Small-town street scene in Illinois American flag flapping in breeze by huge painted American flag fading from brick wall
 

Episode #31 - How to Start a Career in Cybersecurity

There's no "right way" to get started in cybersecurity but there are a lot of different paths to become a cybersecurity expert. This week, the guys talk about their career paths starting from the ancient IT world and moving into modern day cybersecurity disciplines. They share some of the most important skill sets that you rarely hear about. Get the latest tips and tricks to start your cybersecurity career today.


Pick up your copy of Cyber Rants on Amazon.
Looking to take your Cyber Security to the next level? Visit us at www.silentsector.com
Be sure to rate the podcast, leave us a review, and subscribe!

Headlines:

Ransomware to Be Investigated Like Terrorism

Researchers Discover First Known Malware Targeting Windows Containers

The U.S. Must Redefine Critical Infrastructure for the Digital Era

FBI Recovers Millions in Ransom From Darkside Ransomware Gang

Meatpacking Organization JBS Pays $11 Million to REvil Ransomware Hackers

Billions of Compromised Records and Counting: Why the Application Layer is Still the Front Door for Data Breaches

DarkSide Pwned Colonial With Old VPN Password

Hundreds of Suspected Criminals Arrested After Being Tricked Into Using FBI-run Chat App

Microsoft Patches Six Zero-Day Security Holes

Emerging Ransomware Targets Dozens of Businesses Worldwide

 

10103417-small

Send Us Your Questions & Rants!

 

