Cyber Security Careers: Security Specialties & Skills Development

to have you here and have a great series of speakers panels flying up for you today let us know how we did by providing feedback regarding the cso track to the following link let me put that in the chat please note that all audio and visual privileges are not enabled during the talk we ask that you use the chat to ask questions and we'll have time for that at the end of the presenter's talk and these will be addressed if time permits we will later take requests to speak with a speaker by using the raise hand feature our first speaker today is scott stanton scott who will share precious and hard-to-find career advice starting from landing your first job to

maturing your cybersecurity career scott brings both a wealth of technical experience by working as staff at scientific atlanta coca-cola and general electric and in leadership positions at cisco halyard health and owens and miners we deeply appreciate scott taking his time out of his busy schedule to share with his knowledge and experience today scott the floor is yours

thanks ray give me a moment here while i get my screen shared

all right good morning besides tampa pleased to be the first speaker of the day here um so bear with me uh this first time on this platform um but i'm excited to speak a little bit today about cyber secure tracks cyber security tracks uh careers um you know there's a lot of information out there there's a lot of different people sharing opinions about um how to get into cyber security uh how to you know grow your career things like that uh hopefully i'm gonna be a little bit different and and share that from a uh somebody who's been a cyber security leader for a while i've been a hiring manager so hopefully my perspective will be a

little bit different

so today we're going to cover a lot of information uh we have about 30 minutes to do that um and so we'll cover the various types of cyber security career tracks that are available in the cyber security industry we'll talk about how to enter the cyber security industry if you're not currently working in cyber security well we'll discuss uh degrees and certifications a little bit um we'll talk about how to progress your career what that actual career progression should look like in cyber security uh we will talk a little bit about improving your effectiveness so if you're already in cyber security uh how can you grow and improve and then lastly some continuing educational resources

a lot of information to cover in 30 minutes so here we go um i do want to to throw a shout out to um to other folks you know last i mentioned there's been a lot of talks in fact there are other talks in the careers track here um about this so you know what my observation on that though is is that many of them um are focused on offensive security penetration testing red teaming uh they talk about the certifications the technical resources and also marketing yourself um i do recommend leslie carhart she has a long-form blog on starting an infosec career you'll notice i've got a qr code on the screen hopefully you can

take a picture and scan that that's a link to her article i do have a couple of other qr codes embedded in this presentation so feel free to grab your camera and take a snapshot of those if you're interested without further ado we will jump in so uh there are a number of different security uh tracks that we're gonna discuss um i'm actually gonna approach approach this from a holistic uh cyber security industry perspective um and i'm gonna break it down into uh defenders that's people who are protecting an organization um assessors and also researchers so as i mentioned defenders you know their their job is to protect an organization's information assets or technology and there are several different career

tracks within the defenders that you can consider there's the area around organizational policies standard procedures documentation governance in other words how do we influence that that's a skill set all into itself there is a career track around design and implementation of security controls and capabilities so you know whether you're in engineering or architecture things like that there are tracks in in what's known as the traditional security operation so when when most people think of the security operation center you know the the big room with lots of screens uh people looking for security alerts and events and and figuring out when things get broken but this also includes elements where um you know inside an organization that

you're supporting your end users so for example um giving accounts and getting accounts created for people granting access for people in the identity and access management space granting access to shared folders we're helping users reset passwords all of that you know anytime you're helping a user or helping a customer that also is going to fall into the security operations area um cyber security wouldn't be complete without products and services uh it's a fairly shrunken picture that i'm sharing here but this is the uh cyber security landscape from momentum um and it shows you know all the different domains and all the different vendors uh qr code to the link and that's actually a 2019 map that they put out but it's an

