You're Looking For A Job! Great! Now what?

Hi everyone. Um, I'm Sammy and I'm Bill and we are here to give you hopefully what is a very informative but awesome talk about you're looking for that job. Great. Now what?

So one of the things is we're starting to look at all the different skills and we'll also look at some of the how do you traverse the maze of cyber security? what is actually cyber security. So let's start there at the top. Um a lot of colleges, universities, uh certificate programs start and saying we have a course in cyber security. Well, what does that mean? Um over the years uh cyber security has really diversified into a large set of other uh topics and subdomains. It's a lot more like medicine now or law with 30 40 subdomains that make up cyber security. So, so I'm gonna jump in um with a little story. So, I had a kind of

unconventional start into cyber security as you guys can tell by my bio. Um I previously have a background in healthcare and when I initially started um and and decided to get my feet wet with cyber I went through a boot camp and then after that I was like huh this is all great but now how do I find a job right there's so many different domains there's so many different ways that I could go and at that point I didn't really have much guidance because I'm not I wasn't I hadn't traversed a path and found something that I had liked. And so I thought that something like this um you know it helps to have a lot

of mentorship and and just have some basic idea where are those pathways I can take? What are they? Where can I branch into in terms of the realm of cyber. So we are going to go on a little archaeological hunt and start the crusade for the cyber job. So with all the different subdomains, this is a just a short list. I apologize for this cough. It's allergy season for me. Um whether it's forensics and even over the time um of the past 1015 years, what is forensics has actually changed a bit. It used to be grab a disc and image it and do stuff for typically a criminal investigation or something like that. But now with

everything in the cloud, it's like well where's the memory? Where's the system? Where's the disk? Um so what is forensics? And especially for businesses, the application of those techniques is now a little bit different. And there's application security and there's incident response different from ITIL response. We can talk about that offline. uh for cyber and threat intelligence, database security, data security, regulatory, pentesting, red teaming, which seems to be the the big thing over the past 5 to 10 years is everybody wants to be a pentester. And what's that really mean? Because a lot of these different areas also can imply a change in lifestyle or what you choose to do. So, for example, in incident response, which is one of my

primary realms, that's a lot like being a firefighter. when the rail light goes off, you have to go drop whatever you're doing and go respond. Whether it's 2 am in the morning, what have you. Um there's lots of challenges and lots of that to the lifestyle, but there's also lots of rewards that, you know, you get to know a little bit about everything and solve stuff. So each of these areas, you know, if you're looking for more of a traditional, you know, 9 to5, 8 to 5 job, maybe governance and risk and compliance, which is more of the the paperwork and tracking and regulatory side. Um if you want to do technical you know networking and platforms but

depending on what you do could actually have just like in medicine different things you choose or in law may choose things you want to do in lifestyle. If you love being awake from you know 8:00 p.m. to 6 a.m. in the morning be a pentester or a red teamer things like that. So,

and we're not kidding when we say that there is a lot of sub fields and fields to navigate when it comes to cyber. Um this is just a general almost web diagram kind of of the different branches that you can take and how choosing that one major branch for example like governance risk and compliance on the right side then leads to more pathways and more subbranches there's so many domains so you have to make sure you know even within those domains what are the folky where is it that I plan on seeing myself or potentially becoming a subject matter expert in um if there's different OSS involved. Some places are Windows shops, some places are Linux shops, some places

are, you know, completely out of that realm and and uh more involved with um ICSOT and other cyber realms. So, you have to make sure that you keep learning, use online resources to the best of your abilities to try and find out where do you see yourself. At the end of the day, when you're looking for a job, you want to be somewhere where you're happy, where you have that continued growth, that passion for knowledge that keeps happening. Um, now this can be basically um approached in multiple ways either through internships volunteering societies um just online nowadays like LinkedIn, YouTube, there's so many resources out there, white papers, attending conferences. Um so just a huge realm to

explore. Yeah. One thing I'd also recommend is do find a mentor to follow up with what Sammy is saying. Um and also there's with all those different areas do you know if you want to sample some of those figure out where you want to be or you want a certain career that touches most of them. U but one thing also do learn to count and I'm very specific about that that um there are people coming out of schools right now can you count in binary? What is octal? You know you'll see that even in like Linux file system permissions. Hey, it's got 755 permissions. What does that mean? That's actually read, write, execute in octal

by setting the bits and you know, somebody says that you need to be able to understand what that means. Or reading uh a packet capture and you're seeing the ones and zeros or base 16 or somebody you got to decode something, it's in base 64. Now what? So learning all the different numbering systems for that area. But some areas you may not need to know that like GRC but if you're going to be you know playing with the ones and zeros you'll have to learn multiple numbering systems or application security playing with memory zero is an address so same thing if you know somebody's counting start with zero that's a legitimate place sorry so um and for some of the beginners uh

who are just completely lost in this talk we kind of have this little overview what is cyber security? Because I know there's a lot of career changers like me. Um, four years ago it sounded cool, right? Kind of like, oh, cyber security, you know, all the Hollywood movies are running with it these days. Oh, let's have this cyber attack on some big, you know, industrial structure or infrastructure service. Um, but there was a time where I didn't fully understand what it was and you know, here I am. So it is the practice of protecting systems, networks and programs from any kind of digital attack. Um and and kind of going back this is why it's even more important to

choose that right branch because we are so digitally connected these days. In my head, if you think of like geopolit political climate and you know the way that uh people respond to each other, a lot of that is done more in that digital realm, in a technological realm than it is in a real life in-person realm at this point, like face to face. So, it's very important to make sure that when you're choosing these branches, you're aligning your personal interests, the skills you can bring, and that includes knowledge and educational skills as well as any soft skills you may have with any specific cyber branch because that's going to make sure that you ensure that you have a much more

successful career and you're going to be happier in the long run. Yeah. And likewise, again, if you're not sure, you know, maybe sample a couple what's under GRC, risk management. I like playing with the ones and zeros, but risk management is pretty interesting. Uh but also likewise do find a mentor because some of them you know again I'll go back to incident response like par firefighters or paramedics you realize hey you're now working third shift second shift you've got to work a a 12 to 16 hour day uh because something's on fire and you're hemorrhaging data you know or something like that. What do you do? Or it's regulated data or it might be medical or

personal information financial data. And if something like that happens, it's like you got to work and you work until it's contained. So other areas in cyber security not like that. So do understand that different choices could have different even lifestyle impacts. So and we're going to do a little bit of deep dive into some of those different branches and where you may potentially see yourself going in your careers. Um, one major branch in cyber security is network security. So this is going to be anything related with your network network infrastructure from unauthorized access any misuse any theft and by network it's basically the transmission of data over a network right everything today is done through addressing and