welcome to the cyber rants podcast where we're all about sharing the forbidden
secrets and slightly embellished truths about corporate cyber security programs
we're ranting we're raving and we're telling you the stuff that nobody talks
about on their fancy website and trade show giveaways all to protect you from cyber criminals and now here's your hosts mike rotondo zack fuller and lauro chavez
welcome to the cyber ants podcast this is your co-host zach fuller
joined by mike rotondo and laura chavez
and today we are talking about getting into the
cyber security field business industry whatever you'd
like to call it but how do you getstarted
what might that look like what are some options uh and ways to do that so that's what
we're going to talk about but before we do mike why don't you kick us off with the news
good morning uh podcast fans uh the cyber silent sector news desk is well rested
after its vacation on the southern alabama riviera so uh here are the podcast headlines for six eleven
uh severe rce vulnerability and vmware
vcenter server
is under attack there are more vmware v
center
issues going on please patch these as
soon as possible
on wednesday a researcher published a
proof of concept code that exploits
the vulnerability another specialist
declared the exploit is able to be
trusted in that little extra work is
required to use code for malicious
purposes
it can be reproduced using five requests
from curl
a command line tool that transfers data
using http https imap and other common
internet protocols so
apache vmware news from the federal
government ransomware is now to be
investigated like terrorism
uh the u.s attorney's office wants to
organize the ransomware investigations
that is similar to other national
security issues not the severity of the
punishments
or the way conv the way convicted
persons will be apprehended i'm assuming
there's no seal teams that are going to
be busting down
computer center but you never know um
ransomware especially ransomware as a
service as a similar organization
structures to some
terrorist organizations so that's the
justification behind that just another
note
about 27 of victims are choosing to pay
ransom right now and there is discussion
that they're going to make
paying ransom illegal which let's do
that because that ransom just
funds terrorism please do please do that
that would be
excellent yeah news today researchers
discover first known malware targeting
windows containers
security researchers have discovered the
first known malware dub styloscope
targeting windows server containers to
infect kubernetes clusters and cloud
environments
it is a heavily obfuscated
malware targeting kubernetes clusters
through windows containers said unit 42
researcher
at palo verde palo verde its main
purpose is to open a back door into
poorly configured kubernetes clusters in
order to run malicious containers
such as but not limited to crypto
jackers uh this also dovetails into
hitting your hyper-vs
definitely worth looking in looking into
this at the hacker news
interesting story that came out that the
us must be
defined critical infrastructure for the
digital era and it's a really good point
this american definition of
infrastructure has remained largely
unchanged since world war ii
uh when the federal government updated
roads railroads
water supplies etc uh you know back then
communications was basically the radio
but right now we've learned especially
through the pandemic that our economy
rise heavily
on robust internet or our digital
infrastructure is the lifeblood
of basically enabling people to continue
to work at least for the laptop class
um this is good news fbi recovers
millions of ransomware
ransom from dark side ransomware gang
i'm sure we've all heard about this but
they were the doj was able to claw back
about 2.3 million dollars worth of
cryptocurrency
uh that was paid to darkseid for the uh
colonial hack on the on the other side
of that
meat packing organization jbs paid 11
million dollars to our evil
for ransomware hacks basically jbs is
the world's largest meat packing
enterprise declared this week that it
paid an 11 million dollar ransom
our evil ransomware threat actors
it ultimately paid the requested ransom
in order to keep their stolen
information from being leaked online
and reduce any unintense unanticipated
issues related to the crypto
cyber attack i don't know what critical
information meat packers have but
apparently
it's worth 11 million dollars billions
of compromise records and
counting why the application layer is
still the front door for data breaches
this is an interesting story each year
the number of data breaches grow by 30
while the number of records compromised
increased by an average of 224 percent
uh that's pretty scary in january alone
more records were stolen than all of
2017 so attackers are continuing to
evolve their tactics to get
access to sensitive data they're using
more sophisticated methods and
research finds that nearly 50 of data
breaches over the past several years
originated at the web
application layer attackers continue to
use sql injection
for remote code execution to exploit
vulnerabilities so basically protect all
paths to the data
um we found out how dark side got into
colonial
um basically it's an old vpn password
so they discovered it inside a bachelor
password somehow that
that account was still left active and
basically
we're able to get in so a silent sector
recommendation
create a strong separation and
termination policy and account
auditing to ensure this doesn't happen
in the future so when you terminate
someone make sure all of their accounts
are terminated uh
analyze their you know account usage
every every year
um this is kind of funny hundreds of
suspected criminals arrested after being
tricked into using
fbi run chat app basically the
australians and the
fbi and 16 other countries came up with
a chat app called anam
that was added to the mobile phones um
that basically
uh was supposed to be encrypted data
that criminals were using global
criminal organizations were using
um in reality they were just feeding
straight data directly to these uh
these police organizations good job
microsoft patches six data security
six zero day security holes excuse me uh
microsoft on tuesday released another
round of security updates for windows
operating systems
including fixes for six zero day bugs
remote
code execution bugs and then four
elevation of privilege flaws
so that is something to be very
concerned about make sure you patch
everything
and lastly emerging ransomware targets
