WEBVTT 00:00.031 --> 00:05.538 [SPEAKER_02]: Um, like we have to get out of the way of ourselves to be able to get to where we want to be. 00:06.179 --> 00:16.912 [SPEAKER_02]: And that has to entail us being an uncomfortable spaces, you know, if you're not really a person that talked to a lot of people being able to work on your skills to talk with people because, yes, what? 00:16.972 --> 00:28.907 [SPEAKER_02]: When you get into cybersecurity, specifically GRC, you're going to do nothing but talk to people, managing relationships is so hard, because what happens is people 00:30.136 --> 00:58.303 [SPEAKER_02]: bring in their personal lives and to work, you know, sometimes you got to catch somebody on the right day to get something done, the standing is the better word I want to phrase it as I want to say like you have to be like you have to know like, you know, Linux and like all those things, but you do have to understand the basics, which I think in a lot of cases when you get into cybersecurity, the basic level certifications kind of help prep you for some of those conversations. 01:01.405 --> 01:04.630 [SPEAKER_00]: Look, you probably haven't security plus maybe even a security clearance. 01:04.650 --> 01:10.017 [SPEAKER_00]: And nobody taught you how to write poems or how to test a security control or submit ATO package. 01:10.258 --> 01:11.179 [SPEAKER_00]: I'm Chris Arkpala. 01:11.319 --> 01:17.428 [SPEAKER_00]: I fear years ago, I was in your shoes, qualified on paper, but completely lost when it came to army. 01:17.628 --> 01:27.582 [SPEAKER_00]: I had a degree, I had to serve, so I had to drive, and when somebody said how to test the AT2 control or down a date, stick finance, I had no clue what that actually looked like. 01:27.562 --> 01:35.799 [SPEAKER_00]: Fast 4 or 5 years I worked across DOD and federal agencies, led control assessments, ring ATO package, and pass orders. 01:35.819 --> 01:46.802 [SPEAKER_00]: That's why I built Arnaficatomy to teach you the real-world execution, they don't cover and certification books, inside I'll show you how to write a poem, and don't get fast back. 01:46.782 --> 01:48.505 [SPEAKER_00]: Test and validate security controls. 01:48.986 --> 01:50.749 [SPEAKER_00]: Translate tech jardan. 01:50.769 --> 01:55.077 [SPEAKER_00]: Navigate lists 853 and RMF with confidence. 01:55.097 --> 01:59.865 [SPEAKER_00]: If you're in IT supporting the government systems or stuck on the edge of the security, this is your way. 02:00.326 --> 02:06.898 [SPEAKER_00]: The people who go through my training don't just get higher, they hit the ground running because they practice the work before they win. 02:07.359 --> 02:10.444 [SPEAKER_00]: Go to RMF Academy.io and let's get the work. 02:10.778 --> 02:13.522 [SPEAKER_00]: Welcome everybody to another edition of the Tech Wolk Podcast. 02:13.542 --> 02:17.729 [SPEAKER_00]: I am your host Chris, an Information Systems Security Officer inside the Guff takes space. 02:18.030 --> 02:21.596 [SPEAKER_00]: And in today's podcast, we have a great guest today. 02:22.116 --> 02:26.043 [SPEAKER_00]: He's going to tell us about GRC, how to navigate it, and how to get into the few. 02:26.343 --> 02:27.505 [SPEAKER_00]: His name is Irving McBride. 02:27.545 --> 02:30.190 [SPEAKER_00]: He's one of the leaders in the cybersecurity space. 02:30.210 --> 02:32.253 [SPEAKER_00]: He has a CSSP, he has a system. 02:32.634 --> 02:34.517 [SPEAKER_00]: He's doing a lot of great things in the space. 02:34.757 --> 02:36.600 [SPEAKER_00]: And without further ado, Irving, how you doing? 02:37.441 --> 02:39.325 [SPEAKER_02]: You know, it's a great day. 02:39.505 --> 02:40.307 [SPEAKER_02]: I'm glad to be here. 02:40.327 --> 02:44.576 [SPEAKER_02]: I appreciate you for inviting me here and for like we got a lot of things to share to the people. 02:45.117 --> 02:47.882 [SPEAKER_00]: Yeah, I'm glad that we got introduced. 02:47.903 --> 02:49.987 [SPEAKER_00]: You know, Derek just doesn't introduce anybody. 02:50.167 --> 02:51.049 [SPEAKER_01]: Yeah, yeah. 02:51.069 --> 02:51.229 [SPEAKER_00]: Yeah. 02:51.249 --> 02:52.111 [SPEAKER_00]: He's a smart dude. 02:52.552 --> 02:53.294 [SPEAKER_00]: Making a lot of money. 02:53.434 --> 02:54.015 [SPEAKER_01]: Solid guy. 02:54.075 --> 02:54.977 [SPEAKER_01]: Solid guy for sure. 02:55.025 --> 03:02.118 [SPEAKER_00]: And when he introduced me a say no more, I'm messing out our opportunity, not taking the opportunity to talk to him. 03:02.138 --> 03:06.605 [SPEAKER_00]: We talked to both, you know, busy people, but we was able to come up with a date. 03:06.906 --> 03:09.631 [SPEAKER_00]: I know you're doing a lot of things with the HPCUs and things like that. 03:09.991 --> 03:16.543 [SPEAKER_00]: So I appreciate you coming down here from Virginia, how we're drive to sit out with me to do this podcast. 03:16.523 --> 03:17.944 [SPEAKER_00]: Now, I appreciate you again, brother. 03:18.025 --> 03:20.967 [SPEAKER_02]: Man, listen, all right, it's just a sub lesson. 03:21.068 --> 03:28.075 [SPEAKER_02]: You know, I'm saying, I know we got a chance to rock and talk a little bit before, but a lot of these opportunities weren't as prevalent. 03:28.175 --> 03:29.816 [SPEAKER_02]: They have been in the past, you know? 03:29.856 --> 03:37.464 [SPEAKER_02]: So being able to create a space that we're doing the day is not only doing ourselves at service, but helping, you know, help one to help another. 03:37.484 --> 03:39.406 [SPEAKER_02]: You know, I'm saying, so anyway, I can help. 03:39.466 --> 03:41.248 [SPEAKER_02]: I appreciate you for having me here for sure. 03:41.228 --> 03:44.996 [SPEAKER_00]: Yeah, especially in these times, cyber security, everybody was again in the cyber security. 03:45.016 --> 03:46.018 [SPEAKER_02]: Don't do it, don't do it. 03:46.038 --> 03:46.780 [SPEAKER_02]: Everybody will get a cyber security. 03:46.800 --> 03:53.955 [SPEAKER_00]: Time to take it a bag and get an air-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-dear-de 03:54.492 --> 03:55.333 [SPEAKER_02]: Always changing. 03:56.474 --> 03:58.216 [SPEAKER_02]: It's going to continue to change too. 03:58.556 --> 04:06.343 [SPEAKER_02]: As the threat landscape continues to change, as we get these new technologies and things continue to trend in the upward direction. 04:06.364 --> 04:09.487 [SPEAKER_02]: A lot of people talk about this buzzwords AI, right? 04:09.507 --> 04:17.654 [SPEAKER_02]: So when we continue to get more technologies like that that are changing and shifting the world and how we see the world, how we're able to interact with people. 04:18.135 --> 04:22.339 [SPEAKER_02]: And how we're able to do our jobs, it's always going to be a different change within cybersecurity. 04:22.403 --> 04:26.849 [SPEAKER_00]: Yeah, you know, the, the, the, the, the, the big buzzwords we got going on is GRC right now. 04:27.550 --> 04:30.494 [SPEAKER_01]: So I'm like everybody about there, but I won't get in GRC. 04:30.815 --> 04:32.697 [SPEAKER_00]: GRC is, you know, you don't have to do no work. 04:32.717 --> 04:33.478 [SPEAKER_00]: You don't have to do this. 04:33.579 --> 04:34.400 [SPEAKER_00]: I'm my man. 04:34.520 --> 04:36.643 [SPEAKER_00]: I'm working my butt off, but before we get into that. 04:36.663 --> 04:39.547 [SPEAKER_00]: Yeah, kind of total audience who you are, which is background. 04:39.567 --> 04:41.830 [SPEAKER_00]: It's just so people can understand what you bring to the table. 04:41.810 --> 04:43.493 [SPEAKER_02]: Yeah, and of course, of course. 04:43.533 --> 04:48.421 [SPEAKER_02]: So, you know, I don't give you all the full resume right now, right? 04:48.481 --> 04:53.730 [SPEAKER_02]: But I will say that I went to North Carolina, excuse me, where are my menace? 04:54.351 --> 04:59.360 [SPEAKER_02]: I went to the illustrious North Carolina AT State University where I got my undergrad degree in computer science. 04:59.380 --> 05:01.303 [SPEAKER_02]: So, Aggie Pride, if anybody's watching. 05:01.283 --> 05:11.615 [SPEAKER_02]: From there, I saw the work and that, you know, Fortune 500 companies, AT&T being one of them where I got into a rotation of program that allowed me to see high cyber works in different facets. 05:11.695 --> 05:17.101 [SPEAKER_02]: So, you know, did some product marketing and stuff, project management stuff, worked in the sock, none of the really stuff to me. 05:17.121 --> 05:28.354 [SPEAKER_02]: And then, that's why I uncovered my space in GRC as a compliance analyst, and I was able to see what does it really look like, you know, did some work that wanted a big for and consulting on from that point 05:28.334 --> 05:35.483 [SPEAKER_02]: that allowed me to see more of GRC from a broadest standpoint, you know, working with different C-suite executives to help them build that security programs. 05:35.583 --> 05:58.071 [SPEAKER_02]: And I mean, I will say today, I continue to grow and evolve my skills in a GRC space being able to, you know, help corporations to be able to continue to build out that GRC functions, whether it's a very party risk management, you know, did some security awareness stuff, and which I love to do, and some other engagement is like risk assessments and things that that's so, 05:58.051 --> 06:07.224 [SPEAKER_02]: Um, you know, GSC is where it's at, um, I would say that's a little bit about me, a little bit about what I'm currently doing and you know, outside of that just looking to continue to inspire the people. 06:07.244 --> 06:12.571 [SPEAKER_00]: No, no, no, no, so just to get into straight in there, everybody here is GRC as well as we're right. 06:12.591 --> 06:13.893 [SPEAKER_00]: Govern's risk and compliance. 06:13.933 --> 06:14.134 [SPEAKER_00]: Yeah. 06:14.194 --> 06:16.217 [SPEAKER_00]: No, people mainly focus on the governance part. 06:16.337 --> 06:16.597 [SPEAKER_00]: Right. 06:16.877 --> 06:21.965 [SPEAKER_00]: But like you explained, like, what GRC is and why is needed in these organizations? 06:21.985 --> 06:27.973 [SPEAKER_02]: No, I mean, that's a, that's a really good question. 06:27.953 --> 06:30.319 [SPEAKER_02]: we break it down to these three different silos. 06:30.880 --> 06:33.306 [SPEAKER_02]: It all encompasses this big broader picture. 06:33.366 --> 06:38.960 [SPEAKER_02]: So the governance aspect being able to uncover what is it that we look at from a high level, right? 06:39.061 --> 06:44.494 [SPEAKER_02]: How do we understand the architecture and the structure of the buildings and the organizations, right? 06:44.474 --> 06:51.424 [SPEAKER_02]: Being able to uncover the different processes, the policies, and understand how to have the right people in the right places. 06:51.744 --> 06:55.389 [SPEAKER_02]: When we talk cybersecurity, we talk about people processes and technology. 06:55.409 --> 06:58.193 [SPEAKER_02]: So that's the government aspect. 06:58.574 --> 07:00.416 [SPEAKER_02]: Then we think about the risk component. 07:00.677 --> 07:07.967 [SPEAKER_02]: Risk is important because one of the things that people think is that risk is something that can be eliminated. 07:07.947 --> 07:10.329 [SPEAKER_02]: It can't be eliminated, it can't be minimized. 07:10.510 --> 07:11.290 [SPEAKER_02]: You know what I'm saying? 07:11.351 --> 07:24.344 [SPEAKER_02]: So being able to understand what the risk appetite is, for your organization, being able to understand what that risk tolerance aspect is, is basically what the risk aspect component is, is risk management managing the risk that you have in your organization. 