talked about in these two episodes of kind of you know, I think it was six, steve of six different sections that we cover, yeah, but it's the stuff that I think you've already started with things like tcm, probably this boot camp, but the compared compared to certificates right, and I talk about this in those episodes the certificates are good, not against certificates right, because I talk about this in those episodes the certificates are good, not against certificates right, because they are helping you get your the book knowledge, the head knowledge, the terminology, the you know just the overall concepts, right, but you got to be able to back that up. You got to be able to add to that with reps of muscle memory of. Oh, yeah, if you throw this at me, I know how to go search it. I know how to triage this phishing email. I know how to triage this network alert Right.

Steve: 18:14

Those are the things that you you kind of always want to be working on, right, even when you do land a job as best you can, you're just leveling up, continuing to level up. Um, so those are things that I would, I would recommend you work on on with and alongside as you work on these certificates. Yeah, right, steve. Any questions on that?

Daniel: 18:38

go ahead, daniel no, yeah, like the certifications have. Definitely especially in my position, since there is no really, I guess, relevant experience from security. So seeing Security+ A+, it would kind of take. I'll look a little bit more serious about this position. He's trying or he's doing something. He's not just some random dude just applying for this job.

Steve: 19:12

Yeah, we get those, we get those resumes and we're like okay. I mean, yeah, you did something right. You have the certificates on your resume, which is good. But it's tough. It's tough to get you enough to get you above the others in the staff right. That's the hard part. If you get 140 applicants for a position, it's really hard.

Steve: 19:41

But, but I think you know ultimately what, what? What I would say is is it? There's? There's two games, maybe three games, there's the get your resume to a level to get you in the door, to get you, to get you a conversation. That's like number one. Number two is you've got that opportunity. Now you want to impress, right, and you want to be able to show how you're different from everybody else. Um, when you get in there and they and they maybe throw scenarios at you or they're wanting to test your knowledge and what you can do, what you understand, that's where getting those reps in and practice in are going to make the difference from somebody that just did certificates or just did a boot camp or just did a course right you know, courses vary, based on hands-on too, but um just the more you can impress people, because we we do this right.

Steve: 20:38

We interview people, we look to see what you're going to be like when you come in the door.

Steve: 20:44

Um and how you handle stress, how you handle a, the fire at the houses on fire and be able to think through it right. So that's what, preparing you for down the road, the more you can build that snowball now and work on those things and continue to build on those are going to be able to be when you do get that interview. Oh, daniel's ready, like daniel's, he's already. You know he's got the. He doesn't have all the experience yet, but let's give him a chance because, number one, he's getting after it. Number two, he's working on his skill set and really he just needs the, the time and the actual, you know, in the fires to get more experience. Yeah, yeah.

John: 21:29

So I think I think you're on the right track right now. I think I would continue with the a plus for now. Kind of focus there, try and finish that um and then move into security plus. Once you're in security plus, like John was saying, I think it would be a good time to if you haven't already try your hand with some. Try Hack Me Labs or Hack the Box. If you have not checked any of those out, we would totally recommend them, just to kind of give you an idea of maybe some of the tasks that you may do. Once we get a little bit further down the road, then we'll share additional information for you to kind of put you a step ahead of the rest of the competition.

John: 22:17

Because what John was saying is correct there are a lot of people like yourself that are trying to start a career in cybersecurity and a lot of the general advice that you hear a lot whether it's through a YouTube video or whoever is all right, get some of the basic certifications out the way, and then that's where people stop. They finish their A+, their security plus, and then they're like, all right, I should be getting a job now. And that's not at all how things work, unfortunately. The job market here now January 2025, is not the best. Hopefully it'll get better, but you have a large number of people that are in the same category, going after the little bit of jobs that are out there, and what we're saying is we're going to give you additional resources to set yourself apart from the rest.

John: 23:07

Right, little things that, specifically for a SOC analyst, that you know, we, we know for a fact, they work, and it's things that we're looking for, um, that will help you. You know when, when you're ready to start applying for jobs. So I think you're on the right path. So you mentioned TCM. So what TCM course or certificate are you working on?

