Cyber Crime Junkies

New Approaches to Enter the Cybersecurity Field

May 11, 2024 Cyber Crime Junkies-David Mauro Season 4 Episode 59
New Approaches to Enter the Cybersecurity Field
Cyber Crime Junkies
More Info
Cyber Crime Junkies
New Approaches to Enter the Cybersecurity Field
May 11, 2024 Season 4 Episode 59
Cyber Crime Junkies-David Mauro

NEW! Text Us Direct Here!

Sam Buckenmaier, a senior cyber leader,  join us on what leadership means today and what employers want in cybersecurity.


We discussed: new approaches to enter the cybersecurity field, how to have effective communication internally in business, advice on cybersecurity careers from top recruiters, approaches to enter cybersecurity,  and best practices for leveraging LinkedIn for your personal brand.

πŸ”” Site, Research and Direct contact with Podcast team: https://cybercrimejunkies.com 


Click the link above and leave your message!

You can now text our Podcast Studio direct. Ask questions, suggest guests and stories. 

We Look Forward To Hearing From You!




Custom handmade Women's Clothing, Plushies & Accessories at Blushingintrovert.com. Portions of your purchase go to Mental Health Awareness efforts.

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!

Follow Us:
πŸ”— Website: https://cybercrimejunkies.com
πŸ“± X/Twitter: https://x.com/CybercrimeJunky
πŸ“Έ Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
πŸŽ™οΈ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
πŸŽ™οΈ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
πŸŽ™οΈ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: πŸ’¬ Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

Show Notes Transcript

NEW! Text Us Direct Here!

Sam Buckenmaier, a senior cyber leader,  join us on what leadership means today and what employers want in cybersecurity.


We discussed: new approaches to enter the cybersecurity field, how to have effective communication internally in business, advice on cybersecurity careers from top recruiters, approaches to enter cybersecurity,  and best practices for leveraging LinkedIn for your personal brand.

πŸ”” Site, Research and Direct contact with Podcast team: https://cybercrimejunkies.com 


Click the link above and leave your message!

You can now text our Podcast Studio direct. Ask questions, suggest guests and stories. 

We Look Forward To Hearing From You!




Custom handmade Women's Clothing, Plushies & Accessories at Blushingintrovert.com. Portions of your purchase go to Mental Health Awareness efforts.

🎧 Subscribe now http://www.youtube.com/@cybercrimejunkiespodcast and never miss an episode!

Follow Us:
πŸ”— Website: https://cybercrimejunkies.com
πŸ“± X/Twitter: https://x.com/CybercrimeJunky
πŸ“Έ Instagram: https://www.instagram.com/cybercrimejunkies/

Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
Listen to Our Podcast:
πŸŽ™οΈ Apple Podcasts: https://podcasts.apple.com/us/podcast/cyber-crime-junkies/id1633932941
πŸŽ™οΈ Spotify: https://open.spotify.com/show/5y4U2v51gztlenr8TJ2LJs?si=537680ec262545b3
πŸŽ™οΈ Google Podcasts: http://www.youtube.com/@cybercrimejunkiespodcast

Join the Conversation: πŸ’¬ Leave your comments and questions. TEXT THE LINK ABOVE . We'd love to hear your thoughts and suggestions for future episodes!

 

What Employers Want in Cybersecurity. Top Security Recruiter.

 

Exclusive discussion on what employers want in cybersecurity with leading cybersecurity recruiter, international placement firm Stanton House leader, Sam Buckenmaier.

We discussed: new approaches to enter the cybersecurity field, how to have effective communication internally in business, advice on cybersecurity careers from top recruiters, approaches to enter cybersecurity, best practices for leveraging LinkedIn for your personal brand, best ways to get into cybersecurity, career options in cybersecurity, effective communication for security internally in business, effective ways recruiters can help my career, how to get entry level job in cyber security, the latest advice for cybersecurity interview, and latest advice on cybersecurity careers from top recruiters.

