61 episodes

Find out what it takes to get your dream cybersecurity job (from the hiring managers' perspective).

Your Cyber Path: How to Get Your Dream Cybersecurity Job Kip Boyle

    • Business
    • 5.0 • 11 Ratings

Find out what it takes to get your dream cybersecurity job (from the hiring managers' perspective).

    EP 61: Skills-based Certification and Training with John Strand

    EP 61: Skills-based Certification and Training with John Strand


    In this episode, we talked with John Strand (Founder of Black Hills Information Security and Antisyphon InfoSec Training) about the importance of skills-based certification and training. John’s goal is the provide world-class skills-based training to everyone at an affordable price using a unique pay-what-you-can model.

    Skills-based certification is different from traditional certifications in that they do not use multiple-choice exams to test your knowledge of the material and instead require candidates to prove their knowledge through real-world, work-related exercises. These skill-based certification courses are short in duration and extremely hands-on in nature.

    During this discussion, we explain the differences between ANSI-based certifications and non-ANSI certifications. The importance of certifications in general to the hiring managers and human resources teams is also discussed because large organizations rely on these ANSI-based certifications. Smaller organizations, though, like Black Hills Information Security who has under 100 employees, don’t necessarily rely on certifications to find qualified candidates.

    Cyber deception was also discussed, which is a way of setting up honey tokens in your domain servers to identify hackers, attackers, and penetration testers when they try to break into your system. John provides three quick tips to implement cyber deception in your network today!

    What You’ll Learn

    ·     The importance of skills-based certifications

    ·     The difference between ANSI and non-ANSI certifications

    ·     How to use honeytokens and canary tokens to detect an attacker quickly

    Relevant Websites For This Episode

    ·     Black Hills Information Security (https://www.blackhillsinfosec.com)

    ·     Antisyphon Training (https://www.antisyphontraining.com)

    ·     Canary Tokens (https://canarytokens.org)

    ·     Try Hack Me (https://tryhackme.com)

    ·     Hack the Box (https://www.hackthebox.com)

    ·     Holiday Hack Challenges (https://www.holidayhackchallenge.com)

    • 37 min
    EP 60: Top five jobs to two step your way into the cybersecurity industry

    EP 60: Top five jobs to two step your way into the cybersecurity industry


    In this episode, we discuss the top five positions that allow you to two-step your way into a new role in the cybersecurity industry. Often, people have a difficult time breaking into the cybersecurity industry due to the lack of entry-level positions or they can’t afford to take start at the beginning of a traditional career path by making $15/hour working in the help desk.

    By utilizing a two-step approach to landing a cybersecurity position, you can leverage your existing skills to move laterally into a similar position in a cybersecurity adjacent role and then gain experience to land a full role in cybersecurity.

    This episode focuses on the top five roles used in the two-step approach. The first is network and system administration since it serves as the traditional feeder role for people entering cybersecurity. The second is IT and cybersecurity auditing which utilizes skills from bookkeeping, finance, and accounting. The third is software development which can be leveraged into bug bounty hunting or DevSecOps positions. The fourth is project management when applied to cybersecurity and IT projects. The fifth is physical security which can be used to gain a security clearance and land a cybersecurity position in the defense contracting world.

    These positions often allow someone with a few years of experience in another field to take a position in or around the cybersecurity industry at their current pay level without having to start over at the beginning. The two-step is a great approach to use for mid-career professionals looking to move into the cybersecurity industry.

    What You’ll Learn

    ·     What is a two-step into a cybersecurity position

    ·     Which positions and prior experience can help your two-step into cybersecurity

    ·     How can you move into a cybersecurity position without starting at the help desk

    Relevant Websites For This Episode 

    ·     Your Cyber Path (https://www.yourcyberpath.com)

    ·     Dion Training (https://www.diontraining.com)

    • 20 min
    EP 59: Five things to know before you get into cybersecurity

    EP 59: Five things to know before you get into cybersecurity


    About This Episode

    In this episode, we learn about the five things you should know before getting a job in the cybersecurity industry.

    First, we discussed what the reality is in terms of entry-level cybersecurity jobs. Even entry-level cybersecurity roles require previous experience in a related position. These include network administrator, system administrator, or auditor, and show employers you are ready to move into cybersecurity. Unlike many industries, there is no direct entry-level positions in cybersecurity, and this can confuse a lot of people and make it difficult to get their career started. To land an entry-level cybersecurity position, you will need extra knowledge and expertise before you can get hired.