networking so all the transmissions is happening through some network related protocol um network security focuses on the aspects that go under that so it can include um you know firewall management IPS IDF uh uh, basically, uh, your intrusion protection and intrusion detection services, your W, your your web application firewalls, making sure applications are protected against it. Um, so that's going to be um, a huge chunk of of of a cyber security realm. Another one is basically application security leading into the WFT that goes along with network security. um basically that software applications are secure. What is externally facing or what is being used by customers from a business viewpoint this is also very important because a lot of applications

are going to be the revenue generating. So application security is a huge forefront on one of the the layers um that need to be protected in the cyber realm. Uh then information security so any kind of information or data access from unauthorized access disclosure alteration or destruction. Um operational security so any kind of day-to-day operations or processes that can exist within an organization. Um endpoint security so your user devices your end devices what people use on a daily basis for conducting business. Um, cloud security. Cloud is huge. Cloud security and on-prem security are not the same. Cloud is basically using somebody else's computer, right? So, you have to make sure that you are securing that environment and the services. And

although there is a basic layer of security that these cloud providers do provide, it's for their own environment. It's not for you. So you have to make sure cloud security is a huge component if there's an organization operating in the cloud. Um then identity and access management. Who has access to what, why, how, and how is that tracked. So huge component of security. Um then like Bill said, um Bill and I kind of live in this realm of incident response and forensics. Um responding if something does happen. Most of cyber it's not a question of is it going to happen. It's more a question of when is it going to happen. So, you have to be ready to

respond and act and investigate those breaches. Make sure you're collecting forensics, collecting evidence needed for other groups. Um, and then the huge um kind of I don't know um unicorn or thing that everybody wants to kind of be in, you know, because it it is cool, but uh penetration testing and ethical hacking. So basically you are a either a white hat, black hat or gray hat hacker. Um you you work in that realm. You work on breaching the systems and then um kind of from an offensive side then uh work with other teams to to show them what's wrong with their environment. Um so just kind of a a a large rough overview of the branches. We're going to

get a little bit deeper as we go on and Bill's going to take it from there. Okay. Also with underneath each of these top areas, there's much more underneath them. So like with network security, you know, we talked about it's the network infrastructure. Well, what's your edge? And that used to be the thing. Then Wi-Fi was added and then your edge sort of went away. Um and also satellite communications, mobile devices, uh Bluetooth and different types of communications. All of that's going to be included. Uh and different things you can look at whether it's um you know network engineering, how do I build and operate the environment? uh ad the administrator, how do I set up routing

paths and what happens if if one route goes down, how do I bring up another one or do I have multiple paths and lots of different things involved in network uh security uh towards that. But most of network security is also aimed at where you have the network engineering and and administration for the regular operations. The network security is like an overlay. So if or when something goes wrong, uh Sim mentioned like web application firewall. So if you haven't seen it, the OSI model, it's not the way the internet really is, but it's a good conceptual model. At the top is the application layer. So you can think of what's the acronym. Please do not throw

sausage pizza around. So physical layer, data link layer, network layer, transport, etc. on up, but and the the TCP IP stack doesn't really map to that, but it's a good idea at the top layer uh for applications, web application firewall. So, you're looking for, and I'm going to throw a lot of stuff out there. If you don't know it, that's okay. But things that come in, types of attacks, SQL injection, command injection, buffer overflows, looking in in your logs for shell coding, are those kinds of things, attacks you'll see in some of the network security logs, or looking at volume. Do you see lots of volume of network traffic going outbound? Is that data xfill or is that

a backup supposed to happen that you're backing up to a service out there? And you'll also see some of that with cloud services where everyone's pretty familiar with Azure and um AWS and Google Cloud and some others. But you also have application cloud services. You could have be having HR systems or Snowflake or some databases uh finance systems, credit card systems that hey we don't have that ourselves, we'll just outsource it and you're now using a cloud service. So same thing they may provide everything you just do uh do the data write the data read the data u but still there's a little bit of responsibility because it's their systems but it's your data and you're

responsible for your data so how do you make sure they're really securing your data when they have custody of it um application layer uh for that I talked a little bit about W but when you're writing code so secure code uh whether it's writing stuff in Python or Go or old school well I won't say old school because that's um C language and C++ and things like that. If you're doing OS programming, writing in Linux, understanding how code works and buffer overflows, they're still a thing. Uh one of the seinal papers on buffer overflows goes back to 1996, 1993. It's called uh smashing the stack for fun and profit. Go Google it. It's a great paper. What's a buffer

overflow? How do you do it? um and what is the impact of that and what a lot of things from shell coding and current tactics to attack applications come from that paper. So that's a great thing to look at and get an idea of what where did application security start and how do you protect it? And then same thing in terms of not just buffer overflows where you're trying to write more data into a login prompts is you know what's your user account and what's your password and you type in a thousand characters. Is it going to be able to handle that? What's it do? Um and it's usually the unexpected conditions that the programmers when they wrote it

didn't understand. Uh other place you can go for more information on that OASP o open web application security projects and it's actually a lot of different sub projects underneath it. How do you do uh cloud securely database security logging the top 18 or top 20 vulnerabilities when people write code? They tend to miss these things. Um go check out OAS and there are chapters across the country. um and lots of stuff. And they'll also have some uh I think they've got some like capture the flag or examples, hackme bank or some other things you can Google to get a bit better understanding of application security. Um, information security is talking about the data. And this is

where you could have regulatory information, health care. So, you'll hear things like HIPPA, high-tech, uh, PII, personally identifiable information, or over across the pond in Europe, uh, GDPR, the general directive for privacy and regulations. Uh, how do you protect sensitive information? And it may vary even here in our country by state by state. Privacy laws vary. And for example, in ED in over in the European Union, an email address is considered personally identifiable information. And if you disclose it without their approval, oops, um, which is hard to do these days. So there's a lot of what regulations were written by legislators and what we have to do makes our life can be difficult sometimes. And then operational security again the

day-to-day operation um of Windows Linux u procedures uh policies and how do we demonstrate that because you're going to get checked on it. Hey you say you're backing at my data show me and show me that you're doing it safely. Um also other things depending on your business there are other sub areas underneath this and other areas like underneath operations you may hear something called OT or IoT or ICS operational technology internet of things industrial control systems or at the big end SCADA which is supervisory control I can't remember the rest but uh you're controlling an electrical grid you work for an electrical company or a pipeline company or you are running. You know, every

building you may have video cameras and door locks with badging. Well, those are generate logs or they attacked or temperature sensors, um, thermostats in buildings and air conditioning systems. Or what happens if you're in a meat packing plant and somebody breaks in and changes your your temperature sensors to be 80 degrees. You just lost probably a good bit of your business. So, how do you protect all of those devices uh to make sure that they're okay and what's going on? So, lots and lots of different things in these career paths to consider. So, again, talk to people and find mentors who do all this or have done this to help you. What does this mean and what's this really like

