Cybersecurity Mentors Podcast

Mastering Cybersecurity: Part 1 - Why learning how to "Build" is Essential

Cybersecurity Mentors Season 3 Episode 3

Share episode

In this episode, we delve into the often-overlooked yet fundamental importance of learning how to "build" systems, networks, and applications for cybersecurity professionals. Coining the philosophy "Build, Secure, Hack," we explore why hands-on experience in building provides an essential foundation for effectively securing and ultimately understanding how to hack those environments. We discuss the pitfalls of skipping these foundational IT skills, highlight the immense value of setting up a home lab for practical learning, and offer concrete examples of what to build to enhance your cybersecurity expertise and career prospects in today's job market.

Check out our new merch shop! https://the-cybersecurity-mentors-pod.myspreadshop.com

YouTube Resources

Virtualization Platforms

  • VirtualBox – Free and easy to use. - https://www.virtualbox.org/
  • VMware Workstation Player – Personal use version of VMware.
  • Proxmox VE – Advanced, self-hosted hypervisor.

Lab Design Ideas

  • pfSense as your firewall/router
  • Linux and Windows VMs for practice
  • Add vulnerable VMs from VulnHub to practice attack/defend - https://www.vulnhub.com/
  • Add Security Onion to practice detection - https://securityonionsolutions.com/

Automation / DevOps

  • Ansible – Infrastructure as code for deploying and managing servers - https://www.ansible.com/
  • Docker – Build and run isolated containers (great for web apps or SOC tools) - https://www.docker.com/
  • HomelabOS – Build an entire lab with one command - https://homelabos.com/

Cloud Options




Send us fan mail via text

Steve:

Could you teach me First learn stand, then learn fly. Nature ruled on your son, not mine.

John:

I know what you're trying to do. I'm trying to free your mind, neo, but I can only show you the door. You're the one that has to walk through it.

Steve:

What is the most inspiring thing I ever said to you Don't be an idiot Changed my life. Welcome back to the Cybersecurity Mentors Podcast. Today, we want to talk about something that every aspiring cybersecurity professional must take seriously, and that is the skill of building systems, networks and applications. So the question is can you defend a server if you've never deployed one, or can you protect a network if you've never configured one? So that's our topic for today. So, John, what are your thoughts?

John:

Yeah, I think one of the things that stands out to me and made me think about this is, if you look at curriculum for a lot of certifications, a lot of training platforms that are out there and skill sets for SOC analysts and analysts in general, they used to, or you used to, there was no entry-level security jobs right, and today this could be argued as well. But you had to go through the IT pipeline. You were some kind of flavor of network system administrator, application developer, and then maybe you went to security right application developer and then maybe you went to security right. Well, that has been leapfrogged a lot where people, because of the demand and the need for people to miss out on the it fundamental skill sets that you, you know the hands-on, the experience of doing these things and help desk like, for example, maybe you can work at the help desk. You get some of that, you get some of the troubleshooting, but really what you need, in my opinion these are my opinions to build a system and if you understand the inner workings of building a network, building a server, linux, windows, building an application, then you will understand better how to protect or secure those systems and apps and networks and then you will also understand better the threats against those and how. If you're putting your offensive hat on how they can be hacked or how to hack them, because you understand how they are built, the best offensive operator for a focus on windows is a former windows system administrator, like that's.

John:

That's a true statement in my opinion. So this is a gap. I don't see this out there. I don't see this focus on this. I don't see if you think about all the certs and the certificates, they're not saying they might say, hey, you should go take network plus, you should go take a plus, you should go take Linux plus, which we say to, but really they see those as stepping stones to to knowledge of okay, now do security. Not necessarily, hey, you need to to build this skill, you need to do this skill and maybe that means you get a job doing these things. There's nothing wrong with that right To get your experience in this skill. But we also believe that this is going to make you better. It's going to make you a better operator, it's going to make you better analysts and you will be able to be stronger. If you have this experience and you can also do this yourself, you can work on these skills and really you kind of should cycle through these things and this is like my new mentality, my new philosophy. It's not new, but it's like in my head it's been sticking out the build, secure, hack philosophy, right. So you learn how to build, you learn how to secure and then you also learn how to hack. And if you cycle through those things, you're going to be awesome. You're going to learn all those facets of it and it's tough to learn everything, but it is something you can learn on all facets of those, all those fronts that you are going to just be levels above other people that have just focused on the defend, the protect.

