WEBVTT 00:01.178 --> 00:04.322 [SPEAKER_03]: Welcome everybody to another edition of the Techwork Podcast. 00:04.342 --> 00:07.967 [SPEAKER_03]: I am your host, Chris, our mess special inside the Gov takes space. 00:08.428 --> 00:12.173 [SPEAKER_03]: And in today's podcast, we have an amazing guest. 00:12.794 --> 00:14.096 [SPEAKER_03]: His name is Jason Dion. 00:14.136 --> 00:19.022 [SPEAKER_03]: Jason Dion has trained over a million people on how to get into cybersecurity. 00:19.423 --> 00:26.933 [SPEAKER_03]: As trains has different certification train like the A plus security plus has trained a lot of people to get into the career. 00:26.913 --> 00:34.865 [SPEAKER_03]: help so many people has two businesses that he created Jason Deion training and didn't also you have accolade. 00:35.205 --> 00:39.331 [SPEAKER_03]: So without further ado, we'd have the great gas Jason Deion. 00:39.351 --> 00:39.912 [SPEAKER_03]: How you doing sir? 00:40.473 --> 00:41.174 [SPEAKER_00]: Hey, it's great to be here. 00:41.194 --> 00:42.035 [SPEAKER_00]: Thanks for having me Christopher. 00:42.576 --> 00:44.559 [SPEAKER_03]: Yeah, and again, I was telling you offline. 00:44.579 --> 00:49.326 [SPEAKER_03]: I don't want to say it twice, but I want to make sure that the audience can see, you know, my appreciation. 00:49.306 --> 00:51.048 [SPEAKER_03]: Just thank you for coming on this podcast. 00:51.068 --> 00:52.190 [SPEAKER_03]: This is a common home moment. 00:52.210 --> 00:54.172 [SPEAKER_03]: I remember when I was just coming home. 00:54.793 --> 00:58.037 [SPEAKER_03]: I was training for the security plus and I needed one thing to give me through. 00:58.097 --> 01:03.784 [SPEAKER_03]: Now, took your test training for the security plus and it mirrored the test so much that and when I took it, it was easier. 01:03.824 --> 01:08.630 [SPEAKER_03]: So I just want to give you all the praises because I wouldn't even be where I'm at today without taking your training. 01:09.230 --> 01:13.035 [SPEAKER_03]: Other training, but I appreciate you coming on this podcast, man. 01:13.167 --> 01:13.808 [SPEAKER_00]: Yeah, definitely. 01:14.029 --> 01:14.730 [SPEAKER_00]: I'm happy to help. 01:14.951 --> 01:23.909 [SPEAKER_00]: And yeah, I find that when I am writing questions for the test, I try to make them as accurate to come to you or people started, whichever sort as possible. 01:24.550 --> 01:33.488 [SPEAKER_00]: And in fact, funny story, I actually got a letter from people started one point and they had thought that we had copied their tests because our questions were so close to the real good. 01:33.468 --> 01:57.872 [SPEAKER_00]: And they had to pull out like all the videos of me taking the test to see I didn't copy your test and that like the last time I had taken the test was you know a few years before and it was a whole thing but like they're like your questions are so accurate like you literally have one of the questions that's word for word on our test and like well I just know how to dissect your questions based on your sample exams to know what things you're likely to ask so I tried to do that for my students because like you said it makes it more comfortable for you guys as you're ready to take an exam if you've seen this kind of stuff before. 01:58.291 --> 02:13.650 [SPEAKER_03]: Yeah, because a lot of people are telling you the scenario question is that a lot of people can decipher those even me I was like what's going on firewall this access control quality is you literally break it down like you like you said you decipher so any regular person can understand. 02:14.255 --> 02:15.056 [SPEAKER_00]: Yeah, I mean, that's the goal. 02:15.096 --> 02:18.021 [SPEAKER_00]: I mean, a lot of times these questions on the test are not hard. 02:18.121 --> 02:19.183 [SPEAKER_00]: It's just the way they word them. 02:19.543 --> 02:20.705 [SPEAKER_00]: Like, I know you have your security plus. 02:21.226 --> 02:25.753 [SPEAKER_00]: And I'm not sure if you have CISSP, but when you go to CISSP, a lot of the stuff is the same stuff you learn that's scary plus. 02:25.793 --> 02:32.142 [SPEAKER_00]: But the way they ask questions is so much more difficult, even though the same thing is being tested. 02:32.283 --> 02:37.691 [SPEAKER_00]: And so just the way that you write a question can really make it a level one question or a level five question. 02:37.711 --> 02:42.979 [SPEAKER_00]: And you'll see that between like security plus or certified in cyber or SSCP or security 02:42.959 --> 02:43.861 [SPEAKER_00]: CISSP. 02:43.941 --> 02:53.960 [SPEAKER_00]: They all ask the same things about firewalls and access control lists and encryption and blah, blah, blah, but like the way you ask the question is very different because I need to say, what is a firewall that's a very direct question. 02:53.980 --> 02:57.807 [SPEAKER_00]: But if I go, oh, here's a question about a firewall and here's all the scenario around it. 02:57.827 --> 03:05.001 [SPEAKER_00]: I give you all this fluff and filler and now you have to think like in the real world, how do they set what is the question being asked because that's actually the key of what we do in the real world. 03:05.740 --> 03:07.683 [SPEAKER_03]: Yeah, and that's pretty much what it is. 03:08.283 --> 03:14.572 [SPEAKER_03]: I did want to actually question, listen, Jason, you have trained over a million plus people. 03:15.513 --> 03:16.675 [SPEAKER_03]: That's amazing, by the way. 03:17.996 --> 03:23.704 [SPEAKER_03]: What's the biggest robot you have when training for people that are just trying to get a career in sub-security in general? 03:23.824 --> 03:24.525 [SPEAKER_03]: Or IT? 03:25.535 --> 03:30.004 [SPEAKER_00]: You know, I think the biggest thing that people struggle with is not knowing even where to start or what to do. 03:30.726 --> 03:38.783 [SPEAKER_00]: I hear this all the time, like I, in fact, just this weekend, I was at a party, and so he said, hey, you know, I heard you're a cyber guy, and I'm interesting getting you the cyber security, and like that's awesome. 03:39.324 --> 03:40.346 [SPEAKER_00]: What do you want to do in cyber security? 03:40.366 --> 03:41.769 [SPEAKER_00]: They go, I want to be in cyber security here. 03:41.789 --> 03:43.312 [SPEAKER_00]: It's a great career field, and what you think it is. 03:43.653 --> 03:45.737 [SPEAKER_00]: But cyber security is not a job. 03:45.717 --> 03:48.182 [SPEAKER_00]: it is 30 plus different jobs, right? 03:48.463 --> 03:50.126 [SPEAKER_00]: And we have to figure out what job you want. 03:50.667 --> 03:53.112 [SPEAKER_00]: Like I know you work in the government contracting space. 03:53.253 --> 03:55.577 [SPEAKER_00]: I used to work in and around the government space for a long time as well. 03:56.499 --> 03:58.664 [SPEAKER_00]: And there are many, many different roles. 03:58.844 --> 04:02.612 [SPEAKER_00]: There are jobs for IAM, which is identity and access management. 04:02.592 --> 04:05.299 [SPEAKER_00]: There are jobs for system engineering and security engineering. 04:05.319 --> 04:06.562 [SPEAKER_00]: There are firewall technicians. 04:06.582 --> 04:08.406 [SPEAKER_00]: There are security operations analysts. 04:08.426 --> 04:09.449 [SPEAKER_00]: There are sock analysts, right? 04:09.890 --> 04:10.752 [SPEAKER_00]: There are pen testers. 04:10.812 --> 04:12.095 [SPEAKER_00]: There's all these different roles. 04:12.536 --> 04:13.679 [SPEAKER_00]: And everyone is different. 04:14.040 --> 04:15.283 [SPEAKER_00]: And you'll meet personally. 04:15.303 --> 04:16.385 [SPEAKER_00]: I've not done all 30 roles. 04:16.466 --> 04:20.415 [SPEAKER_00]: I've done about 10 of those 30 roles over my 25 plus year screen. 04:20.395 --> 04:31.418 [SPEAKER_00]: Which is still more than most people most people do one or two of these roles for 20 or 30 years and so You know, not even knowing where to start is usually the biggest challenge for people and then even if they do know where they want to be like I hear a lot of people. 04:31.498 --> 04:32.881 [SPEAKER_00]: I would be a pen tester because I saw Mr. 04:32.921 --> 04:36.489 [SPEAKER_00]: Robot and it looks cool and I want to be a hacker like well That's great now. 04:36.669 --> 04:38.573 [SPEAKER_00]: What do you need to do to become a good hacker? 04:38.553 --> 04:41.297 [SPEAKER_00]: And building up that roadmap of these are the certifications you need. 04:41.317 --> 04:42.379 [SPEAKER_00]: These are the skills you need. 04:42.419 --> 04:43.600 [SPEAKER_00]: These are the training you need. 04:44.061 --> 04:48.347 [SPEAKER_00]: These are the type of environment you need to practice in that's usually the hardest thing. 04:48.928 --> 04:55.718 [SPEAKER_00]: And the best thing I can advise for somebody who's getting into it is the first thing you want to do is kind of look at the different careers that are out there. 04:55.698 --> 05:02.247 [SPEAKER_00]: and talk with people who are in them, so find people like me, find people like you, and go, hey Chris, I know that you work as a blank, a sock analyst. 05:02.548 --> 05:04.731 [SPEAKER_00]: Can you just, you know, I'll take you to coffee and tell me about your day. 05:04.771 --> 05:05.532 [SPEAKER_00]: What does it look like? 05:05.913 --> 05:12.082 [SPEAKER_00]: Because so many people told me, I want to be a pen tester or a hacker, and then they talked to somebody who is a pen tester or a hacker, they go, oh, I don't want to do that. 05:12.462 --> 05:17.550 [SPEAKER_00]: Because what they don't feel like, it's 90 percent of the time is research, report writing, and analysis. 05:17.930 --> 05:19.933 [SPEAKER_00]: It's not actually doing the hands-on keyboard hacking stuff. 05:19.913 --> 05:22.076 [SPEAKER_00]: And that's a very, very small part of being a pen tester. 05:22.636 --> 05:27.983 [SPEAKER_00]: And so understanding what you're going into because to get to that role, might take you two, three, four years. 05:28.403 --> 05:31.627 [SPEAKER_00]: If you're running towards that as your goal and then you get there, you're like, this was a miserable goal. 05:31.948 --> 05:33.229 [SPEAKER_00]: You're going to be miserable for the rest of your life. 05:34.291 --> 05:39.918 [SPEAKER_00]: I have a friend who went to law school, seven years of college between undergrad and graduate to become a lawyer, and they hate being a lawyer. 05:40.178 --> 05:43.962 [SPEAKER_00]: But now they're committed to doing it because they spent $300,000 in student loans to get there. 05:44.243 --> 05:46.866 [SPEAKER_00]: So make sure what you're aiming for is what you really want to be at. 05:47.302 --> 05:49.265 [SPEAKER_03]: Yeah, because let me let me give you an example. 05:50.187 --> 05:53.312 [SPEAKER_03]: I was a new person trying to get in this cyber and again, I watched your course. 05:53.813 --> 05:54.995 [SPEAKER_03]: I thought cyber was cyber. 05:55.436 --> 05:58.922 [SPEAKER_03]: So I was like, okay, while I was a project manager, I can get into GRC. 05:59.663 --> 06:04.151 [SPEAKER_03]: GRC is a good field, but you know, it's a lot of work, man. 06:04.171 --> 06:05.253 [SPEAKER_03]: It might not be for you. 06:05.293 --> 06:09.360 [SPEAKER_03]: So you're advising in general, just like, focus on one thing in, in, in. 06:09.813 --> 06:12.018 [SPEAKER_00]: Yeah, I think it's figuring out what you want to do. 06:12.559 --> 06:16.628 [SPEAKER_00]: And the nice thing is these days, when I started out, I started out back in the late 90s. 06:16.769 --> 06:23.684 [SPEAKER_00]: So I'm showing my age here, but I'm a mid 40 year old guy and I'm back in the 90s and I'm going to be 46. 06:23.724 --> 06:27.653 [SPEAKER_00]: So I'm an older guy, I've been doing this for a while, I've been doing this for about 25 years. 06:27.633 --> 06:33.580 [SPEAKER_00]: And when I started out, we didn't have the benefit of things like YouTube and Discord channels or podcasts or any of this stuff, right? 06:33.980 --> 06:41.108 [SPEAKER_00]: So the only way you kind of figured out what you wanted to do was starting to do stuff or maybe you met somebody and you're like, Oh, you're in that field. 06:41.148 --> 06:42.029 [SPEAKER_00]: Tell me about what you do. 06:42.329 --> 06:44.131 [SPEAKER_00]: It was kind of old school, taking a coffee kind of thing. 06:44.492 --> 06:52.941 [SPEAKER_00]: Nowadays, there's complete YouTube channels dedicated to a day in the life of a sock analyst, a day in the life of a pen tester, a day in the life of a GRC specialist, right? 06:53.301 --> 06:57.606 [SPEAKER_00]: And there's all these different things, you can watch those videos and start seeing what do you like and what don't you like. 06:57.586 --> 07:00.168 [SPEAKER_00]: going to GRC, I love to bring up GRC. 07:00.549 --> 07:03.812 [SPEAKER_00]: GRC for those you don't know, governance, risk and compliance. 07:03.832 --> 07:04.873 [SPEAKER_00]: It's a great career field. 07:05.313 --> 07:06.254 [SPEAKER_00]: Really good salaries. 