Tammy? All right. So, uh continuing on some more branches in depth. Um again endpoint security individual devices and this can be anywhere with um endpoint devices that users use within an organization to mobile devices that they bring in. I mean, how many of us are mobile, you know, connected these days, right? Pretty much everybody, one if not two phones, an iPad, I mean, Bluetooth devices, so much happening. So, um, device management is a huge deal, um, malware protection, you know, just just having some kind of antivirus in place, some kind of scanning capability in place. Um, so some of the career paths that that you can take is in specialist and endpoint security or even just

starting out, especially if you're a beginner. Um, desktop support or IT support is a great starting career. um and just gets you into that realm of how do things work on that enduser basis and that endpoint basis and how you basically just stepwise progress your way into um you know some other path within what interests you. Um cloud security again a very very huge realm because everybody wants to be in the cloud these days. There's so many you know software as a service, platform as a service, infrastructure, just a lot of things just hosted in the cloud and each of those comes with a different realm of responsibilities in terms of how much is provided by the cloud provider or

company or application and how much is your responsibility to protect especially when it comes to data. Um so the architecture of the cloud security environment is very important compliance around cloud making sure everything is in line with the business um and with with kind of getting across um how the platform is going to be used within uh the realm. So just multiple career paths in that realm. Um now I would say like with for beginners um it's something like being in cloud security is something to essentially work up to. So, um, you know, if if you feel like you want to be in the cloud space one day, kind of start with the more beginner,

uh, realm of being in a in a security analyst or, um, just kind of an entry security position and then work your way into the cloud. Um, because it's good to have a foundational knowledge and understanding of how the whole on-prem architecture works before you shift into that cloud-based thinking. Um then again identity and access management basically role-based access control, lease privilege, all of those basic cyber security principles that you know people keep hearing and talking about. Um that's where that comes into play. How do you make sure that access is granted and how do you make sure that access is basically revoked when say a person leaves the organization? um just having the stop gaps in place around that,

making sure everybody is able to do their job seamlessly and making sure that they're able to do it with security in mind. So, the least level of access possible to be able to get their job done with the most efficiency, right? That's what lease privilege is. Um, and and and just having having the tools, any kind of directory services, if it's a Microsoft shop, if they're on an AD forest, just making sure all of that is acts uh is like the provisioning of accounts, deprovisioning of accounts, making sure all of those steps are in place. That's basically um a lot of what it entails. Um and and if say that it's a multinational and you need to make

sure that things are segmented, how are they going to segment the AD but still have it be connected to the forest and and make sure that all of those transitions are seamless? Um is there a backup plan in place if uh a server goes down and people can't get in one day? Is there some backup plan in place so that business doesn't have to stop? So I am kind of, you know, the the thing that I like to think about in cyber is even if you're in one realm, you kind of have to be a jack of all trades. You still need to know because everything is interconnected in some way. And if there's one portion of it that stops, it

still creates a bottleneck for other things to function properly. Um so am and access management is kind of a very very um robust and and and I guess very is an intersectionality because you work very closely with other IT teams, other organizations. Anybody that needs to be connected is going to need I am and access. So um kind of a very high visible role. Uh then incident response and forensics. Now this is your kind of breadandbut defensive role. um you are a blue teamer uh you respond to any kind of security incident. Now you know I I'm very cautious about saying this word because not everything is an incident but when you're in IT you know things

almost everything is an incident management. Um but the thing with security incidents you know if there is a breach if you detect malware if you um you know somebody clicks on a link and you have to reset passwords what do you do how quick do you respond? So that's your people who are just monitoring everything that's going on. Um, I mean there there are tools to help monitor, but they're monitoring everything's that going on and they're investigating things and making sure that the environment is as safe as they can possibly make it and kind of being that front line um to to just detect and respond to events that happen. Um, now this can this in

itself a talk about career options in in incident response, right? You could just be an incident responder. You can specialize into forensics. You can specialize into um like cloud-based incident response. You can specialize into just detection engineering for incident response. There's so many different realms just within that. But um you know, it's it's kind of your front line. So if you want to be working in that front line and having that, that's that's where you set your your path towards. Um and then again the the little unicorn career that everybody wants. Um penetration testing and ethical hacking, you know. Uh so it basically you simulate the attack, you find vulnerabilities. Um hopefully you don't go to the dark

side, but the idea is that you are finding the gaps. you are attacking um infrastructures and organizations and helping them and working alongside them to say hey here's where your gaps are this is where I could get in and here's what you can you know you you work alongside people so that those gaps are found and patched essentially so and this also includes like finding vulnerabilities doing vulnerability research um if people have heard the day zero days um just kind of you know that's when there's a vulnerability hasn't quite been breached yet but it's found that there is a vulnerability and it exists. It hasn't been exploited. Um but you know a a hacker or a tester

might work on trying to exploit it or trying to um you know how do I breach this vulnerability? Uh so just kind of thinking from that offensive side of things. you are attacking, you're coming at the system um and then working alongside the defenders uh and and threat hunters and other people to see, hey, are they able to find out what I'm attacking and where I'm attacking and how do I help them patch this? Yep. Also, a couple of things to follow on what Sammy said because for instant response, she used the bad word of breach. Uh because there are some words that do have legal impact. So, just saying that word. So you will in

different of these areas work with different people in totally different fields. You'll be working with people in finance or HR or legal or privacy or regulatory and saying hey I think this might have happened but say for example I know in in the healthc care field if you even say that word you have four hours to report to the department of health and human services. Uh so you might want to be real careful. So, how do you do awareness programs and training to make sure that if we use that word that the attorneys have approved or different fields? So, you're going to be working with lots of different people in different areas that take care and run the business. So,

it'll be a good opportunity as you build your career. Are there other areas? And same thing as you know, Sammy's transition from healthcare. I've seen people move from IT into law or law into IT and different areas. So you'll see a lot of this transition because as in like identity in different areas, you will touch multiple areas within your career just finding which are the ones that interest you the most. So anyway, um earlier we had a slide that had uh sort of a map. This is probably a more accurate map uh though still probably it's a little bit dated from about four years ago. But same thing what are the different areas in color coding and you know security

awareness threat intelligence which uh part of incident response but you can also do brand protection and business protection domain typo squatting and I'm throwing out a lot of terms that you may or may not know but lots of different areas uh to start looking into and maybe start if you don't something sounds interesting down the line look what's upstream in that path to see how you get there or think of it because it's not just one field cyber Security is not just one course. It is very very diverse. Uh and also different people, different cultures need these same type of services or how do you deal with people in different countries doing the same thing. Uh or back to identity.