John:

That's what most people focus on. They get siloed. They want to be red teamers. Right, don't just be honest. Everybody wants to be a red teamer. But they have to go take the job in the sock because it's the entry level, quote unquote job. So they go in the job in the SOC because it's the entry-level, quote-unquote job. So they go in the blue path and maybe they stick there forever.

John:

But, as I've argued before, if you understand the offense, you're going to be better at defense. So a lot of people will just focus on the defense. They get in that path and that's where they stay. Or they get in the red path, the offensive path, and that's where they stay. They don't like to cross the streams, which I think is wrong in my opinion. Yeah, if you want to be the best exploit developer, okay, I get it. If you want to be like a niche, I am this guy who's the best in the world at this offensive or this defensive thing, I get it. But for most of us and also the most marketability and the most opportunity, the more well-rounded you are, the better you're going to be. People may not like this this is my opinion. I think Steve backs me up here but the more well-rounded you are are, the more I can fit you in and I know you're going to be ready to hit the road like I'm going to feel good about you in a role defending my network or even attacking my network and testing my network, because you understand defense or you understand offense and man. You add the other layer. That's the foundation, but it's also kind of the icing on the cake of fundamental building. It's next level.

John:

And the reason I know this is because when I go and talk to system administrators and I was a system administrator. I was a jack of all trades. But system administrators, when I go talk to them, then I can speak their language, I can talk their talk. I understand what they're going through. I understand their weaknesses, I understand their headaches, I understand where they're coming from and so when I talk to them, I get it and I get what I can mesh with them easier.

John:

When I go and talk to network guys and girls like oh, I'm not, you wouldn't want me building your network, but I know enough to be dangerous and I have built networks and I've configured switches and routers. That's not my strong suit, but I know enough. But I cannot communicate with them. I can communicate in a way that I get it. I get what they're saying, I get where they're coming from, right, so that makes me a better security professional.

John:

When I talk to application developer again, you don't want me to write in your applications, but I have written written applications, I've written programs. So when I communicate with them, I I can, you know, I can relate, we can build rapport. Oh, I get it. I know what you mean. I know why you want to have this. Here's what I'm recommending from a security perspective.

John:

And then when you're doing forensics, when you're doing triage, when you're doing whatever, and or testing, if you know how the best web app, security, offensive security folks or the former developers they wrote code, they developed applications, they know that world, they know where people are going to take the shortcuts were former developers. They wrote code, they developed applications. They know that world. They know where people are going to take the shortcuts. They know when they're going to miss out on a misconfiguration because they're just tired and wore out right, they're going to look for those things. Now, can you be all those all the time? No, you probably need to focus on maybe your favorite and focus on that. But I do think it is good to be enough to be dangerous in the other areas, in the other pillars, I would say so. That's my rant. Um, I believe this. I think it's good. I think more focus should be put on this, and we're going to talk about how you can work on this, how you can do this for free, even in your home.

Steve:

Yeah, absolutely no, I completely agree with you, man, I really do. And I have to say that I think I'm a living example. Right, I went to school computer science degree. Right, I went to school computer science degree. Where I went, their focus was more on programming and less on actual security work. But again back to the beginning, got a great opportunity with you being an intern, kind of learned, you know you took me under your wing but I so I didn't go the traditional route right of starting just in a general it position, whether system administrator, application developer, network engineer, whatever, maybe I did not. I went straight college, straight into a security position. Now I will say that, uh, having that internship experience with you helped me tremendously. I probably would have, might have had to go the more traditional route of just the general IT position if I did not have the internship experience working, you know, with a security expert like yourself.

Steve:

But I do remember being in my first position. I was working at a hospital as a security analyst and working with senior level. Guy kind of mentored me a little bit and him kind of telling me he's like man, your generation is really screwed. And I was like what do you mean? And he's like you guys just skip the fundamentals, you guys just skip the basics and you go straight into security. He's like nothing against you. I mean you're learning and you're a hard worker and I will help you as much as I can. But it would be easier for you, as a security professional, to be even better at your job If you knew some of the it fundamentals that you just don't learn in school, they just don't teach you. You learn that by actually being in that job or or having that hands-on experience. And you know I. You know I was young and I was like man, screw this guy you know, um, I'm gonna show him right.

Steve:

Um, but you know, but as time went on and as I gained more experience and as I was exposed to more things, I always kind of wondered if things would have been different for me if I would have gone the more traditional route. Right now I mean, it's too late now, we'll never know. But I do think that there are benefits to knowing the fundamentals, to building things yourself, so that you know the ins and outs, you better understand how things work. Kind of like you said, if you understand how they work and you know how they are put together, then you can better defend them. You also think about things differently, right? If you are building a server or building an application, then you might know, unknowingly, know its vulnerabilities, and then you put on your security hat and you kind of see that differently, right? So it helps you kind of look at things in a different lens.

