MY RELEVANT VIDEOS: 1. How to get into Cybersecurity? (in the Current Job Market) | ft. @UnixGuy - https://youtu.be/Vfdh5ZXSklA?si=Fo_xYN2BD6M_CgfH 2. How to Get into CyberSecurity | Step by Step Roadmap (2024) - https://youtu.be/SS_yw7Xh95g?si=F8Vl4cgVgDICnlYR 3. How I passed the ISC2 CC? (Certified in Cybersecurity) | Guide to pass ISC2 CC Exam - https://youtu.be/EwYALup0bG4?si=jCs_nu-ytPWxjUxX 4. What are the pathways to CyberSecurity? - https://youtu.be/WZi0y4oybbQ OTHER RELEVANT VIDEOS: 1. How I Would Learn Cyber Security If I Could Start Over in 2024 (6 Month Plan) - https://youtu.be/rz0RL4Xue-A?si=k-JD7JO0CQmf_Rhi 2. Asking Cyber Security Recruiter How to Get Hired (Avoid Rejection) - https://youtu.be/rz0RL4Xue-A?si=k-JD7JO0CQmf_Rhi 3. How I Got a Cyber Security Job With No Experience in 2024 - https://youtu.be/gwAhMiiDmCE?si=pYcgKa8P2XGbTzNm 4. How I Would Learn Cyber Security If I Could Start Over | Amazon Principal Security Engineer - https://youtu.be/Ja6zt-OkBqI?si=6FiNUvwn8SSKbMZz 5. How I Would Learn Cyber Security if I Could Start Over in 2024 (Beginner Roadmap) - https://youtu.be/b12JrM-6DBY?si=zWe4YKeCdhwaYmWl Follow Me: Linkedin: https://www.linkedin.com/in/caleb-o-967254173/ Instagram: https://instagram.com/caleb_oni.certified?igshid=YmMyMTA2M2Y= HASHTAGS: #cybersecurity
[00:00:00] Is Cybersecurity Entry-Level? I think a lot of people, they speak about cybersecurity. You cannot get into cybersecurity unless you have two, three years experience in wherever, whether it's IT, whether it's something else, before getting into this industry of cybersecurity.
[00:00:22] And I wanted to ask you, UnixGuy, what your opinion is on that. If it is not entry-level, what is the route into this field?
[00:00:33] Yeah, look, really good question. It comes up now, I promised you, 20 years ago, people were saying similar things.
[00:00:40] Now, from my experience is anytime we make a blanket statement, chances are it's wrong.
[00:00:45] So when we say something, all blank, cybersecurity is not an entry-level, full stop. That tends to be wrong first.
[00:00:52] So I'll give you an example. I work in PwC, which is one of the big four consulting firms.
[00:00:57] Okay? So we do cybersecurity consulting. Every year, PwC have something we call grad program where you hire fresh graduates.
[00:01:05] That's not just PwC, but all the other big four do it. The big banks have it, government has it.
[00:01:11] So just by virtue of the fact that we do actively, every single year, hire entry-level individuals into cybersecurity jobs,
[00:01:21] that in and of itself should make, excuse me, this bloody coffee, that in and of itself should make this statement wrong.
[00:01:31] So just saying something, cybersecurity is not entry-level, it's just wrong because there are simply so many people landing entry-level cybersecurity jobs.
[00:01:38] Okay. Now, let's unpack that statement. Cybersecurity is not just one thing. It's not just one job.
[00:01:45] You know, I don't know, driving a bus, you call this, say, a bus driver, but cybersecurity, we don't all go to a building and we do the exact same job.
[00:01:54] No, cybersecurity is a broad umbrella term where we do so many different jobs.
[00:01:59] I think the confusion happens. Well, first, I blame my generation, the boomers.
[00:02:04] We are the source of every problem because when we started, yes, first of all, there was no job title called cybersecurity.
[00:02:11] We were either support engineers, system engineer, network engineer.
[00:02:15] So my job was as a quote-unquote Unix guy.
[00:02:17] I was working with an operating system called Sun Solaris, which is a Unix operating system.
[00:02:22] And part of that job, we installed the OS and there was this quote-unquote new and upcoming company called Checkpoint.
[00:02:29] They partnered with us and they had a firewall product, but that firewall wasn't the firewall that you see today.
[00:02:35] It was just a software.
[00:02:36] So we installed that software, we configured the ports for them, and then we will do what you call today identity and access management.
[00:02:43] Sometimes we configure something called, it used to be called OpenLDAP, Sun1 directory, which is your OpenLDAP.
[00:02:50] OpenLDAP, and sometimes we install patches, and that's your vulnerability management.