That's an easy one with that Sammy pointed out. You have one company working with another company over in Asia or Latin America. And hey, we're going to do federated IDs where if anybody from my company wants to log into your systems, let them. How do you set that up? And how do you do it safely? What if somebody leaves? how do you protect uh from that? So, lots of different things. Multiffactor authentication um and that plays into how do you do communications whether it's over Wi-Fi networks um everything touches back and forth. So, and I mean to add to some of those realms, I mean there's a lot more than what we've covered, right? There's pro

like there's things like product security. um if you're into healthcare and you want to kind of merge that there's healthcare device security um you know pacemakers can be hacked these days. So just an example that you know there there's so many different specializations that going into cyber security opens up. So it's not just about I mean it's easy to say oh I'm going to be in cyber security but then when you ask that question where in cyber security it kind of creates this huge puzzle um of trying to figure out and navigate that path. So, you know, part of that is just getting exposure to the field, trying to network, trying to kind of meet people, get mentors, see,

try to find people where you see yourself in a few years, talk to them, how did they get there, look at their journeys, and kind of try to chart, okay, what's going to work for you as a person? What is it do you like doing? Um, like Bill alluded to earlier, if you if you are a night owl and you enjoy, you know, working from 8:00 p.m. to 6:00 a.m., then find those night owl positions, you know, be be in incident response, be in hacking, be be in those fields that are going to give you that flexibility. That's the thing. You don't have to so much cater yourself to the role in cyber as find a role that fits

for you. Yep. Yeah. And also don't think just because you chose one area and uh went to another or you know that you're locked into it. If I started where I wanted to be and doing what I wanted to be, I'd still be writing CC code. Uh so be open to change and different opportunities. Uh but towards that, how do you chart your path to figure out where you want to go and and how you want to get there? So next slide. So with that um same thing as you're beginning to build your resume and interviewing techniques uh and part of that charting your course through that when you if you take a course and say

hey I did a networking course so I'm going to put I did wire water on my you better know it or you say I I did malware analysis do you know what the difference between an exploit and a payload is what's the difference between a virus and a worm so if you put it on your resume you better know it or at least know the terms and even and it's okay to say I know it to this level, you know, and that's that's okay, but that you understand what it means. Um, you know, if you're doing uh packet analysis and you bring up wire sharkark and you start going one packet at a time, no,

there's that's not how you go about it. There's different ways to figure out what's actually in your packet capture or doing malware analysis. Are you looking at something that's access to the system, the exploit and then you think about to use the military analogy, a missile, the missile propulsion is your exploit and the bomb is your payload. So very similar. I need to get something onto the system and then I need it to detonate and do whatever my actual attack is. So difference between exploit versus payload. Um same thing risk analysis. What's the difference between a threat and a vulnerability? um there are different things and the terminology that's used within it. So um if you claim it, you better claim it. Um

and same thing as you're writing your resume, there's something called a STAR technique and there's some other analogies, but you know what you're trying to demonstrate because most companies when you're talking going through HR or even the hiring manager may not themselves know about cyber security. they're part of the buzzword bingo that they're playing and getting through the resume analysis systems. But you know if that you did something and here's the situation is I was in here's what I did and here's the result of it. You know whether you did something in you set up a thousand accounts or you saved you know $10,000 or something like that. How can you attribute to something the business will understand? And if

you're just getting started out then okay how do I do that? So, back to finding out um where you can either volunteer at systems or internships um even changing careers. Um you know, I've had some colleagues in previous that they were in their 30s changing careers and start just found an internship. Um and it this is one of the things that's the the challenge within cyber security right now because there's such a demand but the companies I need to find I only can hire one person. I need somebody with experience. there aren't that many people out there with 30, 20, 30 years experience and the salaries that they're willing to offer. So that's creating a

problem. So how do we get new people in? So again, find people to mentor and help out with. How do you build some of those experiences that you can put on your resume? So um let's see uh sorry um also AI is the new thing. So you know how do you learn and get experience with that? uh and how do you research a company? How do you re and you know using AI to build your resume or do a research of a company though to a fault don't necessarily trust what AI returns there are ways to taint your language models or was I remember here in Georgia there was a law firm that um hey

uh AI create me a brief and give me references the only problem it was very good brief except all of the references were fictitious check your data you know know what you're doing same thing when you're researching ing a company, you know, do check what you're doing. What if it's generating your resume or parts of it, it's okay to do that, but check to make sure it's accurate. Um, same thing uh uh the buzzword bingo as it were. When you write your resume these days, you have to tailor it to each job that you're applying for. So do you know take your resume, take the job description, look for the buzzwords that are in the job description and where you

have that experience, make sure you use those words in your resume so it matches the search engines that are searching through all the résumés. The higher your percentage, the better your chance of getting a match. Um, but again, make sure it's experience you do have. And you might say something, uh, hey, I've got networking experience. uh and but in maybe the job description it specifically says TCPIP. If you've got that experience, use the phrase TCPIP to be able to get that match. Um also do prepare. Um and same thing behavioral interviewing is tell me about a situation when it's not just a yes or no. Do you have this experience? But how do you behave? How do you react? Um, and

what do you do when uh tell me about a situation where you failed and what did you learn from that? Tell me about something when you had trouble with a co-orker. How did you resolve that? Or you had a business challenge. You've got two critical tasks. How do you prioritize those? Those are the kinds of behavioral questions. Um, and also when you're going into a job, I mean, it's not like when I started where you could be at a company for 20, 30 years. Those days are gone. But it's also careers are not you can do contracting um which could be for weeks to months but most career careers are in companies three to five years maybe a little more