dozens of businesses worldwide
emerging ransomware restrained in the
threat landscape claims to have breached
30 organizations in just four months
so when operational supposedly part of
the reward syndicate which is
apparently everywhere now however it was
first observed in february 21
2021 it's called prometheus it's just an
offshoot of another ransomware variant
called thanos which was previously
deployed against state-run organizations
of the middle east and north africa
currently they're targeting government
financial services manufacturing
logistics consulting
agriculture health care insurance blah
blah blah everything out there so
um good news there's another ransomware
laurel what do we got for
vulnerabilities today yikes well
thanks for that mike certainly nice to
have you back um it was just weird with
me doing the news
honestly i didn't feel everybody
no i was dirty i had to like date
afterwards bizarre
so for exploitation uh to be worried
about this week uh microsoft sharepoint
server 16
has a get xml data form data source
server side request
forgery vulnerability that is exportable
the payloads there
for use so if you're running uh version
16
make sure that you're upgrading that and
that's um windows server 2019 that's
testing on
for proof of concept pretty interesting
stuff uh
and the rust that i have again is just a
tail as old as time i probably shouldn't
even
bring these up anymore but my gosh there
are just there's three more wordpress
plugin remote code execution pieces for
wordpress discuss uh the visitor app
plug-in
and force for um the smart slider the
smart slider plug-in piece for wordpress
so
careful what plug-ins you're using for
wordpress
man i'm just saying like wordpress is
becoming as dangerous if not
more dangerous than using microsoft
excel chrome
maybe just just get off get get off
wordpress
yeah it's like it's like playing yes
like playing with a barrel cactus you
know it's just
i well uh
and by the way uh for those of you
listening that
want to find news articles if you go to
our website and the podcast
pages uh for each episode we will have
links posted so you can read the
articles in detail
all good stuff i know mike goes through
a lot more articles to bring you the
ones that are of importance so it's a
great source of information
want even more cyber rants be sure to
subscribe to the cyber rants podcast
get your copy of our best-selling book
cyber rants on amazon today
this podcast is brought to you by silent
sector
a firm dedicated to building world-class
cyber security
programs for mid-market and emerging
companies across the u.s
silent sector also provides
industry-leading penetration tests
and cyber risk assessments visit
silentsector.com and contact us today
that being said uh by popular request
today we are talking about how to get
into the cyber security industry
and what you need to think about what
you need to do and
i'm going to preface all this with uh it
depends
there's there's no right answer to that
right and so everybody's got different
skill sets
everybody has a different point of view
but i figured
maybe we'll start by just talking
briefly about how you guys got into the
cyber security
industry mike and laura because i'm a
i'm a business guy by nature so yes i
have certifications
and such but um i
have a kind of a skewed viewpoint uh
i i would say so i think people are
asking really about how do you become a
practitioner
in the cyber security field um so that
said
do one of you mind taking the big leap
and just
sharing briefly you know two minutes or
so on
your path and how that went what that
looked like
so we're talking about history in this
podcast i guess not yeah this is ancient
history by the way dust off the cobwebs
you know off your your uh your journal
from when you got started because i know
you kept a journal
yeah some clay tablets okay so let me
preface let me preface this with um
by popular request what what zach was
was saying is that we were actually
approached on linkedin
so if you if you have a request for for
a topic um you know don't hesitate to
approach one of us on linkedin and
shoot us a message and we'll if you know
we'll throw you in the schedule so
thank you for that suggestion okay
now on to mike i'm going to let you i'm
going to let you go first
your tail is older than time and my tail
is as old as time so i'm not really sure
which came first i i would say that my
tail is older than some of our audience
by many years
um so but basically back in the day
i uh started my it career by
actually it's not that old it's pretty
close to old but anyway it's uh so i
started
the day working actually i was selling
computer parts uh back when six megs
memory would cost you 800 bucks
um driving to work listening to a
cassette tape exactly
if you were lucky anyway
um and so i jumped to taking my my
my cutting edge nt 4.0 classes uh
because that's what i really wanted to
do
i went from there my first job interview
in the it security
or it realm was they handed me a stack
of floppies for the os and stack of
floppies for lotus notes
mail servers that was before exchange um
and basically said you got three days to
build this if you pass
then you can have a job if not well you
just wasted three days
so basically that's how i started that's
how i got into the industry there was no
vms there were no clicks there was
stacks of floppy drives and for those of
you don't know what a floppy drive is
it's a little square disc about three
inches by three inches that had a piece
of magnetic tape
and hold held a whole 1.4 megabytes of
data
so yeah it's like a zip drive but softer
yeah
exactly so um yeah and you put them in
an order otherwise you start over again
so
uh the the stuff that we had to do back
in the day is uh
is much different but anyway you start
from there and you just learned
everything you can learn and that's the
way it is and
i didn't really get into cyber security
until you know it's still a long time
ago about you
well we did it as part of our normal job
there wasn't really a thing called cyber
security was just part of you had to
secure your networks you had the
security it was called good engineering
right
exactly and then you know really got
into socks and all that kind of stuff in
2004 2005. so
that's where that started but yeah there
was a good 10 12 years of me just
that was just what you did so that's
that's sarbanes-oxley for those
those who don't know not not a not a
footwear not something that goes under
your footwear
compliance compliance requirements
exactly
or yeah not a sports team either in this
in this instance