Steve:

If you already have some of that background knowledge in a different lens, if you already have some of that background knowledge, um, it's just, and I agree with you a hundred percent, and I know there's a lot of people who have kind of gone the route that I have of going straight from school to a security position and they've been very successful and they're still successful and they're killing it, doing great, and they're learning, as things.

Steve:

As you know, things go as things get put in front of them, as they're having to tackle problems and scenarios, and that's fine too. But if you do have the ability to take a step back and kind of go the more traditional route, I would say, like you, go for it, because it will benefit you tremendously in the long run. And we've talked about this before. Right, we've been in situations where we're trying to hire entry-level cybersecurity professionals and we're not getting a lot of great candidates. So we kind of take a step back and focus more on hiring those who may have zero to minimal security experience but have strong general IT backgrounds. So that itself has been a huge change for us. So yeah.

Steve:

I completely agree with you in the importance of kind of taking that more traditional route.

John:

Yeah, it kind of jumped in there. I think what people would see when they hesitate about that is like man, I just want to do security, I just want to go, I want to get that job, I want to make that money. There's money and there's opportunity and security, and so people can see that it's like man, how long am I going to have to do? Two years, three years? I get it. I love security. I want to do security all the time. But you're gonna be so much better and better prepared if you do take this time and take that year, two year, three years to build up your skills. You will be better.

John:

It is a pause into the full security realm. Maybe you get lucky and you can mix in some security there. Also, I would just put a little caveat Don't get sucked in. As the evangelist for cybersecurity and you working in cybersecurity, don't get too sucked in to the IT, just IT life. Work it as a okay got my future. I'm working on this, doing this. What am I doing for security? How am I still continuing my security path? Don't stop. It's not a stop sign, it's a speed bump, absolutely.

Steve:

Absolutely Awesome. So then, how can, how can people get that experience? Right? What's another way other than taking that role, taking that position? What's another way that people can get that experience from the comfort of their home? So you may ask yourself well, one of the easiest ways to do that is starting off by having a home lab. So, building yourself a home lab where you can then, within your lab, have the ability, the space, the equipment to then build these additional items that we were talking about. That will give you some of that experience, definitely hands-on experience, but some of that build knowledge that you can then take into your cybersecurity role.

Steve:

So, why is a home lab important? Well, it is definitely a way for you to learn in a safe environment, right? There's a lot of things here that you're going to have to build and put together, configure, and what better place than a safe, controlled environment that you put together, that you built, that will allow you to then expand and build a couple other items as well. So what are some of those things that you can build? Well, we have them broken down here in different areas. So, for networks, what do you have here, john?

John:

Well, you could build out a network monitoring lab. You could build out Security Onion as a great example, and this episode will have come out, I think, after Doug Burks' episode, and he talks a lot about this. He specifically talks about home labs and we even discuss how you could use security onion in your home network and do some attacks and against some victim systems and see how to how to monitor that and how what shows up on the network, how what shows up in your logs, what you know, how better to get an idea of how that alert should trigger is if you're doing both. You know you're attacking, defending and you're monitoring. That's a good example. And one thing too, just another thing I thought about is I think a lot of people talk about home labs. They talk about, hey, you should have a home lab and Doug mentions this specifically in his talk with us is like that's a great interview question.

Steve:

Hey, tell me about your home lab.

John:

Tell me about what you built. And it's almost a point of pride of like, oh, I built this cool thing, I've got this whole vm proxmox setup and I've got this server and I've got a weird vm and I've got this kind of iot device right. I think's awesome. But don't just think about Home Labs as a way to do attack, defend. Use it also as that way to get reps and building. Oh, I got to build an active directory environment.

Steve:

Oh, I've got to build a domain controller.

John:

Oh, I got to build a network switch or a router, virtual router, whatever. I got to build a virtual hypervisor. Right, that's also the important part of the the home lab that we're saying that you have that build a home lab. But I think a lot of people talk about it as a you can get practice on an attack defend. But I'm saying yes, and use it as an opportunity to get the build skills and the reps in Absolutely, and this, this exactly.