07:24.905 --> 07:27.367 [SPEAKER_02]: And in the last piece, of course, is compliance, right? 07:27.447 --> 07:32.132 [SPEAKER_02]: So we think about compliance as an aspect of being able to, 07:32.112 --> 07:52.332 [SPEAKER_02]: maintain our different certificates, certifications within the compliance space, so when I worked in with different organizations in the past, they had to be compliant with HIPAA, they had to be compliant with PCI, and I'm sorry HIPAA, it deals a lot more with the healthcare space, PCI deals a little bit more with the payment card industry, 07:52.312 --> 08:00.065 [SPEAKER_02]: Being able to understand what SOC 2 is, a lot of people have been complying in those spaces as well from a third party risk aspect. 08:00.125 --> 08:14.269 [SPEAKER_02]: So these are a lot of the complying components and when they're not compliant, you get a knock on your door, you get that slap on the wrist and be like, hey, we see you not complying and you will get those funds of regulations for your organization. 08:14.249 --> 08:43.378 [SPEAKER_02]: So, a lot of the bigger pieces for the cybersecurity aspect is that, or not, aspect in cyber security, but businesses, they either look into generate revenue, you know, I'm saying that's the biggest aspect, and when you think about what cybersecurity does, and specifically GRC, we are the group to has to allow the business to be enabled, you know, I'm saying, so that's the job of what GRC program does for the business, but also for the organization itself. 08:43.578 --> 08:53.987 [SPEAKER_00]: Yeah, and I love how you broke that down, fully because a lot of people think with GRC, we just, we just check in boxes, just talking to people, but you have to understand the framework, you got to understand. 08:54.007 --> 08:56.310 [SPEAKER_00]: You got to know more about the business than they probably know about the business. 08:56.390 --> 08:57.571 [SPEAKER_02]: Absolutely, absolutely. 08:57.811 --> 08:58.051 [SPEAKER_02]: Yeah. 08:58.632 --> 08:59.512 [SPEAKER_00]: Yeah, you good? 08:59.533 --> 09:12.184 [SPEAKER_02]: No, I was just gonna say, I mean, you had to nail on the head when you think about understanding the business because when you think about GRC, you have to really understand it's not just 09:12.164 --> 09:13.466 [SPEAKER_02]: security, right? 09:13.626 --> 09:20.236 [SPEAKER_02]: We're understand in the different facets of how security touches the different aspects of whatever that company does. 09:20.317 --> 09:22.119 [SPEAKER_02]: So if it's a health care aspect, right? 09:22.179 --> 09:30.692 [SPEAKER_02]: Being able to understand, you know, if it's a hospital, you know, GRC has to be in place or somebody may, maybe a tragedy on somebody's hands, right? 09:30.753 --> 09:35.640 [SPEAKER_02]: You know, when you think about the financial aspect, GRC has to be in place or 09:35.620 --> 09:43.751 [SPEAKER_02]: You know, there may be, you know, identity fraud or anything in regards to, you know, a data breach that may amount to the company losing some money. 09:44.512 --> 09:45.634 [SPEAKER_02]: So yeah, I agree. 09:45.914 --> 09:49.339 [SPEAKER_00]: And will you just say it and then like, okay, so that you know this app called the TF, right? 09:49.640 --> 10:01.476 [SPEAKER_00]: Ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha ha 10:01.456 --> 10:04.559 [SPEAKER_00]: But the sum it up, they had a breach recently. 10:04.960 --> 10:08.343 [SPEAKER_00]: All the included mines, my ID, everything has been released. 10:08.363 --> 10:09.064 [SPEAKER_00]: And they just did. 10:09.444 --> 10:10.886 [SPEAKER_00]: The government's risk of compliance on that. 10:11.266 --> 10:12.267 [SPEAKER_00]: We would be good. 10:12.287 --> 10:12.808 [SPEAKER_02]: Yeah, yeah. 10:13.148 --> 10:22.758 [SPEAKER_02]: And I think the biggest thing about some of these organizations, and we're not just specifically TAP, I want to break it down to the place where I'm not feel like I'm bullying anybody. 10:22.858 --> 10:28.344 [SPEAKER_02]: But when you consider some of these different groups that are starting off, right? 10:28.464 --> 10:30.366 [SPEAKER_02]: A lot of them don't have 10:30.346 --> 10:34.655 [SPEAKER_02]: the right people in places to have a sound cybersecurity program. 10:35.176 --> 10:42.031 [SPEAKER_02]: If they had the right person in place, they would understand that having the legacy system in the beginning was already a no-go. 10:42.091 --> 10:48.304 [SPEAKER_02]: Here it comes saying like, when we think about being in the private sector, we would already say, 10:48.284 --> 10:48.905 [SPEAKER_02]: That's cut. 10:49.085 --> 11:03.345 [SPEAKER_02]: We not using that public sector, you know, already absolutely like, I mean, we talk about what we can get into like these different frameworks and things that I saw, but it's still a point of time where if you don't have the right controls in place, you're not authorized to operate. 11:03.946 --> 11:12.418 [SPEAKER_02]: You know, I'm saying, we'll talk about what that particularly means, but having the system like that would already automatically not have you being able to conduct business. 11:12.601 --> 11:22.494 [SPEAKER_00]: Okay, so you worked in the private in the public sector, okay, so we're going to start going into these frameworks, so we're going to talk about first the public sector. 11:22.614 --> 11:29.303 [SPEAKER_00]: What frameworks are we, what frameworks are we using in the public sector and like what kind of ones do you use in the private sector? 11:29.343 --> 11:32.247 [SPEAKER_02]: Yeah sure sure sure so. 11:32.935 --> 11:35.698 [SPEAKER_02]: Public sector, the frameworks that will be used. 11:35.798 --> 11:43.588 [SPEAKER_02]: So, me being a part of an organization that does a lot of business in Virginia. 11:44.429 --> 11:47.553 [SPEAKER_02]: Some of the assets we think about is cove, sex 530. 11:48.013 --> 11:51.878 [SPEAKER_02]: Cove, sex 530 is just a derivative of NIS 853. 11:52.879 --> 11:57.525 [SPEAKER_02]: So, NIS 853 is, don't be here, it ain't goin' away, you know what I'm sayin'? 11:57.925 --> 12:01.930 [SPEAKER_02]: So, that's one particular component of it. 12:03.175 --> 12:07.646 [SPEAKER_02]: Struggling the fence between public and private sector and this CSF has been a big one. 12:07.666 --> 12:18.855 [SPEAKER_02]: That's actually one of my favorites, you know, because it's more simplified, you know, down to how to understand having the right controls in place, you know, so I will say that's one of the other components. 12:18.835 --> 12:31.793 [SPEAKER_02]: Depending on how this business is structured, if they do type of work that is involved in the student internationally, they're probably gonna look at having like ISO 27,0001 in place. 12:32.133 --> 12:33.896 [SPEAKER_02]: You know, so that's gonna be another one. 12:33.916 --> 12:41.907 [SPEAKER_02]: And of course, as we fully transition into talking about public sector, I know some, 12:41.887 --> 12:43.249 [SPEAKER_02]: entities use state ramp. 12:43.589 --> 12:43.910 [SPEAKER_02]: Right. 12:44.130 --> 12:51.261 [SPEAKER_02]: That's pretty much state ramp is very similar to cove a psych 530, cove psych 530 is just specifically for Virginia. 12:51.721 --> 13:01.015 [SPEAKER_02]: But then state ramp is used all around and in of course you got fat ramp, you know, everybody know about fat ramp, you know, you know, if you exactly have you in that federal space, it's just a derivative. 13:01.716 --> 13:06.763 [SPEAKER_02]: So yes, all right, these are some of the different frameworks that you can probably look to see in 13:06.743 --> 13:13.231 [SPEAKER_00]: Yeah, and they're important because implementing security controls, things like that, you have to go off with what they say. 13:13.251 --> 13:26.286 [SPEAKER_00]: It's like kind of like our Bible, various types of things, and D, and D. So, somebody's trying to get into the field, like, do you think studying the frameworks or just trying to figure out a way to apply them to a fake system or some or doing projects? 13:26.306 --> 13:27.908 [SPEAKER_00]: How would somebody navigate that? 13:27.955 --> 13:29.517 [SPEAKER_02]: Yeah, I mean, that's a really good question. 13:29.537 --> 13:32.561 [SPEAKER_02]: I think it's a lot of ways to get to it, right? 13:32.762 --> 13:48.223 [SPEAKER_02]: And I'm not saying that each particular way is a right or wrong answer, but I will say that for me, when I thought about it, I had a tradition around where I went and got my degree and that I learned when to get into the space of cybersecurity. 13:48.864 --> 13:52.129 [SPEAKER_02]: Somebody might not want to go through the four year opportunity. 13:52.209 --> 13:56.595 [SPEAKER_02]: Some people want to, but it's, it's, it's to be a, 13:56.575 --> 13:59.220 [SPEAKER_02]: is to be a commercial. 13:59.240 --> 14:01.684 [SPEAKER_02]: He's like, I need my money and I want it now. 14:01.704 --> 14:04.129 [SPEAKER_02]: And it is just kind of came to my real quick. 14:04.169 --> 14:14.888 [SPEAKER_02]: But when I think about it, it's one of those things where there are boot camps out there that a lot of people go through for like six months or could be less, you know, and that's how they kind of land and get into the space. 14:14.868 --> 14:18.615 [SPEAKER_02]: Other ways is that some people just become self-taught. 14:18.635 --> 14:21.400 [SPEAKER_02]: You know, there are different certifications out there. 14:21.621 --> 14:25.488 [SPEAKER_02]: You go through a self-paced training, and you can kind of navigate that particular space. 14:25.888 --> 14:28.874 [SPEAKER_02]: I know we'll probably talk a little bit more about what those actually look like. 14:28.894 --> 14:30.076 [SPEAKER_02]: So I'll say that for later. 14:30.156 --> 14:36.488 [SPEAKER_02]: But, and then I think the biggest piece that we don't talk a lot about in this space is 14:36.468 --> 14:55.057 [SPEAKER_02]: networking, you know, like we have to get out of the way of ourselves to be able to get through everyone to be and that has to entail us being in uncomfortable spaces, you know, if you're not really a person that talked to a lot of people being able to work on your skills to talk with people because, yes, what? 14:55.097 --> 15:03.049 [SPEAKER_02]: When you get into cybersecurity, specifically GRC, you're going to do nothing but talk to people, you got to understand that you are going to be liaison, 15:03.029 --> 15:10.258 [SPEAKER_02]: to be able to bridge the gap to different teams to be able to achieve at a high level what GRC is for the organization. 15:10.518 --> 15:14.243 [SPEAKER_02]: So networking is definitely stopped going for a show for sure. 15:14.383 --> 15:15.084 [SPEAKER_00]: And that got you. 15:15.104 --> 15:21.672 [SPEAKER_00]: So like, okay, so like, a lot of people ask me this too, like, like, what is kind of the data a lot, day-to-day when we're in the field? 15:21.772 --> 15:23.995 [SPEAKER_00]: Like, what are the things that you're doing? 15:24.375 --> 15:27.339 [SPEAKER_02]: Yeah, from a GRC standpoint, right? 15:27.900 --> 15:29.762 [SPEAKER_02]: I'll try to keep it as, 15:29.742 --> 15:32.446 [SPEAKER_02]: as neutral as possible. 15:32.887 --> 15:37.494 [SPEAKER_02]: One of the things you're thinking about is that you're thinking about risk order. 