uh you know the longer the I mean good that means a good match think about it sort of like a dating relationship you know is this going to go a year two years three years longer hopefully better but so you are interviewing them as much as they are interviewing you um as a as a manager when I interview people One of the things that really saddens me is I'll say, "Do you have any questions for me?" And if they say no, sort of sad. I mean, you're half of the relationship. Do you ask questions about the company? What's a day in the life like? Uh what's a challenge the manager has? And if it's something

technical or towards your job, hey, I've done this. So, you can now show additional value to them that hey, you have that skill that I can now bring some immediate value when I'm on boarded. or maybe there might be something where the the manager says something it's like h maybe this is a toxic company or something like that ask questions learn about and I want to be careful to say culture because that's such a loaded term now but is the company very high pressure everybody must succeed or you know if it's a very salesdriven type of organization you know if you're not making your numbers you're out I mean is that a type of company you want to be in so you need to

ask questions to help you figure that out if it's more low-key something you want do they flex the hours do they allow work at home though even asking that question some companies with return to office as soon as you say hey I want to work from home well the way you're phrasing that is maybe do they have hybrid schedules something in the in the mediator or how do you accommodate when hey I've got to work extra hours can I work that day from home or something like that so it shows yes I'm trying to bring company value to the company but there has to be a little bit of give and take there. So, but do have questions

you ask them as well. All right, we're going to move on to the next part of the maze, which is creating your treasure map. You need to figure out your five-year plan, right? Where is it that you see yourself going? What's your goal? And why do you want to do what you are envisioning or what you are seeing as the goal? And be open to change. So, um, we use the cheese analogy. If you guys have read that book, Who Moved My Cheese? That book. So, you know, you have to figure out kind of like Bill mentioned that relationship. If I see myself at this company, do I see myself here shortterm, long term, what's my purpose? Because

it's very, very true what they say. When you attend an interview, it's very easy to be nervous as the candidate that's being interviewed, but you are interviewing them as as much as they're interviewing you. There is a return here, right, in value. They need someone to fit that role. You're being called for that interview for a reason. Your resume has been vetted. They've seen that you have some skills that might align with the position that they're wanting to fill. So you go in there and you have skills that that's the reason they've called you there. So highlight those skills and let them know what value you bring to the table. And while you do, it's also your chance to vet

that company and that team and see is this a fit. Um again, not to use the word culture, but it is a very important component, right? you're going to be there for a majority of your week every day working with these people doing this job. You have to be sure that you you enjoy it, right? You wake up every morning and and you don't mind coming to work. If you are not enjoying it, that is your cue that it's probably not the right environment for you. So, and another thing is um so I I I know Bill really likes the HP guy, so I'm going to let him talk about this quote. All right. Yeah. And this goes

back to the old HP when Bill Helet and Dave Packard actually ran the company. Well, anyway, I'll stop there. But part of the thing is being open to change and being adaptable and achie I used to be very change adverse. I I like this realm and I want to stay here and stay in the box and it that the Who Moved My Cheese book is a cartoon book. Uh but very much like something changes and it affects you. Maybe not in a good way. How do you adapt? And adapting is not a bad thing. So, and actually same thing when the change hit me in some area, I was writing CC code. Do you want to try

this? You know what? Yeah, I'll give it a shot. I'll just take a look at it. So, be open to that change. And they went from $500 to at one time over a hundred billion dollar company. Change can be a good thing. Um, but you know, just be aware, you know, the opportunity uh comes and you might take advantage of it. You know, even when you get into some area of cyber security, hey, we need this over here. Anybody interested? Take a look at it. It might be something you might like what you're doing. You might like that more. Maybe not. But don't be afraid of change. Uh because change is a constant. So, um let's see what else. Um keep

learning. I cannot emphasize this enough. Um and I don't just mean academic learning, uh the education part of it. So, stay connected. I mean things like bides here, make friends. Uh get involved with professional societies and there are lots of them. Um if you're an application developer, OASP, ISSA, uh information system security association. If you're into the GRC side, ISA um there are lots of and and cloud there's uh cloud security alliance. There are lots of different organizations. Same thing here. volunteer, get connected because you will pick up experience by other people's stories. Um, and same thing is uh what's the uh I'm trying to remember the saying is experience is what you get just after you needed it.

So rather than if you could say hey I had a problem I got burned by this. If you can pick up those stories and learn you can avoid that the next time. So uh and not have to live through the negative side of that. So ex you know learn from other people's experiences. Um, and you know, work on, hey, there's areas where I'm weak. Okay, build that. And same thing when you're Sammy was saying, uh, had made a great point earlier about when you're interviewing, here's all your cool technical skills that you want to emphasize, but there are other skills. They might call them soft skills, but problem solving, communications, working with people in other cultures, other languages. How do

you understand that? because now you're conveying uh technical terms to maybe a non-technical audience audience that have totally different expectations. Um now I've had situations where working with other countries overseas and I said hey I need to get this feed I need your feedback on this as soon as possible. Well in that culture this was Friday afternoon in that culture as soon as possible is Monday. something's burning and now because I didn't understand that cultural difference that actually was bad for me but same thing so understand that and setting clear expectations and learn from those other cultures where they have different viewpoints and perspectives uh and same thing back to interviewing you know you're interviewing them too so make sure that

you're um asking questions and what do they do not just technically looking for the position what does the business do is you're doing cyber security for the business. So, how does that plug in? You can ask questions about that. Um, just by looking at the company's website, what they do, what's about, are they in the news? Uh, did they just get hacked? And maybe that's why they're opening the position. So, you can ask questions like, why is this position open? Am I filling somebody who left? Why did they leave? Or is this a growth position? Or, hey, because we got hacked and you didn't have the investment in cyber security, now you are. Um, so same

thing. Um and again back to the academic knowledge or certifications. Certifications are good but that's maybe technical academic knowledge. How do you put it into practice? So you know things like capture the flags like here um you know besides other places get the practical experience if you can or internships uh anything you can to practice those experience. Stand up a lab at home and attack your own lab on one side and do you see it in the logs on the other? How do you harden a Linux system just to practice your skills? Um, and again then you can use that on like the ATS systems or the word tracking systems for résumés. So how do you

equate knowledge to experience because experience is value. So and on the certificates um I'm just going to add that you know there are two trains of thought to this right there. you know there a lot of these jobs that are posted online just for with real life experience they'll just throw in you know oh the candidate should have a CISSP with two to three years of experience and um they need you know an OCP and and you know this is an entry level job look at the job description read through it and and and you know you need to be in the field at least five years to get a full CISSP as in actually

