Ep:30 Practical Cybersecruity Advice You Can Use
The source is an audio recording of a podcast episode focused on providing advice for those seeking to enter the cybersecurity field. The host, Marc, offers insights on acquiring practical experience, the importance of certifications, the significance of soft skills, strategies for successful job interviews, and effective networking methods. He emphasizes the importance of tailoring resumes to showcase relevant skills and using networking events to connect with industry professionals. He also shares his own personal experience with job hunting and rejection, encouraging listeners to persevere despite setbacks and to continuously improve their job application materials.
---
I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.
--
--
Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:
--
Support this Podcast with a Tip:
--
If you have questions for the show, feedback or topics you want covered. Please send a short email to marc@bytesizedsecurity.show with the Subject line of "Byte-Sized Security" so I know it's about the podcast.
Connect with me on TikTok: https://www.tiktok.com/@bytesizedsecurity
Transcript
So this podcast is going to be a little bit different because what I did.
2
:Is take a previous podcast.
3
:And I used a site by
Google called notebook LM.
4
:Too.
5
:Structure that in a better way,
that might be more interesting
6
:to listen to for listeners.
7
:The first time I did this, it was
more of a me just answering questions
8
:one off and kind of spit ballin it.
9
:This one, actually, AI
sort of helped me out.
10
:Organize it.
11
:And it made it into a podcast between two
guests talking about the show that I did.
12
:So this should be real interesting.
13
:Again, the site that I used, if you
have a Google account won't cost,
14
:anything you can add up to 50 sources.
15
:It's mostly for research, but
it's a quite an interesting site.
16
:Again, it's notebook L m.google.com.
17
:And this is what the
episode will sound like.
18
:Angie: Okay, so you're thinking
about a career in cybersecurity, huh?
19
:Well, you're definitely not alone.
20
:This field is seriously exploding
right now, but let's be real,
21
:getting a foot in the door can
feel kind of overwhelming, right?
22
:Dan: Yeah, for sure.
23
:It's easy to get lost in
the sea of advice out there.
24
:Angie: Exactly.
25
:And that's what we're diving into today,
how to actually break into cybersecurity.
26
:And we're not talking vague theories here.
27
:We're But real practical advice
that you can actually use,
28
:Dan: right?
29
:We need the inside scoop.
30
:Angie: You got it.
31
:We're dissecting an episode from
the Bite Size Security podcast.
32
:Their host, Mark, is a total pro
and he really breaks things down
33
:for listeners who are trying
to get started in the field.
34
:Dan: Oh, I've heard of that podcast.
35
:It's supposed to be really good.
36
:Angie: It is.
37
:What I love about Mark is that
he doesn't sugarcoat anything.
38
:He gives it to you straight.
39
:Based on his own experience.
40
:Dan: That's so important.
41
:Especially in a field like cyber
security where things change so quickly.
42
:You need advice that's
grounded in reality.
43
:Angie: Absolutely.
44
:And one thing that makes Mark's
perspective super valuable is
45
:that he actually transitioned
into cybersecurity himself.
46
:So he gets the challenges newcomers
face because, well, he's been there.
47
:He even talks about how he struggled with
a lateral career move despite already
48
:having some IT experience under his belt.
49
:Can you believe that?
50
:Dan: Wow, seriously.
51
:That just goes to show you that everyone,
no matter their background, has to hustle
52
:and prove themselves in this industry.
53
:Angie: Totally.
54
:But, on the flip side, it's also
kind of encouraging, you know?
55
:It means the playing field is
a little more level for those
56
:who are just starting out.
57
:You don't necessarily need a
computer science degree from, like,
58
:the dawn of time to be successful.
59
:Dan: Right.
60
:It's more about skills and a
willingness to learn, which is
61
:something that Mark emphasizes a lot.
62
:He's very clear that a traditional
IT background can be a great asset,
63
:but it's not the be all and end all.
64
:Cybersecurity needs people with
all sorts of skills, from legal
65
:and writing to training and beyond.
66
:Angie: It's true.
67
:Cybersecurity isn't just about, like,
hacking into the mainframe anymore.
68
:I mean, it's way more than that.
69
:It's about strategy,
communication, problem solving.
70
:Dan: Exactly.
71
:Think of it like building a
security team in the real world.
72
:You wouldn't want everyone to have the
same skills and perspectives, right?
73
:Angie: That's a fantastic point.
74
:So, instead of getting hung up
on whether you have the perfect
75
:background, it's more about figuring
out how your existing skills could
76
:be valuable in a cybersecurity role.
77
:It's about finding your niche.
78
:Dan: Absolutely.