15:37.615 --> 15:39.357 [SPEAKER_02]: You're thinking about risk to the organization. 15:39.378 --> 15:52.138 [SPEAKER_02]: As I mentioned earlier, your particular organization that you work for, we'll have a risk appetite, which means that they have a particular level of risk that they can take on for an organization. 15:52.118 --> 15:53.720 [SPEAKER_02]: and they can manage. 15:54.000 --> 16:00.426 [SPEAKER_02]: Now, there are four different components of how to mitigate risk or manage risk, I'll call it. 16:00.446 --> 16:09.035 [SPEAKER_02]: You know, you got risk acceptance, being up to say that you're accepting this risk for your organization, you got risk avoidance, meaning that you've gotten, not as if it's going to work for us. 16:09.115 --> 16:12.759 [SPEAKER_02]: You know, we're going to try to go a different route around it, so we don't have to worry about it. 16:13.179 --> 16:21.568 [SPEAKER_02]: You have risk, transference, also risk sharing, which is basically having insurance 16:21.548 --> 16:25.235 [SPEAKER_02]: And then the last component of it, what did I say? 16:25.596 --> 16:30.505 [SPEAKER_02]: I said sharing, avoidance, acceptance, and mitigation, right? 16:30.966 --> 16:44.451 [SPEAKER_02]: So getting rid of it in general, you know, like, you know, you have particular risks on the table, how do you get rid of it, normally applying the security control that can bridge that gap with whatever that risk is for your organization. 16:44.431 --> 16:51.114 [SPEAKER_02]: So, a day in a life particularly would result into just understanding what the risk of for your organization. 16:51.978 --> 16:54.105 [SPEAKER_02]: And it just everything else has kind of come from that. 16:54.246 --> 16:56.112 [SPEAKER_02]: You know what you think about? 16:56.277 --> 16:57.859 [SPEAKER_02]: being in this particular space. 16:57.979 --> 17:05.267 [SPEAKER_02]: A lot of times when we look at applying security controls, a lot of it kind of comes from having policies in procedures in place, right? 17:05.507 --> 17:10.112 [SPEAKER_02]: So that's how you really check off a lot of the box in the haste and that please don't hurt me. 17:10.893 --> 17:19.602 [SPEAKER_02]: But, you know, being there with a hive, the right policies in place kind of helps out with a lot of those instances, and then it goes into the compliance aspect because you're able to 17:19.582 --> 17:30.734 [SPEAKER_02]: test those controls right and when you're able to test them and see that they work when the external order comes in they're able to see it from the same point of view and that can help you continue to be compliant for your organization. 17:30.774 --> 17:33.417 [SPEAKER_02]: So that's pretty much what they did in a life will look like. 17:33.558 --> 17:37.462 [SPEAKER_02]: It can vary because there are different aspects when it comes down to GRC. 17:37.902 --> 17:42.267 [SPEAKER_02]: Like I kind of mentioned security awareness is one of the biggest ones for me, like being able to. 17:43.068 --> 17:49.335 [SPEAKER_02]: When you think about the numbers of 95% of the data breaches are tied to the human element 17:49.315 --> 17:50.937 [SPEAKER_02]: We're the problem. 17:50.957 --> 18:04.412 [SPEAKER_02]: We, the people that help enable the business, we're the problem because there's a deficiency within the ability for somebody to understand what's sufficiently, should we, a efficient email and what's legitimate, you know? 18:05.153 --> 18:11.601 [SPEAKER_02]: And being able to have that awareness to understand how do we really navigate that particular scenario? 18:11.741 --> 18:16.386 [SPEAKER_02]: So, you know, security awareness could be something that you work on for the organization. 18:16.366 --> 18:21.296 [SPEAKER_02]: Um, some of the other things you can work on is like, you know, third party aspects, right? 18:21.316 --> 18:25.806 [SPEAKER_02]: Being able to assess your vendors because businesses don't just do business within themselves. 18:25.906 --> 18:32.299 [SPEAKER_02]: They have to have other companies that they are able to trust. 18:32.279 --> 18:36.824 [SPEAKER_02]: And I like that word because trust is a really big component when it comes down to cyber security. 18:37.144 --> 18:42.450 [SPEAKER_02]: We talk about zero trust, we talk about all the different trusts and, you know, we talk about trust relationship. 18:42.991 --> 18:49.658 [SPEAKER_02]: So when we get not too technical today, but when we get into those type of aspects, you have to build a trust. 18:49.678 --> 19:01.932 [SPEAKER_02]: And what that looks like is being able to do some type of risk assessment, or I like to normally do SOC 2 reviews when I work with different companies that are external because that gives me a better 19:01.912 --> 19:03.194 [SPEAKER_02]: Um, that's correct. 19:03.234 --> 19:03.755 [SPEAKER_02]: That's correct. 19:04.457 --> 19:12.191 [SPEAKER_02]: Um, and then, you know, outside of that, it could be as I keep mentioned in, but these risk assessments, you know, being able to engage and do some of those aspects. 19:12.211 --> 19:16.819 [SPEAKER_02]: So I think that's a really big understanding of what it could potentially look like. 19:16.879 --> 19:19.043 [SPEAKER_02]: But outside of that, you're not only 19:19.023 --> 19:36.321 [SPEAKER_02]: doing the work you're helping solve some of those problems and being a problem solver comes with not only your hands or being able to solve the problem, it's being able to find and identify the right people in those spaces that can help you move the needle so that you're able to achieve that particular goal for your organization. 19:36.742 --> 19:38.365 [SPEAKER_02]: So I would say that's a day in the life for sure. 19:38.497 --> 19:40.079 [SPEAKER_00]: No, no, that's a very good answer. 19:40.439 --> 19:52.172 [SPEAKER_00]: And then, too, like he was saying, you have to be able to work with those system administrators, with those PMs, with those people, because a lot of the times, like I said, we like to solve a problem for the other people who don't want to solve the problems in there. 19:52.232 --> 19:57.658 [SPEAKER_00]: So like, talk about how hard it can be just to even talk to these people to kind of get this thing done. 19:58.199 --> 20:00.802 [SPEAKER_02]: Yeah, yeah, it's tough. 20:01.362 --> 20:03.745 [SPEAKER_02]: And one of the things I've learned is that, 20:05.007 --> 20:08.291 [SPEAKER_02]: managing relationships is so hard. 20:08.572 --> 20:19.787 [SPEAKER_02]: Because what happens is people bring in their personal lives and to work, you know, sometimes you've got to catch somebody on the right day to get something done. 20:20.668 --> 20:26.836 [SPEAKER_02]: Or sometimes somebody might be taking off because they need that time off, because the business is stressing them out. 20:26.956 --> 20:28.158 [SPEAKER_02]: Here you're now I'm saying it. 20:28.258 --> 20:28.298 [SPEAKER_02]: So 20:28.278 --> 20:37.492 [SPEAKER_02]: But when you're able to actually figure out who can help you solve that problem, it's normally not that you get this done for me and then going about your business. 20:37.652 --> 20:43.401 [SPEAKER_02]: The thing that I've learned is that relationships is an aspect where you have to continue to foster them. 20:43.822 --> 20:47.307 [SPEAKER_02]: You can't just say, oh, I need something and then expect from them to get you something. 20:47.347 --> 20:57.002 [SPEAKER_02]: People feel a lot more comfortable with doing things for you and helping you achieve your goal once they understand how it's going to impact them from a positive standpoint. 20:56.982 --> 21:09.169 [SPEAKER_02]: So, I will say that's probably one of the things that we could probably kind of talk about all day being able to just be that people person and help others to help themselves. 21:09.318 --> 21:12.382 [SPEAKER_00]: Yeah, and that's how you foster relationships when I first started. 21:12.883 --> 21:14.966 [SPEAKER_00]: I would thought I could just get them to do everything I want to do. 21:15.026 --> 21:20.113 [SPEAKER_00]: No, I have to talk to them right now and then, how's your kid, how's this, you know, might go to lunch one day. 21:20.213 --> 21:20.553 [SPEAKER_00]: Yeah, yeah. 21:20.593 --> 21:26.942 [SPEAKER_02]: So it's a, it's a, it's a personal relationship and it, it, it's life skills too. 21:27.162 --> 21:29.065 [SPEAKER_02]: It's definitely life skills like. 21:29.315 --> 21:32.941 [SPEAKER_02]: I know we talk a lot about just getting into GRC, right? 21:33.101 --> 21:35.165 [SPEAKER_02]: But think beyond that, right? 21:35.245 --> 21:38.811 [SPEAKER_02]: Think about what type of person you want to be when you get into the space, right? 21:38.991 --> 21:42.337 [SPEAKER_02]: Think five years, 10 years down a row, like what is your life look like? 21:42.377 --> 21:44.961 [SPEAKER_02]: Do you want to continue to be that entry level analyst? 21:44.941 --> 21:46.403 [SPEAKER_02]: do you want to lead a team? 21:46.443 --> 21:47.905 [SPEAKER_02]: Do you want to lead the organization? 21:48.265 --> 22:03.985 [SPEAKER_02]: Like the skills that you're actually pivoting into and actually shifting into right now is going to be the skills you're going to need five and ten years down the road because it's going to be so much more big than you and then you're going to have to really help other people navigate important to their cups all the same ways. 22:04.225 --> 22:08.991 [SPEAKER_00]: So I'm going to tell me about the ATO process and the public sector. 22:08.971 --> 22:09.692 [SPEAKER_02]: Okay. 22:09.712 --> 22:09.952 [SPEAKER_02]: Okay. 22:09.972 --> 22:20.545 [SPEAKER_02]: Yeah, so when you think about the HTO process, which you pretty much have is you have the understanding that you aren't able to operate, right? 22:20.665 --> 22:22.767 [SPEAKER_02]: Authority to operate is what HTO is. 22:22.808 --> 22:32.159 [SPEAKER_02]: So that means that you can operate if you don't have this basically indication that you can continue to do business the way you do from a security standpoint. 22:32.179 --> 22:34.962 [SPEAKER_02]: You have to have the right security controls in place. 22:34.942 --> 22:44.824 [SPEAKER_02]: And allow a third party to come in and say, yes, we agree that this business is operating how they should be from a cyber security or security standpoint. 22:46.026 --> 22:53.102 [SPEAKER_02]: What that particularly looks like is that you are building out, understand of the different 22:55.715 --> 22:56.997 [SPEAKER_02]: control families, right? 22:57.017 --> 22:58.420 [SPEAKER_02]: You have the different control families. 22:58.981 --> 23:05.292 [SPEAKER_02]: You have to be able to assess each particular control based off of which your environment is. 23:05.332 --> 23:10.100 [SPEAKER_02]: Like I remember at a point in time, I was working for a company and it was doing a COVID. 23:10.360 --> 23:12.945 [SPEAKER_02]: So like the P.E. 23:13.185 --> 23:19.336 [SPEAKER_02]: or the physical environment, you know, I'm saying this control wasn't in place for us because we wasn't going in office. 23:19.356 --> 23:20.558 [SPEAKER_02]: You know, I'm saying, 23:20.538 --> 23:29.750 [SPEAKER_02]: Now that we are a bag, being able to understand what your business does, first is what they do not do, can help you build out what's called a SSP system security plan. 23:30.311 --> 23:34.637 [SPEAKER_02]: Once you have that system security plan, you're able to test what that particularly looks like. 23:35.418 --> 23:41.006 [SPEAKER_02]: And that kind of goes into a SAR, which is a security assessment. 