07:06.434 --> 07:10.878 [SPEAKER_00]: Generally, you're going to be making between $100 and $200,000 a year in those roles, depending on where you live in the US. 07:11.779 --> 07:16.003 [SPEAKER_00]: Generally, you can get into one of those roles after one to two years of experience inside the world of IT and cyber. 07:16.643 --> 07:21.648 [SPEAKER_00]: And my company, actually, we, just to be up front here, we specialize in GRC certifications. 07:22.168 --> 07:27.593 [SPEAKER_00]: We have ones around the NIS cybersecurity framework, 07:27.573 --> 07:31.319 [SPEAKER_00]: So we have six certifications are all focused on that and they really focused on GRC. 07:31.339 --> 07:32.560 [SPEAKER_00]: So I'm a big GRC fan. 07:33.302 --> 07:36.867 [SPEAKER_00]: That being said, you may not like being a GRC analyst. 07:37.448 --> 07:39.651 [SPEAKER_00]: Me personally, I have done it many times in my career. 07:40.132 --> 07:46.341 [SPEAKER_00]: It is a good career field and you'll make good money and it's a stable work that will not be replaced anytime soon by AI. 07:46.321 --> 07:48.324 [SPEAKER_00]: but it is a lot of paperwork. 07:48.344 --> 07:49.907 [SPEAKER_00]: It is a lot of detail oriented stuff. 07:50.047 --> 07:52.691 [SPEAKER_00]: And I don't love that to be quite honest. 07:52.711 --> 07:53.893 [SPEAKER_00]: I am more of a big picture guy. 07:53.953 --> 07:55.355 [SPEAKER_00]: I like to run around and do a bunch of stuff. 07:56.056 --> 07:58.280 [SPEAKER_00]: And I don't want to be a checklist oriented guy going down the checklist. 07:58.300 --> 07:59.983 [SPEAKER_00]: So I've managed GRC teams. 08:00.123 --> 08:01.305 [SPEAKER_00]: I've been on GRC teams. 08:01.685 --> 08:05.832 [SPEAKER_00]: But if I was picking a career field, me personally Jason, it doesn't fit my personality style. 08:05.812 --> 08:11.825 [SPEAKER_00]: On the other hand, I know people want to be pen testers, pen testers all about figuring things out and puzzles and it's not the same way twice. 08:12.246 --> 08:17.698 [SPEAKER_00]: If you get frustrated doing things like escape rooms, you're not going to want to be a pen tester because that's really your life being a pen tester. 08:18.259 --> 08:19.943 [SPEAKER_00]: It's a constant escape from over and over again. 08:20.324 --> 08:23.230 [SPEAKER_00]: And so it's knowing yourself and knowing what you like doing. 08:23.210 --> 08:27.058 [SPEAKER_00]: Um, you know, my kid is 21 and they like very regimented work. 08:27.078 --> 08:30.025 [SPEAKER_00]: If they get a checklist, they can go step one to step 10, they're happy. 08:30.305 --> 08:31.648 [SPEAKER_00]: So for them, GRC may be great. 08:31.969 --> 08:33.231 [SPEAKER_00]: Pen testing would be horrible, right? 08:33.472 --> 08:36.899 [SPEAKER_00]: And so it's knowing yourself and knowing where you want to be and learning these kind of things is really helpful. 08:36.939 --> 08:37.320 [SPEAKER_00]: I think. 08:37.807 --> 08:41.292 [SPEAKER_03]: Not us, that's the great analogy to the escape rooms I hate them. 08:41.452 --> 08:44.457 [SPEAKER_03]: I always, that's like a pen test in class and I'm like, that's not for me. 08:44.497 --> 08:45.398 [SPEAKER_03]: I can't do that. 08:45.799 --> 08:47.301 [SPEAKER_03]: I would lose whatever here I have left. 08:47.321 --> 08:48.783 [SPEAKER_00]: You know what I mean? 08:48.803 --> 08:50.766 [SPEAKER_00]: I can see I've already lost my mind. 08:51.888 --> 08:54.472 [SPEAKER_03]: So Jason, don't be a little bit selfish and actually a question. 08:54.732 --> 08:57.496 [SPEAKER_03]: You've been working, but you said, you've been working in this bill for the 90s. 08:57.536 --> 08:59.720 [SPEAKER_03]: You taught people, trained different people. 09:00.160 --> 09:05.248 [SPEAKER_03]: Can you explain to me, and this is something I'm struggling with, and this can also help newer people. 09:05.228 --> 09:11.380 [SPEAKER_03]: And cybersecurity, it can be a little difficult because sometimes you might not have to know how to break down advanced topics. 09:11.400 --> 09:22.360 [SPEAKER_03]: And you know, as working in your art career, you're going to have to know how to do that where talking to different people, even teaching people, how would you recommend somebody do that and to progress their career? 09:22.643 --> 09:31.616 [SPEAKER_00]: Yeah, so for me, I find that being able to make an analogy to something I already know and you probably already have seen this in the first ten minutes of us talking, I use a lot of analogies. 09:32.557 --> 09:35.361 [SPEAKER_00]: So I find that that helps me and usually helps my students. 09:35.762 --> 09:40.749 [SPEAKER_00]: So if I go, oh well, this thing like a firewall, you took my security plus course. 09:40.769 --> 09:42.932 [SPEAKER_00]: So one of the things I talk about a firewall is access control list. 09:43.313 --> 09:45.336 [SPEAKER_00]: And that's what allows your denies things into the building. 09:45.356 --> 09:49.121 [SPEAKER_00]: So I'm like, oh, well, this is like if you go to the nightclub, there's the guy at the front door and he's got the checklists. 09:49.141 --> 09:50.383 [SPEAKER_00]: He's like, oh, it's Jason on the list. 09:50.403 --> 09:52.566 [SPEAKER_00]: Yes, Jason can come in. 09:52.546 --> 09:56.692 [SPEAKER_00]: Chris has to go home and that's what it's allowing in denying people access, right? 09:57.093 --> 10:10.032 [SPEAKER_00]: And when I say that and you're sitting there on the test you're like, oh, you can visualize that, you can picture it because a lot of times it's stuff we're doing with in cyber and IT, it's so fuzzy, it's one's in zeros that are in the middle of nowhere, right? 10:10.193 --> 10:14.639 [SPEAKER_00]: As we're talking, there's Wi-Fi signals going through the air and that is being transmitted, right? 10:14.839 --> 10:20.528 [SPEAKER_00]: But you can't see any of that unless you put up a PCAP catcher and you start capturing their traffic. 10:20.710 --> 10:24.497 [SPEAKER_00]: But by being able to make, you know, analogies to this, it helps people. 10:24.858 --> 10:34.115 [SPEAKER_00]: So one of the things I talk about with like Wi-Fi is, you know, in the newer versions of Wi-Fi, we got almost great these like secure little pipes so that, you know, when Chris is talking to my router, it's one pipe, and I can't see into it. 10:34.155 --> 10:38.483 [SPEAKER_00]: And I have another pipe between me and my router, even though they're invisible pipes to the other, to the other ways. 10:38.463 --> 10:42.269 [SPEAKER_00]: So I find breaking those complex topics down into something that you can relate to. 10:42.329 --> 10:45.233 [SPEAKER_00]: It's something you can kind of hang on and your memory will catch it. 10:45.854 --> 10:49.018 [SPEAKER_00]: It's just something I've always done since I was in middle school high school college. 10:49.479 --> 10:52.664 [SPEAKER_00]: And so I teach people how to do that and kind of cream these frames around it. 10:52.784 --> 10:55.428 [SPEAKER_00]: Otherwise, if it's just this abstract concept, it's hard to remember. 10:56.069 --> 11:06.664 [SPEAKER_00]: Because if you try to memorize these scary plus textbook, but it's 700 pages, I don't know about you, but I can't memorize 700 pages, but I can memorize the concepts or understand the concepts by applying them to other things I know. 11:06.644 --> 11:12.494 [SPEAKER_00]: And so the more you can do that, the less you have to memorize and the more it just kind of becomes integrated into your knowledge system. 11:13.115 --> 11:15.519 [SPEAKER_00]: And I've done a lot of study and work on learning and development. 11:15.880 --> 11:22.110 [SPEAKER_00]: And really, the more you can take a something and tie it to something you already know, it sticks longer than just trying to memorize. 11:22.551 --> 11:25.736 [SPEAKER_00]: Oh, port 80 is the web port and port 443 is secure web port, right? 11:26.377 --> 11:27.319 [SPEAKER_00]: So things like that. 11:27.856 --> 11:40.785 [SPEAKER_03]: Yeah, I can tell you've been doing this a long time because when I actually, you can't fire in, uh, you gave an out of geez that then people can recognize really, really quickly and, and it helps and it helps people just because a lot of people are not technical and you got to explain this to people. 11:41.322 --> 11:46.091 [SPEAKER_00]: Yeah, that's a great point because when I started teaching this stuff, I started teaching in a college classroom. 11:46.432 --> 11:49.317 [SPEAKER_00]: So I was a professor at Animal Community College in Maryland. 11:49.477 --> 11:54.467 [SPEAKER_00]: I taught for Liberty University in Virginia and I taught for University in Maryland, up in Maryland as well. 11:55.168 --> 11:59.837 [SPEAKER_00]: And when I was some of my students, I had 18 year olds and I had 68 year olds all in the same class. 11:59.817 --> 12:05.444 [SPEAKER_00]: And so I have to kind of like go around and say, okay, what analogy works with the 18 year olds and what analogy works with the 68 year olds? 12:05.464 --> 12:12.232 [SPEAKER_00]: So I try to find things that are just universally acceptable, right, and people understand, because they do have such cultural different backgrounds and things like that. 12:13.474 --> 12:18.099 [SPEAKER_00]: But the more that I taught in person, I saw those quizzical like, huh, looks, like, okay, let me try this. 12:18.200 --> 12:19.221 [SPEAKER_00]: And then I'd see where it landed. 12:19.381 --> 12:29.233 [SPEAKER_00]: And so by the time you get to my video courses, five years after me being in the classroom for five years or five or seven years, I had a lot of these analogies worked out just because I saw that live interaction with people. 12:30.192 --> 12:34.079 [SPEAKER_03]: But that's why you've done over a million people. 12:34.099 --> 12:34.800 [SPEAKER_03]: So that's day. 12:35.982 --> 12:37.465 [SPEAKER_03]: God chose you for a reason to do that. 12:38.968 --> 12:44.317 [SPEAKER_03]: So Jason, I talked to so many people in the cybersecurity space. 12:44.337 --> 12:45.700 [SPEAKER_03]: I know you would certifications. 12:45.720 --> 12:47.823 [SPEAKER_03]: You teach to A plus, security plus. 12:47.843 --> 12:50.508 [SPEAKER_03]: I know you have a new software that you're working off a GRC. 12:50.568 --> 12:53.213 [SPEAKER_03]: I'm very familiar, accolade, and all this stuff. 12:54.053 --> 12:57.801 [SPEAKER_03]: People sometimes come to you and say, with certifications should I do? 12:58.082 --> 13:01.208 [SPEAKER_03]: Even me, I'm working on my CSSP, but I need my CSSP. 13:01.248 --> 13:03.874 [SPEAKER_03]: Some people need a digital forensic to get an digital forensics. 13:04.154 --> 13:06.780 [SPEAKER_03]: How would you guide somebody on getting certifications? 13:07.132 --> 13:09.955 [SPEAKER_00]: Yeah, so the first thing I would say is they're not Pokemon cards. 13:10.115 --> 13:13.700 [SPEAKER_00]: You don't have to collect them all because I see some people out there and they try to collect them all. 13:14.040 --> 13:17.344 [SPEAKER_00]: Or they look at my resume on LinkedIn like, oh, well, Jason's got 30 plus certifications. 13:17.364 --> 13:19.606 [SPEAKER_00]: So I should get 30 plus certifications. 13:19.847 --> 13:23.551 [SPEAKER_00]: Generally, for most people, you need about three to five key certifications, right? 13:24.152 --> 13:25.934 [SPEAKER_00]: Pretty much most of us start out with security plus. 13:25.954 --> 13:28.437 [SPEAKER_00]: That's kind of the foundation and you've done that, I've done that. 13:28.897 --> 13:33.983 [SPEAKER_00]: And the good thing about security plus is, I don't get to say this first, security plus is not going to get you a job. 13:33.963 --> 13:34.384 [SPEAKER_00]: Right. 13:34.685 --> 13:37.491 [SPEAKER_00]: I hear somebody will go, I'm getting my screen plus I'm going to get a job. 13:37.511 --> 13:47.452 [SPEAKER_00]: Well, maybe it is required for a lot of jobs, especially if you're in the government space, it covers 70 to 75% of the government jobs under the DOD 8570 requirement. 13:47.793 --> 13:49.076 [SPEAKER_00]: So it is good to get, right? 13:49.096 --> 13:52.022 [SPEAKER_00]: And I think that's why you have it because your government contract is well, right? 13:52.002 --> 13:57.512 [SPEAKER_00]: So, and that's why I got mine originally because back in 2007, the government said, that shall get security plus. 13:57.572 --> 13:59.295 [SPEAKER_00]: I can do that point. 13:59.636 --> 14:01.119 [SPEAKER_00]: I'm like, okay, you want me to go get my screen plus. 14:01.139 --> 14:01.940 [SPEAKER_00]: I'll get my screen plus. 14:02.621 --> 14:06.288 [SPEAKER_00]: But I do find the value in that cert is that we all are now speaking to same language. 14:06.308 --> 14:07.971 [SPEAKER_00]: We know what the basic fundamentals are. 14:08.352 --> 14:12.880 [SPEAKER_00]: My big complaint with security plus is that it doesn't teach you how to do anything. 14:12.860 --> 14:15.866 [SPEAKER_00]: It's, it's a lot of knowledge and it's, it's kind of the good overview. 14:15.926 --> 14:17.589 [SPEAKER_00]: So we talk about those 30 careers. 14:17.769 --> 14:19.152 [SPEAKER_00]: There's a little bit of digital forensics. 