What I Learned Mentoring 130+ Cybersecurity Students into Tech

So also everybody thank you for joining for the last session for the day. Um thank you for coming to Bides here. I want to thank our sponsors St. Mary USA is our main sponsor and various others as well too and thank you for your participation. Without further ado, I'm looking forward to this topic about mentorship and study. Uh everyone give a round of applause for >> all right thank you everybody. Test test test. Do you guys can hear me in the back? Can you guys hear me in the back? Good. Okay, cool. So um hello everybody. I know this is the last talk so thank you for joining. I know it's been a long day. I was here last year and besides is

a very good resource um for cyber security professionals right great resource uh tons of knowledge um great networking experience. So I'm going to jump right into it. So my name is Bonafasio Capuan. I go more commonly by the name of Bon just cuz so it's easier. I'm looking at people's faces here because usually when I say my name Bond, they come up with like a a nickname, right? Growing up, I've heard it all. So Bonfire James Bond, Bonafide, Bon Joy. Yeah. So, my personal favorite is uh Shaker Bon Bon. So, just fun fact. All right. So, I'm going to run through my a brief introduction of myself. Uh I'm a senior staff inbound product manager at Service Now. And a

disclaimer, I'm not uh representing service now in this talk at all. This is just my personal view based on the past three years uh I've been mentoring uh cyber security students. Okay. So these are all my own personal thoughts, my own personal re research etc. So um real brief real briefly these are the certifications that I have for uh myself and I caution people who are just getting into the industry about getting vendor specific certifications. Uh the reason I'm doing vendor specific certifications I'm 10 years deep into service now so it's my bread and butter I'm all in right so I decided and my bosses have just you know have made it mandatory for me to take these

certifications and maintain them right so that's why I'm taking them so these are the more uh industry recognized certifications that I have CISSM CISA CISSP some of these probably sound familiar to you guys um the reason why I left this one in here because it's expired is because in my career mid tier it was very critical for me as a turning point um to kind of make a turn in my career right it was really really important for me personally I don't know about you if you guys um how you guys feel about it but for me it was a good uh turning point in my career I'll talk about a little bit later and that's why

I put it up there so question how many people are trying to get into cyber security I'm trying to get like a gauge okay so a pretty decent amount of you guys Good. Okay. So, how many people are in it? We're trying to pivot into cyber security. Okay. Cool. Cool. Cool. All right. And lastly, how many people are are in cyber security and want to level up? Okay. Cool. It's like 30 3030. It's a good mix. Okay. Cool. All right. Trying to get a gauge of the room. So, I might kind of tailor what I talk about, you know, to kind of fit fit the audience itself. Here's a quick overview uh of what I'm

going to talk about so you know everyone knows what to expect and I'm not going to go off the rails. I'm going to keep you know on track. This talk is only 25 minutes so I'm going to kind of have to get through all the information I have really fast. So feel free to stop me if you guys have any questions. All right. So I'm going to talk about the success the success rates of people who I talk to mentors from uh non-paid boot camps to paid boot camps. All right. So let me explain what this means, right? Okay. So this is overview. I'm going to talk about key factors to success, key factors to failures, resume tips, uh how

to search for jobs, etc. And then my own personal career journey. I left that last because I want to make sure you guys get the information up front. Right? So success rates for paid versus uh non-paid versus corporate sponsored versus paid boot camps. So there's two I I mentor for two programs. one was a program and I'm not going to name names. you could come after, you know, this talk and ask me what the name is, but I I don't want to sponsor any um this is a nonsponsored event, right? So, and th this is a paid corporate boot camp where companies pay for people to take courses. So, black belt tip, you can uh work for these companies and

they will pay for your education in regards to any type of technical trade you want to learn and they'll also pay for your college education as well too. Uh the restriction is that you don't already have a college degree. So, if you don't have a college degree, you'll be eligible to enter these programs. So the companies that offer these programs are and I work with them uh people who work for uh Chase Bank, PNC Bank, Walmart, Target, Lowe's, some of you might be in these programs. Uh USAA also offers this program. But um people can people who are employed by these companies can enter into this program and get free education. Now, if you go

