Cybersecurity Mentors Podcast

10 Cybersecurity Myths That Are Ruining Careers

Cybersecurity Mentors Season 6 Episode 15

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 44:54

Send us Fan Mail and we can reply directly!

Too many people are getting bad advice about cybersecurity careers, and it’s hurting their chances of getting hired.

In this episode of The Cybersecurity Mentors Podcast, we break down some of the biggest myths in cybersecurity today, including:

• “Cybersecurity is entry-level”
 • “AI is replacing SOC analysts”
 • “You need to know everything before applying”
 • “Cybersecurity pays six figures immediately”
 • “Technical skills are all that matter”
 • “LinkedIn networking is pointless”
 • “Cybersecurity influencers give realistic advice”

If you're trying to break into cybersecurity or grow your career, this episode will help you focus on what truly matters.

Come hang out with us in the Cybersecurity Mentors Skool community. It’s free to join.


Cold Open And Mindset

SPEAKER_00

Could you teach me?

SPEAKER_01

First learn stand and learn fly. Nature rules on your son, not the mind.

SPEAKER_00

I know what you're trying to do. I'm trying to free your mind, Nia. But I can only show you the door. You're the one that has to walk through it. What is the most inspiring thing I ever said to you? Don't be an idiot. Changed my life.

Mythbusting Ground Rules

SPEAKER_00

And either support or debunk those myths. We're going full on mythbusters today. Yeah. And uh we're going to try to cover at least 10. We might squeak in a little bit more depending on how much we get into this. But um, we're already pre-show recording. We already got the fire going. So we're going to kick it off strong with number one, these aren't in any like order as far as like the the top top myth is just the order of myths.

Cybersecurity Is Not Entry Level

SPEAKER_00

But number one, cybersecurity is an entry-level field. Steve, what you got?

SPEAKER_01

All right. Is cybersecurity entry-level field? I if you were to ask me this a few years ago, I would have said yes. You ask me this right now. I'm going to say no. Things have changed. Um, now you can argue, hey, since the the day of time, since cybersecurity became to be, they've been wanting three to five years, years of experience and entry-level job postings anyway. Um, well, back then I was gonna say those people posting those jobs are idiots and they don't know what they're asking for. Um, but there was a different uh type of demand back then. Now things have changed, right? And we've talked about this recently and in just multiple episodes that we've talked about. Things that worked years ago are not working now. You are having to actually get real experience. Now, this doesn't have to always be you actually working a full-time job, but you working on your lab, you working on projects, like you actually getting your hands dirty and not just relying on an education or certification to get you a job. That those days are long gone. I've said it over and over again. So, no, like cybersecurity is no longer an entry-level field. You need to put some skin in the game to even be considered or looked at. And it's a number of different things that come into play. Not only are you gonna have to get the right certifications, not only are you gonna have to have the right hands-on experience for an entry-level position role, but you're gonna have to have the right connections and work about your uh worry about your resume, worry about your LinkedIn. I mean, there's a number of things that all come into play that don't make these jobs an entry-level field anymore. Like just to play the game, you have to have some experience nowadays. And things are getting a lot more difficult, so that's why I say no. But that's not to discourage anyone or or you know, put anyone down. We literally just hired somebody for an entry-level cybersecurity role not too long ago. But what did they bring to the table? They already had an education, they had some certifications, and they had actual hands-on experience. So all of those things now are entry-level. So if you don't have that, then you're just not gonna make it.

SPEAKER_00

Yep. Um, I don't have a lot to add to that. Although I will say last thing is, you know, even when I got into security, there were definitely were no entry-level cybersecurity jobs. So it's really the same thing. Just don't uh don't assume it. All right.

The Skills Gap Does Not Save You

SPEAKER_00

Number two, the cybersecurity skills gap means jobs are easier to get. And I think this ties into number one, and people have heard this for a long time, and we do see this, but the gap, hey, there's millions of jobs available. There's this huge gap of the demand and need of those people that we need that are trained to hire them because we can't find them, is really what that comes back down to. And I see both sides of that. I mean, I will say that when we get applicants, just like we recently got, we had a lot of, I mean, over 130, 140, I don't know. It was over a hundred applicants. So around 130.