14:19.192 --> 14:19.993 [SPEAKER_00]: That's one career path. 14:20.013 --> 14:21.075 [SPEAKER_00]: There's a little bit of GRC. 14:21.095 --> 14:21.576 [SPEAKER_00]: That's another. 14:21.797 --> 14:24.682 [SPEAKER_00]: There's a little bit of identity and information management. 14:24.882 --> 14:25.664 [SPEAKER_00]: So that's another, right? 14:25.844 --> 14:27.547 [SPEAKER_00]: There's a little bit of pen testing, a little bit of sake. 14:27.567 --> 14:32.997 [SPEAKER_00]: So they've got all these little things and you've got 10 or 15 careers all thrown into security plus, but you're not going to be an expert in any of them. 14:33.017 --> 14:34.099 [SPEAKER_00]: You're just going to get the groundwork. 14:34.119 --> 14:36.083 [SPEAKER_00]: So that's kind of the first one I usually recommend. 14:36.485 --> 14:38.888 [SPEAKER_00]: From there, you need to figure out where you want to go, right? 14:38.989 --> 14:51.086 [SPEAKER_00]: And it sounds like you're getting put into either a level two or three, or sorry, a level three engineering job on the operation side, or you're being a level two or level three major in the government space, in which case you're going to need your CISSP. 14:51.466 --> 14:53.069 [SPEAKER_00]: CISSP is a management certification. 14:53.449 --> 14:53.970 [SPEAKER_00]: Again, 14:53.950 --> 14:57.634 [SPEAKER_00]: You can hear CISSP, and it's not going to teach you how to do something. 14:57.934 --> 15:01.698 [SPEAKER_00]: You're going to ask and answer questions about a bunch of scenarios, right? 15:02.279 --> 15:05.683 [SPEAKER_00]: And this is why I'm going to go on a little side tangent here. 15:05.943 --> 15:07.124 [SPEAKER_00]: The reason I created Accolade. 15:07.144 --> 15:11.609 [SPEAKER_00]: So I'm a founder of Accolade, which is a new certification brand came out about three years ago. 15:12.210 --> 15:17.916 [SPEAKER_00]: And we don't look at ourselves as competing with the CISSP's or the security pluses of the world, but we want to compliment them. 15:17.896 --> 15:24.405 [SPEAKER_00]: So once you get your scary plus and you're going to work in, let's say GRC, you probably need to know about the NIS cybersecurity framework. 15:24.425 --> 15:28.711 [SPEAKER_00]: Well, in security plus, there are three paragraphs in the textbook on the NIS cybersecurity framework. 15:29.872 --> 15:32.736 [SPEAKER_00]: There is a page in the textbook on the NIS cybersecurity framework. 15:33.036 --> 15:38.424 [SPEAKER_00]: But any GRC person can tell you, that's what they spend 90% of their day on is doing the NIS cybersecurity framework. 15:38.444 --> 15:43.110 [SPEAKER_00]: So what we did was we actually took the NIS cybersecurity framework and made an entire certification just on it. 15:43.090 --> 15:45.053 [SPEAKER_00]: and we made it practical and hands on. 15:45.314 --> 15:47.037 [SPEAKER_00]: So you're actually going through and doing things. 15:47.057 --> 16:03.343 [SPEAKER_00]: So if you get your CC, your CCRP, which is your certified cyber resilience, practitioner certification, that means you know the niss cybersecurity framework inside now, you can run an assessment and you can provide value to your clients, as a cybersecurity consultant. 16:03.364 --> 16:05.487 [SPEAKER_00]: That's what we really focused on with that certification. 16:05.467 --> 16:13.181 [SPEAKER_00]: And so, you know, all that to say is, as you're thinking about where you want to go with your shirts, there's a mix of knowledge and there's a mix of practical. 16:13.462 --> 16:22.919 [SPEAKER_00]: If you just get the knowledge-based shirts like your security plus, your CISSP, your AZ-900, your cloud practitioner from AWS, whatever, those are all knowledge-shirts. 16:22.999 --> 16:24.943 [SPEAKER_00]: There's no practicality to them. 16:24.923 --> 16:34.617 [SPEAKER_00]: But when you start doing things like OSCP, that's online, the offensive security certified professional, that is how do you use Calilinics and actually hack somebody and write a pre-report. 16:34.717 --> 16:39.103 [SPEAKER_00]: That is what a junior pen tester needs to be able to pass because it shows me you can hack, right? 16:39.944 --> 16:47.134 [SPEAKER_00]: Similarly, there's ones like that for sock analysts, there's blue team ones, there's red team ones, there's our stuff for GRC, there's lots of certifications out there 16:47.114 --> 16:50.999 [SPEAKER_00]: But as you figure out like what that career is, then you start picking out what are the three or four that you need. 16:51.039 --> 16:53.522 [SPEAKER_00]: So I kind of recommend everybody starts with security plus. 16:53.903 --> 16:59.230 [SPEAKER_00]: And then you start moving into your specific variant of where you want to go and get those two or three to get you up there. 16:59.370 --> 17:02.834 [SPEAKER_00]: I think I gave you a long answer to a short question, but that's kind of the way I think about things. 17:03.916 --> 17:06.419 [SPEAKER_03]: I had to hit you with that too. 17:06.459 --> 17:07.020 [SPEAKER_03]: Appreciate it. 17:07.040 --> 17:08.782 [SPEAKER_03]: Shout out to Accolade too, make sure you check it out. 17:09.503 --> 17:12.627 [SPEAKER_03]: But I did want to say also, that's where training is going to now. 17:13.228 --> 17:16.632 [SPEAKER_03]: It's more about you need to get practical experience. 17:16.612 --> 17:17.995 [SPEAKER_03]: and you need to prove something. 17:18.035 --> 17:20.140 [SPEAKER_03]: So yeah, I appreciate you, which you create. 17:20.160 --> 17:21.543 [SPEAKER_03]: I know you seen this trying to wild back. 17:21.563 --> 17:26.956 [SPEAKER_03]: So I'm glad you're on it and you're training people with sped up just getting the certification, which and it's no issue with that. 17:28.419 --> 17:28.900 [SPEAKER_03]: Yeah. 17:29.183 --> 17:43.008 [SPEAKER_00]: Yeah, and there's a lot of great trains out there and I think it's also brings up the idea of, you know, training versus certification because there are two different things right and that's one of the things I was thought was interesting is when I took my CEH, which was 15 years ago now. 17:43.729 --> 17:48.939 [SPEAKER_00]: We had a trainer come in and they taught the whole class and like literally he comes in and he goes, okay, we can do one or two things. 17:49.179 --> 17:52.585 [SPEAKER_00]: I can teach out a past exam this week or I could teach you to hack this week. 17:52.605 --> 17:53.487 [SPEAKER_00]: What do you guys want to do? 17:53.467 --> 17:54.989 [SPEAKER_00]: And we're all like we want to hack is a great. 17:55.029 --> 17:55.751 [SPEAKER_00]: I'll teach out a hack. 17:56.091 --> 17:56.872 [SPEAKER_00]: I'll give you the text book. 17:56.912 --> 17:58.094 [SPEAKER_00]: Go read the text book over the weekend. 17:58.294 --> 18:00.077 [SPEAKER_00]: You'll be able to pass the exam on Monday and we all did. 18:00.738 --> 18:04.364 [SPEAKER_00]: But we spent the entire week doing hands on hacking and stuff, right? 18:04.965 --> 18:06.187 [SPEAKER_00]: Generally, the C.E.H. 18:06.207 --> 18:08.750 [SPEAKER_00]: curriculum is not that it is more. 18:09.211 --> 18:10.113 [SPEAKER_00]: Oh, there's this tool. 18:10.333 --> 18:11.074 [SPEAKER_00]: It's called M map. 18:11.094 --> 18:11.815 [SPEAKER_00]: What do you use it for? 18:12.056 --> 18:12.576 [SPEAKER_00]: Use it for 14. 18:13.117 --> 18:13.718 [SPEAKER_00]: There's this tool. 18:13.778 --> 18:14.559 [SPEAKER_00]: It's called wire shark. 18:14.579 --> 18:15.180 [SPEAKER_00]: What do you use it for? 18:15.561 --> 18:16.943 [SPEAKER_00]: Use pack for packet captures. 18:16.923 --> 18:19.208 [SPEAKER_00]: But they didn't actually make you go in and do the stuff, right? 18:19.488 --> 18:22.354 [SPEAKER_00]: With the old CEH, where it was just ABCD questions. 18:22.374 --> 18:27.083 [SPEAKER_00]: And that's been my biggest problem with certification exams is that most of them are ABCD based. 18:27.344 --> 18:29.047 [SPEAKER_00]: They're mostly just multiple choice. 18:29.067 --> 18:30.290 [SPEAKER_00]: There's not a lot of theory to it. 18:30.611 --> 18:31.753 [SPEAKER_00]: Or it's mostly theory. 18:31.813 --> 18:34.358 [SPEAKER_00]: It's not a lot of practicality. 18:34.338 --> 18:39.151 [SPEAKER_00]: But the training that goes along with all these certifications is awesome, you know, security plus and a great example. 18:39.472 --> 18:45.870 [SPEAKER_00]: If you take your security plus at dontraining.com, we have 40 hours of hands-on labs where you're going to configure firewalls. 18:45.890 --> 18:47.034 [SPEAKER_00]: You're going to do packet captures. 18:47.054 --> 18:48.919 [SPEAKER_00]: You're going to do sock analysis work. 18:48.939 --> 18:49.360 [SPEAKER_00]: But if you 18:49.340 --> 18:50.843 [SPEAKER_00]: do any of that to actually pass the exam? 18:51.063 --> 18:53.408 [SPEAKER_00]: No, you just need memory to answer questions, right? 18:53.428 --> 18:54.069 [SPEAKER_00]: Based on facts. 18:54.630 --> 18:57.396 [SPEAKER_00]: And that's where the disconnect is with certifications and training right now. 18:58.017 --> 19:08.057 [SPEAKER_00]: And again, that's why I start atacly because we are making certifications that are hands on and practical, just like OSTP does for the hacking, we want to do that on the defensive side and the GRC side. 19:08.037 --> 19:15.337 [SPEAKER_00]: Um, but yeah, so to keep that in mind, it's not that certifications are bad or training is bad, but just realize that you can go through all the training you want. 19:15.598 --> 19:22.798 [SPEAKER_00]: But at the end of the day is an employer when I'm looking at your resume, there's nothing that validates you actually know how to do that thing except for certifications. 19:22.818 --> 19:23.059 [SPEAKER_00]: Um, and if 19:23.039 --> 19:25.745 [SPEAKER_00]: notifications are just testing knowledge, then they're still not validing. 19:25.805 --> 19:26.807 [SPEAKER_00]: You know how to do that thing. 19:27.147 --> 19:30.775 [SPEAKER_00]: And that's why we're starting to see this change in the certification market towards more practicality. 19:31.055 --> 19:40.575 [SPEAKER_00]: CompTI has started this back in like the 2012s when they added those two or three performance-based questions at the beginning of your exam, but the bulk of their exam is still multiple choice knowledge-based questions. 19:41.129 --> 19:42.471 [SPEAKER_03]: Now, I love to hear that. 19:42.531 --> 19:45.075 [SPEAKER_03]: Now, audience, make sure you listen into what he's saying. 19:45.735 --> 19:47.678 [SPEAKER_03]: But I have to segue into something. 19:48.139 --> 19:50.482 [SPEAKER_03]: So I understand you do security plus training. 19:50.502 --> 19:53.206 [SPEAKER_03]: I understand you're doing practical training for security plus. 19:53.827 --> 19:55.129 [SPEAKER_03]: How much training is enough? 19:55.830 --> 20:05.483 [SPEAKER_03]: And before you start applying, and then too, how much, because even for me, when I'm a studying for the security plus, how long you should be committing a time to get any certifications, which are thoughts on that? 20:06.239 --> 20:08.925 [SPEAKER_00]: Yeah, so it really does depend on your goal, right? 20:09.606 --> 20:13.154 [SPEAKER_00]: If your goal is to get certified, you can get certified very, very quickly. 20:13.956 --> 20:21.953 [SPEAKER_00]: There's a traditional boot camp methodology where you come in on Monday and by Friday, you've learned everything for 40 hours and you take an exam on Friday. 20:21.933 --> 20:31.372 [SPEAKER_00]: and you'll get certified but the problem with that is by Monday you've forgotten most of what you learned already because you can cram and pass an exam and get certified but can you actually do the job right? 20:32.073 --> 20:42.895 [SPEAKER_00]: Then I see people who will spend a year trying to get their security plus because they are seeing oh it mentions the end map tool well let me spend a week on end map and really dive deep into it I think that is a little too far the other way 20:42.875 --> 20:44.978 [SPEAKER_00]: I think that the happy median is somewhere in the middle. 20:45.419 --> 20:50.987 [SPEAKER_00]: Generally, for me, if you're looking at something like security plus, you should be thinking about 60 days is probably the right amount of time. 20:51.407 --> 20:55.333 [SPEAKER_00]: That's enough time for you to dedicate an hour or two a day of studying. 20:56.174 --> 21:01.101 [SPEAKER_00]: In my course in particular, it's about a 40-hour video course, plus the practice exam is plus the labs. 21:01.441 --> 21:12.477 [SPEAKER_00]: And so it's designed that if you are doing essentially one, one-and-a-half hours a day of studying, you'll get through it in two months and past the exam, and you'll actually have time to learn and understand the material. 21:12.457 --> 21:21.288 [SPEAKER_00]: You can also do the hour of video and then, you know, fire up a virtual machine and start configuring a firewall and doing some of that hands-on stuff, so you're getting that balance of the two. 21:22.750 --> 21:25.574 [SPEAKER_00]: It really, I think it's like everything in life, it's kind of fighting that happy median. 