Episode 30

full
Published on:

19th Sep 2024

Ep:30 Practical Cybersecruity Advice You Can Use

The source is an audio recording of a podcast episode focused on providing advice for those seeking to enter the cybersecurity field. The host, Marc, offers insights on acquiring practical experience, the importance of certifications, the significance of soft skills, strategies for successful job interviews, and effective networking methods. He emphasizes the importance of tailoring resumes to showcase relevant skills and using networking events to connect with industry professionals. He also shares his own personal experience with job hunting and rejection, encouraging listeners to persevere despite setbacks and to continuously improve their job application materials.

---

I do hope you enjoyed this episode of the podcast. Here's some helpful resources including any sites that were mentioned in this episode.

--

--

Find subscriber links on my site, add to your podcast player, or listen on the web players on my site:

Listen to Byte Sized Security

--

Support this Podcast with a Tip:

Support Byte Sized Security

--

If you have questions for the show, feedback or topics you want covered. Please send a short email to marc@bytesizedsecurity.show with the Subject line of "Byte-Sized Security" so I know it's about the podcast.

Connect with me on TikTok: https://www.tiktok.com/@bytesizedsecurity

Transcript
Marc:

So this podcast is going to be a little bit different because what I did.

2

:

Is take a previous podcast.

3

:

And I used a site by

Google called notebook LM.

4

:

Too.

5

:

Structure that in a better way,

that might be more interesting

6

:

to listen to for listeners.

7

:

The first time I did this, it was

more of a me just answering questions

8

:

one off and kind of spit ballin it.

9

:

This one, actually, AI

sort of helped me out.

10

:

Organize it.

11

:

And it made it into a podcast between two

guests talking about the show that I did.

12

:

So this should be real interesting.

13

:

Again, the site that I used, if you

have a Google account won't cost,

14

:

anything you can add up to 50 sources.

15

:

It's mostly for research, but

it's a quite an interesting site.

16

:

Again, it's notebook L m.google.com.

17

:

And this is what the

episode will sound like.

18

:

Angie: Okay, so you're thinking

about a career in cybersecurity, huh?

19

:

Well, you're definitely not alone.

20

:

This field is seriously exploding

right now, but let's be real,

21

:

getting a foot in the door can

feel kind of overwhelming, right?

22

:

Dan: Yeah, for sure.

23

:

It's easy to get lost in

the sea of advice out there.

24

:

Angie: Exactly.

25

:

And that's what we're diving into today,

how to actually break into cybersecurity.

26

:

And we're not talking vague theories here.

27

:

We're But real practical advice

that you can actually use,

28

:

Dan: right?

29

:

We need the inside scoop.

30

:

Angie: You got it.

31

:

We're dissecting an episode from

the Bite Size Security podcast.

32

:

Their host, Mark, is a total pro

and he really breaks things down

33

:

for listeners who are trying

to get started in the field.

34

:

Dan: Oh, I've heard of that podcast.

35

:

It's supposed to be really good.

36

:

Angie: It is.

37

:

What I love about Mark is that

he doesn't sugarcoat anything.

38

:

He gives it to you straight.

39

:

Based on his own experience.

40

:

Dan: That's so important.

41

:

Especially in a field like cyber

security where things change so quickly.

42

:

You need advice that's

grounded in reality.

43

:

Angie: Absolutely.

44

:

And one thing that makes Mark's

perspective super valuable is

45

:

that he actually transitioned

into cybersecurity himself.

46

:

So he gets the challenges newcomers

face because, well, he's been there.

47

:

He even talks about how he struggled with

a lateral career move despite already

48

:

having some IT experience under his belt.

49

:

Can you believe that?

50

:

Dan: Wow, seriously.

51

:

That just goes to show you that everyone,

no matter their background, has to hustle

52

:

and prove themselves in this industry.

53

:

Angie: Totally.

54

:

But, on the flip side, it's also

kind of encouraging, you know?

55

:

It means the playing field is

a little more level for those

56

:

who are just starting out.

57

:

You don't necessarily need a

computer science degree from, like,

58

:

the dawn of time to be successful.

59

:

Dan: Right.

60

:

It's more about skills and a

willingness to learn, which is

61

:

something that Mark emphasizes a lot.

62

:

He's very clear that a traditional

IT background can be a great asset,

63

:

but it's not the be all and end all.

64

:

Cybersecurity needs people with

all sorts of skills, from legal

65

:

and writing to training and beyond.

66

:

Angie: It's true.