 

Key Topics:

  1. LEADERSHIP-value of LISTENING and IMPOSTER SYNDROME.
  2. Best Ways To Get Into Cybersecurity 
  3. Selecting BOOTCAMP with strong alumni…
  4. Value of Mentorship
  5. INTERVIEW TIPS
  6. ELEVATOR PITCH Tips
  7. Networking
  8. Overcoming job search frustration 

 

 

VIDEO Episode Link: πŸ‘©β€πŸ’» https://youtu.be/Oxiklcpyq-8

Audio Episode: https://www.buzzsprout.com/2014652/12187178

 

[00:00:00] Everybody to Cybercrime Junkies podcast. I'm your host, David Mauro, and in the studio today is the always positive, interesting Kentucky based. Mark Mosher. How are you, mark? I'm, I'm great after that intro. Thank you, David. I'll, I have, yeah, I, can you follow me into my, meeting after this to introduce me?

[00:00:19] I can do that. I can do that. I write that out. Yeah. There's just a small fee, so that little theme music, I think I'll be good to go. . Yeah, absolutely. So we're really excited about today. Look, we're gonna talk about what employers want in cybersecurity, kind of some of the new approaches to advance your career in cybersecurity.

[00:00:37] Break into the field and kind of how to have the best business communications. We've got an expert, Samantha Buckey goes by Sam. Sam, welcome to the studio. We're really happy to have you here very much. Yeah, no, thank you for having me. I'm excited. So tell us about, tell us about yourself and, and then let's get to, the organization that you're with, Stanton House, which is a remarkable, , recruiting and placement firm, based in the uk.

[00:01:01] So, walk us through your story, first into kind of your progression and how you landed in cybersecurity. Yeah, so I, I'm an army bra. I grew up in various places, but I, I always say lived the longest in, in Maryland. Originally from the east coast. Moved out to Chicago after my undergrad four years ago at this point.

[00:01:24] Outstanding city. Outstanding city. Yep. Love it. It's a little, a little cold, but . I do love it. I, I actually started out in Rockford, which is about, yep, an hour and a half, couple hours, northeast of, of Chicago. I was doing an AmeriCorps placement, so I was working very closely with food insecurity on a collegiate level and putting in programming for, for the college, but, I ended up moving to Chicago when I got the, the job at Stanton House.

[00:01:53] Didn't know anything about cybersecurity when I started. I, I knew not to click on [00:02:00] links, but that's about all I knew. And it was an interesting entrance into the field cuz obviously I'm not. in, in the field of cybersecurity. I'm kind of on the, the ex, the outside of it. But learned a lot and it is a fascinating field.

[00:02:17] I know. Way more than I ever thought I would knew about threats. Absolutely. Field or about the jobs in the field. So let me break down what you just said a little bit. So what I, what I, what I found interesting and Mark, you chime in anytime. But, what I found is I didn't know much about cybersecurity, but I knew not to click on links.

[00:02:35] Yeah. Which I love because whenever somebody doesn't. What we do. It's like, I don't know. I keep, yeah, like I keep you guys out of the news, right? Like we, we teach you not to click on links. It's like, oh, well everybody knows that. I'm like, if they know it, why is 80% of all the breaches caused by us still doing it?

[00:02:54] Right? Like it's, it's still, it's like a social experiment. And I agree with you. I think cyber. Is a remarkable field. It has to do with, you mentioned that you were raised by, parents in the military, like there's a direct alignment to that, isn't it? Because it's about a, a, a bigger cause than just ourselves.

[00:03:12] Just our own financial needs, our own personal goals. It's about protecting others. There's a bigger mission behind it. Would you agree with that? I would completely agree with that, and I think that's where I get quite a bit of my fulfillment in this job is obviously the people that I'm facing are not only.

[00:03:29] Experts in their field and I'm, I'm helping them move up in their, their world. Cause work is such a, a huge part of what we do in our day-to-day lives. But at the end of the day, we're also helping protect the company, which is a, a really cool place to be. But yeah. Backtracking a little bit about Stanton House.

[00:03:46] So you are completely right. We are a, a UK headquartered, company. We open up our Chicago office. Four years ago. Yeah, four years ago at this point. And that's when. We realized [00:04:00] that we wanted to do cybersecurity and wanted to focus on cybersecurity, and really wanted to be niche and become strong experts in the field versus cybersecurity in it and, and having a, a bigger breadth.