79
:And one of Mark's biggest pieces of
advice is to actually research the
80
:different areas within cybersecurity.
81
:There's so much out there.
82
:Angie: Yeah.
83
:Dan: Figure out what really
interests you and see how your skills
84
:might connect with those areas.
85
:Angie: Okay, that makes a ton of sense.
86
:But let's say you've done your research.
87
:You're ready to start applying
for jobs, and then you hit a wall.
88
:A wall of certifications.
89
:CISSP, security, CCNA,
the list goes on and on.
90
:It can be totally overwhelming.
91
:Dan: Oh, tell me about it.
92
:I remember when I first started
looking into certs, I was
93
:like, where do I even begin?
94
:Angie: Right.
95
:And Mark has this hilarious take on this
whole certification craze, especially
96
:when it comes to entry level roles.
97
:Dan: Yeah, what's his take?
98
:Angie: He basically laughs at
those job postings that require a
99
:CISSP for an entry level position.
100
:It's like, they want you to be a
cyber security ninja before you've
101
:even learned how to throw a punch.
102
:Dan: Yeah, that's a bit much, right?
103
:Like, asking someone to run a
marathon before they can even walk.
104
:Angie: Exactly.
105
:So, what's the deal with certifications?
106
:Should we be spending all our free time
studying for them, or are they just
107
:kind of nice to have on our resumes?
108
:Dan: Well, Mark doesn't dismiss
certifications entirely.
109
:He sees them as valuable,
but for specific reasons.
110
:Angie: Okay.
111
:I'm intrigued.
112
:Like, what?
113
:Dan: First off, they can actually help you
get past those applicant tracking systems.
114
:You know, those ATS things a lot
of companies use to filter resumes.
115
:Those
116
:Angie: things are brutal.
117
:Dan: Yeah, they can be.
118
:Certifications act as keywords
to make your resume stand out.
119
:Angie: So it's like playing a game,
figuring out the right keywords.
120
:Dan: Kind of.
121
:But the other thing certifications
do is show employers you
122
:have a baseline of knowledge.
123
:Like, you're serious about the field
and you're investing in yourself.
124
:That makes sense.
125
:But here's the key.
126
:Don't just collect certifications
like they're Pokemon cards.
127
:Be strategic.
128
:Angie: So it's all about
quality over quantity.
129
:Dan: Exactly.
130
:Choose the ones that are relevant
to the specific cybersecurity
131
:jobs you actually want.
132
:Angie: Focus.
133
:I like it.
134
:But even with the right certifications,
Mark emphasizes that technical
135
:skills alone won't cut it.
136
:He's a big believer in
what he calls soft skills.
137
:Things like curiosity and self
discovery are super important,
138
:especially in such a fast paced field.
139
:Dan: Oh, absolutely.
140
:I think that's spot on.
141
:Cyber security is constantly changing.
142
:You can't just learn one thing and expect
to coast on that knowledge forever.
143
:Angie: Right.
144
:You've got to be constantly
learning, adapting, and evolving.
145
:Dan: Exactly.
146
:Mark actually brings up
phishing attacks as an example.
147
:Like, have you seen the crazy
stuff they're doing with AI now?
148
:Angie: No.
149
:What are they doing?
150
:Dan: It's kind of scary how
sophisticated it's gotten.
151
:But it proves Mark's point perfectly.
152
:If you're not learning and adapting
You're going to get left behind.
153
:Angie: Whoa, AI powered phishing attacks.
154
:That's kind of terrifying,
but I guess it makes sense.
155
:Cybersecurity is like this
never ending arms race.
156
:As the good guys get better, the
bad guys have to up their game too.
157
:So how can people actually develop those
crucial SOP skills that Mark talks about?
158
:Especially if you're just
starting out in cybersecurity.
159
:It's not like you just wake up
one day with this like, incredible
160
:self directed learning superpower.
161
:Dan: Right.
162
:It takes work.
163
:Yeah.
164
:But Mark has some really
cool advice about this.
165
:He's a huge advocate for what he
calls self discovery learning.
166
:It's all about taking control of your
education, going beyond the classroom,
167
:and actually learning by doing.
168
:Angie: I like the sound of that.
169
:Dan: He encourages people to dive into
cybersecurity forums, experiment with
170
:different tools, and even try setting
up their own vulnerable systems in a
171
:safe environment so they can practice.
172
:Angie: Wait, what?
173
:You mean like building your
own little hacking lab at home?
174
:Dan: Exactly.
175
:Angie: Yeah.
176
:Dan: Mark calls it a home lab,
and it's surprisingly common
177
:in the cybersecurity world.
178
:Angie: Seriously?