21:27.056 --> 21:40.253 [SPEAKER_00]: You know, if I'm trying to pass the certification very quickly because I have a job interview, you know, two weeks from now and they won't be have scary plus yeah you're just got to cram and get through it get the thing done so you can go and say yes, I'm scary plus certified but then take the time afterwards to go back and try to. 21:41.060 --> 21:46.669 [SPEAKER_00]: fill in the holes in your knowledge because you're going to have a lot of knowledge, but you're not going to have a lot of application as start doing the application. 21:47.931 --> 21:54.361 [SPEAKER_00]: On the other hand, if you're just doing application fully and it takes you a year to get certified by time you get to take the test, you're going to forget everything you learned at the beginning. 21:54.702 --> 21:56.925 [SPEAKER_00]: So, you know, that's too long. 21:56.905 --> 22:01.914 [SPEAKER_00]: I find two or three months for a certification is a pretty reasonable time depending on the certification you're doing. 22:02.235 --> 22:06.002 [SPEAKER_00]: Some are shorter, some can be done in a couple of weeks, like idle for a foundation. 22:06.102 --> 22:09.127 [SPEAKER_00]: I don't, you know, is a two-day incourse training. 22:09.408 --> 22:11.031 [SPEAKER_00]: Most people do it on their own in about a week. 22:11.592 --> 22:15.960 [SPEAKER_00]: But scary plus a little bit longer, so I would say probably about a month to two months is kind of on the short side. 22:16.240 --> 22:20.989 [SPEAKER_00]: Two to three is kind of the sweet spot, and then we circle in six months or beyond, you're going too far. 22:21.560 --> 22:23.082 [SPEAKER_03]: Yeah, and I would agree with you 100%. 22:23.363 --> 22:25.546 [SPEAKER_03]: What happened was I failed to secure you plus twice. 22:26.247 --> 22:29.491 [SPEAKER_03]: And I waited, I think the first time I took it, I waited like a year. 22:30.032 --> 22:34.498 [SPEAKER_03]: And then the last time I took it, I waited like 30 days, but I still was able to retain most of the information. 22:34.519 --> 22:37.543 [SPEAKER_03]: So then when I went to go redo it, I had at least some of it in my head. 22:37.903 --> 22:41.188 [SPEAKER_03]: Instead of taking that time to retrain myself on everything for taking it. 22:41.607 --> 22:48.839 [SPEAKER_00]: Yeah, and for those who are listening, if you fail one of the certification exams, most of them have what's called a cooling off period, so security plus or compete in specific. 22:48.939 --> 22:51.604 [SPEAKER_00]: If you fail today, you can go back tomorrow and take the exam. 22:52.185 --> 22:54.929 [SPEAKER_00]: But if you fail tomorrow, you've got to wait two weeks before you can take it again. 22:55.089 --> 22:57.233 [SPEAKER_00]: And then if you fill it again, you've got a way to think 30 days. 22:57.554 --> 23:00.118 [SPEAKER_00]: So there's like they want you because there's only so many test questions. 23:00.138 --> 23:02.923 [SPEAKER_00]: They don't want you just taking it and taking it and taking it until you just pass. 23:03.243 --> 23:05.607 [SPEAKER_00]: So they kind of space it out so you have time to forget things. 23:06.599 --> 23:07.621 [SPEAKER_03]: Yeah, I got you. 23:07.641 --> 23:08.963 [SPEAKER_03]: So make sure you I didn't even know that. 23:08.983 --> 23:09.945 [SPEAKER_03]: So thank you Jason for that. 23:10.005 --> 23:10.906 [SPEAKER_03]: That's that's a good one. 23:10.926 --> 23:26.413 [SPEAKER_03]: I didn't want you to save me some money, but Jason, so okay, so this is the thing I wanted to bring up to you since I got you on 23:26.714 --> 23:53.447 [SPEAKER_00]: Who would you rather hire somebody that has experience or somebody has serves because I think people get jobs without having serves and I notice different use cases, but I know you've been hiring a lot of people in your past and currently so who would you hire as a well you know who would I prefer to hire experience 100% who actually get tired generally it's people with certs and experience right so this isn't really an either or question and the reason why is if you think about it if you've applied for a job in the last five years. 23:53.427 --> 23:54.748 [SPEAKER_00]: How do you apply for a job these days? 23:55.209 --> 23:57.271 [SPEAKER_00]: You go on LinkedIn, Monster, Dice, whatever. 23:57.632 --> 24:02.277 [SPEAKER_00]: You fill in the little application and offer your resume goes into the void, right? 24:02.777 --> 24:05.080 [SPEAKER_00]: And at these companies, it scans your resume. 24:05.100 --> 24:11.847 [SPEAKER_00]: And based on your resume, it's going to decide, do you check enough boxes for them to want to spend the time of interviewing you? 24:12.287 --> 24:19.435 [SPEAKER_00]: I could tell you as an employer, the last job that I had, and I have a pretty small company of 30 to 40 people, we had over 1,000 applicants. 24:19.415 --> 24:30.377 [SPEAKER_00]: I don't have time to read a thousand applications, because if I spent a minute on every resume that came in, that would be 1,000 minutes, which would be, you know, just hours and hours of work, it's like 15, 20 hours. 24:30.397 --> 24:35.207 [SPEAKER_00]: It's like half my work week, just reading applications before I even do an interview before I even see if I want that person. 24:35.608 --> 24:37.592 [SPEAKER_00]: So we have to use things like, you 24:37.572 --> 24:40.335 [SPEAKER_00]: ATS, which is the applicant tracking system to narrow things down. 24:40.755 --> 24:47.663 [SPEAKER_00]: And applicant tracking systems are looking for keywords and key phrases, including things like security plus, pen test plus, CISSP, whatever. 24:48.084 --> 24:57.654 [SPEAKER_00]: So what often happens is, if you're going in what we call the front door, right, you're applying through the website, if you don't have those, you're just going to get filtered out and no humans ever going to see your application. 24:57.714 --> 25:02.179 [SPEAKER_00]: So while I'm not hiring because you have the cert, I'm never going to see you if you don't have the cert. 25:02.159 --> 25:02.540 [SPEAKER_00]: Right. 25:03.121 --> 25:20.792 [SPEAKER_00]: On the other hand, to your point, you see people who are getting hired in, who have experience without the certs, my guess, and tell me if I'm right or wrong here, I know you're in the government space, you're probably seeing guys who just retired off active duty military, so they have 10 years, 20 years of experience, they're already working in your facility in uniform, 25:20.772 --> 25:22.494 [SPEAKER_00]: And now they're going to come back as a contractor. 25:22.554 --> 25:25.557 [SPEAKER_00]: So the contractor who knows, oh, Jason was an avi officer. 25:25.837 --> 25:26.898 [SPEAKER_00]: He's been doing this for 20 years. 25:27.118 --> 25:27.979 [SPEAKER_00]: He knows what he's doing. 25:28.340 --> 25:31.643 [SPEAKER_00]: And then usually they'll hire you and say, by the way, you have to meet the security plus requirement. 25:31.663 --> 25:33.224 [SPEAKER_00]: If you don't have it, go get it next week. 25:33.245 --> 25:34.185 [SPEAKER_00]: And you'll be hired, right? 25:34.546 --> 25:36.147 [SPEAKER_00]: So it's kind of a, it's kind of a cyborg. 25:36.308 --> 25:36.688 [SPEAKER_00]: Am I right? 25:36.828 --> 25:38.169 [SPEAKER_03]: Is that what you're saying? 25:38.490 --> 25:40.732 [SPEAKER_03]: I've seen it a lot of executives too. 25:41.112 --> 25:45.697 [SPEAKER_03]: I think the DOD CIO, the previous one, I forgot a name, but she just became a contractor. 25:45.717 --> 25:47.419 [SPEAKER_03]: So is this everybody become a contractor? 25:47.439 --> 25:48.720 [SPEAKER_03]: Does that's a kind of how that works? 25:48.700 --> 25:58.943 [SPEAKER_00]: Yeah, it's this revolving door, and I did military for a long time, and I saw this all the time, people do their 20 years, they retire, they do their four years, they get out, and they immediately come right back in, right? 25:59.324 --> 26:01.929 [SPEAKER_00]: And those are bypassing the hiring system. 26:02.110 --> 26:05.798 [SPEAKER_00]: They're not coming in the front door through the applicant tracking system. 26:05.778 --> 26:08.562 [SPEAKER_00]: Generally, it's, oh, I've been working with Chris for the last five years. 26:09.002 --> 26:10.164 [SPEAKER_00]: Now I'm getting out of the military. 26:10.484 --> 26:14.410 [SPEAKER_00]: Chris is going to be like, hey, Jason, come over to my contracting company and I'll put in your resume. 26:14.570 --> 26:19.337 [SPEAKER_00]: But by you doing that, you've now bypassed the applicant tracking system and went right to a hiring measure. 26:19.697 --> 26:23.082 [SPEAKER_00]: And for those who are looking, if you have friends who can do that for you, please do it. 26:23.182 --> 26:24.003 [SPEAKER_00]: It will help you out. 26:24.363 --> 26:29.651 [SPEAKER_00]: The problem is, if you're brand new and you're like, hey, I just started, you know, I'm working at McDonald's and I want to get into cyber. 26:30.031 --> 26:33.316 [SPEAKER_00]: You're probably not going to have people in your community who can help for you and like that. 26:33.336 --> 26:34.958 [SPEAKER_00]: So that's why I say like, 26:34.938 --> 26:37.321 [SPEAKER_00]: Well, I don't think search are the end all be all. 26:37.741 --> 26:40.345 [SPEAKER_00]: They are the thing that hiring managers use when they're filtering. 26:40.865 --> 26:43.208 [SPEAKER_00]: And so if you don't have it, you're going to get filtered out, right? 26:43.789 --> 26:45.711 [SPEAKER_00]: I'll tell you one more story on this. 26:45.791 --> 26:47.614 [SPEAKER_00]: I was hiring for a government position back in the day. 26:47.674 --> 27:00.189 [SPEAKER_00]: This was 15 years ago and it was for a level two IAM, which is Information Insurance Manager, which meant under the DOD requirements that person had to have a CISSP or could earn their CISSP within six months of being hired. 27:00.550 --> 27:02.312 [SPEAKER_00]: And this was for an overseas position. 27:02.292 --> 27:08.520 [SPEAKER_00]: So we were gonna have to hire somebody, move them in their family overseas at a cost of, you know, $100,000 to the US government. 27:08.821 --> 27:12.706 [SPEAKER_00]: And if they didn't get their CIS-SP within six months, we'd have to fire them and send them back home. 27:13.166 --> 27:14.929 [SPEAKER_00]: The last two people we had hired, that's what happened. 27:14.949 --> 27:17.492 [SPEAKER_00]: They couldn't get their CIS-SP and they got fired and had to go back home. 27:17.853 --> 27:22.819 [SPEAKER_00]: So we are now been out of luck for these people, so we said, okay, this time we're hiring somebody who has a CIS-SP. 27:22.879 --> 27:24.942 [SPEAKER_00]: I'm not even going to consider anybody who doesn't have it. 27:24.922 --> 27:26.264 [SPEAKER_00]: Did that make them a better employee? 27:26.464 --> 27:28.507 [SPEAKER_00]: No, but it meant that they met the requirements. 27:28.527 --> 27:29.408 [SPEAKER_00]: So that's what we're looking for. 27:29.688 --> 27:31.310 [SPEAKER_00]: So I told HR, here's the position. 27:31.611 --> 27:32.572 [SPEAKER_00]: It's a GS14. 27:32.732 --> 27:35.095 [SPEAKER_00]: I need to have government level 14. 27:35.676 --> 27:37.278 [SPEAKER_00]: I need to have a CSSP. 27:37.298 --> 27:38.580 [SPEAKER_00]: Well, HR doesn't know what that means. 27:38.840 --> 27:44.888 [SPEAKER_00]: So when I got out of the thousand applicants, 82 resumes ended up on my desk, and they all of the word CISSP on them. 27:44.988 --> 27:48.533 [SPEAKER_00]: We normally were actually certified CISSP. 27:48.513 --> 27:49.634 [SPEAKER_00]: three out of into. 27:49.974 --> 27:53.698 [SPEAKER_00]: The other one said a tentative boot camp planning to get my CISSP next week. 27:53.718 --> 27:57.202 [SPEAKER_00]: They were trying to play the game of getting through filters because this was before AI. 27:57.522 --> 28:00.225 [SPEAKER_00]: And so they literally started to control F, CISSP. 28:00.345 --> 28:02.827 [SPEAKER_00]: Up, there's this more CISSP, give Jason the resume. 28:03.548 --> 28:04.930 [SPEAKER_00]: So who got the interviews? 28:05.330 --> 28:06.211 [SPEAKER_00]: The three that were certified. 28:06.271 --> 28:10.255 [SPEAKER_00]: I threw out our emails and I looked at those three people and one of those three guys got the job, right? 28:10.335 --> 28:10.976 [SPEAKER_00]: Or geyser gals. 28:11.476 --> 28:13.238 [SPEAKER_00]: And so, you know, 28:13.218 --> 28:14.720 [SPEAKER_00]: did CSSP get them the job? 28:14.901 --> 28:16.102 [SPEAKER_00]: No, but it got them the interview. 28:16.563 --> 28:19.207 [SPEAKER_00]: And those were the only pretty that I actually really deeply considered because of that. 28:19.748 --> 28:23.774 [SPEAKER_00]: Now because of government hiring rules, I had to review everybody's resume and forgot why I hired who I did. 28:24.695 --> 28:31.345 [SPEAKER_00]: But at the end of the day, I really was only interested in people who had CSSP because I've been born twice before because this requirement had to send them home. 28:31.325 --> 28:38.158 [SPEAKER_00]: So, yeah, a certain can, well, get you a job or at least get you an interview, but I look at sorts as top of the funnel, right? 