into the college program, which is I think is a great benefit, uh there's three or four colleges that they uh pay for, and this is when I calculated it out. It's about $100,000 worth of free college, right? So, if you're interested in that, you know, you can talk to me afterwards. I can give you a little bit more information. So, so that's the corporate sponsored boot camp. Now, I'm I'm going to talk about the success rate was very low, right? Reason being obviously is they're not paying for it. So they took advantage of it and they didn't take it very seriously. So you're you're talking about people who entered uh boot camps who come from and I'm not

trying to disparage people's jobs or whatnot, but kids just straight out of high school say, "Hey, I work at Walmart. I push carts. I want to check out cyber security. What's it all about?" Right? So they come in like, "Oh, not really for me." And they dip out. Right? So and there's a lot of there's a lot of that. So that happened a lot in the beginning when they offered that and now kind of taper it off because the company pays about eight grand a pop to get these people in and when they fail out that's like a loss for them, right? Um and the one thing that the student doesn't know is that if

they abandon the course, they're no longer eligible to take any course again, right? So they give up all that free education, right? So uh the next course was a paid course that I mentored for um and it's uh sponsored by a lot of colleges and the course is about 12 to 15 grand. Um and a lot of people you see see you see the success rate is a lot higher 32%. The reason being obviously is because people are putting their time and money into it so they want to actually finish it right. So um it's about 12 grand about six to 10 months. All right. So I'm going to jump into the things I saw

were common denominators and people who finished the course and were ultimately able to get a a job. Right? So it's really the why. There's a bunch of reasons here uh why people succeeded and the the the main thing I want to kind of it was their kind of season in life, right? I talked to a lot of folks like, "Hey, I just had a kid. I can't work in this job. I need to level up. I need to get into tech. Um, I just got married. My wife's like a nurse and I need to like match her salary. You know, I I need to be, you know, on par with her at the bread winner. Um, so for for me

personally, when I got into, you know, my career field, I was just newly married. Uh, you know, I had a kid on the way. I had an apartment to pay for. You know, I had a car payment. So basically the the the key factor is that they were up their wall was up against the back was up against the wall right they had no choice but to succeed right that's that's how I see a lot of people uh really kind of you know passing through the course and I see a lot of people in blue collar jobs a lot of truckers for some reason they want to get into cyber security or tech um because they're they're tired of long

you know drives whatnot they want to be home with their families etc uh a a lot of law enforcement, military. I see that a lot. It's very often. I had a I had a boss for quite some time. He's ex-military. Um, so you see a lot of that, right? Um, what else did I miss? Yeah cool. And also some other key traits are consistency. People who actually block out scheduled time to focus on their studies, focus on the course, right? They have like a Monday and Wednesday and a Sunday night that they're always going to, you know, take care of the course. They prioritize it, right? it's important to them. And then finally, people who also, you

know, people who are curious, who always show up to the mentor calls, they have questions, they want advice, you know, they they're very humble about, you know self-improvement etc. etc. right? So, su uh key factors in failure, people who I see always drop out, and there's a lot of them, is uh lack of prioritization uh for the program, right? right? They're like, "Okay, I'm going to show up on Monday. I'm going to do some stuff on Monday. I'm going to take a week off. Maybe on Wednesday, I'll spend some time. Okay, I'm going on vacation. I'm going to take a week off." Uh, so to them, it's not a priority. And, you know, you can't really knock

those people because, you know, depending on what stage they're they're in their life. You know, a lot of these people always have jobs, they have a family, they have other commitments, they're trying to juggle things around. And so, naturally, some of these things just kind of fall off, right? Um some people they take a look at the curriculum and they go oh networking OSI networking model uh ports AWS AD objects they're kind of like okay I'm out they tap they're okay I can't do it right uh some people they enter in the course they take two three they fall behind one two three weeks they can't catch up and then they their uh motivation is gone they can't they can't