67

:

Cybersecurity isn't just about, like,

hacking into the mainframe anymore.

68

:

I mean, it's way more than that.

69

:

It's about strategy,

communication, problem solving.

70

:

Dan: Exactly.

71

:

Think of it like building a

security team in the real world.

72

:

You wouldn't want everyone to have the

same skills and perspectives, right?

73

:

Angie: That's a fantastic point.

74

:

So, instead of getting hung up

on whether you have the perfect

75

:

background, it's more about figuring

out how your existing skills could

76

:

be valuable in a cybersecurity role.

77

:

It's about finding your niche.

78

:

Dan: Absolutely.

79

:

And one of Mark's biggest pieces of

advice is to actually research the

80

:

different areas within cybersecurity.

81

:

There's so much out there.

82

:

Angie: Yeah.

83

:

Dan: Figure out what really

interests you and see how your skills

84

:

might connect with those areas.

85

:

Angie: Okay, that makes a ton of sense.

86

:

But let's say you've done your research.

87

:

You're ready to start applying

for jobs, and then you hit a wall.

88

:

A wall of certifications.

89

:

CISSP, security, CCNA,

the list goes on and on.

90

:

It can be totally overwhelming.

91

:

Dan: Oh, tell me about it.

92

:

I remember when I first started

looking into certs, I was

93

:

like, where do I even begin?

94

:

Angie: Right.

95

:

And Mark has this hilarious take on this

whole certification craze, especially

96

:

when it comes to entry level roles.

97

:

Dan: Yeah, what's his take?

98

:

Angie: He basically laughs at

those job postings that require a

99

:

CISSP for an entry level position.

100

:

It's like, they want you to be a

cyber security ninja before you've

101

:

even learned how to throw a punch.

102

:

Dan: Yeah, that's a bit much, right?

103

:

Like, asking someone to run a

marathon before they can even walk.

104

:

Angie: Exactly.

105

:

So, what's the deal with certifications?

106

:

Should we be spending all our free time

studying for them, or are they just

107

:

kind of nice to have on our resumes?

108

:

Dan: Well, Mark doesn't dismiss

certifications entirely.

109

:

He sees them as valuable,

but for specific reasons.

110

:

Angie: Okay.

111

:

I'm intrigued.

112

:

Like, what?

113

:

Dan: First off, they can actually help you

get past those applicant tracking systems.

114

:

You know, those ATS things a lot

of companies use to filter resumes.

115

:

Those

116

:

Angie: things are brutal.

117

:

Dan: Yeah, they can be.

118

:

Certifications act as keywords

to make your resume stand out.

119

:

Angie: So it's like playing a game,

figuring out the right keywords.

120

:

Dan: Kind of.

121

:

But the other thing certifications

do is show employers you

122

:

have a baseline of knowledge.

123

:

Like, you're serious about the field

and you're investing in yourself.

124

:

That makes sense.

125

:

But here's the key.

126

:

Don't just collect certifications

like they're Pokemon cards.

127

:

Be strategic.

128

:

Angie: So it's all about

quality over quantity.

129

:

Dan: Exactly.

130

:

Choose the ones that are relevant

to the specific cybersecurity

131

:

jobs you actually want.

132

:

Angie: Focus.

133

:

I like it.

134

:

But even with the right certifications,

Mark emphasizes that technical

135

:

skills alone won't cut it.

136

:

He's a big believer in

what he calls soft skills.

137

:

Things like curiosity and self

discovery are super important,

138

:

especially in such a fast paced field.

139

:

Dan: Oh, absolutely.

140

:

I think that's spot on.

141

:

Cyber security is constantly changing.

142

:

You can't just learn one thing and expect

to coast on that knowledge forever.

143

:

Angie: Right.

144

:

You've got to be constantly

learning, adapting, and evolving.

145

:

Dan: Exactly.

146

:

Mark actually brings up

phishing attacks as an example.

147

:

Like, have you seen the crazy

stuff they're doing with AI now?

148

:

Angie: No.

149

:

What are they doing?

150

:

Dan: It's kind of scary how

sophisticated it's gotten.

151

:

But it proves Mark's point perfectly.

152

:

If you're not learning and adapting

You're going to get left behind.

153

:

Angie: Whoa, AI powered phishing attacks.

154

:

That's kind of terrifying,

but I guess it makes sense.

155

:

Cybersecurity is like this

never ending arms race.

156

:

As the good guys get better, the

bad guys have to up their game too.