interesting reference just to know how broad and how large that cyber security industry is uh we also have industry associations so there are lots of organizations out there that are hiring uh that are you know trying to evangelize cyber security um you know to to share information uh between practitioners between organizations uh so we have the information security uh analysis centers um for different industries various forums things like that and last but not least we have a certain insurance so cyber insurance is becoming a huge industry um and there are definitely careers in cyber insurance whether you're talking about actuarial risk assessment uh or other components of the cyber security insurance space we'll move on and talk a little bit

about assessors so what is it what are the assessors career tracks so first of all assessors are responsible for measuring and assessing an organization's posture compliance risks vulnerabilities or threats there's a lot of different ways we do that so first of all we have security assurance attestation so if you are a service provider you need someone to come in and document for your customers that you are in fact following some security processes you have that documented you do it things like that you also have penetration testing so these are the folks that come out and will figure out where your problems my network tell me where the issues are tell me how to fix my issues that is a huge space

there are lots of companies out there hiring for that there is a broader risk assessment area where you know you take into consideration not just the technical threats that are found through penetration testing but also looking at the impact that those risks those vulnerabilities have on the organization um and and i consider this to be a broader domain than just penetration testing because it looks at the business impact of the threats and the risks that are presented by other areas and this is critical to organizations because this is where they're going to spend their money they're going to spend their money on the things that are most impactful to the business so for example if a penetration tester

finds you know 100 critical vulnerabilities on a system but then it turns out that that system is on a lab that's isolated from the rest of the network well then that's not a critical risk that's going to be addressed by the business threat modeling is a i don't want to call it a niche it's been around for a while but it's definitely an underappreciated area of cyber security with regards to using threat modeling to map out where you should prioritize your security controls when you're building a brand new system or even when you're retrofitting an existing system threat modeling methodologies are beginning much better documented these days and and uh there are many more case studies on how

to do threat modeling when you're building a new technology platform but you can also use threat modeling in the context of an organization um so gaining that skill set around threat modeling is really going to be an up and coming area in my opinion um and last but not least we have compliance certification so there are lots of different uh cybersecurity regulations and laws and industry standards like pci hipaa high tech uh sarbanes-oxley uh things like that that organizations need to be able to comply with and they need to hire people who can come in and check for those requirements and make sure that organizations are meeting those requirements next up we'll talk about security

researchers so researchers you know are what they sound like but i'll define it as people whose primary job is to advance the state of cyber security these are folks that are discovering new vulnerabilities and exploits uh they could also be analyzing how vulnerabilities are exploited by threat actors and sharing that information um fun you know finding out uh or helping organizations protect themselves um so there are lots of companies out there that are doing research commercially so for example semantic there's also uh platforms by which you can join to where and companies will go like bug crowd to hire ad hoc researchers for bug bounties um and other mechanisms by which you can help an

organization find their find their issues of course there's lots of individuals as well that are gaining their their own um i don't want to call notoriety but fame uh by by finding lots of vulnerabilities out there uh and and finding you know brand new types of attacks um so one example normally if i'm in a room and i'm doing this i kind of give a uh have folks raise their hand and say do you know who this is but we can't do that so much in a virtual format um this is marcus hutchins uh so he's uh kind of famous or infamous uh for being the one who reverse engineered the wannacry malware or ransomware back in 2016 or so

and he found the kill switch to that ransomware and and basically saved the internet from the wannacry ransomware um we also have tavis ormindy as an example so tavis uh has been doing you know cyber security research uh for well over a decade maybe even two decades at this point uh found tons and tons of vulnerabilities in various products uh found brand new classes of attacks and he has since joined google project zero i believe he's still there um but you know fairly well very well renowned uh researcher um and no no list of cyber security researcher or investigative uh individuals wouldn't be complete without brian krebs i kind of qualify him into the researchers area not so much because

he's a technical researcher but he's a very good cyber underground and data breach reporter uh with some technical chops and friends in low places uh that helped him research the state of the art what are the threat actors doing uh what is the cyber underground and the dark web and you know the the criminal forums and what do they do so definitely a lot of opportunity in this space for folks like that so with that how the heck do we enter the cyber security industry um i want to point out but this section that i'm going to talk about uh is going to be focused on the defenders career track the first one that i mentioned earlier