Daniel: 23:30

As I was researching this role, you know, I just wanted to know what they do on a daily basis, right, and so I did the TCM. They had a good Black Friday sale, so they had, so I signed up for it and I saw their sock one-on-one class course with Andrew Prince and, um, it was just, it's been a game changer for me. Like to see you know where it started from. It started off with, um, uh, phishing emails and investigating the emails and I love that, like it was just really cool. I started looking at my own spam folder and just started looking through it and so it was just I liked it and so it was going from Windows registries to Linux, also Linux.

Daniel: 24:16

I've been learning more about the commands, the syntax, and I recently just finished the Splunk sim syntax and I recently just finished the Splunk sim and that was. So I have been playing around with Splunk and, yeah, it's cool, I like it, it's really efficient. And with the TCM we had started doing command line investigations through TCP dump and I liked that more than I liked the sim. It just felt more rewarding after going through everything. But, yeah, it's been a real game changer for me.

Steve: 24:56

That SOC 101 class has been really good, does it, have a certificate at the end of it or test.

Daniel: 25:02

I don't think it does. I want to say that at some point they were going to do it, or I think the next one might have one, but not that I know of.

Steve: 25:12

Yeah, no, I think I heard that they're planning on it and, of course, that would be good to do, and I've heard good things about that course too. Um, as well, it sounds like like you said as many hands on things as you can do, right yeah that's good.

Steve: 25:31

The one thing I thought about and we've got a recording we're going to do in the future soon with a recruiter, um, her name is kelly and I was asking her like what, what, what, what's the market look like? We talked about you know, hopefully it's going to go up, and she said it does look promising. People are thinking this year is going to start going up and it's going to be promising. Um, and then she also asked her like what, what is in demand? Right, what are the jobs? What are the it security jobs that are in demand? And she said help desk like jobs.

Steve: 26:08

And she specifically said active directory type help desk where you're creating users, you're creating groups and identity management, right, and it could be in whatever they're using for identity management, could be octa or something else, right? It's not necessarily like, hey, I'm creating an ad, but maybe um, so that was one. So I would say I would kind of put that in the help desk, like jobs where you're creating users and managing users and things like that. And then the other one she mentioned was cloud stuff. Like cloud stuff, but that's usually more mid tier to upper tier, that they're looking for people that are have experience with that. But I do think, you know, security is a part of that too, right? So, no matter what, you still need to do security there. The one that I kind of asked her a little bit about and she's going to do some research on and I've talked about this to others but just the NOC and working in a NOC might be a good stepping stone.

Steve: 27:15

Favor the knock over maybe the help desk type roles, because the help desk, you know you're doing your troubleshooting, you're doing operating system stuff, right, my window windows can't print my. You know I've got an error for this application. Um, you know there's a lot there. There's not. I'm not trying to minimize it. But there's, there's a lot, but it's mainly operating system stuff and you know, user in you end user stuff, right, yeah, but with the, with the knock you kind of get, you're a little bit a different tier. Right, you're doing a lot of networking troubleshooting. You're doing maybe some server, maybe a level of server type troubleshooting.

Steve: 27:56

You know if it you know, imagine you're sitting in a knock and something bad happens, is, you know, at this time you got to be able to do some triage in that role, right? So it's a network triage, but it's a similar mindset, right? Okay, hey, something's happened. I gotta triage this and find out. How bad is it. Who do I need to wake up now? Usually you're calling somebody if it's bad, to wake them up.

Steve: 28:20

But some of these roles also have a slash sock kind of duty to them. Right, especially if you've got, you've shown that that's an interest that you're doing, that you want to do. You know, you may be also triaging the first level of a security alert and, and it may be simple, hey, this happened, this tool triggered and here's what you're supposed to do. But that's still good, those are still good reps. And especially if you have some network, you lean toward the network side because everything ties back to the network and network monitoring is, I think, super, super important, understanding networking super important. Um, so that might end up being your stepping stone. Well, it's a recommendation for us to say those could be stepping stones, right, a knock type job, knock socket, ideally knock sock type job.