23:41.466 --> 23:50.258 [SPEAKER_02]: I forgot what the R stands for right now, but being able to have that particular document is indication that y'all are moving in the right direction. 23:50.238 --> 23:56.805 [SPEAKER_02]: And so then when they do come in to do the assessment of how your, you know, your business is doing. 23:56.825 --> 24:03.372 [SPEAKER_02]: You're normally given that ATO by having the right controls in place because you test it with those particular controls look like. 24:03.832 --> 24:07.016 [SPEAKER_00]: That's important process because it's making sure you implementing them. 24:07.256 --> 24:13.382 [SPEAKER_00]: You make sure you're checking your vulnerabilities to make sure you audit ready because it's somebody auditing you and you're not doing anything. 24:13.402 --> 24:19.789 [SPEAKER_00]: You say you can big trouble sometimes. 24:21.068 --> 24:25.776 [SPEAKER_00]: Can you kind of break that down like, so compared to the private sector, is it kind of like the same? 24:25.856 --> 24:27.839 [SPEAKER_00]: Is it the, what would you go? 24:27.859 --> 24:34.189 [SPEAKER_02]: So I will say that in my experience, you know, it can be all the same, right? 24:35.030 --> 24:36.613 [SPEAKER_02]: I think that, 24:36.593 --> 24:42.402 [SPEAKER_02]: A lot of companies take security seriously, right, for their own purposes, right? 24:42.462 --> 24:44.946 [SPEAKER_02]: Some people want to be secure because they want to have a day to breach. 24:45.607 --> 24:49.633 [SPEAKER_02]: Some people don't want to get involved and get in trouble with SEC, you know? 24:49.693 --> 24:55.041 [SPEAKER_02]: Like people have their own motives for why security is important to them. 24:55.021 --> 25:13.249 [SPEAKER_02]: When you think about the private sector, a lot of times, companies are looking to have that ATO process confirmed because they're looking to work with different entities that may involve the federal government space. 25:13.229 --> 25:26.970 [SPEAKER_02]: If I'm a private sector, and I'm looking to maximize my business, I don't want to be silo to just other companies that are in the private sector, I want to be able to meet the market within the public sector. 25:27.371 --> 25:28.152 [SPEAKER_02]: And what does that mean? 25:28.212 --> 25:36.925 [SPEAKER_02]: I have to be compliant and to go a little deeper, that means that I need to have like, you know, ATO, which will correspond into the 25:37.411 --> 25:39.294 [SPEAKER_00]: Okay, now understand that portion. 25:39.314 --> 25:45.124 [SPEAKER_00]: Okay, so wherever we got new frameworks that everybody's trying to get into now You guys see them see, which is Rukderage. 25:45.224 --> 25:46.446 [SPEAKER_00]: That's his specialty. 25:46.506 --> 25:49.130 [SPEAKER_00]: Yeah, the AIRMF framework, which I've been studying. 25:49.251 --> 25:49.511 [SPEAKER_00]: Okay. 25:49.531 --> 25:52.236 [SPEAKER_00]: Also, I can kind of, you know get it to that space. 25:52.256 --> 25:52.716 [SPEAKER_01]: You sure. 25:52.757 --> 25:53.057 [SPEAKER_01]: Yeah 25:53.037 --> 25:59.162 [SPEAKER_00]: do you think learning those frameworks will kind of be a beneficial are you very familiar with those? 25:59.262 --> 26:00.784 [SPEAKER_02]: Yeah man, I mean, absolutely. 26:01.344 --> 26:05.308 [SPEAKER_02]: Seemham C is a really big space right now in his boomin. 26:05.328 --> 26:10.352 [SPEAKER_02]: It's definitely boomin, you know, been having a lot of conversations about with this particularly. 26:12.774 --> 26:14.936 [SPEAKER_02]: Framework is and why I have so important. 26:16.177 --> 26:22.943 [SPEAKER_02]: Through my research on this to that particularly contractors and the DOD space, they're 41,000 of them. 26:22.923 --> 26:23.285 [SPEAKER_02]: Right. 26:24.369 --> 26:31.158 [SPEAKER_02]: Only when I have my conversation, maybe a month and a half, maybe two months ago, there were only 100 of them. 26:31.339 --> 26:33.287 [SPEAKER_02]: There were CMMC compliant. 26:34.027 --> 26:35.489 [SPEAKER_02]: There is a mandate. 26:35.509 --> 26:46.985 [SPEAKER_02]: I believe the date was October, which is coming up that you have to be compliant in a particular space or you will not be able to be considered as a DOD contractor. 26:47.506 --> 26:48.287 [SPEAKER_02]: So what does that mean? 26:48.487 --> 27:01.806 [SPEAKER_02]: For a lot of people that are contract as an DOD space, that's your brand and your butter, you will not be able to operate as the invention because you don't have that key component to be able to continue to be in that market. 27:01.786 --> 27:11.080 [SPEAKER_02]: So a lot of companies are trying to find the 3PO's to be able to come in and assess their businesses right now from a CMMC compliance standpoint. 27:11.881 --> 27:28.806 [SPEAKER_02]: A lot of it deals with, you know, I got the level 1 aspect, got the level 2 aspect, so I mean, it kind of varies between the two, but CMMC has been something on my radar that I've been taking a look at because not only from the contractor standpoint, but you know, if 27:28.786 --> 27:36.738 [SPEAKER_02]: If my hunch is correct, I do believe that a lot of people outside of the federal space will start following the CMC aspect. 27:36.799 --> 27:52.363 [SPEAKER_02]: So when you think about somebody that is looking for the different trends, as we will talk about AI next, you know, this is somewhere where the business will be trending and that will be opportunities, which means that you should probably hop on looking at different. 27:52.343 --> 28:02.832 [SPEAKER_02]: certifications like the CCP, the CMMC, certified professional, or the CCA, which is the CMMC certified assessor opportunities. 28:03.333 --> 28:11.360 [SPEAKER_02]: Now, I know you talked about the AI risk management framework, which is a really big space of AI as a really big buzzword right now. 28:11.520 --> 28:22.350 [SPEAKER_02]: You know, a lot of people are considering what this tool does and looking to ingest it into their organizations, 28:22.330 --> 28:34.331 [SPEAKER_02]: And so being able that this provided, you know, this framework, we have another set of guidelines or we can even say guidelines, but you know, I would break it down from the standards. 28:35.533 --> 28:46.633 [SPEAKER_02]: But we have a way to be able to look at and identify, you know, with the particular risks are for some of these AI systems and ensure that, you know, nothing goes wrong. 28:46.613 --> 28:53.450 [SPEAKER_02]: The thing that I hate is that it will have to take a company to be made in the example for a lot of companies to take in more seriously. 28:54.412 --> 29:02.091 [SPEAKER_02]: But at the same time, these are, this is where we're trending, you know, and if you're not with the times you will either adapt the retire. 29:02.307 --> 29:09.456 [SPEAKER_00]: Yeah, because, like, I think even with the government, it seems if he's a big one, like you're just talking about, so many companies are trying to get compliant. 29:09.476 --> 29:14.302 [SPEAKER_00]: I know people that just started whole contracting companies, they make hundreds of thousands just like that. 29:14.422 --> 29:14.923 [SPEAKER_01]: Absolutely. 29:15.063 --> 29:18.307 [SPEAKER_00]: And then with AI, you're about the White House AI action plan, right? 29:18.647 --> 29:24.915 [SPEAKER_00]: So even teaching it, if you can learn AI, teach it, even learn AI framework, you can teach that at school because they're spending for it now. 29:25.035 --> 29:27.198 [SPEAKER_00]: So you definitely got to adapt to those times. 29:27.218 --> 29:28.359 [SPEAKER_00]: Yeah, because you'll get left behind. 29:28.379 --> 29:30.542 [SPEAKER_02]: Yeah, non-D and DA, spot on. 29:30.742 --> 29:37.449 [SPEAKER_00]: Yeah, and then also to that, I don't know if you familiar with AGI, or if you're familiar with AGI, so... AGI, AGI. 29:37.729 --> 29:39.051 [SPEAKER_00]: So super intelligents of AGI. 29:39.151 --> 29:40.212 [SPEAKER_00]: It's okay, okay. 29:40.232 --> 29:42.034 [SPEAKER_00]: So that point where it's smarter than human. 29:42.074 --> 29:43.555 [SPEAKER_00]: Yeah, you have the recollection. 29:43.575 --> 29:44.817 [SPEAKER_02]: Yeah, yeah, yeah, yeah. 29:44.837 --> 29:52.324 [SPEAKER_02]: And on date, I mean, I grew up watching one of the movies I wrote by, and it seems very, very similar to what that particular could be. 29:52.905 --> 29:54.827 [SPEAKER_02]: And it's moving rapidly, too. 29:55.027 --> 29:58.791 [SPEAKER_02]: You know, a lot of people love the new idea of it being 29:58.771 --> 30:11.972 [SPEAKER_02]: that we all have a lot of innovative minds out here, but a lot of people want to say that it's secure, but we don't again go back to the basics understanding what are all the risks, right? 30:12.533 --> 30:20.024 [SPEAKER_02]: Because when you think about something that's going to outspend in human, I mean, it's going to pull a fast one on the United everyone to see it coming. 30:20.625 --> 30:24.812 [SPEAKER_02]: I just want to make sure I'm locked in my home with the time we're fooling water, so y'all figure it out. 30:24.792 --> 30:27.035 [SPEAKER_00]: The Lord might come back around that time. 30:27.055 --> 30:30.139 [SPEAKER_02]: Now, for real, I just want to go to the right places. 30:30.480 --> 30:36.168 [SPEAKER_02]: I'm going to pray about it. 30:36.188 --> 30:38.992 [SPEAKER_00]: So I'm going to bring up a topic also too. 30:39.152 --> 30:43.217 [SPEAKER_00]: So what our field compliance is, mainly check the boxes, you have done technical work. 30:43.277 --> 30:45.400 [SPEAKER_00]: I did software engineering and things like that. 30:45.440 --> 30:46.342 [SPEAKER_00]: Or there's on the program. 30:47.443 --> 30:53.311 [SPEAKER_00]: So with AI engineering, do you think that's another aspect that GRC is growing towards? 30:53.331 --> 30:54.613 [SPEAKER_00]: Do you think you have the nerve technical? 30:54.779 --> 30:55.441 [SPEAKER_02]: so 30:59.268 --> 31:06.918 [SPEAKER_02]: Yes, you have to understand the technical aspects because you're having conversations with people on various levels, right? 31:07.679 --> 31:11.103 [SPEAKER_02]: You are, again, the liaison in a GRC space. 31:11.243 --> 31:15.208 [SPEAKER_02]: You have to be able to talk to the executives to the way they understand you. 31:15.228 --> 31:18.272 [SPEAKER_02]: And how is that normally numbers and dollars? 31:18.612 --> 31:26.963 [SPEAKER_02]: For sure, being able to put a presentation together, that's going to get it to them in a position where they understand what are the key takeaways and how does this impact my business? 31:26.943 --> 31:52.191 [SPEAKER_02]: Then when you transition to the other side of the people that are in the trenches doing it to engineers, you have to be able to understand the implications and the tenor calories that go into the engineering aspects and being able to understand shifting your mind from the quantifiable aspect to identify how do we understand what is happening and how was it going to impact. 