finish right and then finally the most Common one I see is the lack of motivation. people whenever I talk to people students I go hey my first thing I say ask them is like why do you want to get into this field right and a lot of times people go I want to work remote and make six figures right that's nice um however it's not you know me personally I've been working for home from home for like six years and you know people think oh I'm going to go people see these Tik Tok videos and they're like getting coffee going to the rooftop bar in San just go and then they're, you know, doing an hour meeting

and then they go to happy hour, right? That's not the reality, right? I work from home. I work like 12 hour days, you know, five, six days a week. Uh I got a team that's in California. I'm in Texas. I work with folks in the UK. Uh developers in India, Canada, my directors in Canada. So, I'm always, you know, the expectation of like, oh, hey, I'm just going to chill, work remote, be in Italy for two weeks, party in the day, work at night to match PST hours. It's not it's not it's not the reality, right? Okay. So, I'm going to jump into resume building tips. Okay. And this is kind of important when uh I'm working

with folks who finished a boot camp and they want to, you know, spice up their resume. Um, obviously, finishing the boot camp is very important because you can put that on your resume. Uh the main thing you you want to do is get through that first filter of uh recruiters, right? They're the gatekeepers, right? You got to get past them. And the gatekeepers like keywords, they like acronyms, they like uh you know, security plus, etc. There's some uh additional certifications that have added. So security plus obviously is the main entry point if you want to get um legitimized in this career, right? I didn't take the security plus because I was already had my eyes on this CISP,

but there's a lot of CIS there's a lot of security pluses. There's like tons and tons and tons tons. So that's like the first stage gate. You got to be able to at least get that at a minimum and start working other certificates at the same time. Right now, I advise some folks who want to kind of shortcut it to okay, skip the boot camps, go straight to security plus, study the security plus because if you study security plus, you're studying to pass assert and you're also um studying, you're learning cyber security at the same time. You're hitting two birds with one stone, right? Forget the 12 grand you can spend on the private boot camp. Forget the programs

elsewhere. Jump to that. And the best resource is Professor Messer. I don't know if you guys have heard of him. You probably heard of him. Don't even don't bother going anywhere else. Professor Messer 120 videos, seven minutes on average, uh, bias practice questions and do that. Every single person that I worked with to get the security plus, I said do that. They passed, right? Like 99%. Right? Also look towards those newer certificates as well too. Right? Now, hands-on experience in labs, that's also very important because uh if you're in the boot camp situation, um emphasis labs, you you do hands-on stuff. That's great. If you don't have emphasis labs, you want to do it earn yourself, there's

try hackme, hack the box, uh picf.org. There's a lot of uh resources online that you could get hands-on with, but make sure you put that on your resume because when you talk to the hiring manager, they want to know what demonstrable experience that you have. They want you to you could tell them, "Hey, yeah, I was behind the thing and I was like hacking out, you know, different commands, set up a IB tables or whatnot, right?" So, that's very important, right? Being able to talk to that. So, LinkedIn profile 100% necessary. If you don't have I don't I I don't know who someone who got a job in tech and doesn't have LinkedIn profile. Also,

easy apply. That's the best way to kind of like hammer out applications, right? You upload your resume, easy apply. Boom boom boom boom boom boom. And also consider if you're um if you have time, consider making specific resumes toward specific jobs, right? Kind of be try to match a job description to your profile or to your resume if you can if you have that time and then use chat GPT to to kind of polish up your resume. All right, so let's jump into any questions so far. >> No questions. Okay. Cool.

>> There is. Yeah. Um, it kind of confuses you because so I mean I had those shirts I showed to you, but I also have a bunch of Splunkerts that I spent a lot of time on and I'm kind of um on the fence about I spent a lot of time on the Splunkerts and a lot of energy and I don't use them anymore, right? So, was it worth it? I don't know. You know, I my I actually tried to apply for a Splunk job and they didn't accept me. I'm like, "Wait a minute. I got all your searchs. Why don't you So, yeah, I think so. There's definitely a a there's diminishing returns on, you know, uh to

new people, I say, you know, focus on the the general searchs, security plus, A+, network plus, Linux plus. I say focus on those. Yeah. question.