certified and registered with the organization. It's not something it's not considered an entry level certificate. And these jobs are mostly posted by recruiters and recruiters are not not all of them are in the cyber security realm. So they're just going off some requisition or some keywords or buzzwords they found online. So don't be intimidated. If the rest of the description reads like an entry-level job, let the hiring manager make that decision. Still apply. Um, but that being said, the other other school of thought is there's a lot of people who just get a bunch of certifications because XY GZ job description wants it. Be a little more selective about certifications is what I would say. When

you have a certification, you need to keep it up, right? You need to do your CPEs. You need to go to conferences. You need to be keeping up the credits, keeping up your knowledge base, updating yourself as needed, especially with things like AI. Um, it's changing. it's changing so quickly and so rapidly. And so it's one thing to say, "Hey, I have the certification, but it's a whole other thing when you're applying it and when you're tracking those changes, following what's new in the world, and then being able to take that skill set and define it in a STAR format, say when that interview is asked, what experience do you have with AI?" You need to be

able to verbalize that. So my thing with certifications is definitely get them, but get them in the realms where you actually want them. Don't just get them because read a couple of job job descriptions that say you have to have this. I I think it's more important to to find the fit for your certification. Yeah. Sorry. And one last thing also about that. If you claim a certification, you better have it and have earned it because there are ways to check on that. um or like what's called false flag and um companies will check and one thing is about cyber security integrity is very crucial um so if you write something down that I've done this

I know this or I have this certification um sand certifications there's a registration site or credly there's ways to go check and if you don't actually have it so also be upfront if you're studying for it that's okay too studying for CISSP expected you December 2026, that's fine. Uh, but if you claim, hey, I have it, but you're really working on it, you have to say what you're doing. Uh, be accurate about that. So, um, and again, we're here besides so same thing, get connected, um, in the cyber security community locally and globally. I mean if you're going to conferences elsewhere uh RSSA, Black Hat, Defcon, uh Secure World and multiple cities, uh get connected

professional societies, you know, social networking is the thing. It is actually that in the cyber community as well. Um and I I've been doing this almost 30 years. I cross paths with people from 20 25 years ago. Um so build your network and maintain it. Um, and this I know because actually there was one of my careers, uh, one of my jobs where I got so focused on the job because a lot needed to be done, a lot of extra hours, a lot of hard work and I let my network languish that had an impaire impact down the road. So do maintain it. Even you're working hard, you're doing a good job for the good job for the company. You

have to do a good job for yourself too. What are you learning? How you staying connected? Staying updated. Uh, stay connected. That is crucial. coming to conferences like this as you build your skills, go from a learner to a teacher. Um, same thing we're asking you to to find a mentor as you grow, become one. And I mean, Sammy to me is the great experience. How do you do this career transition thing? And she's doing that. She was learning at one point, now she's teaching. Um, just an awesome experience. So um anyway just just uh always uh you know look for those opportunities locally, nationally, internationally um but always too I think sometimes people don't get along different

cultures but be professional and it's a great community you guys like cyber security it's it's a great community. It seems vast, but like Bill said, you you'll run into people you know all the time, especially when you're networking and you're coming out to places, and that's the best way to form pretty much your dream team um in cyber. So, network, network, network. I can't stress that enough. So, let's see. Um languages. Um and I don't mean this from just a technical standpoint, though. learning C, C++, Python, Go, Ruby, Pearl even that anyway but you get the idea who are we doing cyber security for the business. So, and business has its own language, especially if you move up and become

going to management and saying, "Hey, we've got budget planning and I've got capex and opex that I've need to plan for and what do I anticip what's capex and opex mean?" And all this, we have to learn the business language, too. Because or if we go in there and say, "Hey, I've got an exploit that's doing a buffer overflow. By the time I get that far, the CFO's eyes have glazed over and says, "I don't understand a thing you're saying." The burden is on us to talk in their language. Communication is crucial and knowing your audience and being able to talk in their language. Um, same thing with some business field people. It's like they do

live in a different world. Um, different levels. If I'm talking to a frontline manager, I'm talking to a CFO. I've got to change the way I talk. Um, and I'm sorry, but the burden is on us. We do so many different things. And if especially if they're not technical, they may not understand. You've got, they used to say you have a 30 secondond elevator pitch. It's probably down to about 10 or 12 seconds now. I've got to grab their attention in words that they understand either to like tell them what the value is, what the risk is, what the impact is. Everything's going good, whatever. How do I get their attention and still show value? Because there's

still the analogy in cyber security that we are viewed like insurance. Hey, I'm paying all this money for cyber security and I don't see any return on that money. When there's a fire, you'll see the value or there's an earthquake, you'll see the value. But dayto day and but we are doing more than that. We're growing now. And that's the one thing too because we love the technology and the bits and the bites and everything. How do we sell ourselves? How do we sell our team, our occupation? Um, and that's what it comes down to. And that's actually another language. How do we sell ourselves? And you know, I'm really good about singing the the the benefits of other people.

I'm not so good about myself. That's something a language I need to learn. How do I do that better? Um, and same thing how different people communicate in different ways. Is it by example or history? Here's here's a company that had a use case where you know you know uh an energy company that got hacked and this is what happened to them. Doesn't necessarily mean and there's also something called FUD. Fear, uncertainty, and doubt. I don't like using that to try and fear somebody into doing something, but here's an example. And the impact is they got, you know, had a $50 million loss. This company um had a $500,000 loss or this per company lost

10,000 data records of healthcare and now there might be regulatory impact. I be careful how you phrase things and how you communicate that but find a way through examples or analogy because we're trying to influence decision makers. Um and same thing or back to uh the mentorship teaching also those executives I I've got 10 12 seconds to get their attention but maybe once I do how do I teach them about the value we bring as cyber security professionals. What we're doing is we're growing our careers and what value do we provide to the business because they're paying our salaries. So how do we communicate in those different styles and numbers talk right and this is why

learning to count is important not just on the technical side where you're counting in bytes or looking at things from a computer's perspective but also on the business side. Eventually at some point in time all of you guys will get to a point where you might want a leadership role or you know be in a higher level as a manager or director um having to then present the technical aspect to the business side. And so trying to keep that at a fifth grade level getting their attention and attaching a number or a monetary value to how this might help the business is probably going to speak volumes. So work on those modalities and the style of

communication. How do I get across this piece of information in the most simplistic way possible but still grab their attention and still get my point to stick, right? That's what you know in the business world they call it buy in. You want to get leadership buyin. Sorry. Yep. Um and also being a very technical uh area still we're doing things for the company. The company is made up of people. The company is selling a product providing a service for people. So how do we understand that there is a social aspect back Sammy said it great. You have to get buy in maybe from the company. Company's made up of people. How do you do that? Uh same thing

especially I love the technology and I find it very frustrating when others don't understand it because to me it makes perfect sense um or even like a programmer uh writing a program x= x plus one I understand that somebody else who hasn't had a programming background is going to go that doesn't make any sense whatsoever so how do we explain things to them in a way that they can understand back to the language and being aware different cultures may interpret different things we talked about the example I had earlier with the country company overseas. Um, but be aware of different things, different experiences. It all brings value. Uh, and same thing, even if you get frustrated, still be polite.