Steve: 29:20

If you can't go straight to a sock job or help this like job, just to get like, hey, I'm, I have got it experience Right and that might be the the, the step stone between that and sliding into a security job, especially if they have a SOC and you're and they have it for that company, the business, that whatever, and you can say, hey, you know, I I'm just going to let you know that I'm, I'm interested in this position now, but really I would love to transition to the SOC at some point and maybe it works out, maybe it doesn't, but you know, we've interviewed people that have come from the help desk. We've hired people that have come from the help desk. We've interviewed people that have come from the not, and usually internal is way easier because you know you can talk to them. It's easier to move them over. You're not trying to get somebody from outside, you kind of have some experience with them, right.

Steve: 30:21

So those are potential paths not saying they will be, but they are potential paths for you to at least get that first land, that first job that then could lead to something else. Now, yep, the downside of those is sometimes you got to be flexible, you know, like sometimes you got to be. You may even be contract work, which that's how I started Right. My first jobs were contract jobs, like literally doing grunt work Right, pulling cat five cables through buildings.

Steve: 30:49

But, it's a snowball effect of OK, now I did this for this company, then you build the next level. Hey, I work for this company doing this, but here's what I'm doing. And on top of that this, you keep working on your skills, you keep working on those certificates, you don't stop, it never stops, right, um so, but that those that multiplier effect really of building your, your skills and and your knowledge, but also getting the experience. And you may have to start small and you have to be flexible because, hey, you know, this isn't my, this isn't my dream job, but at least it's something to build up the real world, real in a job experience, on the job experience that you can keep going from there. So, yeah, any questions on that?

Daniel: 31:39

no, I've actually been looking at positions and I've seen some knock positions and help desk. With help desk I have been trying to do more of a part-time thing, or just just not fully. Um, yeah, just a little bit more part-time, that way I could get the experience. Um, like you're saying, the reps, because, yeah, that does help a lot. It's one thing reading about it, but once you start applying what you know, it's different. It just sticks better. But I have seen that the only thing that sometimes keeps me from applying well, obviously I don't have those certs that they could be asking for, but sometimes, like just trying to understand, hey, is this entry or is this not entry? Is am I? It says engineer? It's a specialist at the end, like you know what's going on like just yeah trying to navigate through those wordings

John: 32:36

yeah it is tough is tough. It is tough Because you know, when you see oh, security engineer, right, or you see sock analyst or whatever, just the title alone may have some sort of pressure or presence that you're like, oh no, I may not be qualified for something like that, but you would be surprised. So what I like to tell people is you know, when you go and you see a job post, that right there is the wish list. That is the wish list that I, as a hiring manager, that if I could find somebody that checks all those boxes, that's my unicorn. That is who I want to hire Now. I've been in a position where I'm hiring people since 2017, and I've never found that unicorn. I have always had to hire great individuals that meet half or a third of what I'm looking for Now people may say oh, steve, well, you're kind of demanding, right, you want too much.

John: 33:37

But no, no, not at all. I mean, that's what it is. Right, that's my wish list, right, I'm throwing that out there and see if I can find that perfect person. So what I? I say that to say this. Don't let that discourage you. Right, if you say, hey, I've read the, the, the about this job or the job description and this sounds something fun for me, this sounds something that I can do, or I have done some of this already in some way, shape or form, still apply, don't let that oh, I'm looking for an entry-level person that's got three years of experience kind of push you away Because, again, that's their wish list. They would love to get that.

John: 34:13

I've hired people who have had general IT experience a couple years here or there and have had general IT experience a couple years here or there and have had zero security experience. But if you can come in and show in your interview that you are determined, that you are a hard worker, that you are there to learn, and you can show me in the interview, hey, I'm not just going out and getting certs, but I'm getting the certs. I have my home lab, I've done projects but I'm getting the certs. I have my home lab. I've done projects right. I'm in the know with what's going on in security. Which was another thing I'm going to send you with some homework is find some YouTubers, find some people on X or on social media that are solid cybersecurity people that you can follow, that you know kind of, will help you be in the know. Hey, what's the latest vulnerability? Hey, what's the latest vulnerability? Hey, what's the latest breach that happened?

