Big Updates for 2026 + Season 5 Recap!

Show Notes

In the season five finale of the Cyber Security Mentors podcast, hosts Steve and John reflect on the season's highlights, featuring insightful discussions with various cybersecurity experts. They recap key lessons learned, including leadership during crises, negotiation tactics, and the importance of community support. The episode also addresses listener questions and outlines future plans for the podcast, emphasizing continued growth and engagement with the cybersecurity community.

Chapters

• 0:00: Sponsor Message And Cold Open
• 1:16: Season Five Overview And Theme
• 3:31: Spy Hunter Eric O’Neill Takeaways
• 6:09: Frontline Insights With Charles Carmakal
• 8:01: Human Side Of Breaches With Suthagar
• 12:10: Negotiation Tactics For Cyber Careers
• 14:44: Social Engineering With Brian Brushwood
• 17:14: Structured Versus Unstructured Learning
• 19:26: Listener Q&A: SOC Readiness
• 24:20: Staying Motivated When Progress Is Slow
• 28:10: Common Beginner Mistakes
• 31:00: Best Beginner Certification Paths
• 33:00: Big Announcement: Channel Move
• 36:00: What’s Coming In Season Six
• 39:10: Gratitude, Community, And Final CTA

Transcript

SPEAKER_00: 0:00

And we're not completely moving away from Simply Cyber. We're just moving back to our original YouTube channel. And I'll share that what that looks like real quick just so you see it.

SPEAKER_01: 0:14

Could you teach me? First learn stand, then learn fly. Nature rule, Daniel, son, not the mind.

SPEAKER_02: 0:22

I know what you're trying to do. I'm trying to free your mind, Neo. But I can only show you the door. You're the one that has to walk through it. What is the most inspiring thing I ever said to you? Don't be an idiot. Changed my life.

SPEAKER_03: 0:45

We aren't here to waste your time with buzzwords. In IT and cybersecurity, what you know and what you can do makes all the difference. We are ACI Learning. Training built for novices and pros who need measurable results. Hands-on labs, real-world checks, courses that get you certified and ready for what's next. Build confidence. Strengthen defenses. Achieve more. Visit acilearning.com slash simply cyber to learn more.

SPEAKER_04: 1:16

Welcome back to the Cybersecurity Mentors podcast. And today we've got a big one for you. This is the season five finale. And I can honorly say this has been one of the most educational and meaningful seasons we've done so far. All season long, we've talked to some incredible people: spy hunters, CISOs. We've talked about breach responses, social engineering, just leaders and people in the front lines when it comes to just some of the most intense cybersecurity stories in the world. So this season really did stood out every single episode. We had a lot of different things that we were doing and talking about with some people, just mindsets, leadership, resilience, and just the way humans are dealing with the improvements of cybersecurity in AI. So today we're closing out season five with just a quick recap of kind of what we did who we talked to, what were some of the topics we discussed, what were the things that stuck with us. We're going to talk about updates and just the future for this podcast and the show. And then we just want to give a huge thank you to our sponsor. And then just talk to you, the listeners, to tell you what's coming up next. And uh this this community is growing. So I think uh we have a lot going on for this last episode. So here's to the final episode of season five. Yeah, let's get into it.

SPEAKER_00: 2:39

Um, so just a quick review in my mind of how things went. This I think it was great, maybe best season ever. I mean, it was good. We had we had some very uh cool people that we talked to, which was exciting. It's exciting to be able to use the podcast to get to meet people that maybe we would normally not be able to meet and have those conversations and and just be able to promote them and what they're doing, but also learn from them. And and man, there was a couple times this season where I was like, you know, mind blown, right? Like we'll talk about that here in a minute, but it's like, man, this is I feel like we leveled up, right? So if we if we're leveling up, hopefully you're what you're leveling up too.

SPEAKER_04: 3:26

Yeah, absolutely. You're leveling up with us. Yeah, um, we had some incredible guests. I mean, the most recent one episode that we aired with Eric O'Neill, like a true life spy hunter. Like that was incredible. That was an incredible experience.

SPEAKER_00: 3:43

Yeah, I mean, um whenever it it came across, like, hey, this guy was wanting to to maybe do an episode with us, I was like, who this this sounds familiar. They mentioned the movie Breach. And I was like, I think I've seen this movie, right? And it and then I went and looked, I was like, no, I have seen this movie, and it was actually a good movie. It wasn't like one of those movies where it was like, you know, a B movie where you're you know, okay, there's a movie about this story, and it was like, dang, these people are legit people you recognize, the actors and actresses, and um, and it's a good story. And I, you know, for me it was also kind of cool because I had been to the FBI Academy, and and kind of some of the things he mentioned in this in the book, he I was like, I've been there, I was I've been there, right? So that was really cool. Um, but no, it was just his the brief the gray day book is really probably one of the better books about espionage. And at first I was a little skeptical and like is this really cyber? But it it is because of this guy, Robert Hansen, and how he was like you know, they put him in charge of like securing the FBI systems, but really they were doing it to set him up. But it's his story is interesting, and then the uh his topic about his new book is all like he does a really good job. We talked about this in the episode of just like covering all the major breaches that have happened, I don't know, for 20 years, and lessons learned, and then his lessons learned about you know being a spy hunter and how you can combine that. And I was like, you know what? We are spy hunters, okay? Let's go.