SPEAKER_01

Yeah.

SPEAKER_00

Yeah, 130. So there were a lot of those folks that I mean, some of them were were, I would say, on paper qualified, and maybe even more than you would expect because this it's shifted from an employee market to a higher, you know, employ employer market, um, where we're looking for people we have a lot to choose from, right? So it's tough. But as far as the the need, it's going, it's not going away, right? Cybersecurity is not going away. We talked about this with AI. It's not going to take over and take everybody's job. I I mean, I have I have enough things to do that I can't keep up with them. And I think that's pretty much everybody on my team, right? There are more things for uh for us to do than we have time to do them across the board. And so our if that's just us as an example, that's got to be the case for most people. The problem is do they have the budget to post the position? Do they have the money to fund an additional position? They probably don't. I think that's a big challenge, is it's like, yeah, they need people, but they don't have the money to fund that position, right? So the gap is there from a need, it's just getting the funding to support the position to fill it. But this this isn't going away with AI is actually making things where you have more work to do. I'm I I'm today, I'm I think four things I had to make decisions on today were AI related. Do we connect this? This person wants that, they want to hook into this, right? Like those are happening now. That's the new front. Used to be web apps. Now it's, hey, we want everything AI all the time. And that's all those are security reviews, all those are security decisions, all those are governance, all those are monitoring and protect and all those things, right? So that's not, I'm busier than ever with those kind of things, right? So what I would say is that you are if you this is a career and you want to make it a career, you will be needed. It's just not that there might be millions of needs, but there might not be the the support to fill those positions. But it's gonna, it's the the campaign, you're playing the marathon. It's not the sprint, it's the marathon, just like back to the entry level, right? It's this, it's this, it's the marathon. You're not gonna find it right away just because the the need is there, you're gonna have to play that long game.

SPEAKER_01

Yeah. I think the one thing I will add is, and we've mentioned this in the past, AI is gonna come in, and like you said, it's not gonna take over, but it's gonna cause people to elevate their game. Think I think about it as like shifting up. The work will still be there, but it'll be different type of work. For example, the example you just gave about having to approve things. Well, before you can approve, you have to do your investigation, you have to understand things, you have to see things from a different lens. So it's something that someone was not doing before, but now because AI was thrown onto the table, now someone has to do that. So most of the time, okay, if that's an additional duty, well, if they can handle it, great. If not, they're gonna have to let something go or pass something to someone else so they can now focus on this new additional duty. So it's that I see it as a level up kind of work or skills gap or whatever you want to call it. Um, so I don't see it as a get rid of everything uh when it comes to just AI.

SPEAKER_00

We had a whole podcast on that. So we're good, we're good on AI and cybersecurity.

SPEAKER_01

All right.

Certifications Matter More Than Ever

SPEAKER_01

Number three, you need a certification to get hired. Yes, yes, you do. In today's world, you absolutely do. I literally was watching a talk that was recorded for a conference. The conference was specifically for IT recruiters. All right, so I started following a lot of recruiters and IT recruiters and cybersecurity guys because you know, part of what we do is we help people get jobs. Well, how can I help you get a job if I don't know how the job market is? And who better than actual IT recruiters to know how the job market is and how it's going? So, anyway, so I'm watching this this conference, and this guy had a great um uh presentation, and he was saying that they did over the past year, they did kind of a uh review of all the people that they that they helped find jobs and they looked at their resumes, they looked at their credentials, and basically 86% of everyone who they found a job for within IT, which included more than just cybersecurity, but within IT, 86% of those people had either one or multiple certifications. The other percentage had what they had was they had more years of experience and not either no certifications or uh like a less amount of certifications. So that goes to show you not only that, but we see it now like us as hiring managers, and we talk about it all the time, right? People ask us, hey, what certifications should I go after? And we always have our recommendations, but certifications are needed, they are literally like on all job posts for entry-level cybersecurity work, and it's usually your security plus, your A, your network plus, like those beginner entry-level certifications. And that is just so that you can get to the next step and be considered and have your resume be considered. So, yes, you do need certifications to get hired in cybersecurity in today's world. All right, hot take.