John: 35:02

Because if I'm interviewing somebody who's telling me hey, I don't have any cybersecurity experience like work experience, but I'm passionate about this. I'm busting my butt, I'm doing the training, I'm doing labs, I'm doing all this on my own. I'm going to say that's great, Tell me about it. Okay. Well, what? What is the latest vulnerability that you've heard about? Or what's the latest breach that you've heard about? And tell me what happened in your own words. Right, I'm trying to see is this guy really in cybersecurity and he's going and and in the know? He's in the community hearing things that you know, doing his own research, or is he just telling me he's interested just because he wants a job? So it's the all those little things, man, it's like a bunch of puzzle pieces you got to put together to sell yourself. You're selling yourself and what you can do and, unfortunately, if you don't have prior work experience to back that up, you have to go a little bit above and beyond to really really show that you are serious about the fact that you're trying to get into cybersecurity.

Daniel: 36:03

Yeah, oh God. Yeah, that's true. It is tough, coming from having my background and then just trying to apply to these jobs, and there have been some that I have applied um, and thankfully, where I live like, there is um, there is a lot, there is a, a good amount that's um that that I can apply to. It's just um meeting those requirements, because a lot of it is dod and so security plus is right away. They require it and so that's why I'm trying to, you know, do that one after after the A plus absolutely and um, but yeah, like it is not getting discouraged from it.

John: 36:51

Yeah, no, do not, do not get discouraged. The other thing, going back a little bit about the positions John was talking about, kind of the help desk and the NOC. Like I myself as a hiring manager, if I need an entry level SOC analyst and I know that someone from our NOC or from our help desk is applying, I'm going to go to them first. Why? Because they already know our environment.

John: 37:15

We have already some level of experience working with them, hopefully. You know we've worked on incidents together. They've helped us, we've helped them, whatever it may be. But they know, hey, this company, this organization, they're running Windows servers, they're running Windows systems. We use, you know, duo for two-factor or whatever. So they already are familiar with those tools, they know how those work, they know how we use them. So they already are familiar with those tools, they know how those work, they know how we use them.

John: 37:42

So all of that is just knowledge that they come with already, that I don't have to wait for somebody from external coming in to learn, so that already, like that person is starting a step ahead. Start there in one of these positions, whether it's the NOC or whether it's the help desk and try to move within that company to a security position. And if you are there, if you're busting your butt, you're a hard worker, people will notice. And if you throw yourself out there, even if it's not part of your job, if you see an opportunity to work with the security team or to work on an incident or to do something volunteer, just show right like, hey guys, I'm here, I'm here, I'm interested, I'm trying to learn, like, let me help you all. That plays a big, big factor when it comes to like moving internally within a, within a company. Um, so definitely keep that in mind as well.

Steve: 38:42

Yeah, definitely yeah, and to add a little of that, I won't go too much because we're beating that one, but it's a good one. One of the things we're going to ask is hey, how's Daniel in your department? Is he getting after it? What is he doing, right? So everybody's watching all the time, right? You just want to be seen as somebody that is look dependable, just eager go getter getting things done like if I need.

Steve: 39:09

If I need something, if I gotta get something done, I give it to daniel. That's what you want to be seen as, and that's that's how you get. That's how you get to see.

John: 39:18

So level, daniel, I'm telling you, this is the secret, yeah, you see that that person like look if I gotta get it done.

Steve: 39:25

I'm gonna give it to daniel and daniel's gonna get it done and he's gonna do it right. And he's got questions. He's gonna come ask me right. Um, that that's we will. We do ask from other leaders. If somebody's from a different department is coming over, we're like, hey, give me the skinny, you know, tell me what they're like, how are they? And we may ask several sources, because that person might be like trying to get rid of them.

Daniel: 39:48

Oh, they're great they're amazing, yeah and like and then you get it, then you get them over.