Steve:

you're exactly right. So this is what you will put in your resume for hands-on experience, especially if you're coming in from, if you're doing a career change and you've never worked in IT or don't have it or have any other cybersecurity experience other than going through certifications, doing online training, these hands-on projects that you do in your home lab are things that you would definitely definitely put on your resume, because that's the meat and potatoes of your resume at that point. If you're an individual who is coming in completely fresh, zero experience, this right here is really what's going to set you apart.

John:

um, so yeah, it's definitely very important they're going to ask you questions about it. That's great. That's what you want. They're curious that? Hey, tell me. I see on your resume where you talked about setting up security onion in your home lab and monitoring some attacks. Dude, that's a perfect. I love those questions. Those are easy softballs. I'm gonna knock that out of the park because hopefully you're excited about it. Hopefully you're talking about what you learn. Hopefully you're telling them. Man, I never used security onion before, but when I set it up in my lab and I started monitoring things, I got excited and this is what I saw and this is how I could triage it, and I learned so much more by doing it than just watching a YouTube video about it or something like that. Absolutely yeah.

Steve:

If you're looking at a position description for a job that you're applying to or that you want to apply to and it says on there that they're looking for somebody with experience with Splunk, for example, and they say they need somebody who can investigate suspicious activity with Splunk and document it. If you set up your lab and you set up a free version of Splunk, you throw it in some dummy data, you can follow the steps, trying to identify what's going on, what's going wrong, and then you can document it, and then in your resume you could say experience with Splunk, detecting and documenting investigations or incidents, whatever. And it's true, you have done that. You might have done it once or twice in your lab and not in a full time job, but you've done it, so you should be able to talk about it and that right, there could be one of many reasons where they actually call you in for an interview because they saw that on your resume. So, yeah, it's very important.

John:

Yeah, I mean, think about and we're going to provide some references and information, but think about what you're weak at. Could you build a Windows server from scratch? Could you build a Linux server from scratch? Could you build a Linux server from scratch? Could you configure it? Not just build it, not just start it, but configure it to a working server that's actually running a web server, apache, things like that. Could you start up a, you know, join member, build a domain and join client machines to that domain? Here's one for you. Could you build a domain, active directory domain and have linux machines join that domain? Right?

John:

There's all these little things that you can. This is easy. This is not easy, but it's stuff that you can do in practice. So not don't just think about you know again, the security, only pieces of this, like Windows, linux networking, virtualization applications okay, build, you know, maybe you have a starting place, but you build a basic web application server and you serve some pages. You run something on there, um, and you're actually serving dynamic pages, right, um, and those things that, from my experience that I have done in a real job, those helped me, even though I don't use them every day. But man, having done that before. If something comes up like that, oh yeah, I've done that before, yeah, okay, oh, it's not exactly the same, but it's similar's similar, right?

John:

So there's many ways. You could use, you know, your friendly chat gpt, and say, hey, give me, uh, 10 scenarios that I can use to build out in my home lab to get experience with building environments or building systems or building networks. It's going to give them, it's going to give them to you, right? Um, and all that stuff. It's really essentially free. You know you can use virtual box, you can use virtual other virtual machines, virtual hypervisors, and you can build it and build it, get it bigger and better. But really, from, what you need is very little and minimal to get that going to build this home lab. And it's a great experience.

John:

Then you could take it to the next level. Maybe you do spend a little money, or maybe you invest a little bit, or maybe you can get some free credits if you're lucky. But then expand that to building in the cloud, right, I mean that is a big skill understanding how to deploy and configure your systems in cloud. Different cloud environments are different. You know. It could be just standing up a virtual machine and instance, in those cloud platforms, do it for a little bit of time, so you don't forget about it, because you're going to get a bill later. But getting that experience and building those things in cloud environments, and then how do I protect this? How do I secure it? Um, how would somebody hack it? How would I? How would it be misconfigured, right, um, those are things you can do with some minimal investment. Potentially, there might be ways to there might be some ways that I'm not aware of, that it's like oh, this is ways you can get around having to spend a lot of money. Just don't let it run forever.

Steve:

That's a big thing, but, um, but yeah, so keep this in mind when ways you can build out different scenarios yep, absolutely, and this episode could go hand in hand with the two we did last season for skills and tools for a security analyst. So there we talked about SIEM solutions, endpoint protection solutions, phishing, network monitoring, incident response. We talked about a number of things that we also recommended that you set up in your lab and test them and try them and start working with them to get some hands-on experience. So all this will play a part, kind of like what john was talking about the build secure hack, so, um, so what are some other uh like platforms or or tools that we can use, john?