uh number one that because that's what i do that's what i've been doing for the last 20 years but number two because that's where most of the jobs are roughly speaking at least five to one you're going to have defenders job positions more so than those other two domains that i mentioned um if the assessments and research tracks are of interest to you definitely think about uh the remaining presentation from that context it'll it'll certainly be applicable so with that said uh you can enter you can start a cyber security career from just about any background but technical careers those that i mentioned earlier will require a technical background you can get a degree in cyber security

those are definitely out there we'll talk a little bit more about that later but the traditional approach to entering the cyber security industry is first to get a job in technology and then pivot into security um one thing i stress and i can't stress enough is that security is not a career unto itself um security is an aspect of every other technology that's out there so for example if you are a software developer and you you can then learn what is software security you can also learn about malware and windows internals or linux internals other platform internals and and really focus on the security in those areas similarly if you're a network administrator you can learn all about network security

and vpns and firewalls and ips's and things like that if you're an application administrator you know for example like an active directory then you can pivot into identity and access if you do desktop support then you can there are several event vectors from desktops or whether it's endpoint security uh active directory you know users and and group management or even digital forensics if you're dealing with a lot of uh incidents on that space so how do you how exactly do you pivot so let's just dive into that a little bit deeper number one is as i mentioned before learn the technology and then learn what security is for that technology this is a lot of reading the manual in

many cases so if you if you're not adverse to reading you're going to learn a ton by reading the manual um but critically focus on learning the security features policy options what is default versus what is secure for that system um and if the the vendor or or the organ the the platform has any recommended security settings and really just learn that up and down um ultimately too you've got to take into consideration uh past or known vulnerabilities in the technology uh so if you google you know vulnerabilities in you know windows or whatever um then you'll you'll find of course lots of stuff but you'll you'll see trends as well right so for example let's say wordpress

uh for for website hosting uh it has had tons of vulnerabilities over the years it's gotten better um but then you start to look at the plugins and other components then you can really see where the trends are work you know what are the risks related and where you can focus learning about security for that area with that you can kind of learn how to hack the technology so you look at that a little bit deeper if you again kind of read the manual read to read the details um you know what you can then learn how to break uh or hack what is a default configuration or a not so secure configuration and then of course you learn how to protect

again that you've figured out um there are a lot of free resources out there that will help you with some of these areas uh depending on the domain you're interested in so sans center for internet security open web application security project and then a couple of other sites like ad security if you're interested in active directory lots of opportunity in that space uh swift on security has decent security.com a fantastic resource over there um and if you're already in it or in an organization with it seek out project opportunities so even if you're not in it um you know but but you're in some kind of a functional area and you use your computer every day for your job

seek out project opportunities where you can get involved get involved with it get involved with the security team in your organization or just take the initiative if you don't have a security organization um you know for example let's say you're doing desktop support and you don't have a dedicated security team or person then learn all about group policy learn all about you know endpoint protections and logging and auditing and finding out you know where the issues are in your environment things like that one question i get a lot is well i'm super interested in cyber security because it's a growing area but i'm not super technical what do i do now well the bottom line is

you still do need to learn security fundamentals and concepts but there are a ton of jobs out there if you're not technical so as long as you can understand you know what does it take to protect the organization scott i'm sorry we lost your sponsor yeah hello well let's see okay one second while i bring that back sure okay got it back hopefully say yes no maybe yes it's back thank you okay great okay so what if i'm not technical i still need to learn security fundamentals and concepts um you know but but there's plenty of opportunities in project management and program management so when security teams are running projects building new things they need project managers

