CCT 002: Solving the Cybersecurity Training Problem

🔒 Solving the Cybersecurity Training Problem! 🎧🔍

🎙️ Introducing the "CISSP Cyber Training Podcast," your ultimate solution to bridge the cybersecurity skills gap! Join us as Shon Gerber tackles the rising demand for skilled professionals in this episode focused on solving the cybersecurity training problem. 📚💼

🔐 Discover how to meet the increasing number of cybersecurity job opportunities through comprehensive training strategies. Shon Gerber, a seasoned expert in the field, shares valuable insights, practical tips, and industry best practices to help students thrive in the cybersecurity landscape. 🎧💡

📌 Stay ahead of the curve by gaining a deep understanding of the skills and knowledge required to succeed in this ever-evolving field. Our podcast equips you with the tools to bridge the gap between demand and supply, opening doors to lucrative cybersecurity careers. 💼🔒

🌟 Don't miss out on this invaluable opportunity! Follow us on LinkedIn and Facebook to access the latest episode and gain the competitive edge needed to excel in the cybersecurity industry. Let's solve the training problem together! 👉🏆

👉 Episode Link: https://www.buzzsprout.com/2167626/12601312

👉 LinkedIn: www.linkedin.com/in/shongerber

👉 Facebook: https://www.facebook.com/CyberRiskReduced/

👉 CISSPCyberTraining:  https://www.cisspcybertraining.com/

#CISSP #CyberTraining #ExamPreparation #CISSPQuestions #Domain1 #Cybersecurity #Podcast #ShonGerber

Gain access to 30 FREE CISSP Exam Questions each and every month by going to FreeCISSPQuestions.com and sign-up to join the team for Free. 

CCT 002_RCR 099 - Solving the Cybersecurity Training Problem-1

[00:00:00] Hey y'all. This is Shon Gerber. Thank you so much for listening today. But before we get started, I have a question for you. Would you like to finally pass the CISSP and get started building a lucrative and rewarding career in cybersecurity? I can help you over at CISSP Cyber training.com with the resources and tools you need to pass the CISSP the first time.

At CISSP cyber training.com, there's a vast array of resources available that will give you the guidance direction and training you need to pass the CISSP exam. As soon as you get done with this presentation, head on over to css p cyber training.com so that I can begin helping you today to meet your CISSP goals and grow your career in cybersecurity.

All right, let's get started. Welcome to the reduced Cyber risk and CISSP training podcast, where we provide you the training and tools you need to pass the CISSP exam the first time. Hi, my name is Shon [00:01:00] Gerber and I'm your host for this action packed informative podcast. Join me each week as I provide the information you need to pass the CISSP exam.

And grow your cybersecurity knowledge. Alright, let's get started. Let's go. Hey, S Shon Gerber again with CISSP cyber training and I hope you all are having a beautiful day today. It is a gorgeous day here in Wichita, Kansas. Could not complain at all. So, you know, life is good. Shouldn't complain cuz you just, it could be a whole lot worse.

Right. Well just on the, this is a, uh, Number two. This is our second episode in our CISSP cyber training course that we've got out there. And the purpose of this is to kind of talk a little bit about why we're doing this CISSP training and really to try to solve the cybersecurity training problem and, uh, to just as a recap from last.

Podcast kind of introduced myself as obviously Shon Gerber, and I have this, uh, CISSP cyber [00:02:00] training website, basically, that I'm looking to teach people how to understand the CISSP, but in addition to that, I'm looking to also provide guidance and direction for folks that are really just wanting to get into cybersecurity.

I see a lot of different things out online, around cybersecurity and what you, what it takes to become successful and to get the job that you always want. Well, I can help you with that because I've done it. Been basically went from zero to where I'm at today, and it's, it's, I'm very, very blessed. Well, as a background, I used to fly, I was former military and I used to fly B one bombers for the military Air Force that it is, and did that for plenty of years, for about eight years.

And then I became a hacker for the US government, and I did that as a, as a red team, and I was a member of the red team and I ended up being the squadron commander for an Air Force red team and just totally loved it. It was amazing. But so I went from being a commercial pilot to being a. Military pilot and navigator to becoming a hacker.