Steve: 39:53

You're like you said they were great. What's up? What's going on?

Steve: 39:56

yeah, um, so yeah ask two or three sources. But the other thing I was going to say was I mean, what's helped me a lot is doing different IT roles, and it's different now than it was then. But I think it's almost going back to that because of the job market where you there's not, you're not losing out on anything by doing it. Work right it. That makes me stronger because I've had to do that job.

Steve: 40:30

So when I talk to those departments or I work with those departments, I'm like man, I've been there, I know what it's like to be a system administrator. I know what it's like to have to troubleshoot a network. I know what it's like to have to deal with customers and everything security does touches all those things all the time. So when you are sitting in the room with them, you're literally sitting in a conference room and you've got network engineers, you've got system administrators, you've got whoever and you've gotten to be able to do those jobs and work in those jobs. Man, it's, it's gold, Like there's nothing wrong with having done that. It's only going to make your skillset stronger. Cause if you don't have that, when you talk to them, you know, you know there's probably something you're, you're kind of not, you don't know and you're. You want to make sure you don't sound like an idiot.

Steve: 41:23

You're lucky to be invited sometimes they're going to invite the security guy or girl. They're like that guy or girl they're going to tell me no, or they're going to make us do something we don't want to do and we're going to try to snowball them so we don't have to do what they're going to want us to do. You got to know enough so that they trust you and also they know that if you've got that experience oh yeah, you know- Daniel worked in the knock he did, he did the grunt work right, he had, he's got the stripes and that really, it really is important.

Steve: 41:55

Um, you know, you don't have to do it. If it, if it works out and you can land straight into a sock job, then hey, do it Right. You still want to work on those skills for IT as well, but if you have to do it, it's not a bad thing, it's a good thing.

Daniel: 42:11

Yeah, no, yeah, and, like I said, I'm not opposed to it. It really I think would be beneficial just just being immersed in that environment, in an it environment. It's just my biggest thing was my resume right like my. How am I presenting myself, trying to, trying to cater it to an it role with my background? That's been kind of the most challenging part of it.

John: 42:34

so I have, you know, just been trying to mess with that resume, that those descriptions and skills and yeah, but yeah, yeah, so yeah, and we can yeah, we can absolutely help you with that and maybe we can make an episode about that, but it really comes down to tailoring it to each job post. I know it sounds like a lot of work, especially if you're applying to like 50 jobs oh man, I got to get 50 resumes, not really. Some of those can be pretty similar, especially if you're applying to just sock jobs, right. But yeah, just tailoring it. And my biggest thing for someone like yourself who doesn't have any prior experience and most of the experience you bring to the table is from studying or certificates or even doing some Try Hack Me labs or Hack the Box is making sure that you describe some of the tasks and some of the labs that they have you do right. Like you mentioned, you already have done things with Splunk right. I would find a way, without lying, without being too over the top, to really describe you know what have you done with Splunk right, and whatever you put on your resume, you have to have some sort of a story or enough to explain it to your potential employer when they ask you about it. Don't put anything on your resume that you don't feel comfortable talking about or for them to ask you questions about. So that's really what kind of that's where we would focus.

John: 44:10

Now, all of your previous experience we're not going to throw that out the window. There are going to be key things there that will transition into a security role, right. For example, right now I think you are a photographer, is that correct? Yes, so there's some level of technical knowledge that you have from that position. Right, you are working with customers, customer service, so there's things that we can highlight from those positions as well.

John: 44:42

Yeah, we would just have to shift kind of how your resume looks.

John: 44:46

Right, we would have to kind of move up to the very top the cybersecurity stuff that you have done via your learning, via your certs, and then put some of the other work experience towards the bottom, right, because when you first look at the resume, boom, you want to see, oh, this person's applying for a SOC job and these are all the things that he is telling me as the hiring manager, that he has done and that fit with this role.