so that that's my story in that show how
about you laurel well i learned um
on an abacus play tablets too
so uh
we had to make it you know we didn't
just get to go buy it you know we were
poor we had to make our own clay
yeah i started out doing stuff in you
know i guess it was about i don't know
maybe
fifth or sixth grade and then i guess it
really got fun in high school when
you know computers were just starting to
get they have like really good graphic
games and i'm talking about
castle wolfenstein and doom and so that
was really my motivation to get into itu
was that these
these video games were coming out on on
on pc platform were so awesome at the
time
in high school i volunteered to do the
uh kind of you know work with the
the lady that um her name was mrs
simmons and she was pretty much in
charge of the computer lab she's a
really
capable lady she had like a computer
science degree from like old school
when it was it was really like math and
stuff right so
um she set up like the apple twos and
stuff for the typing lab and so we got
all these like well you know
windows 351 i guess and they were gonna
start a little network with like eight
systems and so i got to help build that
and my whole purpose was so that i could
load
castle wolfenstein and skip class and
play across a woman's side in the
computer lab
um and that really kind of led to some
you know advice from a friend and
joining the military and you know kind
of taking that
that fun and technology sort of um into
the united states army
and that's i think really what i guess
sharpen the knife
if you will or it got me out of that i
still played video games on deployments
when there was time don't get me wrong
there's still that's still going to
happen however you know there were a lot
of other fun stuff to do in it and you
know like mike
cyber street at the time was just part
of it i mean you know communication
security's such a core
part of the military anyway you know
everything from radios and physical
cryptography
you you learn those types of principles
already you know it doesn't matter
really what job you're doing in the
military if you're operating a radio
you've got crypto
in your hands right they're securing
that communication line and so
you know that that was a lot of fun and
i learned a lot there
and i it was one of those things where
it was time to
kind of move on and so out of the
military
one of my first corporate jobs was
working a
network administration kind of role for
um a major gas company i don't think
they are but we were controlling all the
scada equipment
uh for for the pipeline essentially
not not the one that got hacked
different one different one this is
it's your 2003. no no no it's not
the other thing i thought was funny is
that i put um i helped
i helped build the very first firewalls
that were established in one of our
major bases
i'm not going to say the military army
base
and i found out like 10 years later
there was some breach
to it from a person of mine and i was
like i wonder if they changed those
passwords i hope they hope they did some
basic things right or maybe they still
put something new in but i
i did i had a little heart fail and i
was like was that me did i do something
wrong but no it totally wasn't it was a
completely new set of equipment
but they're going to be cutting it up
and you do push-ups now that you're
civilian
push-ups with the hose in your face
because 10 years ago
hey screwed up the firewalls exactly 10
years ago oh gosh
anyways but you know that that network
that network administration job
you know really turned into a cyber
security job when another organization
needed a security manager because they
were trying to process credit cards
and visa at the time using their cisp
um framework was requiring them to do
basically a whole bunch of nist stuff
right and so that's that's really kind
of where
i turned from doing you know good core
network engineering and uh
you know i'd consider to be cyber
security um corporate on the corporate
level
and that's kind of where the cold
governance piece came and got to see pci
get developed from there
and oh gosh now it's just a nightmare
i don't want to remember it's amazing
how far we've come i mean
you know kids come out of college or
people come out of college and they've
got these specialized things and
have no idea no concept of what the
other you know
what we went through to build all this
stuff um you know the trial and error
that's out there because
you know you've had to you know build
things from scratch it's crazy i think
about i got to i got to play on the very
first cisco router that cisco ever made
you know i mean it's just like it's a
bizarre and i was like
my buddy was like you should invest in
these guys just put some money in in
cisco they're going to be big one day
and i'm like
it's just another piece of network gear
like who cares
i gotta share one of my my first hacks
and you guys let me know if this is
if this is truly a hack or not but um i
grew up on the apple right start out
apple 2e
and then um got the first you know one
of the early macintosh with the black
and white screen and
around that time um res edit came out so
i don't know if you
remember res edit for for mac you know i
this was probably
i don't know maybe mid 90s what i could
do is go in
and change the um basically edit the
operating system right and
graphics and different
types of like error messages and that
sort of thing but
you could also edit all the fonts and so
what you could do is switch
like you could switch the little font
graphic
for the keys on the keyboard right so
you could switch like the d
and k font for example and then pop
the keys off the keyboard and switch
them as well so they
so the keyboard works right but it's but
it's a weird layout now and so i did
that in my computer lab
at school and they weren't too happy
about that but that was um
that was a lot of fun back then when it
was that simple yeah
i would i would call that that that app
res was called it's a tweak what they
call a system tweaker
so yeah yeah yeah system tweaks right
and so
i wasn't i wasn't privileged enough to
have a
mac i i had a trash 80. so whatever but
anyways
um yeah we had we had once we got into
windows 95 right we had two key
we had tweaking apps to do all kinds of
stuff to the desktop and everything else
but yeah apple was always on top of that
yeah a lot of a lot of fun i think they
thought that today a misdemeanor
yeah oh yeah it's not not yeah that that
violates the computer fraud and abuse
act
so uh could say well that was uh that