So it's a very different [00:03:00] skillset from when I first started, but I also went to school to learn to be an airline pilot, and I didn't go to school for anything as it relates to being an MIS or any sort of like that. So my. Background was not in computers. So what ended up happening though, is as I became a hacker, I wanted to teach people how to basically do that and also how to protect individuals from hackers.

And so I taught a squadron full of people how to become hackers from being mechanics from someone that really didn't have any experience in cyber to becoming one of the best. Cyber organizations in the country. I then moved on to corporate America, where I am now the Chief Information Security Officer for a very large multinational.

But in the process, I was the manager of a security operations center, which helped stand that up. And I was also a security architect for this large multinational, so, Like I say, I've been through much of what you all are trying to accomplish, and I can definitely help you with that. Hence, that's why we're doing this podcast.[00:04:00] 

So the purpose of this podcast, so again, is to solve the training problem and how do we do that Now, as I was talking to a, an intern that works for me just today, it's, it's really quite obvious and quite evident that it is a humongous problem. It's a very big problem for individuals all over the country and all over the globe.

So what I'm gonna cover is basically what are the things that I struggled with, as well as how I overcame it, and then what you can do immediately to help your future. I mean, that's really what bottom line, what you're trying to accomplish is you want more for your life and you want ways to do it, but you don't know how to actually do that.

And that's where this comes into play. That's where I kind of come into play. So I'm gonna help you get the role that you've always wanted. Now, the big difference here though, For that to happen is you're gonna have to do your part. I'm gonna be able to walk you through and a CISSP in this podcast.

Also in the CISSP cyber training that I have. What you need to do to become successful in cyber, but you're gonna have to do a part to it as well. It isn't magical, it isn't. It isn't something [00:05:00] that is like super easy that you can just kind of wake up and be there. But if you're dedicated and you're designed what you want to do, you can have it.

There's no question in my mind about that. So you just have to decide what you want to do. Okay. But the purpose of doing this also is to also help protect the world from the evil hacker horde. And I say that because as of the recording of this podcast Dev, the World Economic Forum that was in DeVos, Switzerland, just made a comment that they said cyber criminals are wor, are basically taken $10.5 trillion from the global economy and that most people that are in business that are actually having to try to pro.

Protect things from cyber people or from the evil hacker hoard say that only 27% of these businesses feel that they're actually resilient from a cyber attack. That means 70% of the business out there don't feel that way, or they just don't even know. So it's important that you do pass your C, your CISSP, and as well as any other credentials you're trying to get because we [00:06:00] need to protect the globe from this nemesis.

We just really truly do. So let's start with the problem. And people ask me all the time, how do you get into cybersecurity? They don't know. They have no idea. They have no clue. They just hear about it. They think it's really cool, but at the end of the day, they don't really know and there's a lot of confusion.

So there's numerous training programs out there and ways for you to do it. Now, I've seen various videos out there going, get your CISSP in 30 days, do this in 14 days, do this in whatever. Right? I'll tell you right now, that might be great to get cert. If you, if you're fortunate enough to do that, but that's one piece of this entire journey and certifications are only as good as the experience.

You have to back them up. You may get to cert, but that doesn't mean you're gonna get the role y you. It just doesn't, I've hired people, I hired a lot of people, and you know what? If I see your resume and you're a CISSP, or you've other asserts, but you have no experience to back it up. I'm sorry. It's not gonna be as good for you as it would be [00:07:00] for someone who does, but you can do that.

There's definitely can get the experience you need. And we're gonna walk through how that can happen. So there's a, the, their training paths are set up this way. So you have, you have conventional and you have a non-conventional path. The conventional is your standard two to four year higher education with potential master's program.

Right. That's a. Conventional path. A non-conventional path would be of a certification approach where you go and you spend the time, you get your certification, you pass the test, and great. Now if you've been minted as a brand new CISSP or security plus or whatever certification des your you want to be, but at the end of the day, those are really the two different paths.

Now, at the end of that, Neither one can guarantee you a job. Neither one can, but what's gonna add that additional benefit is what you know and what some of the experiences you've had. Okay, so one of those questions I get from students, both college students and from individuals that are just trying to learn this, is they have no idea what the next steps are.[00:08:00] 

They have no idea how to begin or move up the ladder as they would say, you know, the ladder of success. How do I get experience if I don't have experience? Who in cyber can mentor me? Cuz again, that's an important part. Getting the cert is one thing, but having someone mentor you in security, security's huge.