31:52.171 --> 32:02.423 [SPEAKER_02]: the business and how am I going to tell the CFO or the CEO that this is a major concern and we need to make this change or it will cost them X amount of dollars, you know? 32:02.523 --> 32:11.514 [SPEAKER_02]: So being able to really know your audience is a really key component and you really can escape GRC without understanding some of the technical aspects of it. 32:11.975 --> 32:22.127 [SPEAKER_02]: Now, what I'll say you have to be an expert in the technical piece, I wouldn't say that necessarily, but I will say that you do have to understand, 32:22.107 --> 32:38.408 [SPEAKER_02]: You know, like the logs, you have to understand the firewalls, you have to understand access controls, you have to be able to really identify and with these words, be able to understand what is it and how does it relate to the business. 32:38.728 --> 32:43.835 [SPEAKER_02]: Breaking it down as they use the term like breaking it down as you're like telling a grandma that these aspects, right? 32:44.115 --> 32:46.258 [SPEAKER_02]: Yeah, yeah, yeah, yeah. 32:46.373 --> 32:47.376 [SPEAKER_00]: because you're really good at that. 32:48.238 --> 32:50.223 [SPEAKER_00]: Also, I wanted to actually this question. 32:50.243 --> 32:52.950 [SPEAKER_00]: It's a bunch of virtual talks to me talking to you, talk to you, talk to you, talk to you. 32:52.970 --> 32:53.892 [SPEAKER_00]: Is DRC a technical position? 32:55.336 --> 32:55.918 [SPEAKER_00]: Which old thoughts? 32:57.301 --> 32:58.003 [SPEAKER_00]: I think it is. 33:00.515 --> 33:01.336 [SPEAKER_02]: I can see a point. 33:01.617 --> 33:04.141 [SPEAKER_02]: I can see it being a technical position. 33:04.802 --> 33:08.668 [SPEAKER_02]: It's just a matter of how you define technical, right? 33:09.149 --> 33:12.514 [SPEAKER_02]: Because for me, me working in the soft, right? 33:12.755 --> 33:18.704 [SPEAKER_02]: I was like, yo, this is my first time with being technical, because I'm literally tied to a desk with three computers. 33:19.365 --> 33:22.050 [SPEAKER_02]: I'm looking at this see, like, what's coming in? 33:22.150 --> 33:23.552 [SPEAKER_02]: What's going out? 33:23.532 --> 33:51.430 [SPEAKER_02]: Do I, is this an actual cyber security texture that I let the customer know that they got some stuff going on in the environment or is everything all in well and I can I, you know, work this next ticket so when I think about technical, I think about it from that degree, but you know, I would love to understand, you know, from your point of view, you know, how you see it as a GRC as a technical space because I do agree, but I just again, I've seen technical from different implications in different aspects. 33:51.410 --> 33:53.872 [SPEAKER_00]: So, this is my definition without the technical background. 33:53.892 --> 33:56.635 [SPEAKER_00]: So, when that person's got to feel, I didn't know nothing about tech. 33:57.035 --> 33:58.136 [SPEAKER_00]: So, I'm paying his meetings. 33:58.177 --> 33:59.398 [SPEAKER_00]: I have to explain the system. 33:59.458 --> 34:00.959 [SPEAKER_00]: I explain how this one works. 34:00.979 --> 34:01.760 [SPEAKER_00]: How this one works. 34:01.800 --> 34:04.543 [SPEAKER_00]: I have to have conversations with penetration testers. 34:04.563 --> 34:05.504 [SPEAKER_00]: Dead dog people. 34:05.524 --> 34:06.044 [SPEAKER_00]: Yeah, yeah. 34:06.064 --> 34:08.086 [SPEAKER_00]: So, I had to find technical meaning. 34:08.106 --> 34:09.347 [SPEAKER_00]: You have to know the knowledge. 34:09.407 --> 34:10.989 [SPEAKER_00]: Know that I applied a knowledge. 34:11.009 --> 34:14.152 [SPEAKER_00]: Because I can tell you talk more about the system than more study. 34:14.172 --> 34:15.493 [SPEAKER_00]: So, that's why that's my definition. 34:15.693 --> 34:18.396 [SPEAKER_00]: But it just, like you said, is to find how you define it. 34:18.376 --> 34:19.940 [SPEAKER_02]: Yeah, yeah, non-data. 34:20.100 --> 34:25.634 [SPEAKER_02]: And to that point in the GRCS, but you may not be the one conducting dependencies in tests, right? 34:25.714 --> 34:34.716 [SPEAKER_02]: But you are normally the group that's going to probably, you know, bring on, you know, the third party assessors to be able to conduct the penetration size. 34:34.736 --> 34:36.300 [SPEAKER_02]: And you're going to be revealing 34:36.280 --> 34:49.055 [SPEAKER_02]: The report, too, as well, and being able to indicate from a rich standpoint, the prioritization of, you know, from a high, all the way to a low, informative aspect would need to go first, you know? 34:49.936 --> 34:54.320 [SPEAKER_02]: So I do see that point of view of it being definitely technical. 34:54.421 --> 34:59.967 [SPEAKER_02]: Like you have to have some technical skills, technical understanding is the better word I want to phrase it as. 35:00.127 --> 35:01.849 [SPEAKER_02]: I want to say like you have to be. 35:01.829 --> 35:18.285 [SPEAKER_02]: like you have to know like, you know, Linux and like all those things, but you do have to understand the basics, which I think in a lot of the States is when you get into cybersecurity the basic level certifications kind of help prep you for some of those conversations. 35:18.265 --> 35:21.068 [SPEAKER_00]: Like, see, you know, don't understand the scenario, try our availability. 35:21.128 --> 35:28.054 [SPEAKER_00]: You got to understand about vulnerabilities in that base, because even though, without the security pass, when I started hearing the terms, I didn't think they actually used it. 35:28.074 --> 35:32.899 [SPEAKER_00]: They started to actually use them and I was like, oh, yeah, yeah, yeah, bare metal, like, yeah, yeah, yeah, yeah. 35:33.339 --> 35:39.805 [SPEAKER_00]: No, so like getting into GLC now is, it's extremely hard to get into GLC MRMF right now. 35:39.965 --> 35:40.185 [SPEAKER_03]: Yeah. 35:40.226 --> 35:42.988 [SPEAKER_00]: Do you think going off a train is like, no, me, give you an example. 35:43.008 --> 35:44.029 [SPEAKER_00]: AI, you got cloud. 35:44.089 --> 35:47.192 [SPEAKER_00]: Do you think focusing on that can help you get into GLC? 35:47.172 --> 35:52.361 [SPEAKER_00]: No, or what's your thoughts? 35:52.381 --> 35:52.441 [SPEAKER_02]: Mm. 35:52.461 --> 35:53.342 [SPEAKER_02]: I'm a traditional guy. 35:54.264 --> 35:55.786 [SPEAKER_02]: I'm a traditional guy. 35:55.806 --> 35:57.970 [SPEAKER_02]: And I like to play about a book, right? 35:58.170 --> 36:02.517 [SPEAKER_02]: I think that everything comes from fundamental knowledge. 36:02.537 --> 36:08.387 [SPEAKER_02]: You know, you have to build a foundation before you can look to specify in the particular area. 36:08.367 --> 36:22.457 [SPEAKER_02]: Um, you know, for me, uh, I know I was going to save this, uh, so I guess it might be the right time to talk about it, but, you know, when anyone comes to me and tell me they're looking to get in a cyber security, I just ask them like, well, what have you done thus far? 36:22.737 --> 36:29.211 [SPEAKER_02]: A lot of the times, you know, they're, you know, in a different space and they haven't put a lot of effort and fall into it. 36:29.191 --> 36:35.247 [SPEAKER_02]: Well, I say here, take a look at this particular link and the link pretty much is and it's not biased. 36:35.267 --> 36:45.495 [SPEAKER_02]: It's just something that I've went through personally, so I'm able to continue to tell people, you know, how it has worked for me and work for others that I've, you know, kind of mentored and coaching in the past. 36:45.475 --> 37:00.497 [SPEAKER_02]: The certified cyber security certification through ICT, um, it is a newer certification compared to, you know, the security plus, but it gives you at least that fundamental knowledge you should be able to understand what cyber security is. 37:00.477 --> 37:04.708 [SPEAKER_02]: So, I normally tell them, you know, hey, look at this. 37:05.190 --> 37:08.900 [SPEAKER_02]: It's still right now, it's a free certification, you know what I'm saying? 37:09.421 --> 37:11.547 [SPEAKER_02]: And for me, you got to make it make sense. 37:11.567 --> 37:15.718 [SPEAKER_02]: I'm not going to tell you to invest money into something if you unsure about it, you know? 37:15.698 --> 37:28.210 [SPEAKER_02]: When you start really thinking about those sacrifices you want to make in life and you want to start actually tie in particular numbers and dollar amounts to how much you want to invest into yourself, then we can add those conversations of those certifications. 37:28.270 --> 37:39.661 [SPEAKER_02]: But at this point of time, take this certification, you know, it's little to no calls, kind of go for, I know the Google Certificate for a service security account, it's like some of the same aspects. 37:39.721 --> 37:42.043 [SPEAKER_02]: I didn't personally go through it, but from my understanding. 37:42.023 --> 37:49.775 [SPEAKER_02]: you can go either route with either ore, and once you build that aspect, you can be able to go into that security plus, right? 37:49.995 --> 37:54.662 [SPEAKER_02]: And then, you know, a lot of people know this security plus as a ghost standard because it's been around for quite some time. 37:55.243 --> 38:01.112 [SPEAKER_02]: And then, I feel like you're able to start navigate and then start going into a little bit more specifics of, 38:01.092 --> 38:21.126 [SPEAKER_02]: cloud or AI, I'm not saying that you can't just jump right into it, but for me, when I've taken these certifications, right, you know, get in the system and see how it says, be honest to that my roadmap was being able to lay a foundation and with these certifications, they're all the same knowledge. 38:21.206 --> 38:24.872 [SPEAKER_02]: They just continue to go on a on a level of deeper. 38:24.852 --> 38:26.774 [SPEAKER_02]: expertise. 38:27.015 --> 38:31.660 [SPEAKER_02]: And so if you already have the fundamentals and all you need to do is learn a little bit more. 38:32.121 --> 38:41.712 [SPEAKER_02]: But below the surface level of that aspect, you are guaranteed to be more successful and going into a versus trying to learn it from the bottom of the bottom. 38:42.033 --> 38:43.635 [SPEAKER_02]: And then John had gone to go into it. 38:43.655 --> 38:48.140 [SPEAKER_02]: So I would say, you know, that will be my approach that was also about to kind of do. 38:48.260 --> 38:54.808 [SPEAKER_00]: It is nice and slow because everybody just want to do this, do it and they take it took me almost a year to get in the cyber. 38:54.788 --> 38:58.974 [SPEAKER_00]: knowing what I wanted to do and just breaking that down like how you just did. 38:58.994 --> 39:00.536 [SPEAKER_02]: Yeah, and it's an investment. 39:00.676 --> 39:01.677 [SPEAKER_02]: It's definitely an investment. 