[00:04:13] Being able to be focused and be, be more so consultated in our roles has really made us stand out from, from the other recruiting companies. , we recruit, we have a couple. Areas in which we recruit for. We have a team that recruits for sales folks into cyber vendors, , an engineering team and they recruit mainly the cyber vendors as well.

[00:04:33] Everything from lower end all the way up to CTOs. And then my team where I sit is technical cybersecurity. So I work very closely leadership and C level. But we also have a team that places with analyst architects and engineers and we help. Out of companies in terms of their security program across the whole of the United States with a, a little bit of workup in Canada as well.

[00:04:56] Oh, that's phenomenal. So are you, so you are placing them in key. , in key organizations or at providers for those key organizations, meaning like, mark and I work for North American M S P, it's huge, right? It's owned by konic, but are you, so if we're looking for cybersecurity analysts for our SOC or for pen testers, certified ethical hackers, things like, You guys could be the people that we could come to.

[00:05:25] Exactly. Yep. So we, like I said, my, a couple of my other teams focus only on cyber vendors. Our team doesn't, we evoke it, focus everything from startups all the way up to Fortune 500 because I mean, cybersecurity, the clients that we, yeah, the clients that we serve. Scale, yeah. Okay. So that's the clients that we serve when they wanna employ their.

[00:05:46] Pen tester, sock, analyst, architect, things like that. Exactly. And that's exactly right. I mean, I always think of it as almost like a sliding scale scale, where you have the company, you have us as the middle man, and then you have the, the [00:06:00] candidate, and then we just make, make the perfect match. That's great.

[00:06:04] That's great. Mark did some ent, which is fancy form for like open source intelligence, and he said he came across, your blog or something about your philosophy, your leadership, pH Yeah, your webpage. So, mark, tell us about what you found and then Sam, please, please share with us kind of like the vision that you have and, and, and, and aspects that could help the listeners.

[00:06:30] No, first. First thing I really liked about it when I, I came across that was, , the quote by John Quincy Adams. I thought that was really, I had not heard that in a long time, and it reminded me of, of really what it takes. It was real good. So it says, if your actions inspires others to dream more, learn more, do more, and become more, you are a leader.

[00:06:53] I thought that was just really cool. It'd been a long time since I had heard. I did wanna ask you, and I thought Simon Sinek came up with all of them . Right. I attribute everything to that guy. I, I give, I give that guy credit for everything and I'm like, Abraham Lincoln said this. Sorry. We're fine. . No. I did find one thing really interesting when it came to your philosophy on leadership, and I think this is really important, really across the board, not in just cybersecurity, but really in.

[00:07:25] One of your first, first thoughts was, you know, what, what attribute is the best effective for a good leader? And you listed listening is that top effective, trait. I just wanted to see if you could maybe just expand a little bit on that for the listeners. Yeah, no, of course. So I am early on in my own leadership journey, I.

[00:07:51] Definitely stepping up more. In terms of my own leadership. I'm learning a lot from kind of. My boss and my team. And I, I always tell folks, cause I, I [00:08:00] sit in with a lot of sea levels and I, I prompt them quite a bit and do quite a bit of training on their leadership philosophy. So I've picked up quite a bit.

[00:08:07] And I always say, you're never at the top of the leadership mountain. You've never made it. You've never can say, I'm there. It's always a constant development of self and I think that's why it is difficult, honestly, to be an effective leader, cuz it, it takes a lot of looking in the mirror and self-reflecting, which isn't the, the easiest thing to do.

[00:08:26] Yeah, because they want, they're afraid that it's gonna show weakness. Mm-hmm. and they are afraid. I think leaders in general, and, and this is a good discussion, so if you don't mind us going down the segue, I think it's, it's helpful for people, because I think that, I think that's wrong, right? I don't think that, I think a leader that shows some self-deprecation and some humanity, Builds their credibility to us.

[00:08:51] Yeah. And I wouldn't call, necessarily call it self-deprecation. I think I would call it strong self-awareness and vulnerability. And I think that Excellent. Yeah. I would agree. And you can lead from any role too. There are leadership and I think that's where I do knows Sinek said because I saw him say it.