It's monstrous. And talking with my, the individual that works for me now, my new intern, he just couldn't even imagine how big cyber is, which is awesome because you know what? It's more than just being a pen tester. It's more than just being a security operations. Analyst. It's way more than that. There's so much more than just those things.

But if you don't know and you don't talk to people that are in this space, you may not understand that, and therefore you may be heading down a path that may not be the correct one for you. Now, yo, I've also talked to questions around business leaders. They just basically go, I don't have enough talent to fill my open roles.

Now the talent that I mean by that is just because someone says they're in cyber doesn't mean they're the right person for that role. And they're gonna, they're gonna pay a [00:09:00] high compensation for an individual. They have to be prepared to be able to basically put up or shut up. They have to be able to do that work.

So, That's a problem that business owners have is they don't know who to even select. Now, colleges, students entering in through colleges really don't understand the networking basics, and I've seen that firsthand. They come through school, so they, you in the United States, and it may be different in the where you're at in the globe, but in the United States, what ends up happening is, is they go to school in high school, they maybe get a little bit of computer programming of some kind, and then they go into high into college.

The challenge is when they do that, they still don't truly understand networking. They don't understand how to actually, how do, how does T C P I P work? How does UDP work tho? Those are some basics. What is the OSI model? And, and I talked to, and I'm really, honestly, I'm using this, my new intern as an a good example, after hearing from my students and now seeing.

Firsthand what he knows. It's amazing. He knows a lot, [00:10:00] but at the same time is, is he's still very new in this whole space. So what he doesn't understand is the networking concepts. And you have to know networking before you can even dream of trying to become a high level security engineer or a security professional.

Now, There is no real path that takes you from zero to hero. That's why you need mentorship to help you and guide you in that direction, and that's where I'm here to help you in that space. Now, as got another examples, I talked to a friend or an individual from Bangalore, India, and I've got business in India.

I've been to India. I work with a lot of folks in India. And they are very smart, very talented individuals that have a lot of drive. Well, he went to the United, the United Kingdom to the uk, to Britain to get his master's in security. That's where he went. He wanted to be in security. Now, he was a developer beforehand, but he felt I have to go to get my security knowledge, so I'm gonna go to a master's program in the UK Now, that worked out for him, but is that the right path?

Maybe, maybe not. I may [00:11:00] not hire this individual, but I may, I don't know. The bottom line though is, is there's multiple ways you can do this. There is no perfect answer. Now, students in college, again, we talked about they don't know what courses to take in college to be successful. Uh, they, they're just trying to, they're just throwing darts at stuff.

And unfortunately, a lot of the colleges, they don't have. Professors that really, truly understand this workforce, and so therefore they're doing the best they can to give them the skills they need, but they still are coming out, ending up short. Now also, when there's young adults who want to get into cybersecurity and they too don't understand what to do, they, they live with their parents.

Maybe they're. Parents are trying to find roles for them and they don't know how to even get started, what should I do? So there, here's a path that we're just gonna kind of go through and walk through. What are some different aspects that you can consider, especially if you're looking at this from getting your cybersecurity?

Career started off, whether it's in specifically in ethical hacking, penetration testing, whatever that [00:12:00] might be. Again, there is no dedicated path, but you do need experience. And I'm gonna tell you, how do you get that? That's really an important factor. How do you get that experience that you need? So before we get into that, I'm just gonna walk through what are some of the key roles that we have that, that you can see out there, and then what are some of the potential salaries that you might encounter with those roles?

So some of the variations you have com, uh, certified Ethical Hacker. You have auditors, you have malware analysis, penetration testers, forensics. You have all those pieces. Those are different titles that you may have heard of. Roles that are in the cybersecurity space. There's gobs of 'em, right? Security architect.

Security engineer, you name it. Now the CISSP, I'm gonna go back to the CISSPsen scenario because that's what we're talking about here in this, in this podcast, is the CISSP. Now, the salaries in many cases, and this doesn't include necessarily some of the other incentives that may go with that, but there the jobs are out there.