39:01.717 --> 39:17.438 [SPEAKER_02]: Like when you think about it, you know, some people don't have the time to, you know, dedicate after work every day, to, you know, do like three or four hours or I mean, some people may have those opportunities right now to, you know, 39:17.418 --> 39:25.250 [SPEAKER_02]: you know, take eight hours a day to learn cyber and things that so whatever pretty much looks like um, I think that some people just have to understand what works for them. 39:25.691 --> 39:33.784 [SPEAKER_00]: Yeah, because when I've probably gotten to cyber, I spend like a thousand dollars overall like you deserve studying, training, you know, gas going to library, I can't hold that. 39:33.904 --> 39:34.545 [SPEAKER_00]: Yeah, yeah. 39:34.565 --> 39:45.282 [SPEAKER_00]: So even when I study for my CSSP now, what you already have, yeah, I have to sacrifice maybe I have to trend out on the podcast, and when maybe when I come home from workhack, I go lock myself in the room, so I was in 39:45.262 --> 39:48.286 [SPEAKER_00]: because you won't pass me, people like you won't pass me. 39:48.667 --> 39:58.221 [SPEAKER_02]: And let's say Matt, I tell you not, that's the SSP is, you got this, you got this, it was one of those things that for me, I felt like I over studied, you know, when it came down to it. 39:59.262 --> 40:02.026 [SPEAKER_02]: But it was a really good, it's a good start to have, you know. 40:02.447 --> 40:10.398 [SPEAKER_02]: And you know what, having those rights searched it, it brings in a lot more, especially from a financial opportunity as well. 40:10.999 --> 40:11.640 [SPEAKER_02]: But, 40:11.620 --> 40:29.865 [SPEAKER_02]: uh the point I really want to make with uh with those particular aspects is when I was taking this yeah I remember I locked myself in the house too like I would literally go missing for like hours um but that's the type of devotion you have to have when you really want something out of life you know you can't 40:29.845 --> 40:37.777 [SPEAKER_02]: find yourself in a position where, you know, you're going to, you know, hang out with your friends and you can go to brunch and you can be in it. 40:37.877 --> 40:44.968 [SPEAKER_02]: You can be outside and you think you're going, like, you know, come out victorious, you know, getting, you know, these different certifications. 40:44.988 --> 40:50.757 [SPEAKER_02]: And I said it doesn't happen, but I'm saying you feel a little bit more alleviated and that A is being able to know that. 40:50.737 --> 41:04.535 [SPEAKER_02]: You put it in the time and when you are in that test and center and you You it's game time like you ready you ready that kind of get through it You know because you already put in the time and you are very assured of yourself Yeah, most definitely trust me. 41:04.555 --> 41:10.302 [SPEAKER_00]: But I'm gonna be handed me everything you're Christian coming up So I come out to the things I promise I will go right. 41:10.322 --> 41:10.422 [SPEAKER_02]: Yeah. 41:10.442 --> 41:10.903 [SPEAKER_02]: Yeah. 41:10.923 --> 41:11.103 [SPEAKER_02]: Yeah. 41:11.123 --> 41:11.464 [SPEAKER_02]: Yeah. 41:11.724 --> 41:13.386 [SPEAKER_02]: No, I didn't do yeah, I get 41:13.366 --> 41:15.108 [SPEAKER_00]: So now you talk about getting inside of a security. 41:15.148 --> 41:16.789 [SPEAKER_00]: Tell me about like transversible skills. 41:16.809 --> 41:20.133 [SPEAKER_00]: Like, for example, I was a PM, and I talked to him. 41:20.193 --> 41:23.856 [SPEAKER_00]: I used even Gmail navigating employees, talking to him. 41:23.876 --> 41:26.979 [SPEAKER_00]: Like, you can talk about how transversible skills can help you get a job. 41:27.039 --> 41:29.041 [SPEAKER_02]: Yeah, yeah, nice to really the question. 41:29.121 --> 41:40.352 [SPEAKER_02]: So a lot of people coming to me say when we get into cybersecurity, the gap that we have inside of a security right now is that people want to 41:41.935 --> 41:46.923 [SPEAKER_02]: They want talent in the cybersecurity community right now, and they want them to have experience. 41:46.943 --> 41:51.771 [SPEAKER_02]: How do you get experience though without having someone to say, hey, I'm going to take a chance on you? 41:52.171 --> 41:54.575 [SPEAKER_02]: That's one of the deficiencies I see in the space for right now. 41:55.396 --> 42:04.851 [SPEAKER_02]: And one of the things that I uncovered is that cybersecurity isn't too different from a lot of different things that we do on the day-to-day basis. 42:04.912 --> 42:05.833 [SPEAKER_02]: Like, when I really 42:05.813 --> 42:06.814 [SPEAKER_02]: think about it. 42:07.616 --> 42:12.502 [SPEAKER_02]: A lot of us can be cybersecurity professionals and analysts these days. 42:12.983 --> 42:16.087 [SPEAKER_02]: We just have to uncover, like, what is it that we're good at? 42:16.368 --> 42:21.675 [SPEAKER_02]: How do we kind of like make it on our resume that we already do this type of aspect, right? 42:21.715 --> 42:25.020 [SPEAKER_02]: So when excuse me when I think about, 42:27.110 --> 42:30.655 [SPEAKER_02]: a role as such as like a security guard, right? 42:31.136 --> 42:36.443 [SPEAKER_02]: They're pretty much like managing access to a building, right? 42:36.703 --> 42:46.477 [SPEAKER_02]: Within GRC, what types of student general, you know, if we talk specifically about adding the access management, your basic B managing access to a system. 42:47.057 --> 42:55.429 [SPEAKER_02]: How different is it from managing a building into a management, you know, a system, like you're literally understanding who goes in, who goes out? 42:55.409 --> 43:08.991 [SPEAKER_02]: you understand, and you know, what type of privileges they have, when they are able to access different places of the building, same concept of access and different places with the systems, right? 43:09.853 --> 43:20.370 [SPEAKER_02]: So that's kind of like an example of, you know, how it's not too different, but when I think about GRC specifically, you probably don't laugh a little bit, but 43:20.350 --> 43:24.818 [SPEAKER_02]: I will say like, one of the skills you need is you got to be a certified yapper. 43:25.238 --> 43:26.741 [SPEAKER_02]: You got to be able to talk. 43:28.223 --> 43:29.646 [SPEAKER_02]: You got to be able to talk. 43:29.666 --> 43:41.025 [SPEAKER_02]: You got to be able to be able to be a GRC and I tell you why because you know all you're going to be able to do you're going to be talking to people that are executives when we talk to people that engineers. 43:41.005 --> 43:44.352 [SPEAKER_02]: Beyond that you got to be somebody that writes in your journal. 43:44.512 --> 43:52.067 [SPEAKER_02]: You know, I'm saying because you have to be able to document these particular aspects right you have to be able to say like on this day this is what happened. 43:52.087 --> 43:52.869 [SPEAKER_02]: This will be seen. 43:53.810 --> 43:56.095 [SPEAKER_02]: But beyond that you have to be able to be. 43:56.075 --> 44:02.543 [SPEAKER_02]: Observing, and when I mean observing how to be risk-averse, you have to understand that this happens and this Potence we happen, right? 44:02.563 --> 44:21.306 [SPEAKER_02]: You have to be able to see it before happens, you know, so a lot of these instances are Transferable skills that now a lot of people really think about you know, but literally We do these in our lives every day which makes us qualify as being able to be people in cyber security We just got to how to write people to take the chance on this in those instances 44:21.286 --> 44:30.179 [SPEAKER_00]: Yeah, like when I first got into the field I was a PM my PM not my the guy that was hiring to say you pretty much do it anyway So that was gonna give you a job. 44:30.259 --> 44:36.207 [SPEAKER_00]: It took like a year of the job like the the technicality is different But anybody can do the job. 44:36.247 --> 44:43.277 [SPEAKER_00]: It just takes a long or you or you can't do the job and they transfer to another job Yeah, yeah, and honestly 44:43.257 --> 44:45.400 [SPEAKER_02]: You're taught what to do on a job, too. 44:45.560 --> 44:47.602 [SPEAKER_02]: Like, cybersecurity isn't challenging. 44:47.823 --> 44:53.430 [SPEAKER_02]: I think the thing that makes it challenging is being able to make the right decisions, right? 44:53.490 --> 44:58.216 [SPEAKER_02]: Because your opinion can be different from somebody else's opinion, right? 44:58.496 --> 45:05.805 [SPEAKER_02]: All of it is subjected to your opinion, and you feel it could impact, you know, the business of the organization. 45:05.785 --> 45:15.223 [SPEAKER_02]: So, unfortunately, like I said, you can be taught the job to what to do, but you can be taught how to think in these particular instances like when the data breach happens, right? 45:15.683 --> 45:19.671 [SPEAKER_02]: They normally, you know, you know, get hit company, he has hit where to ransomware, right? 45:19.691 --> 45:23.558 [SPEAKER_02]: We're going to do first, you know, you're going pretty much understand what system. 45:23.538 --> 45:27.803 [SPEAKER_02]: has been impacted right and you're gonna try to isolate that system. 45:28.144 --> 45:36.193 [SPEAKER_02]: You know to make sure that it doesn't continue its contained and it doesn't continue to contaminate other systems in the network. 45:36.213 --> 45:41.860 [SPEAKER_02]: But somebody else they might pick up the phone and call legal first and kind of panic and say hey this was going on. 45:41.880 --> 45:43.842 [SPEAKER_02]: Not saying that it was a wrong aspect. 45:44.003 --> 45:48.608 [SPEAKER_02]: It does happen in the process but it just doesn't happen like right then and there. 45:48.929 --> 45:50.170 [SPEAKER_02]: You know I'm saying so. 45:50.150 --> 46:10.453 [SPEAKER_02]: Just to kind of break it all down to you, everybody has what it takes to get into cybersecurity and GRC specifically, you just gotta have to be able to understand what you're doing right now, understand what are some of the tasks and responsibilities and being able to do the cross-reference of how I can say that eligible for role this such. 46:10.822 --> 46:12.745 [SPEAKER_00]: Yeah, cause I think sometimes this is my though. 46:12.785 --> 46:14.827 [SPEAKER_00]: I don't think cyber security is very about it. 46:14.847 --> 46:18.072 [SPEAKER_00]: And it's just because like once you get in the field, you've got to kind of, yeah. 46:18.092 --> 46:18.833 [SPEAKER_00]: You got to adapt. 46:18.853 --> 46:20.095 [SPEAKER_00]: You got to learn how to learn on your own. 46:20.115 --> 46:22.598 [SPEAKER_00]: Like again, when I tell you, oh yeah, I did my research on you. 46:22.698 --> 46:24.380 [SPEAKER_00]: You got to learn how to do research on systems. 46:24.400 --> 46:25.101 [SPEAKER_00]: Yeah, yeah. 46:25.121 --> 46:25.962 [SPEAKER_00]: That's how I picked up. 46:25.982 --> 46:27.184 [SPEAKER_00]: That's how I'm so good at people. 46:27.364 --> 46:27.645 [SPEAKER_02]: Yeah. 46:27.845 --> 46:29.387 [SPEAKER_00]: Cause I, you know, just off of the job. 46:29.367 --> 46:48.456 [SPEAKER_02]: Yeah, you gotta be knowing it and you gotta do your research like, you know, people work with in the past and even today like, you know, when I work with people that a little bit more junior in their roles, one of the things I preach to them is that, you know, you gotta be able to do your research, you know, researchers, then, and it's not. 46:48.436 --> 46:49.258 [SPEAKER_02]: It's not hard. 46:49.358 --> 46:54.710 [SPEAKER_02]: You just got to figure out what is the right words to be able to identify what I'm actually looking for. 46:54.910 --> 46:59.420 [SPEAKER_02]: You know, how do I search through the right fields to be able to get to the right answers, you know? 46:59.480 --> 47:02.968 [SPEAKER_02]: So, like you said, to your point, research is critical in key. 47:03.629 --> 47:06.716 [SPEAKER_00]: Yeah, then lastly, let's talk about networking. 47:06.896 --> 47:07.157 [SPEAKER_00]: Yeah. 47:07.297 --> 47:07.778 [SPEAKER_00]: Yeah. 47:08.045 --> 47:09.968 [SPEAKER_00]: And people think you always have to meet people in person. 47:10.069 --> 47:17.622 [SPEAKER_00]: I've met Lord Hell's Knows, how many people Instagram, LinkedIn, just having a coffee chat and just talking to him, including yourself. 47:17.662 --> 47:18.203 [SPEAKER_02]: Yeah, yeah. 47:18.323 --> 47:20.126 [SPEAKER_00]: So like, talk about that aspect of it. 47:20.146 --> 47:22.931 [SPEAKER_02]: Yeah, I mean, that working is so important. 