[00:09:09] Yep. , but it's really, really important because so many people think. Well, I have all these really good ideas, but I'm not in that title, so I just better p keep quiet. And it's like I'm telling you as an older person in leadership at a large company, please speak up Like, like Gen Z, millennial groups.

[00:09:30] Like you have no idea how. A fresh idea and a fresh question. It changes the trajectory. Yep. Whether they'll tell you that it has or not, it has to do with their own character and their own leadership. We do a pretty good job of giving the people credit that came up with the ideas.

[00:09:47] Most of my good ideas, mark can tell you, most of my good ideas I've had for our company have all come. Younger people that aren't in leadership titles, but they had great ideas. They saw it with a good [00:10:00] clear lens and, and we were kind of dogging in our, in our ways of doing things just out of years of being in the trenches.

[00:10:07] So it's really, really, it's really key and I, and I think listening is absolutely, And I, I completely agree with you on that. I think, I was actually talking to somebody yesterday about their own specific leadership philosophy, and one of the things they said was the ability to, to facilitate great ideas from the individuals that you work with.

[00:10:29] And what you meant by that was a lot of younger analysts or engineers or people starting just out in their career, have a. Heavy set imposter syndrome where, you know, maybe their idea they think has already been done. And so being able as a leader to not only listen, but also asking the right prompting questions to create the environment of, you know, it's okay to share ideas.

[00:10:56] Your ideas are valid, and how do you create that empathetic, empathetic environment to, to. Have that success from those individuals moving up in their, their workplace. So a lot of it does come from listing. You know, you sh if you are only hearing the sound of your own voice in a meeting, that's probably not the best meeting that you can conduct.

[00:11:19] I like that. No, that's exactly right. That's exactly, so my, you know, I'm sure my parents always told me the more mouth closed near. The better off you'll, you'll be. So that's kind of a philosophy that I, I try to live by. I don't always am not always successful in it, but it's always something that I, I strive for because being able to, like I said, create just that, that, that environment of vulnerability and just people wanna be, hear, heard at the end of the day.

[00:11:49] And if you can do that, then that's just gonna create trust and it has all, all the benefits from. Right. That is a life goal of mine to be able to listen [00:12:00] more. And you can ask my wife Kim, like I, yeah. Mark knows my wife Kim and like Lord knows I need to I need to re remember that I have one mouth in two ears.

[00:12:10] Sorry, . Only way we can make David talk less is if we tied his hands behind his back. Absolutely. Cause it's the Italian thing that just keeps going. He's So, I do wanna touch on imposter syndrome. Yeah. Before we get to I want to hear about the cybersecurity field. Give some people some, some valuable insight.

[00:12:29] But before we do that, let's just touch real quick on imposter syndrome. It's not just in cybersecurity, right? But especially cybersecurity, imposter syndrome is so rampant because everybody feels, I don, I, I don't know at all. Like, I, I don't, I shouldn't be able to speak up. I, I've only been, I've only seen.

[00:12:49] Aspect of it, but it's so important for people to kind of overcome that and to realize that you're in that role because people will value your opinion. Right? And you are, you do. Have value. And it's, it's, it's so important. I mean, it's in a lot of fields. Like there's a lot of, attorneys. My background was in law when I was younger.

[00:13:08] I came out as a young attorney and I ha I really struggled with imposter syndrome cuz I could not believe at 25 these CEOs of these major corporations were listening to my opinion on what to do. Like I was like, I have, like, you know what I mean? Like, I haven't done anything yet, but yet they, they really needed it, right?

[00:13:29] Yeah. But the truth is, is the guidance that we gave and stuff saved them from lawsuits, antitrust claims, like all that stuff. So we had the value, we just didn't recognize it in ourselves. I do think that law school in the legal profession, same thing with medical, does more for. Ego and the self-confidence of younger people than the cybersecurity field.

[00:13:54] I think that's something that our, that our field needs to really build up, right, and really [00:14:00] help young people that are coming out and entering realize the absolute critical value you have to our country, the country that you serve, the brands that you serve. You have such an important role. Don't underestimate that like, like imposter syndrome needs to go away, right?