    Second, we discussed the relative importance of a cybersecurity degree in landing your first cybersecurity position. Contrary to popular belief, a higher-level education without any matching experience is not the key to landing your first position. In fact, in most cases, certifications are more likely to help you land an interview than a degree.

    Third, we discussed the importance of experience in landing your first position. As a hiring manager, the three things that are evaluated are your experience, certifications, and degrees, in that order. We also discussed some ways for you to gain experience even if you haven’t landed your first position, yet.

    Fourth, we discussed some realistic salary expectations for you to have when looking for your first cybersecurity position. Many new entrants to the cybersecurity industry have misguided expectations of the salary they can command in their first position. When determining your initial salary, employers will consider your experience, certifications, and degrees, as well as the location of the corporate headquarters, your local office, or your home office when making an offer.

    Finally, we discussed some different jobs that exist in the cybersecurity industry world that go beyond penetration testing. For some reason, most new entrants to the cybersecurity industry believe that penetration testing is the only cybersecurity role, but that simply isn’t true. In the final part of this episode, Jason and Kip discuss some of their favorite cybersecurity roles that people can find as they enter the industry.

    * There are no real entry-level cybersecurity jobs

    * A cybersecurity bachelor or master’s degree is not essential to getting hired

    * You must have some experience to land your first position

    * You need to have realistic salary expectations

    * There are more than just penetration testing roles in cybersecurity


    What You’ll Learn

    ·     A more realistic view of the cybersecurity industry

    ·     What to expect in a typical cybersecurity role

    ·     What things hiring managers consider in hiring a candidate

    ·     How your salary is determined for a position

    ·     How to best position yourself to land your first role in the industry

    Relevant websites for this Episode

    Your Cyber Path (https://www.yourycberpath.com)

    • 30 min
    EP 58: How to Get Hired With No Experience

    EP 58: How to Get Hired With No Experience


    In this episode, we’re going to learn how one person was able to overcome the catch-22 of getting a cybersecurity job when you don’t have experience, but you cannot get experience because no one will hire you. 

    Our guest, Ed Skipka, a professional vulnerability management analyst, shares his personal experience of how he overcame this catch-22 and provides some great recommendations for others who find themselves in this same position. 

    So, how does someone get the position if you didn't already have experience?

    During the interview, Ed answers this by talking about how he landed that first IT job. Many of our listeners struggle with getting their first job, and hearing how others have navigated this challenge in the hiring process can help you get some ideas that you can apply to your own job search.

    Ed shares his certification experience and the different positions he chosein order to land his first “real” cybersecurity role. Ed went from zero experience and working in a bike shop to being a vulnerability management analyst in 18 months. His story shows that you can break through the catch-22 through certifications, networking, and your own personal ambition.

    Ed also talks about how he wanted to move up within his current company, but when there were no roles for him there he didn't give up and landed a position at a new company. 

    The moral of Ed’s story is that even if you are "just" working a field service role, you never know where your NEXT role is going to come from, so always impress your bosses, your customers, and those you interact with daily. Network, network, network.

    Relevant Websites For This Episode

    Hired in 21 Days (https://www.hiredin21days.com)Dion Training (https://www.diontraining.com)USA Jobs (https:// www.usajobs.gov)

    • 47 min
    Ep. 57 Best time of the year to get hired

    Ep. 57 Best time of the year to get hired


    About This Episode

    In this episode, we are discussing the different hiring seasons in the cybersecurity industry. After all, understanding the different hiring seasons is essential to reaching your goal of getting hired into your dream cybersecurity role. Many people don’t realize that there are high periods and low periods of hiring throughout the calendar year, so in this episode we are going to discuss the three key hiring periods that occur each year and the reasons behind them. 

    Looking for a job can be challenging, so it is often difficult to land your dream job immediately. By understanding the hiring cycles and where they exist on the calendar, you are going to be able to increase your odds of landing a position faster. Depending on the specific portion of the cybersecurity industry you want to work in, there are better and worse times to submit your application. For example, if you want to get a position working for the government, one of the biggest hiring seasons tends to be in October and November because the Government’s new fiscal year begins on October 1st each year. 

    Throughout this episode, we will focus on the three distinct hiring seasons and which is used in which parts of the industry. This includes the January/February, April/May, October/November hiring seasons.