SPEAKER_04: 5:25

Yeah, absolutely. I agree. I mean, just some of the things that he brought that we talked about, right? Like thinking proactively instead of reactively. You know, we we tell our guys on our team, hey, we need to be more proactive, more proactive, because it's not if, but when a cyber attack happens, we need to be ready. And then also he was talking about just the offensive mindset, right? Like not waiting for threats to happen, but going after and hunting for them. And then just humans, deception, the whole psychology around it, like all that is just super important when it comes to cybersecurity. So I actually did enjoy his talk and um just talking to him, meeting him, and just hearing his story, which was which was awesome.

SPEAKER_00: 6:06

Yeah, so you want to talk about Charles?

SPEAKER_04: 6:09

Yeah. So Charles Carmichael, so he's he's a friend of yours, John, and we have spoken to him before, but this was us bringing him back to this podcast and having a conversation with him. And I thought that his his conversation was very impactful, and hopefully, a lot of uh up and coming or people within cyber already who are trying to go into that offensive security uh uh just area of cybersecurity. You guys got a lot out of that episode because we did, we did um having him be on the on the episode and telling us not only, hey, this is what I'm looking for when I'm hiring to bring people into Mandiant, but hey, this is what we are seeing in the front lines of like who's who's be who's attacking who, what type of attacks are coming at us, like what are we seeing the most of, and how are people handling this? Like, that is just information that you don't you don't get every day, right? You you get it when you talk to somebody at his level and at his caliber, and I thought that was very interesting.

SPEAKER_00: 7:09

Um, I I mean I really do get so much from him just following him on LinkedIn. He shares some of the best, most actionable information that I've seen because of the the data that they are involved with, that the incidents that they investigate, and just that level of caliber, like you said, like if they're telling you to be on the lookout, then you should take heed and and really take their advice. So yeah, I I totally agree. And and I wish we could have spent more time with him. Um, it was cool that he a lot of the things that he reiterated he he he talked about, we had had previously talked about, and it was cool to see that, oh yeah, we're on the same page here. Um, so definitely uh very, very cool to have Charles with us as well.

SPEAKER_04: 8:00

Absolutely. So the other big hitter was Suthagar, who you had the privilege to talk to, which that ended up that was such a a good conversation and a long conversation that we broke that up into two parts the season. Um but do you want to talk a little bit about that and how that experience was with for you?

SPEAKER_00: 8:17

Yeah, I mean I think it was probably our most you know impactful from a lessons learned perspective, right? And and what it's like I think Suthigaard did such a good job just talking about his the people side of an incident. There's so much that happens, you read in the news, you kind of, yeah, yeah, it's another breach, it's another breach. But really like what happens to the pe on the people, to the people, um, when those things happen, and I think he his I mean his emotional intelligence level is like top of the the the the pyramid, right? I mean he's just such a good just did such a good job. I I there's this is an episode that I definitely leveled up hearing him talk about how he led his teams and his his people through this incident. While he had no s no actual security team, like he literally, yeah, it was him and contractors, right? So and then this kind of thing happens, but I think he just brought that human side to it that you don't get to hear, you don't get to see. Um, and that that's what you know. I want to be able, I would love to be able to do more of these type of episodes because when you get the boots on the ground, you know, perspective, you really can see like, oh, okay, here's some things. This put let me put myself in that situation. How would I do this? What would I do? And or what did they do? And how can I help each other? How can we help each other? And this is how we help each other, right? Is talking through it. Um, and from the comments and people that were watching and and listening, man, I could tell this is one that really uh hit home and people were like blown away, right? Of like, wow, just some of the things that Suthagar shared with us. So yeah, I I'm very I was very excited that it took us a long time. It took us about a month to schedule it because of timing and he's in Australia, right? My time's on, and finally we've got it going, and we finally got it. I at first I actually it almost didn't happen because I was like, I think this is not gonna happen. We're not gonna be able to sync and get it going. So very fortunate. I'm glad that we were able to do it, even though you know it's it's 2018, so that's a while back, but it doesn't matter. All those same lessons apply today.