never happened i just um
just a joke just you heard about it from
some guy yep i heard that you
that could be done um reading that on a
blog
nowadays so nowadays i think it's a bit
different right so back when you guys
back in ancient times
um and uh kind of the dark ages when you
guys started
and you kind of worked your way up all
through the ranks of i.t
and then eventually security became its
own domain
right and the people recognize that hey
there's
the skill sets are getting broader and
broader so people need to be focused and
nowadays
a lot of people are going um maybe have
some light i.t background or going into
the security field or even no i.t
background and going into the security
field
and so there are questions out there
about how do i know what i want to do do
i want to
be on the red team side doing the
attacks pen testing stuff like that or
do i want to be on the blue team side
defending the networks uh you know
and i i don't know what if there's a
right answer for that but maybe we
should dive into talking a little bit
about
certs and some things you can do another
common question is
uh college degree versus certifications
do i need to have a degree
to get into the field those types of
things what would your
what would your recommendations be in
terms of
um identifying what you like to do
and what kind of where your skill set or
where your natural abilities
land themselves and then you know how to
go down that path from a
from a education perspective well i can
speak to the college thing
is the only one on this podcast with a
college degree
that happens to be in history i'm going
to say college degree not that important
for
i.t security so um
yeah i mean you know the mysteries of
rome you know true
true yes i i learned important things
about serfdom in russia in the 18th
century
um you know things like that that uh you
know i use today
when i'm putting together my
documentation
yeah well here here's what i'll say
right is it to your point right i think
i think it depends on your learning
style okay and so i think
some people are better guided learners
and some people are better self
kind of self-taught learners right and
so there's two tracks you know i think
college or you know more of those types
of courses are going to be you know
for the guided learning individuals to
do better and you know group sessions
with labs and that sort of thing right
whereas the
you know if you're already got some tech
behind your your belt
and you're you're pretty savvy already
then there's lots of you know just
solo learning resources that you can
leverage now back when mike and i
got into this you know microsoft came
out with their you know microsoft
certified systems engineer track
and it required you to take three major
operating systems
and then two electives at the time and
so that those elections are typically
networking essentials and like
iis server or exchange or something
something ridiculous right some other
microsoft component and that's how you
you know you kind of you kind of worked
your way from there and then of course
um
ise squared was the i think some of the
very first cyber security related
i guess certification that came out and
so they're still out there
yeah they're global and then you know
isakka you know for certifications i
guess
to touch on that you know ifc squared
isaka sands
i think all these places are going to be
good good
locations to get your certs and you know
mike i don't know i mean
uh i think i think it's i mean i don't
know do you have any suggestions on you
know
i know we you know your history degree
doesn't doesn't
kind of doesn't matter right it's really
irrelevant i guess the only thing that
does help me do
is write i mean i've learned to write at
a college level which helps me with
writing documentation and that's really
the only value i see from that education
that being said
you know you can get a cease from ec
console and then you go on to more
advanced tracks from there
um those are great things to have though
but those are tests they're learning
their books are so not hands-on tests so
you know i had and i don't know if they
still even offer this the cpt test was a
certified penetration tester
tester test which basically they gave
you two vms and said you got to hack
these
um you had to root these two unix
servers in order to get a certification
that i found far more valuable
i mean i learned some things in the ceh
class that taught me how to do that
stuff
um so those are those are the kind of
base certs to get
um the ceh is a good one
you know um but you want experience you
want hands-on experience you want to be
able to
to go ahead and do this but i still go
back to the fact of you know things that
laurel and i learned
growing through the ranks of this um
you know you have to understand how the
enterprise works and integrates and
how systems work and why they work
before you can truly understand how to
hack into them
or break into them and that's that's my
firm belief to this day if you don't
understand
you know how the data transverses the
entire environment
and why those ports are open and that
sort of thing and all you know how to do
is write some cool scripts that can
you know enumerate data
you're not understanding how to truly
protect
an environment yeah there's a difference
between like what the nation state like
you know this
you know this this hacker collective
like where you know we're seeing active
today right like there's a there's a big
difference between what
what they're doing and what even
capabilities that you know stuff like
we're checking for right i mean it's
just a different
mindset you know and so
if you if you're trying to get into the
penetration testing game you know like
mike said it's good to have some
fundamental
i.t stuff under your belt already you
know building basic windows servers
doing basic networking stuff right i
mean if you
you know if you if you can't you know i
mean i don't want to throw sudden
netting in there as a
as an example but if you don't know
basic subnetting like what a slash 26 or
slash 25
is then it's going to be more difficult
for you to do this but it's not
impossible
and there are a lot of tools out there
and so if you you know
i think you know mike talked about the
cpt
and um the ethical hacker course
offensive security
offers really some top-notch top-notch
courses and they give you
some guided learning but you also have a
lab so you have a capture the flag which
you've got to do now that's a paid for
track right if you want something free
hack the box is an absolutely free
platform