SPEAKER_00

I agree with you. I'd say if you you could get hired without certifications, it's just gonna take you a lot of other facets that you're gonna have to have. You have to be very, very good and you have to network your butt off to be able to make the right kind of because somebody comes to me and they're a killer and and they can prove it and they can show me and I know how good they are. I don't care what certification they have, right? But you've gone through all the layers. You know, if you come, if I find out about you through different channels, you with the certification, it helps you get through those channels easier to get to the point where you get to see, be seen by one of us, right? So in today's market, that's the challenge. If you made the right personal connections and they know you're good and they know how good you are, then there's a lot of times you can jump those hoops and get through the shortcut, right? But really don't don't bet on that. I mean, still always be networking, network your butt off, right? Try to find those shortcuts because they're there, but they're hard to find. Um don't just hope, hope for that, right? Hope is not the plan. The plan is to get get your education, get skills, build on those skills.

SPEAKER_01

All right.

Soft Skills Beat Pure Technical Skill

SPEAKER_01

Number four. Technical skills are all that matter. What do you think?

SPEAKER_00

Technical skills. Yeah, we you know, we talked about this a lot. Um, we actually got some some uh some lively convers conversation chats back and forth on YouTube about this one. People think we're a little bit overblowing that technical skills, they must be first. They have to be first, right? This is a technical job. This is what you're doing. Um and back to what we've talked about with the talent war and other things and how we evaluate people. Here's a good, uh, good quick story. So was was got a chance to sit down with um Coach Brownell, the head coach of Clemson uh basketball. And this wasn't just me, it was like a group of people, right? And he was talking about what they look for in a new recruit. They look for humility, how they work and communicate with others, integrity. And then on top of that, yes, you have to be good technically on the court, but those other things are the things that matter. If they have somebody that's amazing tech, you know, technical skills, same thing with us, but they lack these other very important traits, they're gonna go with a person that maybe not as good technically, but they meet and they're a good fit for the team. They're good fit to come in. Because if in some and I asked him this question, how do you measure for humility with a you know high school student, right? He said, Well, we we we watch, we observe, we do our homework, we talk to their other players, we talk to the coaches, we talk to, we see how they interact. We actually do a psych profile on these recruits, and it goes through. And if and if their number one goal is to make a lot of money, then maybe this isn't the right place for you. And I'm like, maybe we should start doing psych profiles, right? So, yes, technical skills matter, but just as much, if not more, the soft skills, the characteristics, the traits, humility, humility, integrity, dependability, teamwork, all those things, those are, I think they're more important, honestly. I think you could be not like the most best technical person in the world, but you're you're good, but you're really strong in those characteristic traits. You're gonna be an awesome team member. I'm gonna be glad you're here. I'm gonna be happy to have you. You're here to make us better, not to make, not to just show off how good you are, right? Those are the same things that they're evaluating for new recruits. So that's my opinion.

SPEAKER_01

All right. Well, I don't know this coach, but I was looking at his record. And since he joined Clemson, the men's basketball team has gotten better.

SPEAKER_00

The most winning coach for Clemson history.

SPEAKER_01

Yeah. So yeah. Basketball coach. Definitely listen to this man because he knows what he's talking about.

SPEAKER_00

All right. So next one.

Six Figures Are Not Day One

SPEAKER_00

Yep. Cybersecurity pays six figures immediately, like out the gate. Wow.

SPEAKER_01

Um where are those jobs at? That's where I need to be. Um, no, unfortunately, no. Um, now there's there's always the special case, right? There's always a situation somewhere. But I will tell you this I doubt there is a true entry-level cybersecurity position that pays you six figures. Like I have yet to see that thing. So depending on the type of role, depending on your credentials, depending on your experience, absolutely you can get to a six-figure salary working in cybersecurity. But right off the gate, starting from zero, absolutely not. And if you find them, oh, please share. Because please prove me wrong. Because if you can, that'd be amazing. And I want to know where these jobs are so I can start pointing people that direction. So, no, you cannot, in my opinion. Uh, find a cybersecurity job right off the bat, entry level, that pays you six figures immediately. Unicorns. But if you find them, tell me where, because that's where I'm headed.