John: 45:13

And then at the bottom, we can go in and look at more like education certificates, you name it. But that's kind of how we would kind of shift things around for you and we can go into more detail about this and we can, you know, like I said, maybe do a video solely on this where we can kind of just walk through some things. It will help for you to get through a plus for sure, because there's a lot there that we can, you know, kind of put on the resume and continue with, like TCM, try some, some try HackMeLabs and stuff, and we can help you, like we can kind of guide you on where to start, what to do first, to kind of help beef up your resume a little bit.

Daniel: 45:54

And with like, like with HackTheBox and TCM. How much like credit does that give you when it's on your resume? Or do employers kind of like, oh no, it's just a website. Or do they kind of really take it serious or just depends on the employer?

John: 46:11

it. It will depend on the employer.

John: 46:12

Some employers may not even know what try hack me is or hack the boxes and that's why I tell people, don't just list, oh try, hack me lab, because some people don't even know what that is. Some people may not know if you say, oh, try to hack me like cybersecurity path, okay, they don't know what all type of labs or tasks are in that path that you have completed or done to say, oh, I've done this path. They have no idea that. Oh, you've used Splunk or you've run a vulnerability scan or you've used Wireshark or what type of networking things you have done. They don't know. So that's where we need to like, dissect that, and that is the information that really will set you apart in your resume, and not just name dropping and saying, oh try, hack me labs for this, because that is, that's nothing, that's you know so it's really like the core stuff that you do in those labs.

John: 47:05

that's what's important and that's really what the core stuff that you do in those labs. That's what's important and that's really what we're going to put on your resume.

Daniel: 47:11

Yeah, because I've seen that, where I got thought about TCM stuff that I've been doing and you know the fishing analysis, and I've thought about, you know as a skill like putting that on the resume, but it's just like, well, you know, is it really? Is it like a credential, like because it came from TCM? Would they see it that way or or how would it go? That's why I kind of like don't put it on there just because, yeah, I don't know.

John: 47:40

Yeah, no, and that's a good question, but I definitely would. Again, it's, it's how you, how you frame it, and we're not trying to lie and go over the top and call ourselves experts, not at all. But if you have done it, then you've done it and you can put it on your resume Again, as long as you feel comfortable enough to talk about it. So not just because you run through a lab and you check the box, oh, I'm going to put it on my resume. You have to understand it, you have to understand it, you have to understand what you're doing, you have to understand the pieces that work together so that you can talk about it. And in a given example of what you did kind of walk people through the lab, what you did, how it worked, that right, there is really what shows, okay, this person knows what he's talking about and not just oh he just did a lab, but he can't even tell me what the lab was about or how he made it work, but he says he did so.

Steve: 48:34

Now you know, I'm kind of like do I believe him? I don't think so. Well, if they throw it, throw it at you there hey here's a phishing example. Tell me about it that's what you gotta be ready for. If you're ready for that, and even if you're like, hey, I don, I don't know everything, but here's what I do know, here's how I would triage it, that's fine, that's fine.

Daniel: 48:54

Yeah, that's another thing too. I've gotten over myself where I'm like hey, I don't know everything, I don't know. I'm starting at this fresh, so it's okay, have some grace on myself. Hey, it's all right, like just go back and study it again, but yeah, like understanding that you don't know everything, and that's not bad, that's not a bad thing.

John: 49:14

It's a good thing, yeah, yeah. And just being honest and we'll talk more about this through your journey as we're checking back in with you on how things are going but through you know, in an interview, absolutely you do not want to lie. If you honestly do not know, you know, maybe you can ask them to rephrase the question or maybe give you a little bit more detail if they ask you something you don't understand. But if you truly don't understand, don't lie. Just say I'm sorry, I'm not familiar with that, but you know I will. I will look it up after this interview because that that shows okay, well, he doesn't know it, but he's not just going to stay like that, he's going to try and do something to figure it out. Um, all those little things, man, you'd be surprised all those little things help just with your image. Like you know, you're selling yourself. You are selling yourself to your future employer. So you are trying to be, you know again, don't lie, don't be a car salesman.

John: 50:09

But you know, be, be you know, be honest.