SPEAKER_04: 10:43

Absolutely, and I think that was a level of just information that most common people are not exposed to, right? Unless you are in the trenches going through an incident yourself, like a breach, and a legit, legit breach, then that's not experience that you have. And I I I I may be wrong, but I haven't seen um a lot of uh similar kind of conversations or just discussions at this detail at this level. Um, I mean, it did help that they actually wrote out a paper on it and they published it and released it to the masses with detailed information. So that that was that was huge. Not a lot of organizations do that, right, for legal reasons or whatever you want to call it. So when you do have those opportunities to talk to, especially somebody who was there in the moment, living it, breathing it, I mean, that is huge. So I agree. I mean, some of the things that stood out have here on our notes were, you know, breaches create organizational trauma. I've never really thought about that. I've never really thought about it that way. Um, uh, you know, transparency is healing, uh, secrecy is not. I I have to agree. You know, I get there's a level of just like uh pride or maybe legal matters that don't allow organizations within the US to be very transparent with what occurred or what happened because they're afraid they're gonna get sued or whatever. Um, but at least within the cybersecurity community, if we could share that information, you know, that could help others prepare, better prepare, know what not to do because someone fell for this already because they didn't they did XYZ, let's not fall for the same thing. Um, and then just leadership during chaos is a combination of communication and compassion. And I I definitely agree with that because when you are in the fire, I think maybe compassion is the last thing on your mind. You're just trying to stop the bleeding and fix the issue, and you're just you're gonna do whatever is necessary to get there.

SPEAKER_00: 12:47

So yeah. Yeah, one thing I saw someone posted about this episode on LinkedIn and and commented, you know, and added us to it. And uh at the end, I just commented, you know, we can all be more compassionate. I think we can all think about that to other people that are going through an incident or a breach, to our people during an incident. Um it's easy to just get caught up in the incident and you know, tempers are gonna kind of get higher and and and pressure is on and all that stuff, and um I think that's why this episode was so good. It's just you know how he described helping each other through it and and through that that um that trauma and talking about it.

SPEAKER_04: 13:35

Yeah, absolutely. So another episode we did, another topic we touched was uh around negotiation. So that is, you know, if you're trying to negotiate a new position, if you're trying to negotiate a raise or a promotion. So that was an interesting episode. That that was one that I enjoyed. So just some highlights there, you know, fit, growth, and lifestyle matter as much, if not more, than just salary, right? When you're negotiating, you think salary is the most important thing, but really it's not. Well, the other thing was surprisingly, there's a large number of people that just don't negotiate at all. You know, they don't negotiate, they just take what's presented and they don't really explore that where they could get a little bit more on the salary, they could get additional benefits and just make the best out of that initial just negotiation. And then when you are in an interview, right? You as the person looking for a position, you are also interviewing that company. Don't just think just because you are interviewing for their position, you don't have the right to ask questions or to ask for more. One of the things we said was, you know, if you don't ask, then what's what's the worst thing that could happen? They say no, okay, move on, right? So yeah, any what are your thoughts around that episode, John?

SPEAKER_00: 14:54

No, I think you I thought we gave good practical, tactical advice um that maybe people don't think about andor use um or don't know you know, should I negotiate, should I not negotiate, how do I go about it? So I thought it was very easy. You could listen to that episode, especially before you're gonna have those conversations, and be like, okay, am I ready to have that conversation? And have I done my homework? Do I have my receipts? Do I have the data? Um, maybe I don't need to have it yet, right? There's a lot of those things that I think were very helpful in that episode. It was it was our only episode that was like a how-to tactical, but I think it had a lot of packed a lot of punch.

SPEAKER_04: 15:39

So the next person we had, which I'll let you talk about this episode, was Brian Brushwood, who was a very interesting individual I met. Uh uh, thanks to you bringing him on the show. Uh, but yeah, talk to us a little bit about that.

SPEAKER_00: 15:54

This is probably my favorite, like as far as like the the most entertaining episode we've done. I think this was it. Right. Brian is amazing. Um, and I yeah, it was just great. It's a good uh again, back to having the a podcast that you can invite people like Brian. Like, I would never normally get to have that kind of in-depth discussion with him. Um, and it was awesome to be able to do so while he's on this same vein of social engineering and and and security awareness training. And we literally, before we hit record, we told Brian, like, look, Brian, look, listen, you can talk about whatever you want to, you know, like this is this is your episode, and we lit was like we laid it up there, like, here you go, Brian, right? And he's like, boom, knocked it out of the park, right? Crushed it, yeah, crushed it. Um, and obviously he's a professional uh in so many ways, but professional podcaster, professional uh with YouTube, professional with hit entertainment, with just pre you know presentation, um, just amazing. And it was great to have that discussion. We've been working after that episode together uh on doing some some testing of this uh hypothesis of PvP social engineering. So stay tuned. We'll we'll tell you how that's going. Hopefully, maybe even next season. We'll see next year for sure. Um, but it's it's been a great, it was awesome to have him and and awesome to still collaborate with him too.