What's that sort of like that scene in Roadhouse? Be be polite. Be polite because again, they're paying our salaries. Not to say we give in, but it's our job to learn how to negotiate and influence. Um, and same thing networking. Um, where are you going to be? I still bump into people from 20, 25 years ago. And there are things that have happened in my career where I've been working at a job and somebody from uh 10 years ago calls me up. Hey, Bill, we're getting the band back together. You interested? Deal me in. Uh same thing people or opportunities in where you're working? Hey, I know somebody that'd be perfect for this and you bring

them in for a referral. Um or they bring you and be Hey, are you interested in a new job? you may not be looking, but they think of you because they know your skills or they know your ethics or your culture and how that would fit. Um, so always be open to that. So, keep things uh keep your network up and keep your connections active. So, be ready to have pitfalls, right, in the journey. You're going to make mistakes. You're going to be criticized. You're going to walk into an interview and blank out on every technical question that they ask you. And it's okay. It's okay to fail, but don't stop picking yourself up and being

resilient and continuing to forge forward. You can't be afraid to do what what you fear, right? You have to overcome it by actually just jumping into it and trying your best. I mean, why are we throwing all of this knowledge share at you today, right? And I know it's a lot and it's a lot to digest, but the thing is the way that you create the narrative, the way that you present yourself, whether it's on the resume, in an interview, some people are going to like it, some people are not. You might be a fit, you might be not be a fit at that certain company's culture um or environment, and that's okay, right? It doesn't mean there's not

a place out there that you will fit into and you'll be completely happy in. So all that does interviewing more putting yourself out there trying and continuing to try it's going to give you the experience that you need and experience is what you get just after you need it right. Yep. Yeah. And towards the Oh, sorry. Go ahead, Sammy. Sorry. So go ahead and make your mistakes. Don't be afraid of making them. Fall, you know, scratch yourself, get hurt, but get back up and keep trying. Yep. And they say when you make a mistake, fail early, fail often. And part of the like interview questions, tell me about a mistake you made and what did you do

with it? Did you learn from it? You know, it's one thing. If I make a mistake 10 times, I'm clearly not learning. If I make a mistake once, what did I do? Maybe make it again. Something else and I learned and here's how I improve something. So, I won't make that same mistake again. That's what hiring managers are looking for. How do you learn and grow? Mistakes will happen. And some of them can be one simple mistake can lead to a compromised company. somebody hey I need an easy password for a network device it happens to be internetf facing and it's guessable next thing you know somebody put ransomware in your company so make sure you're as you make decisions or

others make decisions on IT teams always you know be prepared when you make a mistake how do you correct it how do and what do you do with it to make sure you minimize you contain it do make you know minimize the impact of it and what do you do to recover and go forward so it's always keep moving forward So, and you will get a lot of rejections. I think I applied to two or 300 jobs before I got my first interview, right? You will get a lot of rejections. You'll get a lot of people asking you why are you making this career change or why are you pursuing this? And you might not be able to

verbalize it completely, but as much as you can network, find people that can help you verbalize that and align yourself accordingly. Practice makes perfect. So whether it's brushing up your technical skills, doing CTFs, I mean when I first got into cyber and I did my first CTF, I looked at the first question and I was like, I don't know what this is asking me to do. And you know, as you keep doing it, you get better, right? You start researching, okay, like what is it asking me to do? How do I do it? So go back, go refer things. There's a lot of things out there. If you're interested in like um you know exploits and vulnerabilities,

you can look at the vulnerability database. You can read blog articles on how somebody used a vulnerability or how a threat actor you know functions and what they use as their mo like what do they follow? What's the performer? Um there's if you're into networking and you want to get really savvy at Wireshark, there's PECAPS that you can just download offline and just look through them and learn and there's people that have written articles on this is what I look for in this specific pcap. So the community is so important in just you know utilizing it to the best of your abilities to keep learning. I mean, my first job in cyber, there was this guy that I worked with who was just

amazing in Splunk, and I barely knew how to run a Splunk search when I first got my job as a junior analyst. Um, I I knew like my Splunk basics, right? You search for this, you search for that, you can do a table, you can check time, like you're but I hadn't really operationalized it in an environment. Um, and one of my co-workers was just, I mean, he's amazing at the tool, right? He knew the ins and outs of it, everything. After work, I would spend two hours every day just bugging him to teach me, and he did. Um, and you know, now I'm so comfortable with the tool. It's like, yeah, okay, I can do as well.

So, I don't even think twice about So, utilize the resources, the networking, the the friendships, the mentorship. It's definitely going to help. Yeah. And as you grow, you will become that. So you are an asset both to yourself and to the company. So you have to think about that. But also assets have ups and downs. So same thing when you're going and interviewing with a company. Here's the value I bring. Here's the salary I'm going to require and the benefits and stuff like that. If your cost is higher than the value you bring, probably not going to happen. That doesn't mean you should cut what you're asking for, but it's finding the right company and the right match, the

right expectations. Um, also, uh, what are you doing to keep your value up? Because otherwise, assets depreciate with time. So, how are you showing I'm adding more value? So, when raise time comes along, you can get a higher raise. If your value goes up, your salary should go up. Uh, so all that goes into and also we talked about learning negotiation. Salary and review time is a negotiation. So, how do you pick up those skills to be able to say, I need to, hey, I've brought this extra value. Here are my accomplishments. I mean, Sammy had a great example in the numbers. Hey, I did this and this was the result and it saved this amount of money or it

generated this amount of revenue or I helped a team get revenue or, you know, decreased risk or something and what's the number to give it some sort of objectivity. That's the value you bring and how you did it and what you did and or training others to increase their value. Now they have multiple assets who are increasing in value and if you're responsible well yeah you did earn it. Here's your raise. So or and bonuses.