Daniel: 50:13

If you really are, you know gonna go and look it up afterwards and try and figure out what that is, or whatever you know, say it yeah yeah well um this has been great, daniel, and any last questions that you have for us list um, is that something that that would y'all recommend pursuing, or or is it something just another check on, you know, on the box, or something?

John: 50:53

do you have a four-year degree of some sort? I don't do you have an associate degree, any two-year degree, anything?

Steve: 51:02

I don't okay so well on the wgu one um actually an upcoming episode coming out next week, but this will be after that.

Steve: 51:13

We talked to a guy named Ryan and he actually has been through WGU and he talks about. We asked him that question. You know what's his opinion. I won't spoil it so you'll get to see it new. You know this will come out probably after that one, but he, you know he gives his opinion on it. I don't, I don't think it's going to hurt you. I think you're doing the right thing. If you look at jobs that you want to do and they say, hey, for your degree required, or do they say, or equivalent experience, right and and like a sock analyst job.

Steve: 51:49

You don't have to have a four-year degree to do a sock analyst job period so you can get going, get your foot in the door, get building that experience. Maybe you get an opportunity for them to pay for you to do your degree or, if you know, if you need that right. So it is not going to hurt you, especially if your goal is to be an engineer or whatever right. You look at those jobs and they say, hey, four-year degree or equivalent experience, and it might be by the time you get five years in. You don't, you don't necessarily have to have that four-year degree. Right, they're going to look at your experience and your skills. So, yeah, it's not gonna hurt you.

John: 52:28

Yeah, I guess to add on to that, if you are gonna go into debt to get you a degree, don't do it. If you have, maybe if you've been in the military or or some way shape or form, you are able to go and get an education for pennies on the dollar or for free, it won't hurt you. But, like John said, you don't need it for a SOC analyst position or SOC position. And when you get that SOC position, if you work there for a couple of years, you are going to be getting so much more real world experience that that right there will be enough to move you to the next level. So unless you are applying to a company that has some crazy rule that says all we only will hire people that have four-year degrees, it won't matter find another company, that's fine, move on, and if they have that, yeah find another company, yeah skip it or something, and this is coming from people that work at a university, right?

Steve: 53:27

so, yes, take that that's right. Yeah, that's right yeah yeah, so what, what else you got?

Daniel: 53:35

there was a linkedin. Linkedin is another one that I wanted to ask. So I'm not really big on social media like just barely just small stuff but I feel like linkedin it's really where networking happens and and just really need to be on it. Do you recommend posting something daily, weekly, monthly, or I thought about talking about tcm or what I'm doing, studying, but how does that really help or is it just how?

John: 54:04

does that work? So recommendation and I literally gave this advice yesterday to another mentee I have LinkedIn in my opinion is used for networking. So, for example, if you apply to a position for us right, and we see your resume, we like it, we see you have a LinkedIn, then we're going to go check your LinkedIn for a couple of reasons. I want to make sure that the stuff on your resume matches the stuff on your LinkedIn, your work experience, all that. I also want to see what kind of connections you have.

John: 54:39

If, somewhere down the line, my brother knows a friend of yours or a cousin or something and there's some connections, then that to me that'll put you a little bit up top. Why? Because there's some way, shape or form that we are connected, yeah, so then I will ask similar or or or, uh, you know connections, similar connections that we may have about you and get their opinions about you, their thoughts about you, their thoughts about you, right? I also want to know you know who is Daniel, right, like who is Daniel. And if I see a picture of a smiling guy, happy guy, I'm like all right, daniel, he has a good vibe, all right, that's good. If I see a profile that's half created with no picture. I'm like why even have one? So if you're going to commit, if you're going to do LinkedIn, go all in, don't half-ass it.

Steve: 55:31

Go all in.

John: 55:32

Talk a little bit about yourself. I think it helps. Now what I told him, I only go back to my own personal LinkedIn profile. I only update it when I'm looking for a job, right Because?

Steve: 55:46

if I'm not, let me go, look, hold on.