47:23.191 --> 47:26.998 [SPEAKER_02]: I, a lot of people talk about cyber security. 47:26.978 --> 47:41.259 [SPEAKER_02]: being a technical job, I think that one of the key components that's really slept on, a lot of people don't really talk about, is the self-skill aspect, you know, being able to have conversations with people, understand how people work. 47:41.839 --> 47:48.329 [SPEAKER_02]: And so I think that when it comes out to networking, networking happens in different aspects, right? 47:48.469 --> 47:56.901 [SPEAKER_02]: You know, sometimes it's in person, but you don't have that in person capability because, you know, you have 47:56.881 --> 48:06.295 [SPEAKER_02]: Um, it's not hard to, you know, inbox somebody, you know, I mean, you inbox me today, you know, I'm saying I'll be sure to respond to you between 24 to 48 hours. 48:06.315 --> 48:17.050 [SPEAKER_02]: I was, I was, I mean, I have a life to be booming too crazy, but I'm definitely going to get back to you, you know, I'm saying, and that's just what it really boils down to, you have to be able to. 48:17.030 --> 48:25.142 [SPEAKER_02]: Um, put yourself in a position to say, if I do reach out to this person, it's going to lead me to my next opportunity. 48:25.242 --> 48:28.547 [SPEAKER_02]: If I don't reach out to this person, this will lead me when I'm continue to be. 48:28.587 --> 48:36.479 [SPEAKER_02]: And I will continue to be here until I'm able to have the courage and move outside of my own self to see that I want better in my life. 48:36.959 --> 48:42.227 [SPEAKER_02]: Um, and sometimes, you know, when you do network of people is not that one phone call that's going to help you out. 48:42.376 --> 48:49.986 [SPEAKER_02]: But the more and more you do with the more repetition behind it, I guarantee you that you're going to find somebody that's going to help you. 48:50.007 --> 48:54.112 [SPEAKER_02]: You know, they're going to want to push you and they're going to have the bandwidth in the capacity. 48:54.132 --> 48:57.377 [SPEAKER_02]: Because that's one of the things, you know, I think a lot of people be having a lot of stuff going on. 48:57.397 --> 49:02.203 [SPEAKER_02]: So it's not that they don't want to help you, but they may have like, they might be on the water themselves. 49:02.223 --> 49:04.907 [SPEAKER_02]: You know, so how do you help somebody if you can help yourself? 49:04.887 --> 49:09.694 [SPEAKER_02]: But it's just about continuing to, like I said, not holding it personal to anybody. 49:09.714 --> 49:12.458 [SPEAKER_02]: It just being able to say, all right, this one in work out. 49:12.498 --> 49:15.602 [SPEAKER_02]: So let me continue to, you know, to shift and navigate. 49:15.622 --> 49:18.286 [SPEAKER_02]: I look at net. 49:19.488 --> 49:24.896 [SPEAKER_02]: Sorry, it's funny, because when I think of our side period, it's not too different from data. 49:25.096 --> 49:25.597 [SPEAKER_02]: You know what I'm saying? 49:25.617 --> 49:27.039 [SPEAKER_02]: Well, you know what I'm saying? 49:27.099 --> 49:29.342 [SPEAKER_02]: It's like, 49:29.322 --> 49:38.079 [SPEAKER_02]: Not that first person is going to be, you know, first of you far in love with, you know, unfortunately it doesn't work like that, but, you know, I always say as a term, it's a ribbon in the sky. 49:38.279 --> 49:39.001 [SPEAKER_02]: You know what I'm saying? 49:39.081 --> 49:43.209 [SPEAKER_02]: So when you, you know, you get that ribbon, you saw that, you know what I'm saying, you able to elevate your life. 49:43.269 --> 49:48.900 [SPEAKER_02]: So for I was worth, you know, networking is critical in this space. 49:48.880 --> 49:51.163 [SPEAKER_00]: Yeah, and then too like a lot of people be busy. 49:51.303 --> 49:52.184 [SPEAKER_00]: I'm out to aspect. 49:52.224 --> 50:00.435 [SPEAKER_00]: I talked to so many people even so if you don't get by I just follow up because I understand you probably don't in our field We just are we use our brains so much sometimes. 50:00.495 --> 50:03.639 [SPEAKER_00]: I just lit it or sometimes you generally can't talk or not to retire. 50:03.679 --> 50:06.422 [SPEAKER_00]: You burnt out So I understand just so don't take a person. 50:06.462 --> 50:09.286 [SPEAKER_00]: I used to take a personal You know, but I only didn't know that man. 50:09.687 --> 50:10.928 [SPEAKER_00]: You go see your prison inbox. 50:10.968 --> 50:12.390 [SPEAKER_00]: I got like 20 like 50:12.370 --> 50:37.129 [SPEAKER_00]: a hundred emails a day yeah yeah yeah don't take it in for like me talking to like somebody isn't big in the space don't take it personal it's just sometimes or just do your research or they might have a book there that's free they might have some just take advantage of that I'd generally help the people for myself that are helping they sold and they tell me a Chris this is what I've done dead I'll go help you yeah yeah and that matter of fact I'll sit with you that's what I call her everything 50:37.109 --> 50:40.975 [SPEAKER_02]: that part, like people have to be able to help themselves, you know what I'm saying? 50:40.995 --> 50:45.863 [SPEAKER_02]: It's like, like, really, like, people feel more inclined to help because you've done the work yourself. 50:46.283 --> 50:51.972 [SPEAKER_02]: You've hit like a gap in the row, whereas I don't know where to go next, but you've been making progress. 50:52.012 --> 50:53.835 [SPEAKER_02]: So someone's able to say, hmm. 50:53.917 --> 51:02.670 [SPEAKER_02]: They're serious about it, because you can imagine how many people may come to you and say, hey, I want to do this, but they're not making any strides on their own, you know? 51:02.810 --> 51:05.974 [SPEAKER_02]: And so it's so much harder to help people when they're not able to help themselves. 51:06.235 --> 51:06.956 [SPEAKER_00]: Yeah, yeah. 51:06.976 --> 51:11.602 [SPEAKER_00]: And then too, even when I was on my first gun in the field, I didn't want to do anything to my life. 51:11.622 --> 51:14.246 [SPEAKER_00]: I had to sacrifice a little bit of my 20s just there. 51:14.406 --> 51:16.129 [SPEAKER_00]: Yeah, just a little bit. 51:16.369 --> 51:18.092 [SPEAKER_00]: The girl asked me, why are you always going to work? 51:18.132 --> 51:20.515 [SPEAKER_00]: The funniest thing I ever had to do. 51:20.495 --> 51:22.218 [SPEAKER_00]: I went to work at like three, four in a morning. 51:22.238 --> 51:22.939 [SPEAKER_00]: Yeah, yeah. 51:22.959 --> 51:23.540 [SPEAKER_00]: She called me. 51:23.660 --> 51:24.461 [SPEAKER_00]: I was like, why are you going? 51:24.602 --> 51:25.423 [SPEAKER_00]: I said, I got work. 51:25.823 --> 51:29.429 [SPEAKER_00]: And it's called me, and I was like, she called me and said, oh, you actually working. 51:29.790 --> 51:33.115 [SPEAKER_00]: You want to, you want to, you want to, man, it's making money, don't you? 51:33.195 --> 51:34.097 [SPEAKER_00]: You know, man. 51:34.157 --> 51:42.550 [SPEAKER_02]: Now for a road of road, it can, you can put yourself in some situations where like, you know, you're doing outside the normal, right? 51:42.590 --> 51:48.139 [SPEAKER_02]: But it shows your, your hunger for one and being a space in other people able to pick up on that. 51:48.524 --> 52:01.160 [SPEAKER_02]: Really, beyond that, like having right people in your life, you know, why you're going through some of those instances or just as critical because, you know, you got to have right support system, people that believe in you, why you're trying to chase your goals and your dreams. 52:01.741 --> 52:03.683 [SPEAKER_00]: So what gives you motivated to that curiosity? 52:03.904 --> 52:06.867 [SPEAKER_00]: Because this thing, like you and it, you know your stuff, like what keeps you going? 52:06.887 --> 52:09.210 [SPEAKER_00]: And I know you're getting out there at more in the public face than that. 52:09.230 --> 52:09.731 [SPEAKER_02]: Yeah. 52:09.751 --> 52:10.452 [SPEAKER_00]: Like what motivates you? 52:11.193 --> 52:13.556 [SPEAKER_02]: Yeah, man, uh, wow. 52:14.797 --> 52:18.362 [SPEAKER_02]: Not bad, but I just hit you in that. 52:18.815 --> 52:19.917 [SPEAKER_02]: I needed it, I needed it. 52:20.417 --> 52:22.780 [SPEAKER_02]: Uh, what motivates me today? 52:23.021 --> 52:24.703 [SPEAKER_00]: I can bring it me up here actually though. 52:25.184 --> 52:27.086 [SPEAKER_02]: No, I already got my, yeah, I already got my answer. 52:27.106 --> 52:28.929 [SPEAKER_02]: It's just, it's one of them sentimental ones. 52:29.189 --> 52:31.392 [SPEAKER_02]: I had to go ahead and fix myself. 52:31.412 --> 52:32.955 [SPEAKER_02]: A quick, kind of, kind of. 52:33.355 --> 52:47.775 [SPEAKER_02]: No, but I think that, what we didn't talk about today is that I've been more open about sharing it is that I was going through, you know, my career, everything as well and I got impacted by our layout, you know. 52:47.755 --> 52:52.620 [SPEAKER_02]: I understood what it felt like to have nothing going on. 52:52.861 --> 52:53.641 [SPEAKER_02]: You know what I'm saying? 52:53.701 --> 52:59.688 [SPEAKER_02]: Especially going from a face of being able to say like, I'm doing a great thing and having it all kind of stripped away. 53:00.309 --> 53:05.114 [SPEAKER_02]: I know what it feels to have like emptiness. 53:05.274 --> 53:06.115 [SPEAKER_02]: You know what I'm saying? 53:06.355 --> 53:09.799 [SPEAKER_02]: I know what it feels like to not have any sense of direction. 53:10.159 --> 53:15.265 [SPEAKER_02]: I know what it feels like to put in like so many different job offers and 53:15.245 --> 53:24.726 [SPEAKER_02]: And, you know, when we do, we have a response here, you know, you say, hey, you know, we regret to inform you that I know what it feels like. 53:24.786 --> 53:34.587 [SPEAKER_02]: You know, so for me, my motivation today is to be a testament to others and show them, like, if I can make it through, you can as well. 53:34.567 --> 53:39.673 [SPEAKER_02]: and going beyond that, just really understanding with the program is the program is so much more big than me. 53:39.853 --> 53:45.039 [SPEAKER_02]: That's why today if somebody reaches out to me and they say like, you know, I want to get in the cyber. 53:45.139 --> 54:00.777 [SPEAKER_02]: I don't question or ask them why I give them the tools and, you know, continue to help them in that space is because I know for me, if God wasn't, you know, in my life, and if I wasn't a firm believer, what you could do for me, I don't know where I'd be, you know, but being able to look back over my life, you know, 54:00.757 --> 54:11.033 [SPEAKER_02]: But a year, you're in a half ago, how much things have changed, how many doors have been opened up, you know, I'd be a fool not to allow somebody to have the same opportunities as me. 54:11.313 --> 54:24.233 [SPEAKER_02]: You know, so that's just me, you know, outside of myself, you know, it's one of those things where I personally, I'd be having a lot of stuff going on, but I want to make time for people because I know somebody may time for me. 54:24.668 --> 54:31.382 [SPEAKER_00]: Yeah, and then what you really say really hit me because some people even my girls seem to be like Chris, why are you always working? 54:31.843 --> 54:33.046 [SPEAKER_00]: I'd be on the laptop working. 54:33.266 --> 54:44.550 [SPEAKER_00]: Like literally we watch and love his blind working on laptop all day and Laking just said there was a time I was laid off because of the budget and I'm sitting at home 54:44.716 --> 54:45.717 [SPEAKER_00]: Not doing nothing. 