that can speak security program management is what i'll define as the functional ownership of security and so let's say you're responsible for vulnerability management as a program you're remember you can be responsible for identity and access management as a program you don't need to know the ins and outs of all the technology but you do need to understand what it is um that your you know your your team is doing um there's plenty of opportunities in compliance or audit uh where you're you know kind of kind of like you know doing doing the checklists do you know asking the questions talking to people it's much more of a people interactive job uh you have governance and policy that i

talked about earlier for people who are good at writing um similarly awareness uh training and technical writing plenty of areas there um again on the cyber insurance side but also when it comes to risk assessment risk quantification is a really um niche area that uh that there's a lot of value in so if you can truly quantify percentages of likelihood percent you know risks of loss things like that also legal regulatory and privacy plenty of opportunity in there because truly that's what's critical to most organizations and last but not least sales and marketing um all right so i'll talk for for a moment about uh degrees and certifications um you know so are why are college degrees

worthwhile why are they required um so bachelor's degrees are generally required by hr in most organizations for professional jobs um they don't qualify for you for the job in most cases but they prove to the company that you can commit to a long-term goal and achieve it because of low cyber security unemployment some companies are relaxing this especially for senior or hard to fill positions but you are going to see that out there cyber security degrees are all unique it was interesting some are glorified metasploit and vulnerability scanning certifications but others are much deeper so it depends entirely on the institution so if you're considering a cyber security degree really look at the curriculum and really

look at what you're going to take away before you you dive into that and i'll mention too that cyber security degrees are often not a substitute for a fuse of technical hands-on sysadmin or developer experience um so within the security industry there are a wide range of opinions about certifications while many of them prove that you can just take a test those with a practical component are are universally highly regarded um you know many companies that aren't well qualified to screen security candidates uh who want to demonstrate their that their employees have certification to customers uh will make the certifications a requirement um but others will just see it as an endorsement uh to their to your

qualifications if you're applying and you have these these these certifications so just be aware that you know some people frown upon the cissp for example but uh others you know won't hire you with you without it um so let's talk a little bit about what career progression should look like in in cyber security um and one of the the the way i'm going to describe this is relative to the depth and the width of your expertise the depth being how well you know that particular thing and the width being how many things do you know so we'll jump into what i'll kind of refer to as the operator or the level one role so this is

this is from the depth and with perspective this is a narrow and shallow amount of experience so this is a technical support goal you know kind of limited to the organization provides you with documentation scripts to follow little to no creative flexibility in this role this is going to be an entry level role um you know once you get a little bit more more knowledge uh for level two operations lead this is gonna be a little bit wider but still shallow uh but so you're gonna to be at the escalation point for what the level staff level one staff can't resolve um you know the next step from that of course is a system administrator so you're going to

get a little deeper but you're still going to be now so you're going to be very knowledgeable about technical configuration maintenance troubleshooting of specific products the focus of usually in this role is on stable operations rather than building new things so in other words you're given a running system keep it running so when you start to get into a bit more advanced careers you're going to start to see system engineers so these are folks with a expert level knowledge of specific products uh this is a narrow and deep level of expertise you also have your the program manager that i referred to a little bit earlier where this is more of a functional responsibility uh for delivering security services or

capabilities this is going to be a wider but less deep level of experience uh system architects so these are these are folks that are wide and deep uh because they're gonna really start to understand or have have good knowledge of um how multiple technologies multiple systems uh integrate to each other to provide a holistic security capability um or what i refer to as an end-to-end policy implementation and then lastly um maybe the the not the unicorns but the super rare uh in the industry are the principal engineers types where you truly have industry leading knowledge uh or expertise in a particular domain so let's talk a little bit about how to improve your effectiveness um this

section is going to go fairly quickly so number one um i recommend you learning threat modeling learning about how what threat actors are going to try to achieve from an outcome perspective figure out how they're going to do it and figure out how you can mitigate those risks you can look at it from the different types of threats that are out there those are the opportunistic threats the folks that are just scanning the internet for issues looking at it from an organized crime perspective or insider threat nation states not so much you can do about them but but also competitors so consider those uh five different threat actors when you're doing your threat modeling next up remember that security