SPEAKER_00

Yeah, I I agree. I I mean, I I have seen it. It's not recently. Um, I had we have had students again, they're semi-entry level, they have experience, but um I have seen them get job offers four, six figures, but they're also just like top-notch, like ready to go, right? And that's maybe less than maybe three total from what I can remember for for maybe total, maybe definitely less than five for all the students that have come through our program. Um, it's it's unique. And it can happen, but it's unique. And now that was years ago. Now, now it'd be tough, I think. Not now, don't don't get me wrong, they're still getting, they're still well paid as an entry level. Yes. Absolutely. Yeah, comparatively.

SPEAKER_01

Yes. I mean, cybersecurity absolutely pays and it pays very well. But back in the days when people had they can pick what job you wanted to go to, and all you needed to do is say, I'm in cybersecurity to get 50 different job offers, those days are gone. And during those times, there was a huge upscale in terms of pay. Um, but I also will say maybe when they start in our program, John, they are starters, but when they finish, I wouldn't consider them entry level to begin with. Um but so yeah, anyway, that's just my opinion.

LinkedIn Still Works If You Filter

SPEAKER_01

All right, next one LinkedIn networking is fake and pointless, since now it's basically Facebook.

SPEAKER_00

Um yeah, this is a good one, especially lately. I kind of had this hot take recently about LinkedIn. I feel like it's going downhill. It's it's a lot of AI junk um being posted out there. Um I I mean, but I still use it. I still am in there a lot. I'm still connecting with people. People are trying to connect with me from all over, mostly salespeople. It drives me crazy, but there's still good connections that I have in there that I keep in touch with. Um, I would, it's, I mean, what else you're gonna do is probably the first stop to try to connect with people and to build those net build your network to start with, because you can find them easier. It's there. You know, go go look them up, go find people that have jobs that you want, go find people in companies you want to go work, just go find people in your area that are talking about cybersecurity. That's the go-to search engine to really find those people. Um, now is it watered down? Is it a lot of stuff all over? Do I am I in there reading everything? No, I'm definitely not reading everything. Kind of like Facebook, right? If you still use Facebook, like you I check on it maybe once every other day, maybe twice a week. I mean, it just depends. Um, not in there every day. But um, you know, that kind of leads to other communities, like, for example, our school community, it's high signal, low noise, right? So you find these other communities that are higher signal. If you look at LinkedIn, the noise to signal ratio is it's it's going down. I mean, if you look at it, go scroll through it, you're like, man, there's a lot of noise in here. There's not a lot of connections going on. Um, but you still can find people, you can still follow good people. You just have to weed through it. But a community like the school community, it's all, I mean, not maybe maybe some noise in there, right? But it's mostly signal of people talking about the same thing that you're interested in, looking to get in cybersecurity, they're sharing things, they're sharing uh tips and tutorials, and hey, go check this out, right? It's focused versus more broad. Um, and and Discord, we talked about Discord before, it can be high noise just because there's so much going on in those communities. It's just a lot of just people talking about things, dropping their memes, right? Um, it's a lot of noise. In my opinion, in my experience with it, it's a lot of noise. I can't keep up with it, right? So I'm in there, but I'm not really in there. I'm just kind of in there. I'm not even lurking anymore. But if but that doesn't mean you can't find a community in there that it's your people that you want to interact with regular. That's that there's nothing wrong with that, right? I would just say find your community and still use LinkedIn to what you can. Still use it to find those people to network with and message them and build those, build from there. Don't leave it in LinkedIn, try to build from there.

SPEAKER_01

Thank you, John. All right, moving on to

SOC Analyst Jobs And AI Reality

SPEAKER_01

the next one. The sock analyst rule is dead because of AI. I feel like we've beaten this horse to death. Um, and we literally just touched on it on our previous question. No, the answer to that is no. The sock analyst rule is not dead because of AI. It is not. Like I was saying earlier, this will just free up your sock analyst to focus elsewhere if they are using AI. For example, how we use it, we're going, we're using AI to help us narrow down on what actually matters, filter out the noise, work through all those logs. And they are helping us get to the center root cause of the problem a lot quicker. So we're using it as a tool to help us do our jobs a lot better, more efficiently, quicker. Um, but it's not it's not going to to replace you at all. You you what you do need to do as a soc analyst is learn how to work with AI. Um because that that's the that's the reality. And like I said, it's that evolution of moving up. Maybe there were tasks that we call grunt work that you were doing as a soc analyst that maybe AI can take off your plate, but that means that you just level up to do something else that requires a human element. Um that's that's really it. But no, it's not going to replace you.