157

:

So how can people actually develop those

crucial SOP skills that Mark talks about?

158

:

Especially if you're just

starting out in cybersecurity.

159

:

It's not like you just wake up

one day with this like, incredible

160

:

self directed learning superpower.

161

:

Dan: Right.

162

:

It takes work.

163

:

Yeah.

164

:

But Mark has some really

cool advice about this.

165

:

He's a huge advocate for what he

calls self discovery learning.

166

:

It's all about taking control of your

education, going beyond the classroom,

167

:

and actually learning by doing.

168

:

Angie: I like the sound of that.

169

:

Dan: He encourages people to dive into

cybersecurity forums, experiment with

170

:

different tools, and even try setting

up their own vulnerable systems in a

171

:

safe environment so they can practice.

172

:

Angie: Wait, what?

173

:

You mean like building your

own little hacking lab at home?

174

:

Dan: Exactly.

175

:

Angie: Yeah.

176

:

Dan: Mark calls it a home lab,

and it's surprisingly common

177

:

in the cybersecurity world.

178

:

Angie: Seriously?

179

:

Dan: Yeah.

180

:

It's a way to get hands on experience

without the pressure of a real world

181

:

job, which can be super valuable

when you're first starting out.

182

:

Angie: That's so cool.

183

:

It sounds a little intimidating,

though, building your own hacking lab.

184

:

Like, where do you even begin?

185

:

Dan: Well, that's where those soft

skills come in curiosity and that

186

:

willingness to just figure things out.

187

:

Mark talks about spending hours

in his home lab, breaking stuff,

188

:

putting it back together and just

learning through trial and error.

189

:

And he emphasizes that you don't need

some crazy expensive setup to get started.

190

:

You can start small and build

up your skills as you go.

191

:

Angie: That's really encouraging.

192

:

So it's all about embracing

that hacker mindset, right?

193

:

A

194

:

Dan: hundred percent.

195

:

Angie: Even if you're not planning on

becoming an ethical hacker or anything,

196

:

just having that curiosity to explore and

figure out how things work is so valuable.

197

:

Dan: It's essential.

198

:

And besides Home Labs, Mark's

also a huge fan of those

199

:

Capture the Flag competitions.

200

:

Have you ever heard of those?

201

:

Angie: Yeah, I've heard the term, but

I'm not entirely sure what they are.

202

:

Dan: So CTFs are basically online

cybersecurity games or competitions

203

:

designed to test your skills in

a really fun and engaging way.

204

:

Imagine solving puzzles, cracking

codes, finding vulnerabilities,

205

:

and competing against other people.

206

:

Angie: That sounds awesome.

207

:

It's like gamified

cybersecurity training almost.

208

:

Dan: Exactly.

209

:

And the best part is that there are

CTFs for every skill level, from

210

:

total beginners to seasoned pros.

211

:

Yeah.

212

:

Yeah.

213

:

Mark says that CTFs helped him solidify

his understanding of key cybersecurity

214

:

concepts when he was starting out.

215

:

He said it was like everything just

clicked once he actually started

216

:

applying what he was learning

in a more practical environment.

217

:

Angie: Wow.

218

:

So CTFs are like the ultimate proving

ground for your cybersecurity skills.

219

:

I love that there's a

competitive side to it, too.

220

:

I

221

:

Dan: know, right?

222

:

It's like esports for security nerds.

223

:

Angie: Totally.

224

:

So we've got Homelabs, CTFs.

225

:

Are there any other, like, unconventional

learning resources that Mark recommends?

226

:

Dan: Well, what's cool about all of

these things, Homelab, CTFs, even those

227

:

online forums we talked about, is that

they all foster a sense of community.

228

:

You're connecting with people who

share your passion for cybersecurity.

229

:

And you can learn so much just

by observing, asking questions,

230

:

and being part of that community.

231

:

Angie: That's a really good point.

232

:

Okay, so we've covered a lot of

ground transferable skills, choosing

233

:

the right certifications, hands

on learning, building a home lab.

234

:

It seems like Mark's philosophy

is all about taking action.

235

:

Like, don't just wait for opportunities to

come to you, go out there and create them.

236

:

Dan: Absolutely.

237

:

And, while he's a huge advocate for

self directed learning, he definitely

238

:

doesn't downplay the value of

connecting with others in the field.

239

:

Which brings us to his

thoughts on networking.

240

:

Angie: Yeah.

241

:

Dan: Yeah, so when it comes to

networking, Mark walks the walk.