is the art of risk management cyber security is not a technical domain it is a risk management domain and ultimately what you're trying to do is figure out what is the risk or the likelihood that something bad is going to happen to your organization and figure out hey do i just accept the risk of this happening do i try to address it mitigate it reduce it do i use cyber insurance to transfer the financial impact of this risk or do we not do it at all the end-to-end view is what i refer to or what i kind of call the looking at the holistic issue of the problem that you're trying to solve look at it beyond

just a tool or a technical issue so what is the problem you're trying to solve how can you prevent it from happening again how can you be sure and and how can you help others so the example i have here is how would you respond to a malware infection you know there's lots of different ways depending on you know your level of expertise do you just wipe it and move on do you do some analysis do you submit it to the vendor i mean there's no right answer here but but again look at it from the holistic perspective the other thing i'll mention um is that um sharing your vision if you have an idea

of of how something should be um or or realize you have opportunities in your organization make sure that you have a vision and you articulate it so uh you know learn you know good ways of communicating uh whether it's visio powerpoint word um share with your your peers uh your leadership don't assume that constraints you find are always by design a lot of times the person that came before you didn't realize there was a better way to do it and they just you know built a constraint in the process and that's just the way it's always been and of course as i mentioned speak up when you see opportunity next up it's critical in cyber security

to think like an adversary critically speaking why will this work why will this not work and how would an adversary respond so anytime you've got a system a control that you're defending with um think about it like well you know what what could break my control and what would i what would i do if i was an adversary and i was trying to get around this roadblock how would i do that um another another thing i i would focus on um is how you how do you actually uh analyze your environment your your the problems that you run into uh on a day-to-day basis and i'm gonna describe this um as a progression of how you should

think about things so first of all you know if you're just kind of learning something getting into the the current environment learning learning what you have you're going to ask yourself well how is it done today you know what how do we do antibiotics how do we do firewalls how do we do identity inaction management how do we do incident response how do we do penetration testing whatever it might be ask yourself the question what are we functionally trying to achieve what is the goal what is the outcome not just the technical outcome but the business objective what's the question we're trying to answer um look at you know ask yourself what are the gaps based on your knowledge of

cyber security what are the gaps in the current approach and this might involve rethinking about what the factors are to consider in the current approach um so again what are the options available to you what are the things you're trying to achieve um which leads you to then how should it be done versus how it is done today and this is really how you can create that vision that i was referring to earlier and start to articulate that share that uh gain you know more visibility for yourself and so on okay coming up towards the end here um lastly so we'll talk a little bit about continuing education opportunities so number one um definitely recommend

that you advance your threat models and a good example of advancing your threat models is is going to technical events where you learn you know what are the threat researchers doing these days what are the new types of hacks what are the new attacks what are the new techniques learning more about things like business email compromise and phishing and you know what's different today than three or five years ago learn what is state of the art so you know what state of the art is today isn't what it was three or five years ago um if you are you know somebody who uses a lot of technical tools regularly improve that toolbox right keep it keep it up to date you can't be

using the same tools that you know in 2021 as you were in 2015 if you've been in this industry for a while um of course you know keep up with industry news um and learn those new threat mitigations so how are you going to do these things so number one i love security social media um twitter is you know to me i've been on twitter for for not quite a decade now but quite a while i have a whopping 200 or so followers but you know on a daily basis i get more information from twitter than i do from every other source of information combined um of course there are also podcasts slack and discord channels linkedin

groups plenty of opportunities out there for cyber security social media uh one thing i will caution you on if you are not in cyber security social media um beware of the echo chamber that is to say you're following a few people who all have the same same opinions or who bounce their opinions off each other and it it seems to be that everybody that you follow has the same opinion about something that is the echo chamber avoid the echo chamber look for diverse opinions consider diverse opinions well um so it doesn't mean they have to be right but consider them and and uh just look for other opinions other than what you hear in the echo