SPEAKER_00

Yep. Um I have nothing to add there. I totally agree. All right.

Vet Influencers Before Taking Advice

SPEAKER_00

Um number eight. I'm excited about talking about this one. Cybersecurity influencers are giving realistic advice. So I have I have comments about what's a cybersecurity influencer, anyways, but these these folks that are influencers, right? I I think they have good intentions. I don't think they're all they're just trying to be clickbait and get you to click on them and follow them. And you know, there's they're playing this, they're playing the YouTube game, mostly. They're playing the YouTube game. They're like, hey, look at my reaction thumbnail. Steve is still trying to get me to do that. I refuse. Um, look at how we're talking about this this topic that it is timely. I'm not going to say it's not timely. They're keeping up with the algorithm of like, what are the things that are going to get the people to click on my video? Now, my comments are just go look at who, what they've done. What is their what's their career in cybersecurity? If you ran into that person at a at a conference or in the street, would you be like, oh, I'm going to listen to that person? They've, man, they've been there, they've done that. They've got the t-shirt. They've actually, they've got a full career in cybersecurity. They've been doing this for 20 years. Or you'd be like, oh, you know, they're about the same level as me. You know, maybe they doing, they're doing the research on things that you just haven't taken the time to do. And that's fine. That can help you in in different ways. But my opinion is if you look at these, the folks that are out there that are talking about this, just make sure that you're vetting the content that they're giving you based off what they have done. Who are they? Where do they come from? What are they doing now? What does their career look like? You know, what, what, you know, why should I listen to you? Not just that because it's an interesting topic. Why should I actually listen to you? Just like anything. You wouldn't go to a a talk in person if you thought this person didn't had nothing to back up what they're talking about, right? So I think there's a lot of that. It's just easy, right? It's easy to play that, it's not easy to play the game. It does take a lot of work. But if you're focused on the game versus focused on the the content and provability of your point and also backing it up with experience, that's where I think that we have an advantage, right? I I'd be there's not a lot of people that talk about careers in cybersecurity that have as much experience as we do, that have been through different roles, you know, like we have. And I mean, it is what it is. I'm not trying to brag, but it's a fact. And so when you compare us to some of those other individuals, you know, you take a look at the resumes, they they're not there. So that's just my my opinion on that. My turn. Okay.

SPEAKER_01

So um I completely, absolutely agree with you, John, on that one because we tell people all the time connect with people that have the job that you want to have one day. Be in those groups, be in those circles of people that are hungry, that are, you know, that already have reached the level that you want to get to, so that you can use them and they can help you and you can ask questions and all of that. And there are a number of influencers out there that literally maybe were actually working in the field for three, four years. And then they found the YouTube thing, and now they are giving mass levels of advice on their opinions, and they're telling you to do this and do that. And you're right. I I will I will give them some level of credit because some of the stuff that they are advising you, even I agree with, but then there's other things that they're advising you that I'm like, this person's getting paid. This person is taking money from X Company because they are pushing this company, and I've used this company, and they suck. So you already know they are making money based on how many people they get to sign up to this. And look, everybody needs to eat. I get it, but I personally do not want to be a part of some scheme scam crap like that. Not at all. So I give advice for free. I don't need you to sign up for anything. You just reach out and say, hey, Steve, I got a question. What this is my situation. What do you think I should do? I'll I'll give you my two cents. Now, my two cents are actually more than two cents because why? I've been in the field for over 10 years. I am currently in the field now. I've worked from the bottom, worked my way up to a deputy CISO. Not only that, but I'm an acting hiring manager. I'm hiring at least one or two people a year in cybersecurity. And it's my job to stay up to date with what's going on in the world. Not only that, but it's like I have connections. John, for example, John's has a ton of connections, tons of CISOs. Like, this is the stuff that actually matters. And we're when we're giving you advice, we're not giving you the advice because we went to ChatGPT and said, what are the top 10 topics for cybersecurity right now that people are interested in? No, we live it, we breathe it. And if you ask us a question, we will give you hard truth advice that actually matters and works because we've seen it, either we've done it ourselves or we have seen other people do it and it works for them. So there's a huge difference. So I don't consider myself an influencer, a cybersecurity influencer. If you were to ask me, I'm not one because I'm not trying to influence anyone. I'm trying to help someone get to the goal that they're trying to reach with true facts. So all I want to say is this do what John suggested. Before you start following somebody, look at their resume. See, okay, this person has done this much. So up until this much, I should feel pretty decent following them. If I want to get over that hump and move forward, I need to find someone else. Because this person, they may talk the talk, but they haven't walked the walk. So how do I know the info that they're giving me is legit or is gonna get me any, is gonna get me somewhere? Has this person done what I'm trying to do? And maybe they've done it to a certain level and maybe follow them up to that level. But after that, if they haven't done it and they're if you're trying to be a CISO and you have John, current CISO, and then you have Joe Schmoe, who only worked in cybersecurity for four years, but now is trying to tell you how to be a CISO, who are you gonna believe and who are you gonna go listen to? That's all I gotta say.