28:38.559 --> 28:42.707 [SPEAKER_00]: It's, you got your resume and you got your, your, your, your, start now you're in the hiring consideration. 28:42.727 --> 28:47.376 [SPEAKER_00]: Now, you make an interview and then if you get an interview, now you've got a pretty good chance to be hired. 28:47.356 --> 28:55.144 [SPEAKER_00]: Generally, what I've seen is that people will go from 1,000 resumes to, you know, 10 that they look at with some actual consideration. 28:55.465 --> 28:57.948 [SPEAKER_00]: They'll do five interviews and they'll pick one person out of that. 28:58.108 --> 29:02.573 [SPEAKER_00]: So if you get to the interview stage, you got like a 1 in 5 chance of getting hired at that point, right? 29:02.593 --> 29:03.494 [SPEAKER_00]: That's the way I look at it. 29:03.514 --> 29:07.618 [SPEAKER_00]: But I know some people put in 100 resumes to get 1 interview. 29:07.738 --> 29:10.101 [SPEAKER_00]: It's just, it's because it's so easy to apply now. 29:10.421 --> 29:12.543 [SPEAKER_00]: We as Harry majors are getting flooded with resumes. 29:13.084 --> 29:15.827 [SPEAKER_00]: And so we have to use tools to narrow through. 29:15.807 --> 29:17.210 [SPEAKER_00]: Sorry, I went out along with Wendy. 29:17.270 --> 29:17.590 [SPEAKER_00]: No, no. 29:18.131 --> 29:23.982 [SPEAKER_03]: Chris, it helped me because, even me, I'm working on CSFP and again, I do the resume thing. 29:24.042 --> 29:32.517 [SPEAKER_03]: I say, oh, in progress, but if I just had the CSSP, it can go quicker because I'm in the door and then I like how you touched on networking. 29:32.497 --> 29:37.806 [SPEAKER_03]: sometimes you got a network is about who you know a lot like you say a lot of good government people know some of mine and just get the job. 29:37.826 --> 29:38.708 [SPEAKER_03]: This is how it works. 29:39.369 --> 29:52.833 [SPEAKER_00]: So I was in the military around the military for a long time and I will tell you that 95% at least of the people I know who got in the military, the way they got their job was not because they applied at LockheedMartin.com. 29:53.214 --> 29:57.441 [SPEAKER_00]: It's because they were knowing people over their 20-year career and they go, oh, 29:57.421 --> 29:58.563 [SPEAKER_00]: John just got in the military. 29:58.603 --> 29:59.765 [SPEAKER_00]: Hey, John, I got a position. 29:59.785 --> 30:00.527 [SPEAKER_00]: Do you want to work for me? 30:00.928 --> 30:05.857 [SPEAKER_00]: In fact, my CTO and accolade, it's somebody I worked with when I was in and around the military. 30:05.877 --> 30:08.001 [SPEAKER_00]: He was a military officer and I liked him. 30:08.081 --> 30:08.622 [SPEAKER_00]: I trusted him. 30:08.642 --> 30:09.063 [SPEAKER_00]: I knew him. 30:09.103 --> 30:09.865 [SPEAKER_00]: I knew his capability. 30:10.165 --> 30:13.251 [SPEAKER_00]: So when I went to higher at CTO, I didn't even put out an app open application. 30:13.291 --> 30:15.395 [SPEAKER_00]: I went and said, are you looking for a job David? 30:15.435 --> 30:17.118 [SPEAKER_00]: It goes, actually, I'm getting out of the Navy in six months. 30:17.138 --> 30:18.501 [SPEAKER_00]: Like, great, you're coming to work for me. 30:18.481 --> 30:24.392 [SPEAKER_00]: And of course, we had to negotiate and make sure he was happy with that, but that's kind of the way a lot of these happen. 30:24.732 --> 30:33.668 [SPEAKER_00]: Especially when you get to those higher executive levels, very rarely are you going to get an executive level because you put an application on front door or monster or dice. 30:34.069 --> 30:40.080 [SPEAKER_00]: Usually, it's going to be because somebody knows you and they pull you into that and say, we want you to apply Chris, we know you were seeing you over the last 10 years. 30:41.402 --> 30:41.502 [UNKNOWN]: Okay. 30:42.022 --> 31:01.684 [SPEAKER_03]: Yeah, so I want to get more into that that was I mean, I wish I could stay there, but I got to transition just a little bit I actually some questions in the future just a senior email know you busy do but I didn't want to touch on something use in the military you've been a professor you had to change your career multiple multiple times and changing your 31:01.664 --> 31:03.547 [SPEAKER_03]: your mindset into tech in general. 31:04.188 --> 31:08.176 [SPEAKER_03]: And this is to help other people, how did you change your mindset to get into cybersecurity? 31:08.196 --> 31:10.420 [SPEAKER_03]: Because like you said, so many people don't want to get to search. 31:10.440 --> 31:11.882 [SPEAKER_03]: Some people don't want to get the bare minimum. 31:12.243 --> 31:18.895 [SPEAKER_03]: How did you change your mindset to succeed as whether you're in business, in cyber security, in tech, and just even having a career? 31:18.935 --> 31:20.297 [SPEAKER_03]: Rick, get down to me. 31:20.277 --> 31:47.112 [SPEAKER_00]: Yeah, I think it's interesting because so often when I talk with young high school and college students they're thinking that their career is going to be a straight line like I'm going to be this and it's I'm just going to go straight up to get there and generally doesn't actually look like that you know most of our careers they take these weird angles and detours and to get if you told me how do I get to be Jason Dion today I don't know how I would advise anybody of that right because it's all the series of turns and twists over my career that got me there. 31:47.092 --> 32:01.101 [SPEAKER_00]: You know, I started out in 1996 working professionally in IT, what we then called just, you know, IT information technology, nowadays we call it, you know, technology in general, but, you know, I worked at a computer repair store. 32:01.862 --> 32:08.155 [SPEAKER_00]: It was an after school job, I was installing, you know, motherboards and ram and troubleshooting computers and all that kind of stuff. 32:08.135 --> 32:15.373 [SPEAKER_00]: You know, honestly, I've always been kind of entrepreneur and entrepreneurial, and I wasn't making that much money working at the store. 32:15.393 --> 32:25.519 [SPEAKER_00]: I'm like, man, they're charging these customer 50 bucks an hour, but I'm getting five bucks an hour. 32:25.499 --> 32:38.710 [SPEAKER_00]: And I offer my services and I start having law offices and realtors and small businesses in the area calling me and basically I would come to their office and I would fix their computers and set up their networks and do their pen tests and all that kind of stuff. 32:38.730 --> 32:41.517 [SPEAKER_00]: So I kind of created my own job early on. 32:41.497 --> 32:46.141 [SPEAKER_00]: After 9-11, I actually sold my company and I joined the military. 32:46.641 --> 32:49.103 [SPEAKER_00]: When I joined the military, I got out of computers. 32:49.223 --> 32:52.226 [SPEAKER_00]: And I went into the nuclear engineering role. 32:52.366 --> 32:53.527 [SPEAKER_00]: So I was in the U.S. Navy. 32:54.428 --> 32:57.310 [SPEAKER_00]: I was a nuclear reactor operator for the U.S. Navy for four years. 32:58.031 --> 33:01.554 [SPEAKER_00]: When I did that, I got my, I was working as a nuclear reactor operator. 33:01.734 --> 33:03.696 [SPEAKER_00]: And on my nights and weekends, I got my college degree. 33:04.036 --> 33:05.937 [SPEAKER_00]: Once I got my college degree, I applied me human officer. 33:06.298 --> 33:07.919 [SPEAKER_00]: When I became an officer, they put me in flight school. 33:08.199 --> 33:09.881 [SPEAKER_00]: And I was a naval flight officer. 33:09.901 --> 33:11.402 [SPEAKER_00]: So I was the back seat of airplanes. 33:11.382 --> 33:12.663 [SPEAKER_00]: realize I really didn't like that. 33:12.843 --> 33:13.984 [SPEAKER_00]: So I quit that job. 33:14.024 --> 33:16.126 [SPEAKER_00]: I said, hey, transfer me, I don't want to do this anymore. 33:16.527 --> 33:24.414 [SPEAKER_00]: And that's when they transfer me to go, well, look at your resume before you're in the Navy, you were a computer programmer and you were a network designer and you were to this, you should go be a computer guide for us. 33:24.955 --> 33:34.764 [SPEAKER_00]: So they basically took me and made me what's called an information professional, which is the career field in the Navy that does satellites, computers, networks, communication, cryptography, all that stuff. 33:35.164 --> 33:38.267 [SPEAKER_00]: And I did that for, you know, 15 years 33:38.247 --> 33:45.057 [SPEAKER_00]: And that's kind of where I got to this where I've done all this different stuff because in the military every two to three years you're in a new position. 33:45.538 --> 33:46.800 [SPEAKER_00]: So I was doing pen test. 33:46.860 --> 33:47.862 [SPEAKER_00]: I was doing GRC. 33:47.942 --> 33:48.923 [SPEAKER_00]: I was doing identity. 33:48.943 --> 33:49.905 [SPEAKER_00]: I was doing cryptography. 33:50.546 --> 33:52.108 [SPEAKER_00]: I was writing small networks and large networks. 33:52.148 --> 33:56.475 [SPEAKER_00]: The largest network I ran had a million endpoints across six continents. 33:56.455 --> 33:58.601 [SPEAKER_00]: The like content we didn't support was Antarctica, right? 33:58.982 --> 34:01.268 [SPEAKER_00]: So I mean, like we had huge networks all over the place. 34:02.311 --> 34:04.818 [SPEAKER_00]: I did, I was in charge of the whole Middle East network for a while for the Navy. 34:04.838 --> 34:07.465 [SPEAKER_00]: I was in charge of all of Europe for a while, and I was in charge globally. 34:07.485 --> 34:12.017 [SPEAKER_00]: So I did all these different things throughout my career because of the position I was in. 34:11.997 --> 34:20.675 [SPEAKER_00]: And then, you know, I wanted to become a college professor, um, and so I got a side job essentially as an adjunct professor at my local college. 34:20.996 --> 34:22.819 [SPEAKER_00]: And that's where I got into teaching this stuff. 34:23.280 --> 34:24.743 [SPEAKER_00]: Uh, that was about 10, 15 years ago. 34:25.305 --> 34:28.371 [SPEAKER_00]: Um, and then when I got out of the military, I kind of went full time into doing that. 34:28.451 --> 34:30.816 [SPEAKER_00]: So it's been this kind of weird. 34:30.796 --> 34:35.601 [SPEAKER_00]: back and forth place that that's pulled me all over the place, but because of it, I've gotten a lot of experience across a lot of areas. 34:36.201 --> 34:39.645 [SPEAKER_00]: Like you, I was a project manager, I worked on a $30 million network installation project. 34:40.446 --> 34:45.250 [SPEAKER_00]: You know, I was a cryptography person, I did key management. 34:45.871 --> 34:51.516 [SPEAKER_00]: I've done kind of a little bit of everything, like when you look at your screen plus, like I've touched all those things because of the different jobs I had in the military. 34:51.957 --> 35:00.145 [SPEAKER_00]: If I was just a normal, went and worked for IBM or Facebook, I think I would have had a more linear career, 35:01.019 --> 35:09.020 [SPEAKER_03]: I got you and you had to basically adapt everything and I did I thought I did my research I didn't know that she was in the flight school. 35:09.040 --> 35:12.148 [SPEAKER_03]: I didn't know all this so it's good that you You know, I've studied you. 35:12.188 --> 35:13.812 [SPEAKER_03]: I didn't even know that you did all this. 35:13.852 --> 35:16.800 [SPEAKER_03]: I appreciate you sharing that new information on the podcast Thank you 35:16.983 --> 35:22.932 [SPEAKER_00]: Yeah, a lot of that over the years I haven't shared because when you're in the military you're not allowed to use your position for personal gain. 35:23.313 --> 35:26.818 [SPEAKER_00]: So when I was in the military, when I started D on training, I was still in the military. 35:27.139 --> 35:30.965 [SPEAKER_00]: So I would say like my organization, I couldn't say, you know, the US Navy. 35:31.185 --> 35:36.493 [SPEAKER_00]: I couldn't say I'm an officer in the Navy doing this, this, this, but once I got out of the Navy and I'm retired, now I'm allowed to say that. 35:36.473 --> 35:54.560 [SPEAKER_03]: I know you train millions of students, literally, there's a lot of people I've been working with or talking to lately that are a little older, maybe like 40, 50, I don't think 40's old, but like 45 and up, probably 50 and up. 35:54.580 --> 35:57.725 [SPEAKER_03]: No, no, no, no, no. 35:57.765 --> 36:05.637 [SPEAKER_03]: But a little older, but I know you work with so many people, how would you coach somebody that's trying to adapt that mindset that 36:06.224 --> 36:10.129 [SPEAKER_00]: Yeah, so it's never too late, but I will say it is harder. 36:10.590 --> 36:18.179 [SPEAKER_00]: Once you start looking like me and you're losing the hair up top, you know, in America, we have laws against age discrimination. 