chamber um you know definitely i definitely recommend attending vendor events and conferences um but be careful you know take their promises and vision with a grain of salt of course they're trying to sell you something but it is a great way to learn uh what's out there from the industry perspective uh attend vendor sponsored learning and networking events uh attends industry in the community events and conferences like this one uh besides tampa or other b-side center out there issa awash chapter meetings local defcon groups things like that and last but not least paid conferences and paid technical trainings that concludes my speech talk today this is a qr code to my deck on slideshare if you are interested and with that

i will turn it over for a q a scott thank you for your sage advice i know uh some people say this is where do i start it just it's overwhelming i don't know which field to get into i don't know what opportunities exist i've never been exposed to it so your information is greatly appreciated i know i get asked that question and having access to your slide deck thank you so and that was one of the questions that came up in q a will the slides be available so yes scott thank you for sharing those another question is are these sessions recorded yes they're recorded and they'll be available so now we get down to the real questions

that people want to know about scott how did you get started in cyber security well it's uh so i got a degree in computer science uh over 20 years ago um and um they go i've been using computers probably since i was in high school uh so i've always loved being a computer person i took my first computer apart about uh 10 hours after i bought it so i've been i've always been a tinkerer um you know so i started out you know i i was able to i learned programming in high school i took some you know basic programming script you know courses um got my degree inside in computer science so i was programmer by trade

but then i realized i hated programming um and so um i had the opportunity while i was in college to help administer the uh the local the the computer science department uh lab um and yeah at this at that time linux was coming out i'm dating myself here but this is late 90s linux came out you know so i was learning linux on my own at home um so i learned my way around unix and linux this is solaris and sonos back in the day but that that helps me pivot into becoming a unix system administrator so i became a system administrator in the hp uf solaris space for a few years then the dot-com boom happened in the

late 90s i had i was working for an isp out of college in my hometown i was doing i started out doing tech support there that was my first paid job um sorry this this is prior to system administrator so i'm rewinding um so my first paid job was doing tech support for an isp but that's where i learned networking again kind of right in the dot com boom so fast forward a little bit i was able to parlay my networking background from the isp with my linux knowledge and system administrator space and then an opportunity opened up um to be the firewall admin for a general electric where i was working so um i kind of that's where i really

pivoted uh we did not only firewalls but we did our very first vulnerability scanning on the network there and the rest is history so you know again i kind of parlayed my development background to learn about web app security um and and so my personal career has spanned everything from network security uh you know windows linux storage security uh applications you know secure application development penetration testing incident response um and you know it just as the years have gone by the opportunities to slightly move into a slightly different adjacency came up and and i've and i've sought out recommend having a breadth of knowledge in some of these fields so when you go to the respective teams whether it's the

network firewall web team or development team you can speak your language and translate security requirements better to them um it definitely helps right so so most of the time um security practitioners are are siloed right because they know like for example let's say you're a network engineer network administrator and you pivot into security so you're going to understand firewalls you're going to stand packets you're going to understand network ipss and and things like that and if you're in that space then and say you want to get into um windows security in active directory or something like that it's going to be a big pivot so you're going to have to learn you know you know how do windows servers

work how does active directory work and things like that so you're gonna have to learn those things um then to be able to speak about active directory security policy and things like that but you know microsoft as an example has tremendous documentation out there about how to secure active directory so a lot of it is just getting out there and reading the resources that are available to you and and ultimately if it's an area that's of interest to you i definitely recommend broadening your expertise you know so truly you know in cyber security you can be as focused or as niche as you want to be or as broad as you want to be it's all about what

interests you and uh and if it if it's something most requested question is what are your thoughts on the sans masters program um to be to be fair i have not looked into that one so um it i i've heard a little bit about it but i can't speak uh