If you [00:13:00] [email protected], that's cyber seek.org. There are multiple roles that are available to you. Okay. That to anybody. And the United States, there's approximately 800,000 rolls that are open worldwide. There's about three and a half million. They're saying by 2025 and a and 1.5 million in India alone.

So then the question comes into, is, What is the compensation for some of these roles? And that will vary. Again, it daries upon the market that you're in. Uh, if you are in a large city, that may change it. If you are in a high demand specific role that you're looking to get, that may change it. But at the end of the day, we'll just kind of throw out some numbers.

And the, these, again, these are pulled off of Glassdoor or. Pay scale, but a specialist, basically a cybersecurity specialist or analyst can start off, and these are all in US dollars, around $75,000. Your engineers, about a hundred architects, 130, and then your security officers are [00:14:00] $180,000 and up. Now that being said, there's are also, there's bonuses that are included in there that aren't included in these numbers, so, That's the, we call it total compensation.

Your, your compensation that you get for your salary is these numbers, a hundred, a hundred thirty, one eighty, eighty. You know, those are the, your compensation numbers. However, what you'll want is, is when you get bonuses or profit sharing or any of those other incentives that may be there, those are not included in these numbers because they will vary dramatically from company to company.

But at the end of the day, I mean, let's be realistic. Cybersecurity engineer, making a hundred thousand dollars in the United States is not too shabby, especially since you don't necessarily have to go to a four year college to get this. You don't, you, I can tell you how to do it now and how you can get that in place if the thing you have to do is put in the work to get there.

So again, salaries are large. They can be very, they can even grow from there, even beyond that amount. So what [00:15:00] are some of your training options? Now, I break this down and other people have different ideas, but I break it down into basically three options. You have a free service, you have a paid specialty service, and then you have your standard trade schools or universities.

Those are the kind of the three main buckets that you have. Now your free services come down to YouTube podcasts. The UK has free governmental sources on the job training. You name it, they, there's all kinds of information and a gentleman that I know that I respect highly has a website called flip lifestyle.com, and he helps people start businesses.

Well, one of the things he makes a comment about is that if you're looking for resources online, There's gobs of resources that are free online. They're free everywhere. You can find them. They're all over the place, and you can get your C I SS P training free right now. If you go to YouTube, I'm guarantee you, you can get it now.

If you go to C I SS P Cyber Training, my website, you can get a free self-study guide to help you through that process. If you want to use [00:16:00] all of those free resources, that study guide will help you. It'll walk you through how you should be prepared to study. Okay. Now, when you're stumbling with the CISSP, there is really no such thing as free because you're still gonna have to buy the book.

You still should pay for some questions to help you through this process, but at the end of the day, it's relatively inexpensive. Now we move on to the next one, which is a paid specialized training. Now, the paid specialized training is online training programs that do have a cost or a fee. Obviously there's Udemy, there's CISs P cyber training, ha me.

There's also a training boot camps. There's various other cyber training. Venues out there to help teach and train you on what you need to become successful. They do come at a cost. Some are cost more than others. Boot camps can cost in the upwards of five to six to 7,000 US dollars to do, and again, they will help you through the CISSP in passing that certification.

There's also boot camps for Security Plus, and you name it, there's other ones as well. But bottom line is there's all kinds of [00:17:00] different training camps that are available from free and paid specialized. Now the third option is your trade schools and your universities. So your trade schools and your universities.

They offer up a two year certified programs or a four year college program, and they will start, in many cases, basics around cybersecurity, beginnings, and then they move up from there. Now they both can be really good. They can provide a very solid foundational training, and they can be very curated contact.

Now, I, I talk about curated, the free services isn't curated. You can search all over the globe trying to find the stuff, but it, you'll have to go in multiple places. The paid specialized training is a curated content, okay? So it's, it can be very comprehensive. It can be curated to the point where all of the information is there and available for you.

You just have to go study it. The same with trade schools and universities. They have a lot of cases that is all ready to go for you. You just have to go through the steps to, to get there. Now, the downside of the trade schools and universities are is they're limited. [00:18:00] Okay? They're, they're not, they're not like online everywhere.