>> How are you success? >> Completing the boot camp. Yeah, completing the boot camp. I've never seen anybody who didn't complete who I never seen anybody who didn't complete a boot camp get a job. Yeah, actually one person, but this is out of like 100 plus people I talked to. Yeah, sir. typical length of time. >> So they give you about seven months and you could file extensions to about 10 months. Yeah. I would if off the record I would personally not pay for a boot camp. I would go have a company sponsor you for free and I go to like self-study stuff. Yeah. I I wouldn't pay 12 grand. Yeah. Don't That's why I didn't asked to not

record this. So, all right. So, tips to search and apply for jobs. Number one is networking. Networking, networking, networking. It's who you know, right? I've been in the industry. I've been in industry for 23 years. And there's tons of people who don't who I think I have more technical knowledge and they're like VPs, etc. Um, that's the the reason why is because they know somebody. Me personally, I've had a relationship with my boss. He kept me employed for 10 years. Three jobs, 10 years. And he kept me employed in good jobs. He was like six figure jobs, right? So that one relationship floated me for 10 years, right? So I'm very grateful. But that's like the

number one important thing. Dig into your family to dig into your friends. You might know like an uncle or your uncle's wife who's in tech or something. They'll hook you up, right? Or they'll try to get you in, right? So that's the most important thing. Meetups are also good. Um start networking in meetups. Be be involved. I know Bides is a great opportunity for you to uh volunteer. You get to know folks. Get to know hiring managers. LinkedIn group is important. Um and this one too, women in tech. I see a lot of women in tech groups um bubbling up, getting popular. And um that's a great place for women to network, right? Uh volunteering

internship. I was working with one student and uh he was complaining like, "Hey, I'm trying to get a job, but you know, no one really wants to hire me without experience." I said, "Okay, well, what do you do right now?" He's like, "I'm a barista at my church." Okay, well, let's see here. Why don't you go talk to your head of IT at the church and say, "Hey, I want to volunteer to do whatever techreated, right?" So, he went to his head of IT over there at his church. He's like, "Okay." And then the head of it is like, "Okay, every Wednesday, I want you to come in. and we're going to do a bunch of grunt

work, you know, rack stuff or cable things, image hard drives, etc. So, that's one way to get into it, too, right? So, that way you you get hands-on experience, you can actually put it on your resume. So, that's that's really important. Okay, this is a good one, too. Volunteer to be security champions. So, um a lot of companies have what they call PC's or security champions. Um, so say you're in finance or you say you're in HR or whatever desktop support, they have official unofficial programs that say, "Hey, I'm the PC for security. I'm going to be the the liaison or the champion that disseminates all the information in regards to like security awareness or

incidents in my department and I'm going to bring it back to cyber security." Right? That's a really good way to to get involved, right? Uh there's a bunch of other programs too. Um for veterans uh empower I I went last year to besides talk and there was a guy who graduated from empower free education to do job placement. Um Cyber Texas foundation that's a good one too. Free education job placement. Um back in the day I I had some uh we hired some there's a program for like lowinccome students from a junior college. We took them in as interns uh during the summer and then we showed them some stuff and some of them we we hired on. Right. So

there are some other BIPO it's a black indigenous people of color. That's another group that you could there's a lot of programs to help you get job placement and education. And Etsy is a good one. This is offered by Chase um emerging talent software engineers. Basically what they do, it's a program they hire you and they train you to do and their reasons are selfish because they want to train you to do to learn Chase software. Um, so they they'll teach they'll teach you how to code and they'll pay you and they pay you pretty good. It's like 70k 80k. I know the the programs up in Plano, but it's pretty pretty awesome deal if you can get into