none of my staff have uh have that qualification thank you we'll go back to the this more typical questions of what is the easiest way to get into cyber security how do i get a start in it

um i think the the easiest way is to start with an entry level i t position right maybe help desk or desktop support you know for the break fix uh type uh world where where you you come in with some basic computer knowledge you know how to use a computer how to log in uh then you learn the troubleshooting so i i really think that like a desktop support role is the best way uh to learn security because you're you're in there helping people for example let's say you're you're in you you get a you know a little bit about computers you probably you parlay that into a desktop support role like a junior desktop support role so you go and you

help people with their computers you're going to see virus infections you're going to see issues where oh i can't access this folder you know or you know or i get this error when i access this application and that's going to expand your knowledge of well how does folder security work or how does antivirus software work or how do you clean up a virus infection and and this is your you know you dipping your toe into the world of security so if you really pursue that and and don't just for example don't just follow the process but learn the process learn why it you know the the just scanning clean is not good enough on on antivirus

you know for that really nasty malware infection why do you have to re-image it um and why is it so hard to claim once you start to learn those parts of security you can really then pivot into for example from desktop support to endpoint forensics all right to run a parallel question with that if i start as tech support in a company will i be able to progress into a security role

not directly but it will prepare you to understand um you know to pivot you most of the time i see um people go from help desk to system administrator so for example um you know you can go from help desk to either desktop support you can go from help desk to windows server administrator you can go from help desk to identity and access provisioning right where you're helping people get access to resources and and that's sort of a stepping stone so you're not going to go from help desk to threat hunter because that's you're not going to have the basis for threat hunting but but you can take those stepping stones to further your i.t career

and again it all goes back to learn the technology first and then learn what security is for that technology and that's how you pivot so you go from from help desk where you start to learn what you know the security issues are that uh people are running into then on your own you kind of learn you know research that a little bit further and then demonstrate your your readiness to move on to that that sounds like some great advice learn the technology then pivot so we're going to shift the career focus a little bit and the question is you mentioned some frown on a cissp versus other certs let me just obtain both a bachelor's in infosec and sys admin and

a master's in cyber security what search would you recommend i'm having difficulty finding a start right um so it you know again certifications um are you know to to a hiring manager certifications are an indicator that you have a basic level of knowledge um you know and and i'm not going to frown on the city personally and you know i've held the cisp for over 20 years um and so you know cissp is something that demonstrates that you can you know you you in fact understand the concepts of cyber security um you know and and master's degrees and and professional schooling um you know again really as i mentioned before it depends on the institution as to what it is you're

going to learn i would ask you you know if you've gone through all of this do you feel like you have a strong understanding of the technologies that you want to secure or apply security to in your career so for example if you want to be network security do you have a strong understanding of networking if you want to go into incident response do you have a strong understanding of malware how it affects the systems things like that that's truly what's going to make you hireable that you such that you can demonstrate that to a hiring manager into an interview panel you really have to be able to demonstrate that you understand the underlying technologies relative to the

role that you're applying for and that you understand what security is in that area so ultimately certifications are just a small piece of that puzzle like you know as i mentioned before many certifications where you just take a quiz it just proves that you can take a test so you know while it may be a paper requirement it may not be enough in other words so it's truly when you when you get that opportunity for the phone screen when you get that opportunity for the interview uh make sure that you have that strong knowledge of the area relative you know the technology area and and also the processes i i can't overlook the processes because security is people processing

technology you're the people part and then the process and technology is what your your knowledge is bringing to the table well word it thank you i think we can squeeze in one more question and that is any advice on how to get security clearance for defense contractor jobs

i have no advice i do not hold a security scott once again thank you for besides it was a pleasure to have you speak and very informative i hope you enjoy the rest of the day and the rest of our participants please if you have any suggestions on how we can improve this use the link below to provide them to us and thank you for attending and enjoy the rest of the presentations okay thanks for attending folks appreciate it thanks for having me