SPEAKER_00

Yeah, I mean, I think a good measure number one is are they actively working in cybersecurity right now? If they're not working in cybersecurity and they're trying to give you advice about cybersecurity, they're they're disconnected. I don't care what they're doing. I don't care what kind of labs they got, I don't care. Like it it's not the same. So that's number one. And number two is back to what you said. It's like what have they, where have they gone to? Um, you know, if they're you know, look at where how far they went. Well, how far they are. Like maybe they're working in cybersecurity, but they're junior level. Make sure you check them. Uh this is a big one. I like it. Yeah. All right. We beat this one. It's a good one though. All right, for you, Steve, number

You Do Not Need To Know Everything

SPEAKER_00

nine. You need to know everything.

SPEAKER_01

No, absolutely not. You do not. I don't know everything. And I've been pretty successful so far and looking to do more, but I don't know everything. And you do not need to know everything before you get started. And I see it all the time, especially with people getting started or transitioning from one role to another, they feel like they need to know everything or as much as possible before they have the confidence or feel comfortable to put themselves out there and try and uh apply for a job or any of that. Like you don't need to do that. Now, if you are OCD, ADD, what any of those Ds, and you just prefer to know everything front, back, top, bottom, that that's that's on you. But if you're just a normal Joe Schmoe out there, you do not need to be a cybersecurity expert before you can try to get into cybersecurity or go after an entry-level job. You do not need to know that. What we like to tell our community, and if you're not part of it, you should join, is tell me or tell us where your finish line is, and we can help you jump on the things that will help you get there the fastest, not just the fastest, but things that actually matter and will teach you exactly what you need so you're not wasting time. You get in and get out, and then you can move on to something else.

SPEAKER_00

Yeah, like Ed Scoda said, you know, you can pick a major, right? Imagine it's like a major. Pick a pick a focus, work on a thing in that focus, work on your weaknesses, identify your strengths and weaknesses. Hey, I'm really good at this, I'm not so good at that. Do that for a month. Focus on a thing for a month. But have like a main focus um is is a good thing. But you there's no way you're gonna know everything, right? I I mean, even me, I have lots of years, but I definitely don't know everything. And that's okay. That's the way it's supposed to be. That's why it's a team sport, it's not an individual sport to really do cybersecurity.

SPEAKER_01

All right, this this one, this one's for you,

Hacking Is Only One Slice

SPEAKER_01

John. I know you're gonna appreciate it. People say if you aren't hacking, you aren't really doing cybersecurity. So what do you have to say to those people, John?