[00:14:17] And it's. If there was a pill for it, I would design it and sell it. like that would just be, that would be such a good thing for people to kind of overcome. Because people come outta law school and they have like very little, you know, skillset. Yet their advice that they'll give will still be very valuable, but they have huge confidence.

[00:14:35] Right. Same thing with like physicians, right? Like they are really, really confident cuz like the schooling kind of embraces you, like it builds it up. Right, but in cybersecurity, I mean some of the programs do, but some of 'em are more cuz it's so binary, right? It's either you're right or you're wrong and if you fail this test or you do this, but a lot of organizations like try Hack Me and some of these things that really give people a lot of good sense of I'm in the top 1% of Tri Hack me.

[00:15:03] It helps them build their confidence so when they get that role, They can feel confident and not struggle with imposter syndrome, but nobody's gonna know everything in cybersecurity. Nobody's gonna know everything. And I'll say in terms of the confidence thing, cause obviously I know. I think there's such thing as too much confidence.

[00:15:20] And I think, I think having going into a, a profession with especially medical, oh God, I would hate it. My doctor was like, I know everything, everything's fine. And he's a year outta me. I'd be like, ok, we gotta slow down. And I think it is the same with cybersecurity because there is a lot of pressure on those individuals to protect the company cuz all eyes are on them.

[00:15:39] Obviously when something does happen, I just, I, I feel. I mean, I struggled with imposter syndrome quite a, quite a bit cuz I am, I'm relatively newish, newer into my career. I've excelled quite a bit in it though I was second biller last year. I've headed up women in business. Last year I was the fifth hire overall in the US and has helped [00:16:00] grow it out to where we are about 21 right now.

[00:16:03] All the reasons not to have imposter. Right, like all the reasons why you should, so it's what I, what I typically, what I, what I've done, I think is there is such a power in accepting that I don't have to have all the answers. I think before I, I didn't really want to admit that I, I didn't know everything.

[00:16:24] That was hard for me. And then when I kind of sat back for a second and, and gave myself permission, so to speak, of. You don't know everything. And that is actually a beautiful thing because there's a long life ahead of me and there's a long life ahead of a bun. A lot of individuals early in their career.

[00:16:42] So how boring would it be if we just stopped learning and if we did know everything at that point? So, right. The imposter syndrome to me now isn't necessarily that I can't, it's more so that I've accepted that I don't know everything and I get to learn more. And with each little bit that I continue to learn.

[00:17:03] A little bit of my imposter syndrome continues to go away. Will it ever go away? Not completely sure. , I would like to say so, but I also think it's become a very powerful motivator for me in my career. Absolutely. Absolutely. So, so let's, let's, let's, let's, yeah, because we, we have a lot of, a lot of listeners and a lot of viewers, Are trying to get in or break into cybersecurity, and they're always asking, you know, how, how do I do that?

[00:17:31] How do I get in? What search should I have? So if, if I were trying to, to just get into cybersecurity, which if you saw my skillset and my my knowledge base, you would think I was just getting into cybersecurity. What do, do you have any advice? Is there maybe certain certifications? What's, what's that look like if somebody's just trying to get in, what would you.

[00:17:53] Yep. And that is something that I think the cybersecurity field is lacking at the moment. We're, I feel like we're very mid and [00:18:00] topheavy and that's why a lot of individuals are having trouble even breaking into it. I think a, it starts quite a bit with education. So for instance, and what I mean by that is education surrounding the field, not necess.

[00:18:10] Necessarily what your undergrad degree is. So a lot of individuals sometimes don't really know about cybersecurity as a field of something that they can go into until they're a little bit later they've done something else, which is completely fine. But I do think that it, it needs to start a bit younger and build up that way versus, you know, you go down a certain career path and then you have to pivot quite the bit.

[00:18:33] That being said, though, there's a couple ways that I, I would suggest it trying to get into cybersecurity. First step is honestly, help desk is never a bad, bad start. Yes, it's more, it, yes, it's more, geared towards that end, but it is a good way to get your foot in the door because you'll get exposure to some security from that.