54:45.978 --> 54:46.098 [SPEAKER_02]: No. 54:46.518 --> 54:52.386 [SPEAKER_00]: 200, 200, every day I'm getting denied the night that I'm literally doing a Uber, not I'm going to do it. 54:52.486 --> 54:57.533 [SPEAKER_00]: Uber eats and I'm just trying to eat it, I'm trying to, I'm trying to, I'm trying to get that little $300 bonus. 54:57.673 --> 55:01.057 [SPEAKER_00]: You know, hitting this up, that really hit me because that's why I keep doing it. 55:01.077 --> 55:02.960 [SPEAKER_00]: I don't want to go back there. 55:02.980 --> 55:04.682 [SPEAKER_02]: Yeah, yeah, and, and, and, and. 55:04.662 --> 55:14.196 [SPEAKER_02]: The profit Sean Carter also known as Jay-Z said is like, you know, when you use the flavor young, it's hard to go back to him. 55:15.497 --> 55:16.359 [SPEAKER_02]: But it's not choice stuff. 55:16.459 --> 55:17.580 [SPEAKER_00]: Yeah. 55:17.600 --> 55:19.623 [SPEAKER_00]: Well, you've been there for a class at one time, what do you mean? 55:19.643 --> 55:23.208 [SPEAKER_00]: You're mixing you some drinks, you like, yeah, yeah, I want to stay there for a minute. 55:23.248 --> 55:23.869 [SPEAKER_02]: Yeah, 90. 55:24.530 --> 55:27.835 [SPEAKER_00]: So let me actually, where could the audience find you? 55:29.519 --> 55:30.140 [SPEAKER_02]: I'm everywhere. 55:30.341 --> 55:32.065 [SPEAKER_02]: Now on this one, I'm everywhere. 55:33.188 --> 55:40.906 [SPEAKER_02]: So, you know, of course you can find me on LinkedIn, every week, brought the fourth, you know, first specifically, I got with the glass like this. 55:41.548 --> 55:47.241 [SPEAKER_02]: And, you know, just shoot me, you know, message or, you know, connect with me, shoot me a message out to where it's. 55:47.221 --> 55:48.884 [SPEAKER_02]: love that this conversation to you. 55:48.924 --> 55:50.947 [SPEAKER_02]: You can also find me on Instagram. 55:51.508 --> 55:54.133 [SPEAKER_02]: I made sure I said it right. 55:55.134 --> 55:55.795 [SPEAKER_02]: E-MicBright. 55:55.815 --> 56:01.365 [SPEAKER_02]: That's E, MC, B-R-I-D-E, I-V, underscore. 56:02.346 --> 56:04.870 [SPEAKER_02]: And that's on Instagram, you know, same thing. 56:05.071 --> 56:10.680 [SPEAKER_02]: Follow me, shooting me in message, wherever it is, you know, I'm here to help people, you know, I 56:11.470 --> 56:20.931 [SPEAKER_02]: Today at the mall, you know, when it's all set and dying, and I'm no longer here, I definitely make sure that I'm leaving the right seats for other people to be able to move in the right directions, you know? 56:20.991 --> 56:28.568 [SPEAKER_02]: So get outside of your space, and outside of yourself, you know, find a carer, so just reach out to people like me. 56:28.548 --> 56:36.336 [SPEAKER_02]: Or Chris, you know, I'm saying, or, you know, any of your favorite people you've been to Spiron and seeing like them, they've doing some really good things in the space. 56:37.117 --> 56:39.759 [SPEAKER_02]: And, you know, just reach out to us. 56:40.240 --> 56:40.460 [SPEAKER_02]: Easy. 56:40.900 --> 56:44.364 [SPEAKER_00]: Check him out, and, yeah, definitely he's there to help people. 56:44.844 --> 56:47.427 [SPEAKER_00]: He's growing in the space, and he's definitely willing to talk to you. 56:47.447 --> 56:49.789 [SPEAKER_00]: So make sure you check him out on all those platforms. 56:49.809 --> 56:50.450 [SPEAKER_02]: Yeah. 56:50.470 --> 56:51.831 [SPEAKER_00]: What is your goals for the next five years? 56:53.813 --> 56:57.677 [SPEAKER_02]: Cause five years. 56:59.480 --> 57:02.226 [SPEAKER_02]: Now, but goals five years. 57:02.546 --> 57:05.813 [SPEAKER_02]: I've been really setting myself up professionally, man. 57:05.953 --> 57:09.220 [SPEAKER_02]: I would say, like, I'm starting my ABA program on it. 57:09.240 --> 57:10.082 [SPEAKER_02]: Thank you. 57:10.142 --> 57:11.264 [SPEAKER_02]: And literally, like two weeks. 57:11.304 --> 57:14.250 [SPEAKER_02]: So that's going to be a roller coaster for sure. 57:15.453 --> 57:18.940 [SPEAKER_02]: But I will say in the next five years, I'm hoping that. 57:21.350 --> 57:29.722 [SPEAKER_02]: I'm hoping that my abilities take me to a place beyond like my own imagine, you know, I'm hoping that I'm able to continue to inspire people. 57:30.263 --> 57:40.297 [SPEAKER_02]: I'm hoping that I'm able to continue to spread the word about cyber security and importance of it as we talked about earlier, like the threat landscape continues to evolve. 57:41.079 --> 57:51.053 [SPEAKER_02]: So having the right people to advocate on that behalf is going to be critical, I'm 57:51.033 --> 58:05.775 [SPEAKER_02]: Of course, you know, do a little bit now, but, you know, being able to help people get certified in this space, um, and um, love corporate, corporate is cool, but I think that for me, I want to be able to do more consulting. 58:05.956 --> 58:17.513 [SPEAKER_02]: You know, I want to be able to help more people, um, and I'm super passionate about groups like, you know, uh, non-profits, 58:17.493 --> 58:21.820 [SPEAKER_02]: Because these groups typically don't have the capital to have a silenced library program. 58:21.860 --> 58:25.065 [SPEAKER_02]: They can't bring in the top of the top to be able to do that. 58:25.185 --> 58:30.934 [SPEAKER_02]: And for me, although I do got to eat, I think at the same time, to cyber security is a modern day self-defense. 58:31.395 --> 58:38.927 [SPEAKER_02]: So if you don't have it, you put in yourself and you put in your customers, you put in your employees, you put in everybody's risk because you're not taking that chance. 58:38.907 --> 58:50.571 [SPEAKER_02]: So I would say in the next five years, if you asked me 10 years, I'm hoping that I have more of a platform that can continue to inspire people through these three platforms and pillars. 58:50.770 --> 58:53.214 [SPEAKER_00]: Yeah, you're doing a great job and seeing you all over now. 58:53.595 --> 58:54.617 [SPEAKER_00]: Seeing you all types of things. 58:54.637 --> 58:56.380 [SPEAKER_00]: So you're growing, you're speaking at GovTechCon. 58:56.420 --> 58:57.682 [SPEAKER_00]: Anybody's going to GovTechCon. 58:58.043 --> 58:59.025 [SPEAKER_00]: Make sure you check him out. 58:59.045 --> 59:01.409 [SPEAKER_00]: He's speaking, he's doing webinars. 59:01.449 --> 59:03.393 [SPEAKER_00]: He's on the podcast. 59:03.413 --> 59:03.954 [SPEAKER_00]: Yeah, yeah. 59:03.974 --> 59:08.262 [SPEAKER_00]: In the next five to ten years, far as sooner, he's definitely going to be one of big stages. 59:08.702 --> 59:13.411 [SPEAKER_00]: Like, uh, it was a bigger event, like a Cisco Live or something like that. 59:13.431 --> 59:14.112 [SPEAKER_00]: So that's a dream. 59:14.092 --> 59:18.137 [SPEAKER_02]: Man, listen, I felt like I made it if AfroTech gave me a chance. 59:18.197 --> 59:19.478 [SPEAKER_02]: AfroTech followed me, man. 59:19.658 --> 59:21.621 [SPEAKER_02]: You know what I'm saying? 59:21.641 --> 59:22.261 [SPEAKER_00]: I'm out here. 59:22.381 --> 59:25.145 [SPEAKER_02]: I'm trying to get my knowledge to the people, man. 59:25.165 --> 59:25.865 [SPEAKER_02]: And you're playing. 59:26.566 --> 59:29.450 [SPEAKER_00]: So, I think they're going to be a good take on. 59:29.730 --> 59:31.192 [SPEAKER_02]: Okay, yeah, yeah, I first show off for show off. 59:31.212 --> 59:40.302 [SPEAKER_02]: But like I said, I listen, any spaces that people can, you know, that I can share my voice, you know, any conference, you know, I love to be there, you know? 59:40.467 --> 59:49.644 [SPEAKER_00]: So what is one thing you want to leave with the audience is a quote statement something you just want to let the people to keep the Hocus is the hope is down bad right here. 59:49.804 --> 01:00:04.551 [SPEAKER_02]: Yeah, yeah, ah, let's something I want to read, which uh Whatever room you're in you belong there 01:00:05.577 --> 01:00:07.919 [SPEAKER_02]: Uh, that's a good one. 01:00:07.939 --> 01:00:31.483 [SPEAKER_02]: I think that sometimes we can cycle ourselves out of the opportunities we have because not a lot of people like us in those spaces that look like us, that sound like us, that thing like us, but wherever you are, you belong there, wherever you're aspiring to go, you can be there because you have to believe in yourself first and others will continue to believe in you and believe in your mission. 01:00:32.240 --> 01:00:33.681 [SPEAKER_00]: Hey man, I almost tear it up. 01:00:34.462 --> 01:00:35.723 [SPEAKER_02]: I don't fade with me. 01:00:35.743 --> 01:00:39.487 [SPEAKER_00]: Because for a long, it's brother like, I didn't even think I belonged to any room. 01:00:39.607 --> 01:00:39.847 [SPEAKER_00]: Yeah. 01:00:39.867 --> 01:00:41.869 [SPEAKER_00]: I thought it was just, they're just inviting me. 01:00:41.889 --> 01:00:42.269 [SPEAKER_00]: Yeah. 01:00:42.289 --> 01:00:43.390 [SPEAKER_00]: And I acted in that way. 01:00:43.510 --> 01:00:45.352 [SPEAKER_00]: Now, I just let them know I'm here. 01:00:45.572 --> 01:00:45.732 [SPEAKER_00]: Yeah. 01:00:45.752 --> 01:00:46.753 [SPEAKER_00]: I don't get what you're gonna say. 01:00:46.773 --> 01:00:47.514 [SPEAKER_00]: I'm still tall. 01:00:47.634 --> 01:00:49.055 [SPEAKER_00]: No, for real, though. 01:00:49.075 --> 01:00:52.618 [SPEAKER_00]: It hit me because I remember my, you kind of had a flashback to my old self. 01:00:52.658 --> 01:00:53.879 [SPEAKER_00]: You know how that would be where I see this? 01:00:54.500 --> 01:00:57.323 [SPEAKER_00]: Like, I'm talking about the no beer, Chris, no swag, or nothing. 01:00:57.403 --> 01:00:58.464 [SPEAKER_00]: You know what I'm saying? 01:00:58.484 --> 01:00:58.624 [SPEAKER_02]: Yeah. 01:00:58.664 --> 01:01:02.247 [SPEAKER_00]: Swaggy didn't save my boy. 01:01:02.227 --> 01:01:10.001 [SPEAKER_00]: So thank you for coming, spending an hour of your time or more than an hour, spending your time. 01:01:10.142 --> 01:01:15.231 [SPEAKER_00]: I appreciate any guest that comes here, spend a time to drive, just to educate this audience. 01:01:15.291 --> 01:01:24.268 [SPEAKER_00]: So I appreciate you for giving me this opportunity to speak your story and we're definitely going to do things in the future, but I thank you for everything you've done. 01:01:24.248 --> 01:01:34.783 [SPEAKER_02]: Yeah, I know man, and I pre-structure for having him as the blessing and honor to be here and honestly being able to continue to pour into people the same way that we've been poured into a well. 01:01:34.844 --> 01:01:51.488 [SPEAKER_02]: So, you know, you have a great, great platform, and you all check my man out, you know, I'm saying you got some good things to share, you know, not only for here and not only with things he done the past, but continue as his podcast continues to grow, continue to wipe out how good it can get for sure. 01:01:51.687 --> 01:02:00.456 [SPEAKER_00]: Just to say away off of that, remember everybody like the video, subscribe to the channel, comment down below if you hadn't any thoughts about the cyber security space or in GRC. 01:02:00.776 --> 01:02:08.764 [SPEAKER_00]: Remember check out TechWorldPocass.com, get some of the merch, subscribe to the newsletter, check out rmfacademy.io. 01:02:09.024 --> 01:02:17.553 [SPEAKER_00]: If you're trying to get some training on rmf, or just want to learn about the rmf space, and remember that everybody, remember, get 1% better every day. 01:02:17.853 --> 01:02:20.496 [SPEAKER_00]: Peace out, I'll see you on the next one.