So ethics and integrity is a very very huge cornerstone in this business right the CIA triad. I mean it's right there in in your cyber security foundational basics. um you are dealing with a philosophy of life versus the business. So it's always going to be a question. Security is you know thought of more as a a gatekeeper to things because you know we practice defense and depth. We're always wanting to lower that threshold or risk ceiling or appetite for how much malware do we want to take on or or you know user um unawareness so to speak. So make sure that you everything should be done in a balance, right? So not just within the practice of cyber but also in

life. Your integrity is going to be everything. So if you say you're going to do something, keep your word, show up. Especially if you're working in the realm of being in a team, make sure you're there, you're one of the team, keep your confidencees with everyone. Yeah. And also part of that especially a team uh you want to get a team or build a team and be a member of a team um whether you're entry level more advanced uh principal level manager you know is this a team I want to be a part of or and the team wants me to be a part of them if if it comes down to combat I mean Sammy's one of these for me and

there are others on teams that I've worked with that if I was in the middle of a major incident some everybody's on fire who do I want watching my back and who would trust me to watch theirs. it comes I mean you're in a major incident with data leaking and um you know regulators knocking on your door or certain things like uh OT devices if you were in a hospital setting and your your uh X-ray machines and uh MRI systems were under attack and compromised and PE patients can't go into surgery because they were in a car accident right now there are situations where lives could be on the lines so or medical devices I mean there are situations it

gets critical Um, and sometimes it's like, hey, I've got to work a 12 or 16 hour day. There are times your family won't be happy. Um, if you're like in an incident response, but then same thing, how does that balance out? And it it isn't fair, but same thing, how do you make sure you are getting um and competing not necessarily against your teammates, but I mean there's a certain amount, but how are you competing in the marketplace as you uh find a job, change jobs, and keep moving? Um because it's still um the individual and how do you treat the other team members or even the larger corporate team um one of the analogy

there's a starfish story where there's a storm and there's hundreds of starfish on the beach and this guy's going down picking up and tossing one in tossing one in and you know what's that difference you're going to make and somebody asked him why why are you doing this there's no way you can toss them all in. It says it matters to this one and then what do you do next? So, uh, it's same thing. You aren't going to be able to solve every problem, do everything, or like the fishing analogy. You ever go fishing? Did you ever catch all the fish? But make the best impact you can in the time you have. So, and it's all about the business. So,

make sure you're picking up that business acumen as well as building on that technical knowledge. Um, you you have to always let the business know what the need is. justify, prioritize, and then persuade. And you are an asset to the business, but you do come at a cost. They pay you a salary, they give benefits. So, make sure that that cost, the benefit versus the cost is very real, very tangible, and that they're able to justify it. Yeah. And also as part of that, um, definitely, you know, in terms of making a difference. So some of the like the intangible value you bring whereas hey training the team and improving their skills or doing something to make uh a

different group aware of a risk or how do you make things a little bit better in the environment where it may not be strictly hey I I did this and it saved us you know $10,000 I made this a little bit better and it's intangible that's still something it's harder to justify but if you can as have them something that they can view or See, but also to be fair for yourself. I mentioned that time where you might have 12 or 16 hour days due to an incident. That's not every day. So, you have to figure out how to throttle your work effort. You know, at what, you know, regular day-to-day 8020, you know, I'll

work 80% hard. I but I've got time to I've got to check my email, do my admin work, and other stuff like that. If you're running at 100% 110% all the time, you will burn out. I don't care if it's in sensor response, GRC, security awareness, whatever. You can't work at 110% all the time. Now, but there are times you that's you need to pace yourself to make sure when that is called for, you have it to be able to do it 110% for that sprint. Um, and there might be times you're sprinting for a marathon, but that's part of how you build your career and show your tenacity and then build that reputation. So,

that's how somebody else years later, hey, getting the band back together. you want to join? Um, and there are a couple managers that if they walked up to me right now without knowing what the job is, say, "Hey, Bill, I got something for you. Let's go." I'd get up and go. I have that much trust in them. And I've built that reputation with them. Same thing with all of this. How do you work in your work ethic and build the business? Because Sammy's right. I mean, the business has to survive. It has to make money to pay your salary. So, what's the value you bring? And the same thing, watch the business. If it's doing

something that might be a little tenuous, might be time to move. Uh because where we have certain expectations, especially in cyber security with ethics, that's an expectation that goes across the board. So yeah, just something else to keep an eye out on and things are always going to be changing, right? The universe is always in so work hard, but keep your perspective. I think that was a great leeway that Bill Bill said. Things will keep changing. You might align with the business at times, but you might not. And you'll know when that time comes, but it's just something to keep in perspective in terms of even finding your first job. It's easy to say, "Let me just get that foot in the

door." But you need to enjoy what you do on a day-to-day basis. Your family and your friends are going to be your first team always. So, prioritize that. Prioritize yourself and your health. When things go bad, things change. When things go good, things change. Change is inevitable. So, you have to watch out for you and you can't leave things, you know, pending because your job requires some intention. That's always going to be there. So, do prioritize yourself, your mental health, your family, and everything that's important to you. And along the way, you do meet people where you have your back. Like you, they have your back and you have their back, you know, no questions asked. Those people

again have that close circle, your next level, your next level. Layer yourself like an onion, but watch out for yourself and keep your perspective intact. Yeah. And same thing as you're going, pace yourself. Again, you're an asset. Assets can be spent. So, make sure when you're doing it, when you have to work hard, work hard. but making sure you have that reserve or building that back up. Um because who's watching out for you? You are. You are. Look at yourself like a business too. You are providing services to another company, one that's employing you and paying your salary, but are you getting the return on investment? Are you growing or do you have the opportunity to grow and grow

your value grow your your your value yourself? And same thing as you go along. You're going from um a different career to cyber security. Hey, I got my first job in cyber security. You just flipped a bit in your life. You just got a promotion. You flipped another bit. You know, so using this to the analogy of where we're going, you become a manager, you flip a bit. You change companies and you go up to a multinational, you flipped, as you go in your progression, you're growing and accumulating uh different values and experiences. And same thing with the integrity, change will come, but that doesn't mean you can't be a change agent either. You can make change and bring

things about. So change the world. So fortune and glory, kid. Fortune and glory. We do hope that you guys all one day belong in a museum. Yep. So welcome to the world of cyber security. if there's anything we can do to help you along in your discussion. Same thing, find a mentor, but you have questions, feel free to reach out to us. And meanwhile, we'll see you around.