242

:

You know, he doesn't just talk about it.

243

:

He actually attended RSA, like the

biggest cyber security conference out

244

:

there, for two years straight, before

he even broke into the industry.

245

:

Angie: Two years, wow, he must have been

serious about making those connections.

246

:

Dan: Oh, absolutely, he was all in.

247

:

He said he didn't know anyone at first,

but he went to all the talks, chatted

248

:

with people at the vendor booths,

totally immersed himself in that world.

249

:

And what's really cool is that

he emphasizes that networking

250

:

doesn't have to be expensive.

251

:

You know, you don't need to

fly to Vegas and drop a ton

252

:

of cash on a conference pass.

253

:

Angie: Right.

254

:

There are definitely ways

to do it on a budget.

255

:

Dan: Yeah, exactly.

256

:

He's a big fan of those smaller

local conferences like B Sides.

257

:

They're often free or way

cheaper than the big name events.

258

:

He actually tells this crazy story

about overhearing a conversation at B

259

:

Sides Vegas that led to a job offer.

260

:

Angie: No way!

261

:

Are you serious?

262

:

It's just from eavesdropping.

263

:

I

264

:

Dan: know, right?

265

:

It's a perfect example of how

you never know where that next

266

:

opportunity might come from.

267

:

But beyond those in person events,

Mark's also a huge proponent of

268

:

building a solid online presence.

269

:

Especially on LinkedIn.

270

:

Angie: Makes sense.

271

:

It's like having a digital resume that

anyone in the industry can see, right?

272

:

Dan: Exactly.

273

:

Mark suggests treating your

LinkedIn profile as your own

274

:

personal cybersecurity brand.

275

:

Showcase your skills experience and

even your passion for the field.

276

:

Don't be afraid to share articles,

participate in discussions, and connect

277

:

with people whose work you admire.

278

:

You'd be amazed how many

doors can open just by putting

279

:

yourself out there authentically.

280

:

Angie: It's all about making

those connections and building

281

:

relationships both online and offline.

282

:

Dan: Absolutely.

283

:

So let's shift gears for a sec.

284

:

We've talked about networking,

building your skills, but what about

285

:

the actual job application process?

286

:

You know, sending out your resume

and going through interviews,

287

:

it can be a real grind.

288

:

Uh huh.

289

:

And?

290

:

Let's be honest.

291

:

Rejection is part of the game.

292

:

Angie: Oh, tell me about it.

293

:

I've definitely stared at my inbox

wondering why no one was emailing me back.

294

:

It can be brutal.

295

:

Dan: Totally.

296

:

And that's what I appreciate about Mark.

297

:

He's so real about the ups

and downs of the job search.

298

:

He talks about how he sent out

tons of applications and faced

299

:

his fair share of rejections.

300

:

But here's the thing.

301

:

He didn't let it get to him.

302

:

He actually started tracking

his application response rate.

303

:

Angie: Interesting, like

turning it into a numbers game.

304

:

Dan: Exactly, and he found that he was

getting about a 54 percent response rate,

305

:

which is pretty impressive if you ask me.

306

:

But even at a good response rate, you're

still going to get those rejections.

307

:

Oh, for sure.

308

:

And it's so easy to take it personally,

you know, like, what's wrong with me?

309

:

Why aren't they picking me?

310

:

Totally understandable.

311

:

But Mark's approach is that

every application, every

312

:

interview, even every rejection,

313

:

Angie: Okay, I like that.

314

:

It's about finding the

lesson in every situation.

315

:

Dan: Exactly.

316

:

He encourages people to really look at

those experiences, what worked, what

317

:

didn't, and then use that feedback to

make your applications even stronger.

318

:

Angie: So it's all about

having that growth mindset.

319

:

Setbacks are just

opportunities for improvement.

320

:

Dan: A hundred percent.

321

:

And one of the best tips Mark offers is

to treat your resume as a living document.

322

:

You don't just create one generic version

and blast it out to a million companies.

323

:

Angie: You've got to tailor it

to each specific role, right?

324

:

Dan: Exactly.

325

:

Highlight those skills and

experiences that are most

326

:

relevant to each job description.

327

:

He actually recommends keeping a

file of interesting job postings.

328

:

You know, the ones that really

get you excited and then use those

329

:

as inspiration to optimize your

resume and your online profiles.

330

:

Angie: It's brilliant, really.