SPEAKER_00

Yeah, um I have to say, I don't know if I've actually heard that be had heard that said, but I will say people think that that's what cybersecurity is, right? They're like, oh, well, you know, that's why I want to do cybersecurity. I want to get in, I want to hack things. That's the sexy side of security. Um, but yeah, there's so many other levels. It's a small part, honestly, of a big program. The full enterprise level program where you've got GRC, you've got operations, you've got engineering, you've got compliance, you've got leadership, you've got different facets of engineering, you know, cloud and other things, right? There are just so many things that you have to incorporate that the offensive side is just another, they're part of the team, right? They're hooked in that they're doing things in all those other areas in a lot of ways to make sure that we're compliant, to make sure that we have everything locked down in different areas in the cloud and on-prem and things like that. But um I will say that I like it if you know how to do offensive security and and you it helps you, even if that's not your major, like we talked about just a minute ago. I think it's good for you to be able to understand. I think it makes you better on the on the defense side. Offense informs defense, and vice versa. Um, but it's not necessary, it's not a requirement. It looks cool in the movies, right? Like, oh yeah, I'm getting in. Hang on one second. All right, I'm in. Um, but and it and it is probably like the PR marketing side of cybersecurity is the hacking. You know, that's the thing that people want to know um and want to get into the field for. And then maybe they try it and they're like, oh, maybe this isn't for me. Or maybe it is. That's okay. Um, so yeah, it's definitely, I mean, in my career as far as hacking in cybersecurity, now, granted, I'm the I'm the mixture, I'm the jack of all trades. I would say maybe it was 25% of all the things I've done to do what I do, right? Now, you can definitely be 100% red team offensive security, but even then in an enterprise, that's maybe 20% of what they do. 25%. Every 75% is everything else for sure. It's not the whole thing, unless that's your consultant business and that's all you do, right? So hopefully that encourages you if you're looking to get in and you're like, man, I definitely gotta learn. It's back to getting, you know, overwhelmed with all the things you got to learn. I gotta learn how to hack. Now, I would say if it's fun and if it excites you, then yes, go learn it. It's good and switch back and forth. There's something about being offensive that switches you out of that defensive mindset that is different and it makes you not just be waiting for the bad thing to happen. So, yes, but don't feel like you have to do that.

SPEAKER_01

All right, so that's our 10, but I think we got time for maybe one or two more. Um, and there were some honorable mentions here we had that didn't make the top 10 list, but others that were still good topics. So I want to go ahead and pick one.

Job Hunting Quality Over Quantity

SPEAKER_01

Um, and that is if you apply enough, eventually someone will hire you. And this is one that I I'm I'm currently suffering with because recently I started helping this individual who was getting advice from influencers. And you see, the influencers give examples of like, I applied to 200 jobs in the last month, and this is what happened. And then they talk about, oh, applied to 200 jobs, got like four replies and three interviews, and eventually got a job offer. Um, and they're trying to replicate that, you know, and look, that's that's a method, it's not my favorite method, and it's not the method that I would recommend to people, and it's not the one I recommend to people. My recommendation is quality over quantity. If you can take the time to really look at job descriptions and look at all these different jobs out there and pick a few a week or one a day, two a day, whatever, that you're like, I truly have read this from top to bottom. I feel very comfortable that I can do this if hired or start if I started tomorrow, and I feel like my resume has the the ammunition to be a good candidate. Those are the ones that I would apply to. Instead of wasting your time trying to just shotgun it, where you just literally shotgun your resume to as many positions as possible. That's not going to get you anywhere, in my professional opinion. I have seen success. Okay. I have seen success where someone applies to five jobs a week, Monday through Friday, you apply to it one job every single day, but it comes with an add-on. Not only are you just applying and forgetting it, you're applying it, but then you're doing the network side of it. You're going out on LinkedIn, you're going out and you're reaching out and you're trying to see, okay, what connections can I make or what connections do I already have that will help me get me one step closer to potentially getting an interview for this job. So it's a combination. So you don't just apply and you're done. But I've seen so much more success doing it that way than just shotgunning two, 300 freaking resumes out there to two to 300 different positions in a month and then just wait and see what happens. That's just not gonna work. It is not gonna work. And my opinion, okay. My if you hey if you did that and it has worked for you, hit me up. I want to talk to you about it, I want to ask you some questions because I don't believe that that was all you did. There had to be more. And I want to know how it worked out for you because hey, if you can prove me wrong, I'll say I'm wrong. But if not, then you know, look listen to what I'm trying to tell you, okay?