SPEAKER_04: 17:31

Yeah, no, I I like I said it was very awesome getting to know him and just having him on the podcast as well. I mean, talk about another heavy hitter, but just the whole idea about magic um as a training ground for social engineering, and then just how AI is going to just change that that area of social engineering and what's coming, and just prepping for that. And then the idea of like how to improve with is like the PvP, right? The PV player versus player social engineering. I thought all that was was very interesting. Take was uh a good topic to discuss, and just you know, thinking about it from a different aspect. So I thought that was a very good episode as well.

SPEAKER_00: 18:13

Yeah. And our last episode before this episode was about structured versus unstructured learning, and we talk about ACI, and we we were fortunate enough to get their their security plus bundle. We walk through it, we talk through it, we talk about um how we felt like yeah, there's definitely advantages to the structured learning and what you can get out of it versus trying to just DIY it mainly. Um, and you know, we thank them for being a sponsor. It's our first real sponsor, so we're thankful for them. This there are costs associated to running a podcast, right? There's things that behind the scenes you gotta do to keep the keep the ship afloat. So we're helpful grateful to have them. And I thought that was a good episode too. Like it's an option, and I think if you need help and you need some of that structure, they are not a bad option, they're a good option.

SPEAKER_04: 19:09

Absolutely. No, I completely agree. Uh, you know, thank you, ACI, for sponsoring season five of the Cybersecurity Mentors podcast. It was it was kind of easy, I mean, to be honest, right? Like we started with the idea of like, hey, we're not going to just accept sponsorships from anyone, right? They need to be good. We need to vet them, they need to align with our mission. And this this sponsor, ACI Learning, does and they align very well because, like we mentioned in the episode, there are a lot of things that they offer, specifically with that security plus bundle, that that's what we're recommending people, right? When they reach out to us for their free consultation and they're telling us, hey, I'm trying to get into cyber, I've tried this, that, that, whatever. What do you recommend I do? It is kind of following that same, those same steps, right? If you are new to cyber, we need to get you some IT knowledge, some basic fundamental knowledge. And then from there, you do need to go into learn some networking so you know how computers communicate with each other and how a network works. And then we talk about security plus. Okay, this is how you will uh secure a network, secure your environment, and this is why things are important. So that entire security bundle is perfect, is a perfect fit. And instead of you piecing things from online um from different creators and different things that are free, but sometimes not the most updated or not the best, for a very reasonable price, you can go with ACI Learning who's has already a structured setup, a bundle that has different resources for you to use, specifically the practice test, which I tell everybody that's the most important thing when it comes to any any certification studying. The material, there's a lot of material out there, but what really matters is the practice test because that will put you in that same similar situation that you will be in when you're taking that exam. And that's really the most important part of the entire path that you're on. So, anyway, yes, check out that episode for more detailed information. But again, thank you, ACI Learning, for sponsoring us on season five.

SPEAKER_00: 21:15

I mean, that's it. That was the season. Obviously, you can hear there's a lot that we covered, a lot of cool people. So we gotta, I mean, it's gonna be tough, but we gotta keep topping the each season, get bigger, get better, right? Bring uh bring in those guests and and those topics that you guys want to hear about. But I think that also help, I mean, if it's helping us again, if it's something we think we can learn from, then I I believe that others can learn from it too.

SPEAKER_04: 21:43

Absolutely. So now we're moving to some QA. So these are some questions that were brought up uh to us that we would like to answer, and we will try to get to most of these and give as much detail as we we can in this episode, right? Some of these may require a little more information, and if people show an interest, we can do a full episode on some of these questions, but we're gonna touch through a few quickly and kind of get through it. Let's do it. All right. So, first one, how to know if you're ready for a sock role. What are your thoughts on that, John?