[00:02:54] But we did these tasks as systems engineering.
[00:02:57] Likewise, the network engineers, they would configure their routing and switches, and then they had something called access lists or ACLs, and that was their security.
[00:03:07] Now, I can't tell a beginner today that you have to do that crappy job that we did.
[00:03:11] It wasn't crappy.
[00:03:12] It was the only job available.
[00:03:14] Spend 10 years of your life, do it.
[00:03:16] Then you'll be allowed to have the chance to even touch cybersecurity.
[00:03:20] That's just wrong, right?
[00:03:22] That's not necessary.
[00:03:23] Now, can you do it that way?
[00:03:25] Absolutely.
[00:03:26] Can you work as a network engineer for three years and then transfer to cybersecurity?
[00:03:31] More power to you if that's what you want.
[00:03:33] Is it necessary?
[00:03:34] Absolutely not.
[00:03:36] And I think it will go down the rabbit hole of you can't secure what you don't understand.
[00:03:43] I'm going to put my coffee back because this is one statement.
[00:03:46] Every time I hear it, I have a bit of a giggle, right?
[00:03:48] Because it's such a broad statement.
[00:03:51] People usually say this statement to want to come across as clever, and I think it has the opposite effect.
[00:03:57] Because, again, broad statement, let's unpack it, right?
[00:04:01] And funny, by the way, people who say that, they usually have never worked a day in their life in cybersecurity.
[00:04:06] Some of them are network engineers.
[00:04:09] Some of them are CompTIA trainers, so they just do CompTIA training.
[00:04:13] And apparently, you can't secure what you don't understand.
[00:04:16] So, yes, theoretically, you need to secure something you don't understand.
[00:04:21] But the question is, how much do you need to understand, right?
[00:04:24] So, you need to understand networking.
[00:04:27] Just how much networking do you need to understand?
[00:04:29] As far as I know, almost all cybersecurity training that's available in the market, it goes over networking.
[00:04:36] Now, do you need to be a network engineer?
[00:04:39] Absolutely not.
[00:04:39] That's not a requirement, right?
[00:04:41] But they seem to say this, you know, you can't secure what you don't understand.
[00:04:45] They usually refer to networking or, again, something like a help desk as, like, this is the necessary background.
[00:04:53] Again, these statements come from individuals who haven't worked in this industry because thinking that this is the only foundation that's needed, again, they're wrong.
[00:05:02] Because there are so many other things that you actually need to know.
[00:05:05] So, for example, why stop at networking?
[00:05:08] Sometimes we need to deal with transistors.
[00:05:10] Sometimes we need to deal with physical security.
[00:05:13] In fact, I find myself having more and more conversations with lawyers and, you know, regulations.
[00:05:18] Like, I work with this organization that has factories in China.
[00:05:21] So, I had to travel and I had to see certain things and certain regulations.
[00:05:25] That doesn't mean I need to be a lawyer.
[00:05:27] But, again, this, quote, unquote, I need to know something before I secure it.
[00:05:32] You know, I had to pick it up as I go.
[00:05:34] Like, you don't need to do everything before you start.
[00:05:37] So, sorry, I think I went into a lot of things.
[00:05:40] But this cybersecurity is not entryable.
[00:05:43] I think it's a myth that refuses to die.
[00:05:45] It usually comes from individuals who, again, have not worked a day in their life in cybersecurity.
[00:05:50] And they should never give advice to cybersecurity.
[00:05:54] It's very, very strange that they do that.
[00:05:56] Or, B, again, it's usually coming from someone who's on a journey.
[00:06:00] They want to learn cybersecurity.
[00:06:02] But they think it's like this is so hard.
[00:06:05] Therefore, instead of trying to learn it, they go and learn these other things that are not really relevant.
[00:06:10] So, yes, there are roles that exist as entry level within cybersecurity.
[00:06:15] In consulting, we need the junior consultant.
[00:06:17] For example, another example role, let's say vulnerability management.
[00:06:22] Every organization needs to have a tool we call vulnerability scanner where they run that scanner and they generate reports.
[00:06:29] That is not a senior task.
[00:06:30] We actually need junior people.
[00:06:32] I cannot get someone with five years of experience to do this job because, A, they'll get bored and leave.
[00:06:37] And, B, frankly speaking, I don't have enough money to pay someone senior.
[00:06:41] So, this is a junior task.
[00:06:43] There are so many.
[00:06:44] Like, even under the umbrella of identity and access management, there is an army of junior resources that we need that they absolutely need no skill to do that job.
[00:06:53] They just need to be willing to learn and willing to start their journey.