SPEAKER_00

All right, I'll pick one. Um I like

Passion Without Burnout

SPEAKER_00

this one. You have to be passionate about cybersecurity 24-7. And I I will say that was that was definitely a culture, and it is a culture, I'm sure, in some places. Um and you this passion question, you'll or a passion statement, you'll hear people say, I'm I'm passionate about cybersecurity. And then you go ask them what they're doing, and like, uh you're not really. Um, but when I was coming up, that was a I felt like I maybe was an oddball because I wasn't living, breathing, sleeping cybersecurity all the time. And yeah, don't get me wrong, I love cybersecurity. I love it. But I got, you know, I got a life, you know? And and I can tell you that if I don't disconnect and recharge, then I'm gonna burn out. I will not be able to make clear-headed decisions or be able to think through problems without disconnecting from this world and doing things that are fun, doing things that are not, you know, um technical, doing things that are not computer related. Um, I, you know, I really need that disconnect to be able to be able to stay solid and be fully charged to be ready to hit the ground running the next morning. So, you know, I do think, yes, you should. I hope you're in a career that you love. I hope you're in this, if you want to be in cybersecurity, it's because you are passionate about it and it you do want to do it, not just because you you've heard all these other myths or heard there's a lot of money or heard whatever. Um, I hope it's something that you want to be here for because it there's ups and downs with everything. There's pros and cons. And there's definitely challenges in cybersecurity. There's bad things that are going to happen, and you're gonna have to deal with that. And it's not all roses, but overall, there it's fun, right? There's a lot to it that I really enjoy, but I can't live and breathe it all the time. You know, I have to come home and be ready to hang out with family, do those things, and then be ready to hit the ground running. Now, I one thing I would add to that is you still have to, just with everything, you need to continue to be a lifelong learner. You know, you do need to realize that this is a lifelong pursuit, that you're never gonna be, you shouldn't be. Well, I've got that. Now I don't have to learn anything new. I'm at this level, I'm good, right? Well, just like with AI, there's so many new things. Things are changing, everything's changing so quickly. If you aren't learning, then you're you're probably gonna be left behind. So now do you need to do that 24-7?

unknown

No.

SPEAKER_00

But you may have to spend time on your own to stay up to date. And you have to weave that in as part of your career, just like a lot of careers. It's just part of ours. So, yes, you don't, you definitely don't have to be 24-7. There are people that that's what they do. They love it, right? They live and breathe it. I just think that in the long term, you do that for 20 years. It's it's gonna it's hard to do. Not saying it's impossible, but it's hard to do.

SPEAKER_01

Yeah, it's it's mainly it's mainly burnout that you that that that's just a huge possibility. Because if you are living, breathing it at least eight hours a day during your normal job, you need to unplug, just like you said, John. I mean, you I mean, you told me, right? You you like audiobooks when you're driving in and out of the office, and you always listen to two types. You listen to one type driving into the office, and you listen to a different type driving home from the office.

SPEAKER_00

Business in the morning, fun in the evening.

SPEAKER_01

Yeah, so it's you you just you just need those outlets, right?

SPEAKER_00

Yep. I agree.

Final Takeaways And How To Connect

SPEAKER_00

All right. Well, those are the top 12 cybersecurity uh myths that we covered today. I I hope that maybe one of those spoke to you that you've heard before and you thought, oh, is that true? Is that true? And hopefully, you know, we've helped shine some light on some of those things. And we really appreciate you guys listening. As always, it's always good to hear from you if you reach out. Sometimes, you know, it's good for us to get encouraged doing these things and be like, hey, we really thank you for that episode. Thank you for what you're doing. When we hear those things, it just encourages us to keep doing the thing and trying to help everybody as much as we can. Learn from our mistakes, learn from our failures, and just try to guide others to to to do what they want to do and get a career andor progress in their career in cybersecurity. So thanks everybody for listening in. All right, we'll see you.

SPEAKER_01

Thank you for tuning in to today's episode of the Cybersecurity Mentors Podcast.

SPEAKER_00

Remember to subscribe to our podcast on your favorite platform so you get all the episodes. Join us next time as we continue to unlock the secrets of cybersecurity mentorship.

SPEAKER_01

Have questions, topic ideas, or want to share your cybersecurity journey? Join our school community, the Cybersecurity Mentors, where you don't have to do this alone. Connect with us there and on YouTube. We'd love to hear from you. Until next time, I'm John Hoyt. And I'm Steve Higgeretta. Thank you for listening.