SPEAKER_00: 22:22

Yeah, um, you know, if you've researched it, and first off, you got to make sure you you know what those responsibilities are. Um, talk to people that are in those roles, find out what they're doing. Is again networking is key, network with those folks, find out what the day in the life of a sock person is. We've got episodes where we cover what it's like working in the SOC, what a SOC analyst does, um, listen to those, make sure you understand what the job actually entails so you're not shooting for a goal that you don't fully understand. Um and from that, you know, you just kind of make sure that you have those fundamentals, you built on those fundamentals, you're solid in those skills as best as you can. Try to pick the tools that are typical in an environment like a sock. Um, the you know, tools like endpoint detection, defender is an example, um, tools like uh a log aggregation, Splunk Elastics uh for as examples, um, tools like network monitoring, like security onion as an example, right? Um, but then from there, it's you know getting those reps, as we talk about all the time, as much as you can in those tools. The the hard part is is to get some examples to work through that are like you sitting in a sock or an incident has happened and you're triaging it. There are resources out there um that do try to give you some of that experience that like I was messing around the other day with uh Hack the Box and their blue team or their blue labs or blue boxes, whatever they call it, um, where they try to give you some of that, like, hey, this just happened, here are the logs, triage those logs and try to determine what happened. And they ask you the questions to fill out. That those are all good. I mean, those are you know, there it may not be exact to you know the sock that you know you might be looking to work at, but it's still that same idea of here's a bunch of data, here's some things, you're trying to connect the dots from what happened, A, B, C, D, and figure out if you can triage that incident enough to number one, you know, what would you do to stop the bleeding? Number two, backtracking how it got there, how it happened, where it originated, so that you can then learn from that documentation, write up what happened, you know, you know, writing a report that is a good skill that you should also take these the things that you would practice and write your reports that say, hey, here's what I learned, here's what happened, here's what we did, here's what we're gonna do about it, as if you were in the real world in that in that position, this is what we do. These are the things that we do in in our side, right? So you can't do everything, you can't have everything, but once you get to a point where you've got those that experience, and if I were to drop you into a random scenario, you wouldn't be flat footed. You would be like, Okay, I got it. I'm gonna think through this, I'm gonna triage, work the problem, start, start from you know, square one and just move through and piece those piece the puzzle together. Get somebody like us to re you know, talk to you, talk you through it and get help from a from a mentor or just somebody that's been in the sock and say, Hey, here's where I am, here's what I'm doing. How do you feel where I am? Do you feel like I'm ready? Right? It's always good to get somebody that has the real experience in those those environments to say, Do you think I'm ready? And and you know, just get feedback. But um, you know, you get enough of those. There's not like a test where you get 80% and you're ready to, you know, in the practice test and you're ready to go. But I think if you get the the experience and you feel comfortable in those tools and you get some feedback from others, like, hey, can you give me a gauge on you know, I I'm I'm good on this, I'm not good on this, but when I go apply, am I good to go?

SPEAKER_04: 26:30

Yeah, I agree with everything you just said. I would add a couple things too for for those listening. Um, you know, very first thing you mentioned was, you know, do you do you do you even know what a sock is and what a sock does, right? And if you're looking for examples of what are some of the things that a sock analyst or sock engineer would need to know or do, look at position descriptions online, right? Get on LinkedIn, get on other job boards and search for a sock analyst and see the type of things that they are looking for someone to know how to do. That can be a good way to just kind of go down the list of like, hey, do I have experience with these tools or something similar? Do I know how to do this, that, whatever? And just, you know, you got yourself a list right there. The other thing I would say is another way for us or other people that are in the industry that could help you and give you their feedback on whether you're ready or not is going through a mock interview, right? So if you've got your resume, you've got everything, you say, hey, I'm ready, you've talked to us about your experience. We think, hey, you that's pretty solid. Run through a mock interview with us for a SOC analyst position, as if you were applying to a SOC position um and going through and just getting the feel. That also could be a good gauge of where you are and and how strong you are, or how close you are to the finish line.

SPEAKER_00: 27:49

Next question. How do you stay motivated when progress feels slow? So I'll let you start with that one, Steve.

SPEAKER_04: 27:57

Yeah, so this this can be tough. Um, this can be tough, especially for those starting brand new or maybe transitioning from a different career, different area into IT, into cybersecurity, because there's a lot of things that you are not familiar with, a lot of new things that you'll be you will be learning. And let's be honest, IT and especially cybersecurity is always changing, always evolving, right? What you know today might be different tomorrow. Um, so there's a lot of moving parts. So, yes, it can seem like you are just constantly learning, constantly trying to make progress, but the finish line keeps getting farther and farther and farther away, or at least that's what it seems like to you. So, my advice would be keeping things very simple and concise. You are not trying to drink from a fire hose, okay? You are trying to take it slow and take it a little bit at a time so that you are actually learning, depending on where you want to go, whether it's GRC, whether it's SOC, whether it's Red Team, there are certain just basic fundamentals that you need to know. And that's where the focus should be at first before you go to a different route. But doing things like having little goals or micro goals of hey, today or this week, I'm going to focus on this topic or work on this lab and try to really understand what I'm doing, not just go through the motion. Taking it one bite size at a time, right? Making sure that you are having support from family and friends, being in a community where you feel supported, right? Where you can share and communicate and just share your progress and share your small wins and be in a community where people will will congratulate you because it's a big deal. I mean, you what you are undertaking is big and it's life changing and it can be daunting and scary at the time. And if you're doing it alone, it's it can be way harder. So So joining a community, having people on your side, helping you, pushing you through that is a huge plus. And then just making sure that you understand your why. When times get tough, ask yourself, why am I even doing this? And if you don't have a good answer for that, then maybe you should rethink what you're doing. But if your why is I'm doing this because this is something that I am interested, that I want to do, this is the next thing I want to do in my career. I'm doing it for to provide for my family, uh, to position myself in a better position so that I don't have to worry about layoffs or I don't have to worry about this or that. I mean, whatever your why is, make sure you write it down. And when times get tough, ask yourself, why am I doing this? Now, you have to have a good plan from the very beginning, right? And like I was saying, take it a little bit at a time. And for you, you know, ask yourself, do I have a structured plan or am I just kind of going a little bit and pieces here? Am I watching a YouTube video here, doing a Udemy course here? Like, do I actually have a roadmap from start to finish that's gonna take me to where I want to go? And if you do, keep following it. If you don't, let us know, and we'll be happy to pull set one up for you and walk you through it. So anyway, that's just my thoughts, Sean.