John: 55:50

Because if I'm not really looking for a job, there are connections and there are things that you can get from LinkedIn. I'm like you. I'm not a big social media person. In my opinion, LinkedIn has shifted a little bit with the newsfeed and the posting to be a little bit kind of like Facebook in a way, which I don't like, so I don't partake in that too much, but I still use it as a resource when I'm hiring people.

Daniel: 56:16

Okay.

John: 56:17

So that's where it can kind of help you and people like to post on there. Hey, we're looking for these positions or looking to hire.

John: 56:25

So if you're constantly active on there, at least logging in once in a while checking your newsfeed, checking to see what what's going on, it could help you as well and make connections. You know, don't just have an account and just sit there, but like, go and connect with people. Right Again, going back to what I said earlier, if you're watching YouTube videos, if you're watching webinars, whatever it may be, connect with those people and then you might find other connections and then, before you know it, you'll have like 500 and something followers or whatever.

John: 56:56

And yeah, I mean it's, it's, it's. So back up, backing up it can be useful. Ok, but again, if you're going to do it, commit 110 percent to it.

Daniel: 57:06

Yes, I agree.

John: 57:06

Okay.

Steve: 57:06

But again, if you're going to do, it commit 110% Commit to it. Yes, I agree, yeah.

Daniel: 57:09

Okay, because I just thought about just meeting people or the jobs that I see with those companies trying to reach out to the recruiter or whoever's on there. Just send them a message or something Yep, yep and recruiters will reach out to you.

John: 57:25

Once they see your profile and they see where you're located. They see, oh, this guy is interested in cybersecurity. You know all that. They'll be reaching out to you and saying, hey, we think you're a good fit for this position. Again, because that's how the recruiters make money, right, they're trying to fit people in roles. So that's just another way for you to present yourself to the world and say, hey, I'm in cybersecurity, I'm interested. This is what I'm doing right on my own, so it is good.

Daniel: 57:53

Yeah, oh, nice Nice.

Steve: 57:56

All right, um, we got to wrap it up. That's time. Time flies, but it's great Um just part one right, just part one right of helping you out, daniel. And you know, feel free to follow up and send us questions and we're going to send you some stuff we're going to send you some homework, all that good stuff, and we'll have a plan to meet up again that way you have some accountability.

Daniel: 58:22

That's probably the biggest thing You've got to show up.

Steve: 58:26

He's like did I do my?

Daniel: 58:27

homework. Yeah, right, yeah.

John: 58:30

And when this posts, people will be asking hey, what's going on with Daniel? What's going on? They'll leave comments like hey, we got to have Daniel back so he can give us an update. Yep, so now the pressure is on my friend, yeah.

Daniel: 58:42

I love it.

Steve: 58:47

Let's go, yeah, yeah, let's go. Awesome, All right. Well, that's it. Thanks everybody for watching tuning in and thank you guys again.

John: 58:54

Yep. Thanks, daniel, have a good one.

Daniel: 58:55

Thanks, guys, see you Take care.

Steve: 58:57

Thanks for tuning in to this episode. If you're looking for personalized mentorship, click the link below to sign up for a free consultation with us.

John: 59:07

During this session, we'll talk about your goals, your challenges and how we can better help you. This may include reviewing resumes, career advice, setting up action plans that are tailored for your needs. Yeah, at Cyber.

Steve: 59:17

Professional Services. We're here to guide you at every state of your cybersecurity journey.

John: 59:23

That's right. So keep learning, stay secure and we'll see you next time. Thank you for tuning in to today's episode of the Cybersecurity Mentors Podcast.

Steve: 59:32

Remember to subscribe to our podcast on your favorite platform so you get all the episodes. Join us next time as we continue to unlock the secrets of cybersecurity mentorship.

John: 59:42

Do you have questions or topics you'd like us to cover, or do you want to share your journey? Join us on Discord at Cybersecurity Mentors Podcast, and follow us on LinkedIn. We'd love to hear from you. Until next time. I'm John Hoyt and I'm Steve Higuretta.

Steve: 1:00:02

Thank you for listening.