36:18.660 --> 36:21.724 [SPEAKER_00]: That being said, good luck proving they're discriminating you based on age. 36:22.024 --> 36:26.931 [SPEAKER_00]: Most hiring managers are smart enough to not say, Chris, I'm not hiring you because you're 43 years old or powerful. 36:26.991 --> 36:31.877 [SPEAKER_00]: You are, but they'll find another reason why they're not going to hire you and why they're going to hire that 25 year old. 36:31.857 --> 36:32.177 [SPEAKER_00]: right? 36:33.479 --> 36:35.883 [SPEAKER_00]: And this honestly is just a mindset thing in employers. 36:36.243 --> 36:39.367 [SPEAKER_00]: They're afraid of older people for a couple of reasons, right? 36:40.108 --> 36:46.397 [SPEAKER_00]: The biggest one is they think you're only going to be there for a couple of years then you're going to leave because you're going to retire too, especially if you're in your sixties. 36:46.477 --> 36:48.099 [SPEAKER_00]: They get really afraid of that point. 36:48.900 --> 36:54.288 [SPEAKER_00]: That being said, I do have students who are older, like you could still do this, you could still break in, but it is going to be harder. 36:54.829 --> 37:01.037 [SPEAKER_00]: Generally, I see my older students once you hit 50 or above, it takes them 4 to 5 times as long 37:01.017 --> 37:02.859 [SPEAKER_00]: as somebody who's in their 20s or 30s, right? 37:03.180 --> 37:07.184 [SPEAKER_00]: Because like I said, there is age discrimination that happens, we just don't call it that, right? 37:07.244 --> 37:08.266 [SPEAKER_00]: But it really is. 37:08.906 --> 37:17.317 [SPEAKER_00]: Another thing is sometimes people look at to me who's older than I go, oh well you're old, you don't understand technology, but this young person, they just natively understand technology because they're young, right? 37:17.337 --> 37:18.198 [SPEAKER_00]: Because they grew up with it. 37:18.858 --> 37:23.464 [SPEAKER_00]: I would think that's kind of BS to be quite honest because my kids are 19 and 21. 37:23.444 --> 37:30.721 [SPEAKER_00]: and while they grow up with technology, they don't know how the technology works anymore, because they don't have to, because when they grow up with technology was easy. 37:31.022 --> 37:39.040 [SPEAKER_00]: When we grow up with technology, and I think you're a little younger than me, but when I grow up with technology, if you want to play a video game, you had to learn how to, you know, basically code in, in, in, um, 37:39.020 --> 37:43.549 [SPEAKER_00]: in visual basic, or you had to be able to use DOS at the command line to even start your game. 37:43.850 --> 37:45.313 [SPEAKER_00]: There was no point in quick Windows, right? 37:45.393 --> 37:49.040 [SPEAKER_00]: Back in the amount of little, you know, I was, you know, five, six, seven, eight years old, right? 37:49.421 --> 37:53.309 [SPEAKER_00]: So like I learned on like old school stuff, and so I kind of learned that. 37:53.329 --> 37:54.852 [SPEAKER_00]: And older folks have done that. 37:55.068 --> 37:56.811 [SPEAKER_00]: So I will say it's a little bit harder. 37:57.392 --> 37:59.536 [SPEAKER_00]: That being said, where are some things you can do to combat that? 38:00.798 --> 38:03.723 [SPEAKER_00]: When you're writing your resume, do not go back more than 10 years. 38:04.184 --> 38:05.786 [SPEAKER_00]: I don't care that you had a 50-year career already. 38:05.947 --> 38:06.768 [SPEAKER_00]: Please don't do that. 38:06.828 --> 38:07.910 [SPEAKER_00]: You're going to age yourself. 38:08.711 --> 38:14.882 [SPEAKER_00]: If you went to college and your degree was from 1989 or 1999 or 2005, 38:14.862 --> 38:16.565 [SPEAKER_00]: Just right got my degree. 38:16.745 --> 38:26.341 [SPEAKER_00]: Don't put the date because as soon as I see like for me I graduated in 2005 you could start doing the math and go well Most people graduate around 22 years old Be graduating 2005. 38:26.762 --> 38:27.303 [SPEAKER_00]: It's now 2026. 38:27.323 --> 38:31.129 [SPEAKER_00]: That's 21 years So that means he's around 42 years old, right? 38:31.149 --> 38:32.652 [SPEAKER_00]: You can kind of do that math in your head 38:32.632 --> 38:35.499 [SPEAKER_00]: I graduated a little bit later than most people, but you can kind of get a gel idea. 38:35.679 --> 38:36.702 [SPEAKER_00]: He's in a sports, right? 38:36.962 --> 38:42.456 [SPEAKER_00]: But if you say that they graduated in 2020 or 2021, you're like, oh, they're in their choice. 38:42.797 --> 38:44.200 [SPEAKER_00]: You just kind of make that assumption. 38:44.220 --> 38:48.370 [SPEAKER_00]: So that's one of the things I recommend is leave the dates off if they're old, right? 38:49.132 --> 38:50.455 [SPEAKER_00]: When you're going back in history. 38:50.924 --> 38:57.836 [SPEAKER_00]: You know, you need a show that you have some work history because people don't want to hire somebody who has no work history, but you also don't want to go back 20 years either, right? 38:58.296 --> 39:12.861 [SPEAKER_00]: And the only exception I would say that is let's say you did 20 years ago in the cyber or IT realm, and then you went to a different career path and you've been a project manager or retail services or whatever, and now you're trying to get back into it, then maybe you want to bring that in because it shows you have some experience. 39:13.221 --> 39:16.006 [SPEAKER_00]: But again, is 20 year old experience really going to be that helpful today? 39:16.367 --> 39:17.168 [SPEAKER_00]: Probably not. 39:17.148 --> 39:20.534 [SPEAKER_00]: So just think back to your last two or three jobs, bring that up the last five to 10 years. 39:20.815 --> 39:27.026 [SPEAKER_00]: That'll help coach or prevent them from immediately eliminating you just based on your resume saying that you're old. 39:27.407 --> 39:33.919 [SPEAKER_00]: Now, when you get in the office and you do the interview, and I see you look like me, I know, you're suffering your 40s or 50s, right? 39:34.140 --> 39:34.340 [SPEAKER_00]: Thank you. 39:34.360 --> 39:35.282 [SPEAKER_00]: There's no hiding this. 39:35.342 --> 39:36.945 [SPEAKER_00]: You can see how old I am. 39:36.925 --> 39:46.056 [SPEAKER_00]: But at least I got in the interview and now I have a chance to get that job because I can impress them with, yeah, I'm a little older, but here's all the things I bring to you. 39:46.196 --> 39:47.137 [SPEAKER_00]: I've got life experience. 39:47.257 --> 39:48.619 [SPEAKER_00]: I know how to come to work on time. 39:48.939 --> 39:51.122 [SPEAKER_00]: I know how to dress appropriately for an interview, right? 39:51.382 --> 40:03.056 [SPEAKER_00]: Like all the things that older folks tend to do that younger folks don't and I know I'm telling like, old version, but I interview a lot of people and I've seen young folks who come in and teach certain genes and I'm like, that's not really the culture here, right? 40:03.296 --> 40:04.958 [SPEAKER_00]: That's something because that's cool. 40:05.090 --> 40:08.175 [SPEAKER_00]: But if you're going into a bank, it to go work for the IT security team. 40:08.475 --> 40:10.038 [SPEAKER_00]: You should probably have a certain tie on, right? 40:10.378 --> 40:11.500 [SPEAKER_00]: Because you're going to have a better look. 40:11.520 --> 40:14.885 [SPEAKER_00]: And older folks just kind of know that naturally because that's how we grew up with things. 40:15.686 --> 40:18.030 [SPEAKER_00]: So it's things like that that can kind of give you away. 40:18.130 --> 40:23.919 [SPEAKER_00]: But it's not that you're hiding your age, but you don't want to be up front with as much of a pay. 40:23.939 --> 40:27.705 [SPEAKER_00]: I'm 60 years old because people are just not going to be a chance. 40:27.685 --> 40:31.369 [SPEAKER_00]: The other thing I've seen that works really well for older folks is they go and set up their own thing, right? 40:31.630 --> 40:43.804 [SPEAKER_00]: They start doing their own consulting, they do their own businesses, if you're going into a consulting role, being a little older, having the gray hair or the bald head, that actually is a help, because people look at you like you actually know what you're talking about. 40:44.545 --> 40:54.216 [SPEAKER_00]: Now you've been able to back that up with knowledge and theory and practical, but they will kind of defer, if there's a young person, an old person in the room, they kind of defer to the old person thinking they know what they're doing, just because you are old. 40:54.797 --> 40:57.540 [SPEAKER_00]: Once you get that job, but it's still, yeah, break it and get that job. 40:58.516 --> 41:25.806 [SPEAKER_03]: Yeah, Jason, I'm like, definitely click this clip up because it's a lot of older folks that I talk to and I think this is probably the best answer I've heard I'm going to actually cover people, but yeah, this is a great answer I'm definitely going to clip this one so that that older folks can get get some knowledge on this too because I sometimes I don't know what to do because it's like I cannot can the person still do it, but I believe they can do it, but does the employer think they can do it, but that's a good way to help them get opportunity. 41:25.786 --> 41:30.754 [SPEAKER_00]: And it really comes down to caging it in, I'm older, which means I have experience, right? 41:31.515 --> 41:35.401 [SPEAKER_00]: And your experience may not be directly related to what you're doing now, like you came from Project Management. 41:35.721 --> 41:37.584 [SPEAKER_00]: Well, that's a lot of experience that can be really helpful. 41:37.704 --> 41:41.090 [SPEAKER_00]: And maybe what you do, I like to call this the Texas Two staff, right? 41:41.550 --> 41:44.475 [SPEAKER_00]: I was at a higher Chris, I've seen just got his security plus. 41:44.936 --> 41:47.119 [SPEAKER_00]: I may not hire him for a cyber engineering role. 41:47.099 --> 41:53.590 [SPEAKER_00]: Right, because he doesn't have the experience for that yet, but he does have a security plus now, and he does have, let's say, five years of experience being a project manager. 41:54.031 --> 41:54.892 [SPEAKER_00]: He knows how to communicate. 41:54.932 --> 41:55.914 [SPEAKER_00]: He knows how to do teams. 41:55.974 --> 41:57.116 [SPEAKER_00]: He knows how to do his game charts. 41:57.136 --> 41:58.318 [SPEAKER_00]: He knows how to do his budgeting. 41:58.338 --> 42:00.001 [SPEAKER_00]: He knows how to keep people on schedule and performance. 42:00.322 --> 42:03.848 [SPEAKER_00]: Well, if I'm going to be going and doing a big pen test, that's a project, right? 42:04.128 --> 42:08.095 [SPEAKER_00]: So he may become a lead for that team to help do the management of it, or 42:08.075 --> 42:10.259 [SPEAKER_00]: If we're doing a consulting engagement, that's a project. 42:10.279 --> 42:11.942 [SPEAKER_00]: If we're doing a network install, that's a project. 42:12.043 --> 42:20.318 [SPEAKER_00]: So maybe you go into IT project management first for a year or two, get more that IT stink on you, and then you move into the more technical world that you want to get into. 42:20.398 --> 42:22.542 [SPEAKER_00]: And I've seen a lot of people do that successfully when they're older. 42:23.164 --> 42:24.987 [SPEAKER_00]: I had somebody who had a marketing background. 42:25.523 --> 42:26.886 [SPEAKER_00]: She wanted to be a pen tester. 42:26.906 --> 42:34.522 [SPEAKER_00]: She ended up getting hired by a pen test company to do all of their fishing training for all of their customers because she knew at a market and communicate. 42:34.783 --> 42:35.785 [SPEAKER_00]: So they brought her into a net. 42:35.885 --> 42:36.667 [SPEAKER_00]: She did that for a year. 42:37.007 --> 42:38.350 [SPEAKER_00]: And during that time, she upskilled. 42:38.370 --> 42:39.152 [SPEAKER_00]: She worked with the team. 42:39.192 --> 42:40.274 [SPEAKER_00]: She got her technicals chops. 42:40.575 --> 42:42.639 [SPEAKER_00]: And then they moved her into a junior pen test roll. 42:42.719 --> 42:45.405 [SPEAKER_00]: And then two years later, now she's a senior pen tester. 42:45.385 --> 42:49.371 [SPEAKER_00]: but they would never have hired her as a junior pen tester because she was 40 years old and she has security plus. 42:49.712 --> 42:58.906 [SPEAKER_00]: So she used, oh well, I got this marketing background, you should hire me to do your training and your communications and your PowerPoint briefs and all that and that's what they did and then she was able to get her foot into her. 42:58.946 --> 43:02.652 [SPEAKER_00]: So sometimes you got to take that first step to get to the second step where you ultimately want to be. 43:03.323 --> 43:05.185 [SPEAKER_03]: Yeah, make sure you listen and make sure you're listening. 43:06.066 --> 43:07.447 [SPEAKER_03]: Uh, Jason, we game close to time. 43:07.527 --> 43:08.689 [SPEAKER_03]: I know you got a lot of things going on. 43:08.789 --> 43:14.835 [SPEAKER_03]: I'm actually a couple more questions and, and for the appreciate that this has been a lot, I've learned a lot at, yeah. 43:14.935 --> 43:19.520 [SPEAKER_03]: So what I'm going to move on to next, do we have a lot of things going on? 43:19.580 --> 43:22.343 [SPEAKER_03]: We got AI, we got AI compliance. 