SPEAKER_00: 31:19

Yeah, um, and jujitsu is there's a common saying about it it takes about ten years to get your black belt. And you know, in ten years, you know, you could be you could be a black belt basically. You know, and but that's it's a long road. And their point is, is like why not be a black belt? You know, in ten years if you start now and you keep going and keep progressing, then just don't quit. So th you know, thinking about this journey, it is a journey, it's a marathon. Where could you be in five years? It really it should it shouldn't take ten years, but five years not saying it's gonna take you five years to get your first job, but where could you be in five years if you don't quit and you keep making that progress and eventually you land your first job, then you start building on that experience. I mean five years, you can get a you can make a lot of progress on this journey, and if you quit, then it it'll never happen, right? You'll you'll get halfway through. But it's gonna be tough, it's gonna be hard, it's not gonna be easy all the time. You you do want to make as possible, make it as fun as possible, right? You know, add fun to it. If you're just beat down and you don't really like doing this because you don't you don't really like the topic, you don't love this, right? And I do think you need to have a reflection on is this something I'm doing because it sounds cool? Is this something I'm doing because it looks interesting or there's money behind it, right? Well, you know, that's those aren't the best motivations. You need to re-reevaluate and say, hey, I love this stuff, I really enjoy it. Even though I'm not in the job market yet, I can tell this is where I'm meant to be. And that's gonna keep you going, right? And so my advice is just don't quit, don't give up, make progress, be part of a community, tap into others, find your tribe, find your group, motivate each other, build each other up, get a mentor, you know, keep networking and talk about your journey, talk about how it's going, keep that out there because then it also gets some accountability of like, hey, how's it going for you? Oh, it sucks right now. I'm getting ready for this exam. I gotta I know, brother. I'm here and there with you, right? Um, and then but eventually you keep leveling up. And you know, you look back and at the new people that start and you're like, man, I've come a long way, you know. So just don't don't give up because it gets hard. You know, it's gonna be hard all the time. You're always gonna be evolving, you're gonna get those times where you need to learn a new technology or learn a new thread or whatever. Um, but you but you can do it, right? I mean you you can. It's just uh just takes some dedication.

SPEAKER_04: 34:08

Slow progress is still progress, and you'd be surprised how many people quit right before it all clicks. So just keep that in mind. Next question: what are some of the mistakes beginners commonly make? What are your thoughts, John?

SPEAKER_00: 34:25

Yeah, I mean, I would say first off, making sure back to what I just said, making sure this is a this is the path for you. As best as you can determine, right? You're not gonna have all the answers, but don't just choose this path because of the wrong reason, right? Don't choose it because you think you're gonna get a big paycheck. Um because it may not be true, you know, and and you may be sold something that, oh, I'm gonna be making this kind of money, and then you get you're like, no, no, no. You're you're starting here, right? Um, and and salaries have leveled off for information security. They're still good, but they're not like they used to be, like, oh, whatever you want, right? You know, you have more freedom. Um, they've definitely leveled off. So don't do it for the wrong reasons, is I would say the big mistake. If you if you don't start with the right reasons, that's that's mistake number one. Um I think outside of that is you know, we talked about the structured versus unstructured. It can be challenging to to not have a focus, you know. Oh, uh it's a shiny object, right? Oh, okay, this is cool. I'm gonna go do some pen test learning. Oh, wait, wait a minute, I'm gonna go back to this uh Linux security, whatever. Oh, I'm gonna go over here, right? You it's easy to lose focus because of the I get into the treasury of the boring stuff of learning ports and protocols or whatever, right? Um, and you you're like, uh man, I just want to choose something new. Now that that not saying don't do that, but it can definitely you know slow your progress down. You know, you want to keep momentum moving, but don't do it too much where you just you're stuck and you haven't really made enough progress because you've been jumping around, right? Um I think also waiting too long to to connect with others and to network with others, um, you should be networking, always be networking, right? And networking with peers that are in the same boat as you, networking with potential mentors, networking with people that are ahead of you in the journey. Um, they're just kind of like, well, I've got this, I'm in my I'm on my own journey, I'm doing my own thing. Um, but then when you hit those roadblocks and you're like, wait a minute, you know, um, I got stuck here and I don't have a phone, a friend, or I don't have a somebody that I can lean on um because I I'm stuck. Um, you know, and I think applying just because you've got a certification is is a it can be a mistake, right? You're looking at, all right, I got my security plus, let's go send out the resumes, you know. Um, I think you know, making sure you look at the job description. The certification is helpful and you want to get those, but they're not necessarily the the door opener, right? We know people that are applying and they've got all the certs and they're not hearing anything, you know. So it and it's right now it's challenging. So don't just rely on the cert and basically just the cert to to be ready or think you're ready to now go apply for that position. You know, read the job descriptions, network with others, if potentially network with people that are also you know in that same domain and and reach out and try to say, hey, I'm trying to build my, I'm trying to get in, I'm trying to get in. What can what do you recommend? Um, so don't rely on just uh though the basic training or the certificate training and the certificate to get in. You're gonna have to do a lot more. You're gonna have to work to to build your platform and your portfolio. Um, there was a guy in our in our uh channel this past week who has, I think he's gotten his certs and he's he shared his LinkedIn page and we looked at it and he's like, okay, what else? Right. And his LinkedIn page was was pretty good. I was like, now you need to start building your portfolio and start networking, right? Now not only here's what I've done, you know, here's here's what I'm learning, here's what I can do, here's what I here let me show you my my you know my breadth of work that I've got experience with as best as possible without being in a job, right? So that's that's part of the thing that we see people struggling with there, and they're not a mistake that they they could make.