John:

yeah, I mean, there are training. You know there's training out there. There's training. You imagine you're going to do ccna. Right, that was something. That was a thing back in the day that I was like I'm going to be a ccna and I really didn't even know why I wanted to do this. But nowadays the ccna is has a lot more security. Focus on it. But what is that? It's teaching you how to do configure and do routing and switching, like do layer three networking. But now there's a lot more security baked into it. But you can focus on those.

John:

Imagine you're going to go get a job in IT. Maybe that's what you need to do. What are those certs? What are those training that I could do to get those skills up? Oh, I'm going to go get a CCNA. That is not going to hurt you. If you show up at my door with a rep on your resume and you got CCNA and I'm not going to be like, oh well, you're not a router and switching guy. I'm like, oh, why did you do that? That's cool. Oh, because I wanted to to learn how to do networking better, right? Oh, I got my linux plus, I got my red hat certification. Uh, or you know, or I built these. The certifications is really not the thing, but it does help put it on your resume. Oh I, I decided to dive into linux and build out my skill set in linux and and maybe you take the cert, maybe you don't.

John:

There's opportunity If you kind of change your lens from a security only skill, I got to get security plus, I got to get Google security, I got to get SISA, whatever, and think what are those it fundamentals that I could build? There's training out there for people that just want to go the it route and there's certificates for that. For people that just want to go the it route, and there's certificates for that too. Amazon, right, amazon certs, azure certs, all these things system administrator certs, microsoft, whatever, cert. And training. Really, training is the most important part. But all that is out there. Some of it's free, some of it's not too expensive, but it's.

John:

If you're going that path and you want to be a system administrator, what would you go look for? Okay, go look at those jobs, go look what they're asking for, right, but it's really not that complicated. It's like here's the skill sets microsoft, linux, windows, linux, active directory, right, applications, networking. Those are why I Windows, linux, active Directory, right, applications, networking. Those are why I say pillars. Those are the big ones that you want to get skilled in. Maybe you have a favorite, maybe that's your go-to. Maybe networking is your favorite, that's okay. You know you want to be good in others.

John:

But just, I would just say, look for ways to pursue that, almost as if you were pursuing it as a. I'm going to go the IT, whatever route. I'm going to be a network engineer, I'm going to be a systems engineer, a system administrator. I want to be an application developer and if you pursue it in that perspective, there's lots of opportunities. You don't have to go the full route. I wouldn't say go all the way to the end if you want to get into security, because it may take you a while to get there and then you try to transition, but get to a level of like. Most people don't. Most people aren't doing this. What I'm telling you to do right now, most people are not doing. We see it, we see resumes. They're not doing this route, they're going straight security. And if you show up, you know, in my inbox I'm like man, I wish they had done this other, I wish they had pursued these other skills well it's.

Steve:

It's getting tough, man. The job market. You know, I've met with a couple people this week last week that were helping out and the job market is not great, you know, and we spoke to kelly last season season and she did give us a heads up.

Steve:

Things are supposed to get better but it's going to take a while and I think this is a great just shift of focus for those people that are out there that have been solely focused on getting an entry-level cybersecurity job, and they've listened to our podcast, they've done all the extra work, they've done all this and they're still not getting picked. There's nothing wrong with you, especially if you worked with us, because we always sit you straight.

Steve:

But, it's just the confidence in just these different companies is just not there right now. Things are very rocky, so give it a couple more months, give it a little bit longer. Things are very rocky, so give it a couple more months, give it a little bit longer. Things might get better. But even if they do, things will slowly start to progress right. So they're not just gonna hire hundreds of thousands of people overnight. It's going to slowly get better In the meantime.

Steve:

If you're not trying to wait and if you're in a hurry and if you need something, this is where that shift of focus could come in and help you, where you shift your focus from looking at solely cybersecurity work to, oh, working in the help desk, looking at sysadmin work, network engineer work, application developer work. You know, if you have those skills which we're trying to, we're trying to tell you it's good for you to have some basic fundamentals. There might be other entry-level IT work that you could step foot in in the meantime as a placeholder and, who knows, they might have an internal security team that then you can step into after a year or two. But at the same time you're not wasting time, you're working, you have a job, you're gaining experience. You're making some money, maybe not the amount that you would love to make, but be patient, it's a win. Win it really is, because just these fundamental core things will help you tremendously in the long run as well, and branching out to a non security but it work could help you now as well.

Steve:

So yeah something to consider.