179
:Dan: Yeah.
180
:It's a way to get hands on experience
without the pressure of a real world
181
:job, which can be super valuable
when you're first starting out.
182
:Angie: That's so cool.
183
:It sounds a little intimidating,
though, building your own hacking lab.
184
:Like, where do you even begin?
185
:Dan: Well, that's where those soft
skills come in curiosity and that
186
:willingness to just figure things out.
187
:Mark talks about spending hours
in his home lab, breaking stuff,
188
:putting it back together and just
learning through trial and error.
189
:And he emphasizes that you don't need
some crazy expensive setup to get started.
190
:You can start small and build
up your skills as you go.
191
:Angie: That's really encouraging.
192
:So it's all about embracing
that hacker mindset, right?
193
:A
194
:Dan: hundred percent.
195
:Angie: Even if you're not planning on
becoming an ethical hacker or anything,
196
:just having that curiosity to explore and
figure out how things work is so valuable.
197
:Dan: It's essential.
198
:And besides Home Labs, Mark's
also a huge fan of those
199
:Capture the Flag competitions.
200
:Have you ever heard of those?
201
:Angie: Yeah, I've heard the term, but
I'm not entirely sure what they are.
202
:Dan: So CTFs are basically online
cybersecurity games or competitions
203
:designed to test your skills in
a really fun and engaging way.
204
:Imagine solving puzzles, cracking
codes, finding vulnerabilities,
205
:and competing against other people.
206
:Angie: That sounds awesome.
207
:It's like gamified
cybersecurity training almost.
208
:Dan: Exactly.
209
:And the best part is that there are
CTFs for every skill level, from
210
:total beginners to seasoned pros.
211
:Yeah.
212
:Yeah.
213
:Mark says that CTFs helped him solidify
his understanding of key cybersecurity
214
:concepts when he was starting out.
215
:He said it was like everything just
clicked once he actually started
216
:applying what he was learning
in a more practical environment.
217
:Angie: Wow.
218
:So CTFs are like the ultimate proving
ground for your cybersecurity skills.
219
:I love that there's a
competitive side to it, too.
220
:I
221
:Dan: know, right?
222
:It's like esports for security nerds.
223
:Angie: Totally.
224
:So we've got Homelabs, CTFs.
225
:Are there any other, like, unconventional
learning resources that Mark recommends?
226
:Dan: Well, what's cool about all of
these things, Homelab, CTFs, even those
227
:online forums we talked about, is that
they all foster a sense of community.
228
:You're connecting with people who
share your passion for cybersecurity.
229
:And you can learn so much just
by observing, asking questions,
230
:and being part of that community.
231
:Angie: That's a really good point.
232
:Okay, so we've covered a lot of
ground transferable skills, choosing
233
:the right certifications, hands
on learning, building a home lab.
234
:It seems like Mark's philosophy
is all about taking action.
235
:Like, don't just wait for opportunities to
come to you, go out there and create them.
236
:Dan: Absolutely.
237
:And, while he's a huge advocate for
self directed learning, he definitely
238
:doesn't downplay the value of
connecting with others in the field.
239
:Which brings us to his
thoughts on networking.
240
:Angie: Yeah.
241
:Dan: Yeah, so when it comes to
networking, Mark walks the walk.
242
:You know, he doesn't just talk about it.
243
:He actually attended RSA, like the
biggest cyber security conference out
244
:there, for two years straight, before
he even broke into the industry.
245
:Angie: Two years, wow, he must have been
serious about making those connections.
246
:Dan: Oh, absolutely, he was all in.
247
:He said he didn't know anyone at first,
but he went to all the talks, chatted
248
:with people at the vendor booths,
totally immersed himself in that world.
249
:And what's really cool is that
he emphasizes that networking
250
:doesn't have to be expensive.
251
:You know, you don't need to
fly to Vegas and drop a ton
252
:of cash on a conference pass.
253
:Angie: Right.
254
:There are definitely ways
to do it on a budget.
255
:Dan: Yeah, exactly.
256
:He's a big fan of those smaller
local conferences like B Sides.
257
:They're often free or way
cheaper than the big name events.
258
:He actually tells this crazy story
about overhearing a conversation at B
259
:Sides Vegas that led to a job offer.
260
:Angie: No way!
261
:Are you serious?
262
:It's just from eavesdropping.
263
:I
264
:Dan: know, right?
265
:It's a perfect example of how
you never know where that next
266
:opportunity might come from.
267
:But beyond those in person events,
Mark's also a huge proponent of
268
:building a solid online presence.
269
:Especially on LinkedIn.
270
:Angie: Makes sense.