it, right? Uh, practice mock interviews. It's always good to um I always to the me mentees I work with. I give them questions that I ask people that I interview um for people we're trying to hire. But um so yeah, practice mock mock interviews. Uh when you do get that interview, research the company because the interview is going to say, "What do you know about our company?" If you don't know what they do, but if you don't know what the company does, you're you're pretty much done. Also, research the interviewers. You're going to get a invite that says, "Hey, you're going to meet with so and so so and so so and so." look up the LinkedIn profile, put

it on private because you don't want them to take your stock in them. Kind of go through what they do um and kind of understand what what perspective they're going to come with that questions, right? And then uh take advantage of internal programs. I know every company has a a way where they want to build up their internal employees where they could kind of like move internally. I know a lot of people from IT support uh there's a program moving them into cyber security. uh other departments they have programs to move them into cyber security and other departments as well too. So leverage that. There's also other programs internally. I know Chase has one where you could be a you could

uh hire a mentor internally. There's like a list of people you could kind of follow and mentor and it's a program, right? All right. So realistic job expectations. You've if you have no experience in IT and you want to jump in cyber security, you have to get into tech first. IT tech support, desktop support, you have to get into that. Um very rarely will you just jump into a cyber security role, right? Um, so for people with a little bit of experience in IT or desktop support, the more realistic expectations you can get a cyber security job. Now, I work with a lot of people who are in another industry like nursing or transportation or whatnot and they're like, "Hey, how

can I move over to cyber security?" It's like, okay, well, let's transfer those skills that you know, the business acumen that you have in that industry translate into cyber security. That's the best way. If you're coming in from nursing, you're making 90K and you want to go into IT desk, IT desktop support, you're gonna take a huge like salary cut, right? So, you got to be a little bit more strategic in how you want to transfer in, right? Um, cool. All right, I'm going to jump into my kind of a personal career to kind of give you a road map. You know, I don't I'm not saying follow what I'm doing, but I'm trying to show you how I

progress in this career, right? Um, 2022, I made 40k a year technical support. basically a phone jockey answering phone calls eight hours a day, five days a week. Um, my next role was internal transfer to fraud analyst role. So, every time I moved a job, I acquired a skill and I raised my salary, right? Technical support, I did I learned PHP, my SQL and uh when I was a fraud analyst, I learned investigations and my SQL uh my next role. So back here when I was at um at this role I got PayPal bought us out and I got uh worked for PayPal for a year and I got laid off, right? So getting laid off is kind of powerful

course, right? You got to earn your stripes getting laid off at least twice, right? Good thing about getting laid off is that you know now the signs. You could read the writing on the wall. You could estimate if I get a hint that we're doing layoffs, I'm updating my resume. Hey, I'm reaching out to my network. I'm adding new skills. Right? So, it's also it's important to kind of read those signs, right? So, I moved in a conventional security analyst role and I was doing forensics there, but I parlayed my forensics. I parlayed my fraud investigations into the security analyst role. Now, back to my CISSP. How much time I got here? Two minutes. Back to my

CISSP. This is kind of the turning point for me and I was kind of a personal story. I at this job I was doing um security analyst and my main role was data leakage. So I caught an alert where someone was sending uh a spreadsheet from corporate email to a um to their personal email and the spreadsheet was um income salary salaries for the whole company. So the curiosity get the best of me. I'm looking through it like oh my gosh my peers are making double what I'm making and I was like what in the world? So that forced me to really study hard for the CISSB. Um, so when I got my CISSB, you see I

went from 70K to 100K. So that kind of was like my motivation to to pass the CISSP. So I got about a minute left. I'm going to roll through just what I do currently. I'm a senior staff inbound product manager. Um, previously I was an engineer. I was really hands-on. Now I'm like hands-on and more of like a liazison to a bunch of different companies and business businesses. Um, yeah, I think we're at time here. So, any questions, like 30 seconds for questions. Feel free to reach out to me, too, if you want to talk about certain things or career advice or whatnot. So, yeah, hopefully you got some value out of this. So, thank you very much.

Quick announcement. If you don't mind joining us to the main building for closing ceremonies, thank you so much for attending. Have a good day. Stay safe.