43:22.363 --> 43:25.086 [SPEAKER_03]: We got, uh, we've got, uh, cloud. 43:25.146 --> 43:30.512 [SPEAKER_03]: We got all this new technology, even if in a very few, uh, not too long quantum. 43:31.589 --> 43:38.896 [SPEAKER_03]: With all these new trends, what are some things that people can do to future proofs is that because people are just trying to get this security plus, what would you recommend they do? 43:39.837 --> 43:44.622 [SPEAKER_00]: Yeah, I think it's really a matter of you have to be looking ahead and where the world is going, right? 43:45.023 --> 43:47.485 [SPEAKER_00]: I think we can all agree AI is not going anywhere. 43:48.006 --> 43:53.211 [SPEAKER_00]: AI is here, AI is here to stay, employers like it because they like the idea of we don't have to hire as many people. 43:53.571 --> 43:58.356 [SPEAKER_00]: I will tell you as a person who uses it, I love using AI because it makes me more efficient. 43:58.336 --> 44:03.825 [SPEAKER_00]: So, getting your skills up where you can use AI effectively and securely is really important, right? 44:04.165 --> 44:12.799 [SPEAKER_00]: If you're a programmer and you're not using things like cloud code and cursor today, you are just shooting yourself in the foot because the other guys are going to completely just bypass you. 44:13.140 --> 44:15.343 [SPEAKER_00]: I mentioned David, who's my CTO at Accolade. 44:16.425 --> 44:24.478 [SPEAKER_00]: He is amazing with what he can put out and how fast he can put things out in a very fast secure manner because he's learned these tools and he's learned them well. 44:24.458 --> 44:27.262 [SPEAKER_00]: Now, a lot of people know how to use them, but they don't know how to use them well or securely. 44:27.282 --> 44:30.247 [SPEAKER_00]: So, being that person, that's going to be really helpful for you. 44:30.988 --> 44:32.030 [SPEAKER_00]: When it comes to AI, right? 44:32.070 --> 44:35.475 [SPEAKER_00]: There's this whole new AI governance thing that's coming out that we have to look at. 44:35.875 --> 44:38.299 [SPEAKER_00]: How are we going to do, how are we doing bias mitigation? 44:38.379 --> 44:39.501 [SPEAKER_00]: How are we doing prompt engineering? 44:39.701 --> 44:42.966 [SPEAKER_00]: How are we doing the engineering behind how these AI is talked to our systems? 44:43.046 --> 44:44.629 [SPEAKER_00]: And what data can be shared and what can? 44:45.130 --> 44:48.595 [SPEAKER_00]: Where's your data going when you go to chat to you PT and entering a query right now? 44:48.895 --> 44:49.977 [SPEAKER_00]: If you're on the free plan, 44:49.957 --> 44:50.759 [SPEAKER_00]: You're the product. 44:50.839 --> 44:53.404 [SPEAKER_00]: They're collecting all that and that can go out in other places, right? 44:53.764 --> 44:58.994 [SPEAKER_00]: So small businesses all need to accept AI and start using it, but they need people to help them do this. 44:59.335 --> 45:02.842 [SPEAKER_00]: So a new area that you're seeing is AI consultants coming in and helping them learn that. 45:04.345 --> 45:06.008 [SPEAKER_00]: So I think that's an area you want to be looking at. 45:05.988 --> 45:08.173 [SPEAKER_00]: Cloud has been out for about 10, 15 years. 45:08.213 --> 45:09.436 [SPEAKER_00]: There was a big push to the cloud. 45:09.717 --> 45:11.681 [SPEAKER_00]: Now we're seeing a lot of people pull back into on-premise. 45:12.523 --> 45:13.646 [SPEAKER_00]: These things go in cycles. 45:14.046 --> 45:16.512 [SPEAKER_00]: I think we'll see in the next five years, people are going to go back to the cloud again. 45:17.274 --> 45:18.056 [SPEAKER_00]: I think you're going to see that. 45:19.218 --> 45:21.263 [SPEAKER_00]: So don't think that cloud's gone. 45:21.243 --> 45:24.947 [SPEAKER_00]: And then Democrats are evolving super quick, especially with AI. 45:25.268 --> 45:27.911 [SPEAKER_00]: Because we have AI now, that we can use things like Cloud Good. 45:28.191 --> 45:32.436 [SPEAKER_00]: We can create polymorphic malware like that, right? 45:33.077 --> 45:35.259 [SPEAKER_00]: It used to take us days and weeks to write new malware. 45:35.539 --> 45:38.423 [SPEAKER_00]: Now we can do it in a matter of a miniature hours, right? 45:39.324 --> 45:40.906 [SPEAKER_00]: So how do we future-proof our careers? 45:41.126 --> 45:41.967 [SPEAKER_00]: We're always learning. 45:42.127 --> 45:43.909 [SPEAKER_00]: We're constantly learning the next thing. 45:43.889 --> 45:51.759 [SPEAKER_00]: And this is where you have to be careful with certifications because a lot of people treat like security plus this is the entry level certification So we all need to know it. 45:52.080 --> 45:54.182 [SPEAKER_00]: So this textbook for security plus this becomes my Bible. 45:54.202 --> 45:55.524 [SPEAKER_00]: And if I know everything in here, I'm good. 45:55.985 --> 45:59.629 [SPEAKER_00]: Well, the problem you have to remember is certifications get updated every three years. 46:00.190 --> 46:04.716 [SPEAKER_00]: And so security plus if you look at the current version, it doesn't even mention AI. 46:04.696 --> 46:10.684 [SPEAKER_00]: Right, the new versions coming out in October, October 2026, and it will have a objective on AI. 46:10.784 --> 46:13.307 [SPEAKER_00]: But it's got one objective out of 35 objectives, right? 46:13.627 --> 46:15.590 [SPEAKER_00]: So it's not going to fully teach everything you need to know. 46:15.610 --> 46:17.292 [SPEAKER_00]: So you're going to have to supplement that with other areas. 46:17.853 --> 46:24.861 [SPEAKER_00]: You're going to have to learn on your own on some of the stuff because AI is changing so fast that is taking these certification companies too long to catch up to it. 46:25.522 --> 46:30.028 [SPEAKER_00]: You know, again, I'm not trying to make this new promo, but Aclead when we wrote our 46:30.008 --> 46:35.575 [SPEAKER_00]: CCRF core, our core, our textbook and our certification, version 1.1 of the framework was out. 46:36.677 --> 46:39.741 [SPEAKER_00]: When version 2 came out of the framework, it completely changed a bunch of stuff. 46:40.161 --> 46:48.572 [SPEAKER_00]: We had the entire curriculum, the entire textbook, and the entire certification read done within 60 to 90 days of that release and ready to go to teach new stuff. 46:48.592 --> 46:50.715 [SPEAKER_00]: That is not the typical certification model. 46:50.735 --> 46:55.521 [SPEAKER_00]: If this was a compt certification, they simply would have waited for the end of that three-year cycle and then updated it. 46:55.541 --> 46:57.163 [SPEAKER_00]: So, you know, we just 46:58.865 --> 46:59.306 [SPEAKER_00]: that. 46:59.686 --> 47:03.933 [SPEAKER_00]: We just did the A plus course last year and they just added Windows 11 in. 47:03.993 --> 47:06.096 [SPEAKER_00]: Well, Windows 11 has been out for a couple of years, right? 47:06.196 --> 47:07.858 [SPEAKER_00]: Yeah. 47:07.878 --> 47:08.299 [SPEAKER_00]: Yeah. 47:08.319 --> 47:12.826 [SPEAKER_00]: And that was in the version 121211 series, the 1212 with two series course, right? 47:13.427 --> 47:16.832 [SPEAKER_00]: Because they're on a three-year cycle and like we don't care, we're staying on the three-year cycle. 47:17.553 --> 47:25.024 [SPEAKER_00]: So just remember that when you're getting a certification, it's current as if when they released it, not as of today and with AI things change every 47:25.004 --> 47:30.293 [SPEAKER_00]: weeks to months, certifications can't keep up with that generally because of the way they have to build these certifications. 47:30.774 --> 47:33.939 [SPEAKER_00]: So yeah, so I would say, you know, how do you keep up? 47:34.480 --> 47:41.612 [SPEAKER_00]: The best way is being involved with meetups, being involved with communities and newsletters that will keep you updated. 47:41.592 --> 47:44.819 [SPEAKER_00]: Some of my favorites are simply cyber. 47:44.959 --> 47:47.044 [SPEAKER_00]: I think does a great job and we can use letter. 47:47.685 --> 47:49.610 [SPEAKER_00]: So Joe the auger at simply cyber. 47:49.890 --> 47:52.436 [SPEAKER_00]: If you don't already with them. 47:52.697 --> 47:53.819 [SPEAKER_00]: Definitely sign up with those guys. 47:53.859 --> 47:54.280 [SPEAKER_00]: They're great. 47:54.901 --> 47:56.304 [SPEAKER_00]: They do a conference once a year as well. 47:56.886 --> 47:58.369 [SPEAKER_00]: That's really good. 47:58.349 --> 48:08.424 [SPEAKER_00]: At accolade, we have TLDR, cyberscurity.com, so if you go to TLDR, cyberscurity.com slash subscribe, you can join our community, which is completely free to you. 48:08.785 --> 48:15.595 [SPEAKER_00]: You'll get emails once a week with information on not just certifications, but I'm telling you about, there's this new exploit in the wild. 48:15.675 --> 48:16.897 [SPEAKER_00]: There's this new thing that's happening. 48:16.917 --> 48:19.541 [SPEAKER_00]: There's this new thing, and here's the things you should be doing to keep up with it. 48:19.942 --> 48:22.686 [SPEAKER_00]: Really short, five minute read per week, it'll help keep you updated. 48:22.666 --> 48:25.651 [SPEAKER_00]: But if you do that five minutes a week, it'll keep you current where you need to be. 48:25.691 --> 48:31.079 [SPEAKER_00]: Also, if you go to that subscribe that I said, TLDR, cybersecurity.com, slash subscribe. 48:31.781 --> 48:40.314 [SPEAKER_00]: If you give me your email, I'm going to send you back in ebook, which gives you the 26 best certifications and road maps and things you need to know for this changing world. 48:40.514 --> 48:41.476 [SPEAKER_00]: There's a chapter on AI. 48:41.536 --> 48:42.498 [SPEAKER_00]: There's a chapter on cloud. 48:42.738 --> 48:44.180 [SPEAKER_00]: There's a chapter on evolving cyber threats. 48:44.240 --> 48:45.322 [SPEAKER_00]: There's a chapter on quantum. 48:45.623 --> 48:47.726 [SPEAKER_00]: So if you want to learn more about this stuff, it's a short ebook. 48:47.746 --> 48:49.669 [SPEAKER_00]: It's about 50, 60 pages. 48:49.649 --> 48:50.952 [SPEAKER_00]: I'm happy to give that to you all. 48:51.393 --> 48:53.377 [SPEAKER_00]: That same book is on Amazon for 20 bucks. 48:53.497 --> 48:59.370 [SPEAKER_00]: I sent it up to you guys for free, exchange for sending up for the mailing list, and then you'll be getting more information from me, and we can keep connected. 49:00.131 --> 49:06.264 [SPEAKER_00]: And then we're also doing a cyber conference in a Marcher April of this year, which is gonna be completely free for you to attend as well. 49:06.284 --> 49:08.569 [SPEAKER_00]: So if you're subscribed, we'll let you know about that as well. 49:08.549 --> 49:09.371 [SPEAKER_00]: We'd love to have you there. 49:09.411 --> 49:10.553 [SPEAKER_00]: It's going to be two days. 49:10.573 --> 49:12.137 [SPEAKER_00]: I think Chris is actually coming and speaking as well. 49:12.157 --> 49:12.838 [SPEAKER_00]: We've talked about that. 49:12.918 --> 49:23.140 [SPEAKER_00]: So you'll see Chris there for an hour, but we've got two days of great speakers from all over the place that will really help bring your knowledge up in that, you know, 16 hours over two days. 49:23.161 --> 49:27.570 [SPEAKER_00]: You'll be able to just learn all the stuff you need to know to be current as of 2026. 49:27.550 --> 49:28.231 [SPEAKER_00]: Sorry, guys, Chris. 49:28.832 --> 49:29.212 [SPEAKER_03]: No, no problem. 49:29.653 --> 49:33.838 [SPEAKER_03]: I just wanted to audience know, I have the link, I'm going to put the link in the description to get there for you. 49:33.858 --> 49:34.238 [SPEAKER_03]: E-book. 49:34.719 --> 49:38.324 [SPEAKER_03]: And I'll make sure you check out Accolade, make sure you take our Jason Dion training. 49:38.764 --> 49:42.229 [SPEAKER_03]: I personally used it to help me with getting a security plus. 49:42.669 --> 49:46.874 [SPEAKER_03]: So I have no problem just saying it or shouting it, I can already do it anyway. 49:46.955 --> 49:49.618 [SPEAKER_03]: So just make sure you check it out in this very affordable. 49:49.658 --> 49:51.280 [SPEAKER_03]: His training is very affordable. 49:51.260 --> 49:58.656 [SPEAKER_03]: and it will help you get what you need to know and also what this training is very is recorded professionally and have things that can help you out. 49:58.716 --> 50:02.584 [SPEAKER_03]: And based off this podcast, he knows what he's doing. 50:05.250 --> 50:09.319 [SPEAKER_03]: So Jason, I know you kind of mentioned your business, but we're going to audience find you. 50:09.907 --> 50:16.814 [SPEAKER_00]: Yeah, the best place to find me is on acclade.com is usually the best way, which is akylade.com. 50:17.334 --> 50:18.496 [SPEAKER_00]: You can find me on LinkedIn as well. 50:18.576 --> 50:22.179 [SPEAKER_00]: So LinkedIn.com slash iN slash Jason Dion. 50:22.279 --> 50:23.180 [SPEAKER_00]: Love to connect with you there. 50:23.220 --> 50:25.442 [SPEAKER_00]: I've got, you know, 450,000 people who are connected with me. 50:26.503 --> 50:27.945 [SPEAKER_00]: So definitely connect there. 50:28.105 --> 50:32.029 [SPEAKER_00]: And I post information there as well for just like our newsletter. 