John:

Yeah, and I'll wrap up with this. Imagine you've had a server compromised. A Windows server, a Linux server, let's pick a Linux server. And you've got the data, you've got the logs, you've got what EDR has told you, you've got the tool that's told you things. But maybe things aren't piecing together and you've never built a Linux server, you've never configured a Linux server, you've never had to troubleshoot a Linux server and you're trying to figure out what happened, how it happened, how do we, how did they get in Right? What could it be? The misconfiguration that got them in versus I built? I've had many reps building my own Linux environment, my own Linux servers, my own, my own application servers on Linux systems. And oh, wait a minute. Well, oh, I remember this. I remember having to troubleshoot this and I forgot to set this permission correctly, right, I forgot to configure it in this way. How much different that is if you were to have that experience versus not. And it's an investment in your skill set and investment in you for the long run.

Steve:

Yeah, and sometimes your Linux administrators, wherever you're working, they're not the nicest people. Your Linux administrators, wherever you're working, they're not the nicest people. So instead of waiting on them to respond to your questions, you, having a fundamental knowledge, can just give you. You know, put you that one step ahead, so it could work.

John:

It could work in your advantage In some ways. They, you know, depending on where you work, they may not want to tell you, they want to keep you in the dark a little bit, because maybe they made it. Maybe maybe they messed up and they don't want to let it out that they made a mistake and they're like oh, he doesn't know because he's he's not been a system administrator. He doesn't know because, trust me, this happens. Oh yeah, you bust. Then you bust out the question on them. You're like what about?

John:

this like oh shoot he, oh shoot, he does know.

Steve:

Yeah, that's where you want to be. That's where you want to be. So you mentioned a couple of things that people could do, but I kind of wanted to go through that again. So we talked about setting up, just like a Windows server, active Directory or a Linux server, and, if we go back to the previous episodes, we talked about setting up a sim, using a sim. Um, we talked about simulating some attacks, uh, web applications. Um, what are some other things that people could do, john?

Steve:

if you just had to list them out, just give me some ideas, yeah, I mean, and we will have some stuff documented also at the bottom of of of the of this episode.

John:

So yeah, you know, imagine a network, kind of a mini home network and not home network. How about this? Imagine, imagine a office network, a medium, medium size company, right, what might they? Well, they're going to have their web app server. They're going to have, maybe, their domain controller and they're going to have clients that are connected to that domain controller, that are logging into the domain. They're going to have some kind of database server. They might have a web server, an app server and a database server. That are all connected, right.

John:

So you kind of imagine what you might run into in a real environment and and what an office small, medium-sized business might have and where they might have it hosted and what you know start with, like maybe an on-prem version of that, where you would have it in-house and build out. Okay, this is what a typical environment might be. What would it be if I rolled up into a job? What kind of systems and network might be configured? What is the? What's the firewall look like? What kind of firewall are they using? You know what's my experience with configuring firewalls? What kind of intrusion detection, like we said, security onion, right, these things that you might see. Throw some cool things in there, maybe throw some iot things in there. Start with your house.

John:

Right, your house is a mini network you got all kinds of stuff plugged in now that is calling out. So there's definitely things that you have already that you could start playing with. But but again, if you think about it from a what would a small to medium size system configuration, network configuration, server setup, application servers, web servers, database servers, a domain of some sort with clients connected to it and servers connected to it, those kinds of things are good starting places.

Steve:

Perfect, yeah, that gives us, gives our listeners, some ideas, and again we'll post some stuff, some resources, things to get you started, give you an idea of kind of where to go next. And if you have any questions about this or if you want some more detailed information or more hands-on help, don't you know? Please reach out, don't be afraid to ask questions. So are there any other things we want to talk about?

John:

John, around the idea of learning how to build, no, just stay tuned for the next sections secure and hack. I'm excited to talk about those too.

Steve:

Absolutely Perfect. Well, I think that is it for us today. Thank you all for listening. Definitely be on the lookout for the following episodes to this and talk to you later.

John:

See you.

Steve:

Thank you for tuning in to today's episode of the Cybersecurity Mentors Podcast.

John:

Remember to subscribe to our podcast on your favorite platform so you get all the episodes. Join us next time as we continue to unlock the secrets of cybersecurity mentorship.

Steve:

Do you have questions or topics you'd like us to cover, or do you want to share your journey? Join us on Discord at Cybersecurity Mentors Podcast and follow us on LinkedIn. We'd love to hear from you. Until next time. I'm John Hoyt and I'm Steve Security Mentors podcast and follow us on LinkedIn. We'd love to hear from you. Until next time. I'm John Hoyt and I'm Steve Higuretta. Thank you for listening.