Now, I should say that they're going online, but at the end of the day, there's, you still have a university that you have to go to. But they're also much more expensive. So if you rank the pricing wise, you got free service, obviously relatively free. Your paid specialized services can be relatively inexpensive or could be

Pretty expensive. Just depends on what you wanna do. Your trade schools and universities can be much more expensive. So that's kind of the ranking. So you have to decide what can you do? One, how much time can you spend? You know? And also how much money are you willing to spend? Now I'm gonna throw out two more bonus steps for you around ensuring you have long-term success.

You need to become part of a local cybersecurity chapter. They're ISC squared, Isaka C risk or yeah, C risk, ACE risks. I can't remember. Yeah, one of those. But bottom line is you need to look at a cybersecurity chapter that is going to provide you some guidance. Now, the good thing about these chapters is, is they [00:19:00] also help bring people together and they help you with maybe networking.

So if some company is looking for a cybersecurity resource and you go to this, This meeting. Well, guess what? There's possible you could connect with an individual. So there's options there, right? So they're important to get, and plus you get to meet a lot of the people that are in the cybersecurity space within your local area.

You also need to look at finding a mentor. Now, there's various places out online that you can find mentors around cybersecurity, and I highly recommend that you do find one. Some of them can be free, I e your friend, or some of them could be paid depending upon. What you need. Now, again, I, I, you need to look at the fruit on the tree.

This is kind of what I like to throw out is if you need a mentor to help guide you, look for somebody that is in life where you want to be and has done what you want to do. That's where I'd be a good mentor to help guide and train you, and they think the way you think. So again, I, [00:20:00] there's tons of people out there.

I, and I'm not bagging on any of 'em. I think they're all, there's many of 'em that have opportunities that can provide you what you need. However, just make sure that you validate that they actually are have, and they have done what you want to do. That that's really the key. Without that, you've just got a bunch of people talking and they may not provide you the level of knowledge you may need.

Now I'm coming back to why reduce cyber risk and the CISSP cyber training.com was established. Now, I'll kind of that, that's kinda the next podcast, but I'll give you just a little insight. I had started reduce cyber risk a while ago and kind of pivoted, right? I'm, I'm a sle, I am super busy, and so I therefore pivoted a little bit and didn't see the gaps that were there for these students.

Then time went by and I started teaching in college and I realized, you know what? I need to put together this CISSP cyber training program, and I really need to have that available because I see the gaps. I got college students that are coming out of four year college with debt that don't [00:21:00] understand how to move on to the next level.

And that's really realistically what I want to help you do. And I've got friends that are in India, I, I talk to 'em all the time and they're going, how do I get into cyber? What can I do? And so the point is, is that that's why I've created this study plan, but I'm also in the process of creating a way to help individuals walk through the process they need to become successful and get the role that they want, and then help mentor them into that next, that next level, because I've done it.

I've gone from being nobody, from not having any capability at all, from being a pilot to working my way up to taking the C I S P by self-study. By then going out and actually becoming commander of a of a red team. Okay. I didn't know what I was doing. Commander of a red team. Then from there, went into corporate America, didn't understand any of that.

Became an architect. Then developed a security operations center, and now became a cso. And I teach college courses in risk and in iot. [00:22:00] Now I tell you that not to be bragging upon myself, but to tell you that I've done what you want to do. I've done it, and for you to be able to get it, I want you to get this and help you and your family because realistically, it can change your life.

So again, go out. Check me [email protected]. You'll like what you see. I got some free stuff there. Again, the site's being built up, it's growing, it's changing, but, and be patient with it. But at the end of the day, I can help you get your needs Next, next episode is gonna be around how RI Reduce Cyber has started and also the CISSP training.com was established.

We'll get into that and we'll talk to you a little bit more on how I can help you meet your needs. All right. Have a wonderful day, and we'll catch you on the flip side. See ya. Thanks so much for joining me today on my podcast. If you like what you heard, please leave a review on iTunes, as I would greatly appreciate your feedback.

Also, check out my videos that are on YouTube. Just head to my channel CISSP Cyber Training and you will find a [00:23:00] plethora of content to help you pass the CISSP exam the first time. Lastly, head to c CISSPs cyber training.com and look for the free stuff that is only available to our email subscribers.

Thanks again for listening.