they're it's run by penetration testers
typically um
and so they're automatically always
changing
there's an open forum to build a new
capture the flag models so i i urge
everybody who really wants to do this if
you if you can
if you can break through the membership
um
capture the flag and become a member of
a pack of bots of you then you're well
on your way
and if you need to learn how to do those
things half the box has an academy.eu
and they've got some pretty good courses
in there to get you on your way but um
you know and it's i guess you know
further on this
just drop a couple tools in your lap um
you need to either be on
you know be able to use cali repaired os
yeah
okay um and in order to run those
efficiently you probably also should use
something like virtualbox or
you know whatever it is that you know
options you have on windows um
you'll want to be very familiar with the
metasploit framework which is going to
be a part of cali and parrot
and you're going to be familiar with
with openvas which is the basically a
linux-based
resource vulnerability scanner so the
the
the whole the whole kind of process of
identifying the attack surface and then
you know trying to attempting to
compromise right
and so um uh you know those those types
of things i think are going to be
pretty important for you to be able to
not just use but learn on
and if you know whether you go down you
know either certified
ethical hacker class or cpt or oscp for
offensive security
you're going to be required to be
capable on cali parrot
using using metasploit so um
yeah and then and then for i guess to
drop some programming stuff
if i don't think i don't think you have
to program to be in cyber security right
i mean there are
no as mike said one of the very one of
the most important foundational things i
think we do is writing
i mean by far i mean all of the
knowledge and
all of the experience that we have mean
nothing if we can't
transcribe that in a manner that is
consumable by our
our customers right and so i think the
writing
is probably one of the most important
pieces out of all this um
you know because if you've got a if
you've got a i mean whether you're
writing a penetration testing report or
or risk assessment report or um any kind
of
you know road mapping or anything like
that it's it's critical that your
writing skills are on point
but um you know as as you know mike said
you know i think you know college is is
is a good thing um
and you're going to be able to take
pieces of that if you've already had it
you're going to take people's pieces of
that to use
but i guess it just depends on how
motivated you are right but we have
those positions all over cyber crew not
just pin testing right
um governance i would say the one
limiter though
on college is that if you want to get
into management you're going to have to
have a college degree you know yeah
entrepreneurial aside you know that's a
different story but if you're
going to go work at a you know fortune
500 company and you want to work your
way up to cio or cso or whatever
you've got to have a degree they're not
going to let you get past and you'll
need a master's and such
you know for that and yeah there's
certainly benefits to college
um you know i it's just one of those
things where it's
it's not necessarily the right track for
everybody um
and and everybody's got to make that
that decision for themselves there's
things that you're going to get there
that you won't get just from doing certs
but if you're looking for the direct
path in i would say that
generally speaking for for security
practitioners the certifications are
going to hold more weight
and they also give the employers
a a better look at specifically what you
know right because they're more
focused in nature um as far as
certifications i mean i only have
five certs but the one for me that was
the the best i think was the actually
the comptia network
plus course because going back to
networking side of things i mean
understanding connectivity uh was huge
and so that that was good i mean i i
ceh was great um there are some others
out there that i think are great but um
yeah i think for getting started
depending on your your
background and experiencing on the
networking side that can be a great
great place to go if you're real early
in in this path and there's a bunch of
other free resources out there right
youtube has millions of hours of
videos on cyber security um of course
and then
there's a cyborg
they have free memberships for
individuals and you can get
all kinds of training modules through
that
if you're a veteran there are a bunch of
lots and lots of free resources out
there for you so if you can
self-guide um that's those can be a
great way to go
stepping into the other disciplines
though i mean of course
yeah compliance right what other skills
would you say so writing of course is
critical
um you know project management yeah i
think
project management's critical role you
know what i mean and then depending on
what how deeply you're involved with
compliance i mean you need to be able to
read and understand things like ccpa and
hipaa and understand the
the thoughts behind them and the
requirements behind them translate that
into readable language for your client
or your company or however
you want to manage it because i mean as
a cso level and sometimes i
you know i play a lawyer on tv for lack
of a better word because i interpret
this stuff and say
this is what this means um so
there's that skill set that you need to
learn as well
well great i mean there's there's a lot
more we could say on this but um
in interest to keeping the the episode
to a reasonable length let's
wrap it up here any any final comments
before we jump off
you know what send us an email if you
want some more information and
we'll respond to the email or we'll put
up another one of these podcasts
or linkedin is great too yeah yeah yeah
reach out on linkedin and i think
what's important is that you get excited
about it you know i think you should go
after whatever excites you and if you
know being in cyber security and
you know trying to help protect you know
the the businesses that
front our economy and here in the united
states then go for it and yeah reach out
to us if there's anything that we can do
to help or if we can talk about this
more
great well thank you for joining us on
the cyber rants podcast for those of you
who looking to get into the business
hope this was helpful
and if you like the podcast please
subscribe send us your feedback your
comments
and we'd love to hear from you have a
great day