SPEAKER_04: 38:39

Yeah, no, I completely agree. Well said. I don't think I have much more to add. Um, so let's move on to the next question. Uh, what are some of the best beginner certification paths? Well, uh this answer or this question is a good one because we answered it in the ACI learning podcast that we did. Um, you know, we talked about how, hey, if you're new and new into the industry with zero IT experience, A plus is a good place to start, right? It will teach you probably probably a little more than what you need, but more is always better. Then following that would be network plus or just now we are going with the Compti asserts, but there are other certs like that, like these that do the same thing, right? With the A plus, we want to build on your fundamentals, just general IT fundamentals. What is a computer? Well, how does a computer work? Like the basic fundamentals. Um, then with your network plus, you are learning about networking, right? Like I mentioned earlier. You want to know what a network is, how it's set up, how do computers communicate with each other within their network? Because then you, you know, then you will move into your security plus or certificate certification that focuses more on how to secure that network, how to secure those computers, the the methodology around that, why this is important, reducing risk overall for your organization, and then having a Linux certification to learn Linux. Um, uh just after that, I mean, we call that the fundamentals, right? After that, it's pretty much choose your own adventure. Do you want to focus more on Blue Team and SOC focus, more defensive focus? Do you want to focus more on offensive penetration testing? Do you want to focus in the cloud and what's going on in the cloud environments in an organization? Or do you want to focus more on GRC? There's a number of different things that you can kind of uh branch out into, but the fundamental, the basics are pretty common, pretty straightforward.

SPEAKER_00: 40:40

No, I think that's that's perfect. Um, you know, choose your own adventure depending on where you want to go, what the job uh requirements that you're looking at, those positions have, you know, what what are they doing? Um, you can still mix and match from that, you know, those different options. It's okay to be well-rounded as you're trying to figure out which one you want to do. You may not know, right? Okay, let me go try a little bit of cloud security, let me try some pen testing, let me try some GRC. That's okay too. It's also good just to be well-rounded. So, yeah, I think uh mixing those up and and trying those out, and it's not gonna hurt, put it that way. Um I was gonna suggest that we we jump through the maybe skip the the last two questions just because we we don't want to get too long in the episode and jump to big announcements for next season. Is that is that good with you, Steve? Yeah, that's that's good with me. Let's do it. All right. So we've it's been uh an awesome couple of seasons with Simply Cyber. You know, they really helped us get the word out and and build our community and and bring team Simply Cyber to to our channel and our premieres, and and it's been amazing. Um it's been a great partnership. And we're not completely moving away from Simply Cyber, we're just moving back to our original YouTube channel. Um, and I'll share that what that looks like real quick just so you see it.

SPEAKER_04: 42:11

Yeah, while you pull that up, um, I just want to reiterate what you said. You know, a huge thank you to Jerry and the entire Simply Cyber team. It has been amazing working with you guys and being a part of such an amazing community. And thanks to you and thanks to your awesome community, we've grown ourselves. And we just want to say thank you, thank you, thank you so much. And we look forward to continuing to working together and just helping building the next generation of cybersecurity professionals. So, yeah, just a huge thank you.

SPEAKER_00: 42:44

Yeah, so this is our channel here. If you're if you're listening, you know, you can go check it out at youtube.com slash at cybersecurity mentors podcast. It's pretty easy to find. And we we have other videos that we we have already on this channel before we we moved over to Simply Cyber's channel. But this is going to make it easier for both of us, us and them to simplify the content and where to go to find it. Um, but yeah, in January, we're going back to this channel, um, and we're excited to do so, and we want you guys to join us there. They're still going to have the the SC raid, you know, team SC raids and everything will still come over. Jerry's gonna is gracious enough to have us lined up for our premieres on this channel, so you're you can still find us there. And we're excited to, you know, the next chapter. All right, now we're moving back. We're gonna we're hopeful for continued big things and keep growing, um, adding some more things that are unique to our brand, our model, our channel that we can we can highlight from there. Steve, anything else?