331

:

You're basically reverse engineering

the hiring process, figuring out

332

:

exactly what employers want and

then making sure you're presenting

333

:

yourself in the best possible light.

334

:

Dan: Nailed it.

335

:

Now, before we wrap things up,

there's one more thing I want to

336

:

highlight from Mark's advice and I

think it's a really important one.

337

:

He talks about the importance of

finding your why in cybersecurity.

338

:

Angie: Your why?

339

:

What does he mean by that?

340

:

Dan: He's essentially saying that

if you want to not only break into,

341

:

but truly thrive in this field,

you need a strong sense of purpose.

342

:

You need something deeper

than just wanting a cool

343

:

job title or a big paycheck.

344

:

Angie: I love that.

345

:

So it's about figuring

out what motivates you.

346

:

What are you passionate about?

347

:

Dan: Exactly.

348

:

What problems do you want to solve?

349

:

What kind of impact do you

want to make in the world?

350

:

Because at cybersecurity is

about more than just technical

351

:

skills and certifications.

352

:

It's about protecting people,

businesses, entire societies.

353

:

It's about making a real difference.

354

:

Angie: Wow, that's a powerful

way to think about it.

355

:

So as we wrap up this deep dive into

Mark's incredible insights, I think

356

:

we've uncovered a really solid word map

for anyone who wants to launch a career

357

:

in this exciting and impactful field.

358

:

It's clear that breaking

into cybersecurity requires

359

:

a multifaceted approach.

360

:

We're talking technical skills,

soft skills, practical experience,

361

:

and a whole lot of hustle.

362

:

But what really shines through is that

having a genuine passion for this ever

363

:

evolving field and a desire to make

a positive impact is absolutely key.

364

:

So as you embark on your own

cybersecurity journey, here's a

365

:

final thought to leave you with.

366

:

If cybersecurity is all about anticipating

and mitigating future threats, how do

367

:

you envision yourself contributing to

a safer and more secure digital world?

Support the Podcast with a Tip

If you're enjoying Byte-Sized Security and finding these practical tips useful, please consider supporting the podcast with a small contribution. It costs $17 per month just to cover podcast hosting fees, and your support helps offset the costs of producing this security resource and keeping episodes free. Even a tip of $1-5 per month from loyal listeners adds up and allows me to continue providing great cybersecurity info. Please considering a donation. I appreciate you helping sustain Byte-Sized Security! Now back to the security tips..
Support the Podcast
A
We haven’t had any Tips yet :( Maybe you could be the first!
Show artwork for Byte Sized Security

About the Podcast

Byte Sized Security
Snackable advice on cyber security best practices tailored for professionals on the go
In a world where cyberattacks are becoming more commonplace, we all need to be vigilant about protecting our digital lives, whether at home or at work. Byte Sized Security is the podcast that provides snackable advice on cybersecurity best practices tailored for professionals on the go.

Hosted by information security expert, Marc David, each 15-20 minute episode provides actionable guidance to help listeners safeguard their devices, data, and organizations against online threats. With new episodes released every Monday, Byte Sized Security covers topics like social engineering, password management, multi-factor authentication, security awareness training, regulatory compliance, incident response, and more.

Whether you're an IT professional, small business owner, developer, or just someone interested in learning more about cybersecurity, Byte Sized Security is the quick, easy way to pick up useful tips and insights you can immediately put into practice. The clear, jargon-free advice is perfect for listening on your commute, during a lunch break, or working out.

Visit bytesizedsecurity.com to access episodes and show notes with key takeaways and links to useful resources mentioned in each episode. Don't let cybercriminals catch you off guard - get smart, fast with Byte Sized Security! Tune in to boost your cybersecurity knowledge and help secure your part of cyberspace.
Support This Show

About your host

Profile picture for Marc David

Marc David

Marc David is a Certified Information Systems Security Professional (CISSP) and the host of the cybersecurity podcast, Byte-Sized Security. He has over 15 years of experience in the information security field, specializing in network security, cloud security, and security awareness training. Marc is an engaging speaker and teacher with a passion for demystifying complex security topics. He got his start in security as a software developer for encrypted messaging platforms. Over his career, Marc has held security leadership roles at tech companies like Radius Networks and Vanco Payment Solutions. He now runs his own cybersecurity consulting and training firm helping businesses and individuals implement practical security controls. When he’s not hosting his popular security podcast, you can find Marc speaking at industry conferences or volunteering to teach kids cyber safety. Marc lives with his family outside of Boston where he also enjoys running, reading, and hiking.