[00:06:57] Another umbrella of roles is GRC, which is, again, there's so much garbage online about what GRC is.
[00:07:03] But, again, within GRC, most roles aren't really senior.
[00:07:07] So, in my opinion, cybersecurity, just like any other field, like networking, you have junior network engineer, mid-level, and you have senior network engineer.
[00:07:17] Same thing with cybersecurity.
[00:07:18] You have a junior analyst, analyst, you know, director, et cetera, et cetera.
[00:07:23] So, that's my take on it.
[00:07:24] It makes a lot of sense.
[00:07:27] And I think a lot of people kind of that are perhaps trying to get into the industry and, again, have difficulty in understanding how to can really push this agenda of cybersecurity being something that you need experience in this area or that area before you can actually get into.
[00:07:54] I think everyone's path is so different.
[00:07:57] And there are different paths to getting to the point you want to get to.
[00:08:04] Cyber, like you said, is very broad.
[00:08:07] And there's many domains that you could be getting into that require completely different skill sets from the other, which is interesting.
[00:08:17] And really what you said is so true.
[00:08:20] Like, when you think about it, literally, graduates get hired into.
[00:08:27] So, that alone kind of.
[00:08:30] It's crazy.
[00:08:31] And you know what, Caleb?
[00:08:32] Like, the problem is on the internet, blanket statements tend to, you know, get views.
[00:08:38] For example, if someone says there is an idiot out there who says, like, cybersecurity training is scam.
[00:08:44] Full stop.
[00:08:45] Reason why?
[00:08:46] His literal reason is you can't secure what you don't understand.
[00:08:49] Therefore, you need to do CompTIA.
[00:08:51] Therefore, buy my course.
[00:08:52] That's CompTIA course.
[00:08:53] Like, this is.
[00:08:54] And you look at these people and they actually have never worked today in their life in cybersecurity.
[00:08:59] There is this strange idea that, you know, there has to be only one path.
[00:09:04] Like, I really liked what you just said.
[00:09:06] There is so many different paths.
[00:09:08] And there is not just this one single path.
[00:09:12] Like, people, again, a popular thing that used to be, and I personally tried to fight it, is they said, CCNA from Cisco, that's a must.
[00:09:19] If you don't do CCNA, you don't understand networking.
[00:09:22] Which is, frankly speaking, really stupid.
[00:09:24] Like, saying something like this is just communicating to me that you are under the impression that networking knowledge only exists in CCNA.
[00:09:32] That's ignorance.
[00:09:33] There is, like, a countless number of training courses that go over networking.
[00:09:38] There is free videos, there is tutorials, there's so many things you can do to learn networking.
[00:09:42] And networking exists outside of Cisco.
[00:09:45] And not only that, there are so many roles in cybersecurity that requires zero, zero networking knowledge.
[00:09:51] And that just seems to pisses people off because they think, you know, this is the path.
[00:09:57] Like, I had a video once, you know, crapping on CCNA and saying, basically, if you want to work in cybersecurity, you don't need to do it.
[00:10:04] And then I had this YouTube channel make a video and says, no, no, no, no, do CCNA.
[00:10:09] And just out of curiosity, I clicked on that person's name and I looked at the YouTuber who had, like, massive follow-up.
[00:10:15] Looked on his LinkedIn profile and his experience.
[00:10:18] He worked as an IT support for, like, eight months.
[00:10:21] And then all he did was work in these, like, content creation cybersecurity companies where he actually hasn't performed a single cybersecurity task.
[00:10:30] So, which is really weird.
[00:10:31] Like, to be outspoken on a topic that you know nothing about is really weird.
[00:10:36] Like, I don't know anything about climbing mountains.
[00:10:39] If I go on talking about climbing mountains, there's something significantly wrong with me.
[00:10:45] It's my opinion.
[00:10:47] Wow.
[00:10:49] Oh, incredible.
[00:10:50] We just launched a free cloud engineer assessment to evaluate and assess your current skills on your path to becoming a cloud professional.
[00:10:58] Now, when you take this assessment, it provides some incredible recommendations for your path.
[00:11:04] And remember, this is completely free.
[00:11:06] It costs you nothing.
[00:11:06] It only helps you on your journey.
[00:11:09] So, if this interests you and you are an aspiring cloud professional, definitely take this assessment.
[00:11:14] I'm going to leave a link to it.
[00:11:15] Here's an example of me taking it myself and getting some pretty good recommendations for my own assessment.
[00:11:21] So, guys, check this out.
[00:11:22] And I hope this is really helpful.
[00:11:23] Thank you guys for watching.
[00:11:24] I'll see you guys later.