SPEAKER_04: 43:54

Yeah, go check us out, go subscribe so that you can get notifications when we start going live. We're aiming for mid-January 2026. Um, we have a couple things that are coming up. You know, we're gonna continue to have new guests, high-level people. We can't go back down after season five. We got to keep going up. We're gonna have more QA episodes, we're gonna keep talking about career discussions, we're gonna try and continue to do case studies. Um, we're gonna do deeper dives on different topics, security tools, you name it. We're gonna be more more engaged with our community. That's one of the that's one of our our our things that we want to do here in the in the next season. And then just continue mentorship opportunities, whether that is doing some live mentoring sessions or continuing to mentor people through CPS. We want to continue to help people and we're here, we're not going anywhere. We're just you know trying to trying to grow, trying to keep improving and getting better and just leveling up.

SPEAKER_00: 44:52

Yeah. If you're on the audio version only, maybe your team audio, then nothing's changed. Nothing's changed. You still just keep tuning in, and uh um, you know, we're we'll keep giving you the audio version. Well, which you know, I love both, um, so we're happy to have both both audiences. Um, and some just some final thoughts on on season five. It was awesome. I think the whole just is we've almost been doing this, is it two years next year? Yeah, like two years March, which is crazy. Um, but it's been we've I feel like everything's improved. We've learned a lot. I mean, I I learned a lot by doing these, preparing these, right? And and us kind of teaching back is a great opportunity for us to learn and make sure we're prepared and we understand you know what we're gonna talk talk about and how we're gonna share it. Um, I think that the biggest thing is, you know, I want to make episodes that I would like to listen to, right? You know, something that's entertaining, um, and also has some lessons in there that would be awesome for for others to to take away. Um anything else on just where we are so far.

SPEAKER_04: 46:07

No, I mean, just a huge thank you to our listeners, listeners that have been with us from the beginning, the new listeners we we have since joining and working with Simply Cyber, and we hope to continue to grow and you know, just share this podcast, whether it's audio, whether it's through YouTube, share it with someone that could get benefit from any of the topics we talk, any of the advice that we give. And like John said, you know, we want to we want to help. We're doing this to help. So we're trying to target the big questions, right? We're trying to talk about the big point, the big topics or big points uh for someone starting or trying to move up their career in cybersecurity and bring in some amazing guests, people that, you know, maybe you've never heard of them or maybe you don't know what they do, but after you finish watching their episode or listening to their episode, you will um not only understand who they are and why we brought them on, but you know, the advice that they give will help you. So take notes, pay attention. Um, because we're not just inviting anybody on the podcast, you know, there's there's a reason why, and it's always to help and bring value and to help our listeners, you know, level up. Yeah, absolutely.

SPEAKER_00: 47:20

So subscribe to the new channel if you're not already. Um, it's about to blow up, and we want you there with us. Um, follow us on LinkedIn, share, share our stuff with other people that you think might find this interesting. Um, we will we link, we always link to our newsletter uh that we're gonna basically jump into it more this next season um to give more content and also to just connect us, connect those to what we're sharing about our episodes and things like that. So you it's another way to stay tuned. Um if you have suggestions or topics that you want us to cover in season six, this just drop them into the comments uh here. And and also we would really like to know what your favorite episode or favorite topic or favorite favorite guest was for season five. That's all that feedback's helpful, you know, that we can take and continue to learn, right? We're always looking to improve. So that's it.

SPEAKER_04: 48:23

Yeah. A huge thank you again to all our listeners. A huge thank you to the Simply Cyber family and community, and a huge thank you to our sponsor for season five, ACI Learning. We're excited for season six, and we hope you jump over, subscribe, and continue with us uh while we keep kicking doors, taking names when it comes to cybersecurity. That's it. All right, y'all. We're out. And a huge thank you to our sponsor for season five of the Cybersecurity Mentors Podcast, ACI Learning. You can check out ACI Learning at acilearning.com slash simply cyber. Thank you for tuning in to today's episode of the Cybersecurity Mentors Podcast.

SPEAKER_00: 49:06

Remember to subscribe to our podcast on your favorite platform so you get all the episodes. Join us next time as we continue to unlock the secrets of cybersecurity mentorship.

SPEAKER_04: 49:16

Do you have questions or topics you'd like us to cover? Or do you want to share your journey? Join us on Discord at Cybersecurity Mentors Podcast and follow us on LinkedIn. We'd love to hear from you.

SPEAKER_00: 49:28

Until next time, I'm John Hoyt.

SPEAKER_04: 49:30

And I'm Steve Higaretta.

SPEAKER_00: 49:32

Thank you for listening.