271
:It's like having a digital resume that
anyone in the industry can see, right?
272
:Dan: Exactly.
273
:Mark suggests treating your
LinkedIn profile as your own
274
:personal cybersecurity brand.
275
:Showcase your skills experience and
even your passion for the field.
276
:Don't be afraid to share articles,
participate in discussions, and connect
277
:with people whose work you admire.
278
:You'd be amazed how many
doors can open just by putting
279
:yourself out there authentically.
280
:Angie: It's all about making
those connections and building
281
:relationships both online and offline.
282
:Dan: Absolutely.
283
:So let's shift gears for a sec.
284
:We've talked about networking,
building your skills, but what about
285
:the actual job application process?
286
:You know, sending out your resume
and going through interviews,
287
:it can be a real grind.
288
:Uh huh.
289
:And?
290
:Let's be honest.
291
:Rejection is part of the game.
292
:Angie: Oh, tell me about it.
293
:I've definitely stared at my inbox
wondering why no one was emailing me back.
294
:It can be brutal.
295
:Dan: Totally.
296
:And that's what I appreciate about Mark.
297
:He's so real about the ups
and downs of the job search.
298
:He talks about how he sent out
tons of applications and faced
299
:his fair share of rejections.
300
:But here's the thing.
301
:He didn't let it get to him.
302
:He actually started tracking
his application response rate.
303
:Angie: Interesting, like
turning it into a numbers game.
304
:Dan: Exactly, and he found that he was
getting about a 54 percent response rate,
305
:which is pretty impressive if you ask me.
306
:But even at a good response rate, you're
still going to get those rejections.
307
:Oh, for sure.
308
:And it's so easy to take it personally,
you know, like, what's wrong with me?
309
:Why aren't they picking me?
310
:Totally understandable.
311
:But Mark's approach is that
every application, every
312
:interview, even every rejection,
313
:Angie: Okay, I like that.
314
:It's about finding the
lesson in every situation.
315
:Dan: Exactly.
316
:He encourages people to really look at
those experiences, what worked, what
317
:didn't, and then use that feedback to
make your applications even stronger.
318
:Angie: So it's all about
having that growth mindset.
319
:Setbacks are just
opportunities for improvement.
320
:Dan: A hundred percent.
321
:And one of the best tips Mark offers is
to treat your resume as a living document.
322
:You don't just create one generic version
and blast it out to a million companies.
323
:Angie: You've got to tailor it
to each specific role, right?
324
:Dan: Exactly.
325
:Highlight those skills and
experiences that are most
326
:relevant to each job description.
327
:He actually recommends keeping a
file of interesting job postings.
328
:You know, the ones that really
get you excited and then use those
329
:as inspiration to optimize your
resume and your online profiles.
330
:Angie: It's brilliant, really.
331
:You're basically reverse engineering
the hiring process, figuring out
332
:exactly what employers want and
then making sure you're presenting
333
:yourself in the best possible light.
334
:Dan: Nailed it.
335
:Now, before we wrap things up,
there's one more thing I want to
336
:highlight from Mark's advice and I
think it's a really important one.
337
:He talks about the importance of
finding your why in cybersecurity.
338
:Angie: Your why?
339
:What does he mean by that?
340
:Dan: He's essentially saying that
if you want to not only break into,
341
:but truly thrive in this field,
you need a strong sense of purpose.
342
:You need something deeper
than just wanting a cool
343
:job title or a big paycheck.
344
:Angie: I love that.
345
:So it's about figuring
out what motivates you.
346
:What are you passionate about?
347
:Dan: Exactly.
348
:What problems do you want to solve?
349
:What kind of impact do you
want to make in the world?
350
:Because at cybersecurity is
about more than just technical
351
:skills and certifications.
352
:It's about protecting people,
businesses, entire societies.
353
:It's about making a real difference.
354
:Angie: Wow, that's a powerful
way to think about it.
355
:So as we wrap up this deep dive into
Mark's incredible insights, I think
356
:we've uncovered a really solid word map
for anyone who wants to launch a career
357
:in this exciting and impactful field.
358
:It's clear that breaking
into cybersecurity requires
359
:a multifaceted approach.
360
:We're talking technical skills,
soft skills, practical experience,
361
:and a whole lot of hustle.
362
:But what really shines through is that
having a genuine passion for this ever
363
:evolving field and a desire to make
a positive impact is absolutely key.
364
:So as you embark on your own
cybersecurity journey, here's a
365
:final thought to leave you with.
366
:If cybersecurity is all about anticipating
and mitigating future threats, how do
367
:you envision yourself contributing to
a safer and more secure digital world?