    Of course, you can find a job at any time during the year, but certain times are better than others as you will learn in this episode. While timing can help increase your odds of success, remember that you still need perseverance, adding value to the organization, and being confident in overcoming challenges to ultimately be successful in your job hunt. 

    What You’ll Learn

    How does the calendar affect the hiring process?Why do different companies and organization hire more people during specific times of the year?What steps can you take to increase your odds of being hired during that hiring season? 

    Relevant Websites for This Episode

    https://www.YourCyberPath.comhttps://www.HiredIn21Days.comhttps:// www.usajobs.gov

    • 16 min
    EP 56: Cybersecurity careers in the Defense sector

    EP 56: Cybersecurity careers in the Defense sector


    In this episode, we provided an introduction to cybersecurity careers in the defense sector within the United States. This discussion can provide you with a great starting point for understanding how to get a cybersecurity position within this sector of the industry.

    The defense sector consists of three main categories of positions: military members, government civilians, and government contractors. The defense sector is a huge area of growth in the cybersecurity industry, with over 50% of all federal government cybersecurity spending being dedicated to the Department of Defense’s budget for digital security in the United States. This equates to a lot of cybersecurity work and positions being made available within the industry for qualified and cleared individuals.

    As we went through the episode, we covered all three areas and types of positions available in the defense industry. We discussed the advantages and disadvantages of joining the military or the reserve forces in order to get a cybersecurity position. For example, if you join the military, they will provide you with all of the training and qualifications necessary to become a talented cyber defense professional. We also covered the role of government civilians and the lengthy application process they undergo to land one of these positions. There is usually a lot of competition for these positions and a lot of “preference factors” that they use in determining who to hire for these positions. Finally, we covered the work of government contractors, which consists of the commercial companies involved with conducting business for the government.

    For many defense sector cybersecurity positions, it is important to maintain a Secret or Top-Secret security clearance. This is another lengthy process, unfortunately, and can take between 6 to 18 months to finalize your investigation and get awarded a clearance. Due to this, those that have already received a validated security clearance have a significant advantage in getting hired those who are waiting for one or simply do not have one yet. The requirements for the Cyber Security Workforce (CSWF) requirements and certifications were also discussed.

    As we discussed in the episode, there are a lot of other differences between applying for a civilian or contractor job inside of the defense industry, especially in terms of the position description and the way you will write your resume. If you want to land a contract position, you should visit the company’s website or any of the major job boards like LinkedIn, Monster, etc. If you want to land a government civilian position, then you should visit their central repository at USA Jobs.

    What You’ll Learn

    ●     What is the defense sector?

    ●     What are the three different types of positions available to work for the government?

    ●     What type of requirements are needed to get a job in the defense sector?

    ●     What type of roles are there in the defense sector?

    ●     Are there any differences when applying for a civilian or contractor position?

    Relevant Websites for This Episode

    ●     www.YourCyberPath.com

    ●     www.HiredIn21Days.com

    ●     www.linkedin.com

    ●     www.monster.com

    ●     www.usajobs.gov

    • 47 min

Customer Reviews

5.0 out of 5
11 Ratings

11 Ratings

pa_eng ,

Top of the line, informative and relevant info.

I can see that it is challenging to find the right job in cybersecurity, but this podcast breaks down the barriers to gaining more information, and it helps me discover and understand true realities that were different from my expectations.

Thanks for all you do.

Ed Skipka ,

Great folks, Great info, all in one spot

I have taken almost all of Jason Dion’s classes on Udemy and was thrilled to hear he was the co-host of this podcast! Both Jason and Kip have decades of knowledge and present it in an easy to digest format. If you are trying to break into Cyber, you owe it to yourself to poke around and listen to some episodes.

China260676 ,

Valuable information!

For me it’s been amazing to listen to this podcast from top to bottom and process all the valuable information given. I’m taking the Cybersecurity Bootcamp at University of Miami right know and to me, this is like one more class. Thanks for taking the time to craft this, for the value you, your cohosts and guests are giving. I’m a big fan!!!

Top Podcasts In Business

Ramsey Network
Andy Frisella #100to0
Tim Ferriss: Bestselling Author, Human Guinea Pig

You Might Also Like

CyberWire, Inc.
CyberWire Inc.
Recorded Future
CISO Series