50:32.069 --> 50:38.175 [SPEAKER_00]: So keep you up to date on what's going on in the certification realm and the AI cloud cyber intelligence world. 50:38.763 --> 50:42.429 [SPEAKER_03]: Okay, make sure you check our JSON and then also JSON. 50:42.669 --> 50:45.113 [SPEAKER_03]: I just want to, this is something I always do with my podcast. 50:45.674 --> 50:49.379 [SPEAKER_03]: I just want to actually two more questions and then we can call it, we're going to end it. 50:50.080 --> 50:52.244 [SPEAKER_03]: Where do you want to be at the next five years? 50:52.264 --> 50:53.225 [SPEAKER_03]: You accomplished a lot. 50:54.487 --> 50:55.869 [SPEAKER_03]: What do you want to do in the next five years? 50:55.969 --> 50:57.251 [SPEAKER_03]: I know you have some things. 50:57.291 --> 50:59.695 [SPEAKER_03]: I don't know if you want to say it publicly, but I already know it happened. 50:59.735 --> 51:02.319 [SPEAKER_03]: But what are you trying to do for the next five years? 51:02.399 --> 51:04.382 [SPEAKER_03]: And what is one thing you want to lead to audience with? 51:05.105 --> 51:10.037 [SPEAKER_00]: Yeah, so, you know, really the next five years, my big goal is changing the way certifications are done. 51:10.458 --> 51:12.382 [SPEAKER_00]: And that's a pretty big ask, right? 51:12.823 --> 51:20.582 [SPEAKER_00]: So I started accolade because I was trying to get the certification providers like ISC squared and Coptia and those folks to move into practical certifications. 51:20.562 --> 51:25.848 [SPEAKER_00]: Um, I couldn't get them to move, um, you know, they're, they're pretty happy to do things work for them right now, right? 51:26.188 --> 51:28.570 [SPEAKER_00]: It's pretty inexpensive to build search the way they do. 51:28.691 --> 51:30.813 [SPEAKER_00]: It's much more expensive to build them in a practical way. 51:31.093 --> 51:33.636 [SPEAKER_00]: It's easier to test when it's ABCD than it is in a practical way. 51:33.676 --> 51:34.417 [SPEAKER_00]: All those kind of things. 51:34.777 --> 51:38.100 [SPEAKER_00]: So because I couldn't get them to do it, that's why I doubted to acclate and I'm doing it myself. 51:39.021 --> 51:43.486 [SPEAKER_00]: Um, now whether acclate becomes big enough that you all start taking acclate certifications instead of comp tiers. 51:44.007 --> 51:46.249 [SPEAKER_00]: Uh, I think that's a five or 10 year plan, right? 51:46.229 --> 51:54.138 [SPEAKER_00]: or I think that we'll become a big enough threat for lack of better term, that they go, oh, we need to start doing that too, and that will move them into those practical certifications as well. 51:54.659 --> 51:56.781 [SPEAKER_00]: For me, either way, that's considered a win, right? 51:56.821 --> 52:05.492 [SPEAKER_00]: Whether Akla becomes the next comptia or comptia moves into this practical manner, I would consider that a winky the way because I think that's what we as the industry need. 52:05.672 --> 52:13.701 [SPEAKER_00]: We need certifications that are practical hands-on, because I'm tired of hiring somebody who has a security plus, they show up to work on Monday and they can't even reset a password on Windows. 52:13.741 --> 52:15.223 [SPEAKER_00]: Like, that's just ridiculous to me. 52:15.203 --> 52:16.765 [SPEAKER_00]: they don't know how to set up the user permissions. 52:16.785 --> 52:21.409 [SPEAKER_00]: That kind of stuff, that should just be tested in the certification, and it's not, right? 52:21.810 --> 52:24.593 [SPEAKER_00]: So that's one of the big wins that I'm looking for. 52:24.653 --> 52:37.866 [SPEAKER_00]: And then the other thing that I've been focused on is getting this new newsletter going and these conferences every year, so that we can start helping more people break into the industry, because I'm really tired of the gatekeeping that happens. 52:38.527 --> 52:43.472 [SPEAKER_00]: We get a lot of this where it's like, well, you know, I'm in, and so now everybody has to look exactly like me and do everything I've got. 52:43.452 --> 52:43.933 [SPEAKER_00]: done, right? 52:44.193 --> 52:49.182 [SPEAKER_00]: Well, because I had to get a security plus to the CISSP, that means the next I have to get a security plus NCAISSP. 52:49.843 --> 52:58.157 [SPEAKER_00]: I think as AI tools come out for hiring, we should be able to do better jobs of hiring people based on their skills and their experience over certifications, but today we're not there yet, right? 52:58.257 --> 52:59.820 [SPEAKER_00]: So we're still there in five years. 52:59.920 --> 53:02.965 [SPEAKER_00]: I think we probably will be, where you'll be going through an interview with an AI. 53:03.186 --> 53:07.373 [SPEAKER_00]: So instead of me talking to Chris, it would be me talking to AI, and then going, oh, Jason doesn't always talk enough. 53:07.513 --> 53:09.156 [SPEAKER_00]: Now let me give 53:09.136 --> 53:17.494 [SPEAKER_00]: And I think that'd be really helpful because there are so many people who have the experience and the knowledge, but if they don't have the the degree, they don't have the certification, no one will over find them. 53:17.514 --> 53:19.438 [SPEAKER_00]: So I would like to see that change. 53:19.458 --> 53:24.529 [SPEAKER_03]: And then the second question was I forgot was one thing you want to lead on as well. 53:25.167 --> 53:30.455 [SPEAKER_00]: Um, the one thing I would say is, you know, if you have a passion for this stuff, you can make it happen. 53:30.475 --> 53:30.716 [SPEAKER_00]: Right. 53:30.956 --> 53:32.118 [SPEAKER_00]: Um, it is going to take work. 53:32.338 --> 53:34.582 [SPEAKER_00]: And I will say, it is hard to break in. 53:34.842 --> 53:37.386 [SPEAKER_00]: That first job is super discouraging, right? 53:37.526 --> 53:43.716 [SPEAKER_00]: I know people who who apply a hundred, 500 and a thousand times before they get that first position. 53:43.696 --> 53:45.519 [SPEAKER_00]: But that's only the first time that it's painful. 53:46.100 --> 53:52.271 [SPEAKER_00]: Once you're in the community, because there's this gatekeeping that goes on, and you have that job, like Chris is a good example. 53:52.512 --> 53:53.373 [SPEAKER_00]: He's in the community now. 53:53.554 --> 53:55.377 [SPEAKER_00]: He's got a job, he's been doing it for a couple of years. 53:55.958 --> 53:58.022 [SPEAKER_00]: I can find him another job in cybersecurity tomorrow. 53:58.242 --> 53:59.224 [SPEAKER_00]: It wouldn't be hard. 53:59.204 --> 54:15.576 [SPEAKER_00]: But if he had just gotten a security plus and he has zero experience on his resume and he came from a project manager, it's going to be a little harder if he has no experience because he came from McDonald's and Walmart working retail and he just got a security plus it's probably going to take a thousand applications so be persistent it's going to be hard. 54:15.556 --> 54:18.400 [SPEAKER_00]: And the other thing I would recommend is part of that is networking. 54:18.720 --> 54:27.431 [SPEAKER_00]: So go to B-sides, if you're close to one of those conferences, go to something like simply cyber conference, go to Black Hill's Information Security's conference. 54:28.052 --> 54:32.497 [SPEAKER_00]: They're all over the U.S. You don't have to travel far for these, but go to those and meet people. 54:32.958 --> 54:35.681 [SPEAKER_00]: Be professional, talk to them, be like, oh, Chris, what do you do? 54:36.262 --> 54:37.524 [SPEAKER_00]: And not like, hey, Chris, what do you do? 54:37.544 --> 54:38.465 [SPEAKER_00]: And can you get me a job? 54:38.745 --> 54:40.147 [SPEAKER_00]: But they say, oh, about your job. 54:40.187 --> 54:40.988 [SPEAKER_00]: Tell me about what you do. 54:41.388 --> 54:42.610 [SPEAKER_00]: Make friends. 54:42.590 --> 54:47.742 [SPEAKER_00]: And that will turn into a job in career opportunities later on because that first job is always going to be the hardest. 54:47.762 --> 54:56.983 [SPEAKER_00]: I'll tell you I can help you get certified and if you want your scary plus I can take anybody in this audience and get your scary plus in the next five to ten days It's not hard, right? 54:57.344 --> 54:58.426 [SPEAKER_00]: But getting you the job. 54:58.747 --> 54:59.489 [SPEAKER_00]: That's hard, right? 54:59.850 --> 55:00.852 [SPEAKER_00]: And so like 55:00.832 --> 55:05.481 [SPEAKER_00]: You got to have to be persistent and survive through it because it's just, you're going to hear a lot of knows. 55:05.822 --> 55:11.574 [SPEAKER_00]: So it's like almost like when you've ever worked as a, if you're a work that is telemarketer, I did that going through high school and college. 55:12.255 --> 55:14.039 [SPEAKER_00]: I heard, you know, a hundred knows for everyone. 55:14.079 --> 55:14.299 [SPEAKER_00]: Yes. 55:14.720 --> 55:17.145 [SPEAKER_00]: And so you just got to build up that fixed in and move through. 55:17.185 --> 55:18.267 [SPEAKER_00]: It's going to happen. 55:18.287 --> 55:19.650 [SPEAKER_00]: It's just the world that we're in today. 55:20.103 --> 55:20.564 [SPEAKER_03]: Yeah. 55:20.584 --> 55:21.345 [SPEAKER_03]: I mean, you never know. 55:21.385 --> 55:23.690 [SPEAKER_03]: Again, I get, I just reach out to people. 55:23.770 --> 55:25.013 [SPEAKER_03]: I just reach out to Jason. 55:25.273 --> 55:26.055 [SPEAKER_03]: I'm really surprised. 55:26.075 --> 55:26.716 [SPEAKER_03]: He reached out. 55:26.976 --> 55:29.281 [SPEAKER_03]: He has 50,000 followers and he just told me yes. 55:29.341 --> 55:30.624 [SPEAKER_03]: So you never know. 55:30.704 --> 55:32.427 [SPEAKER_03]: So I'm just going to use that as a analogy, too. 55:32.627 --> 55:32.948 [SPEAKER_03]: You know? 55:33.950 --> 55:34.050 [SPEAKER_00]: Yeah. 55:34.070 --> 55:34.631 [SPEAKER_00]: I mean, here's the thing. 55:34.711 --> 55:36.475 [SPEAKER_00]: If you don't take a shot, you'll never make. 55:36.535 --> 55:37.777 [SPEAKER_00]: You'll never get to move, right? 55:37.938 --> 55:40.643 [SPEAKER_00]: One of the people in my team, you know. 55:40.623 --> 55:42.285 [SPEAKER_00]: She's our learning and design specialist. 55:42.305 --> 55:44.348 [SPEAKER_00]: She has a Ph.D. and this stuff over at D on training. 55:45.469 --> 55:46.691 [SPEAKER_00]: I wasn't hiring for that position. 55:46.991 --> 55:50.756 [SPEAKER_00]: She emailed my customer support and was like, hey, I've gone through your courses. 55:50.956 --> 55:53.560 [SPEAKER_00]: Here's why I think you can improve and I'd like to help you do it. 55:54.441 --> 55:56.203 [SPEAKER_00]: By the way, if you're hiring, I'd be interested, right? 55:56.624 --> 55:59.948 [SPEAKER_00]: And I interviewed her and I fell in love with her. 55:59.928 --> 56:17.749 [SPEAKER_00]: from a professional level and she's been on the team now for four or five years and she's amazing and does great work and it's really up the elevation of our game Versus just what I did, but what she brought to the table as well and like really it was she just took her shot Where's we what I said was sorry we're not hiring thanks We've got your student, but sorry we're not hiring just like you Chris. 56:17.869 --> 56:27.100 [SPEAKER_00]: I could have been like sorry I'm busy can't do the podcast, but you're I appreciate you being a fan and being some major for my courses But you never know sometimes people say yes, so give it a shot 56:27.080 --> 56:28.021 [SPEAKER_00]: That was good. 56:28.281 --> 56:31.505 [SPEAKER_00]: Oh, email me on Friday and saying, hey, I'm looking for a job because we're not hiring right now. 56:31.525 --> 56:33.208 [SPEAKER_00]: Sorry. 56:33.488 --> 56:41.478 [SPEAKER_00]: But, you know, one of the things like, you know, I wasn't even thinking of that particular job, but it ended up working out because it wasn't just, hey, I'm looking for a job. 56:41.498 --> 56:45.242 [SPEAKER_00]: Like, she literally, like, sent in like, hey, if I was working for you, here's what I would do. 56:45.282 --> 56:46.404 [SPEAKER_00]: And here's how it would change your stuff. 56:46.444 --> 56:47.725 [SPEAKER_00]: Like, hey, I want that. 56:47.785 --> 56:48.887 [SPEAKER_00]: Yeah, I'm going to bring you on, right? 56:49.207 --> 56:56.496 [SPEAKER_00]: So, but again, you take your shop because the worst thing I could say is no, I mean, we could 56:56.982 --> 57:13.837 [SPEAKER_03]: Yeah, I just want to say thank you Jason for giving me an hour of your time, thank you for coming on this by you use the game that you spent on this podcast or set on this podcast, that's a very valuable, you know, and I pray that somebody listen to this and can learn from a lot. 57:13.937 --> 57:14.839 [SPEAKER_03]: So thank you again. 57:14.819 --> 57:15.743 [SPEAKER_03]: Thanks for having me. 57:16.245 --> 57:16.686 [SPEAKER_03]: No problem. 57:17.028 --> 57:25.641 [SPEAKER_03]: So for people that's watching on YouTube, remember to like the video, subscribe to the channel and also check out our MF Academy if you want to learn wrist management and things like that. 57:26.042 --> 57:28.673 [SPEAKER_03]: And remember everybody get 1% better every day. 57:29.134 --> 57:29.616 [SPEAKER_03]: Peace out. 57:29.697 --> 57:30.600 [SPEAKER_03]: I'll see you on next one.