[00:18:53] And I'm talking, this is very kind of first, second job. Right. But it's a great way of starting. It's a great way to start. We have a lot of individuals come from the IT background, and that's even what we, we are requested to find, especially in outpatient security with how much liaising there is with dev teams.

[00:19:11] They need, they request an IT background. So I would also suggest if you are a little bit later in your career and you were looking to pivot or get into cybersecurity, get that first. Certs are great. That being said, though, certs have never made or break, break, broke a process. I, I haven't had hiring managers request certs very often, aside from maybe some, some AWS cloud specialty security certs, or a C I S S P if you're a bit, a bit more in leadership, what I will say is boot camps are not a bad thing.

[00:19:46] Boot camps can be expensive. And I always suggest that a bootcamp is a good foot in the door if their alumni network is strong. So a good reason to do a [00:20:00] bootcamp is looking at people who've graduated, looking at the job placement, statistics, figuring out if there is a, even an alum network for it.

[00:20:10] Because the bootcamp is the bootcamp. Yes, you'll learn. All after the bootcamp? About After the bootcamp? Yeah. After the bootcamp, what does it do for you? What is the name? Recognition? Yeah, what are the connections that you've made? The people that you've met, the leaders that taught you. That's really, that's really interesting insight.

[00:20:28] Yeah. Do all boot camps have to be in person or can they be online? Hybrid. I, I mean there are some that are, are online. It's really depending on what you can do. Some people don't have the, the ability to be on onsite depending on what it is. It's also what you prefer. Like if you are, if you are not willing to really go onsite for a bootcamp, that's fine.

[00:20:52] Do I think maybe you could get a little bit more out of it if you're on site, maybe. But then we're back to the whole, you know, argument of do we need to work to, to be in the office and, and stuff like that. It's almost that same argument of, of really how do you learn best? And some people very much learn best in a quiet space with their, you know, just without the distraction.

[00:21:12] So, you know, you just pick the one that's best for you. But, with the caveat that they have a, a strong job placement. Postgrad. Yeah, I agree. I did the Security plus bootcamp and did it virtually. Really the only reason that it was kind of impactful for me as opposed to being in person was, everyone on screen.

[00:21:32] And then we did all our labs together as a. So that, that was really, there was kind of a bonding and a coauthoring of finer results and, you know, that, that kind of helped. So I would encourage you if you can do it virtual do if you know, if you can do it in person, as you said. Yeah. So, however you learn best.

[00:21:48] Right, exactly. Exactly. The last piece that I do wanna mention is, Having a mentor and finding a mentor in the field. So if cybersecurity is your passion, cybersecurity is your [00:22:00] goal. You are struggling with, with finding a, a plan on getting there. A mentor is an amazing resource and there are so many senior levels or even, you know, mid-levels that are more than happy to be that person for, for you.

[00:22:17] It doesn't even have to be somebody that you know in your network right off the bat, it is somebody. You know, you can have an introductory call with figure out if, if you match. Cause obviously that's a big part of it. Then it's always very, also, I always, the other side of the table is very flattering to be asked to be a, a mentor, so Absolutely.

[00:22:38] I always say nobody's gonna get mad at you for asking for some mentorship. Exactly. No, I think that's really important too. And then they can even help you if you don't know which, which niche in cybersecurity you wanna land in. Do you wanna land in the red team because, you know, it's cool and it's more, you know, you get to break things, you get to hack into things.

[00:23:01] Or if you wanna be more blue team and, and be more in like the leadership management monitoring the. Whole hierarchy, things like that. Or you wanna have an element in the sales consulting aspect. Once you kind of identify that, it'll help you kind of search for, for a good mentor within that sector. Yeah, exactly.

[00:23:24] So what are some of the like high demand, roles that you're seeing? Are you seeing more red team, more blue team? Consulting aspects. What is kind of trending right now in the, that's coming across your, your desk and your teams. Yep. So we always see quite a bit of cloud sec AppSec and detection and response.

[00:23:48] So those are like the three, three main rules that what happening, what happened either, but we're back. Everybody. Sorry. anyway, I was saying, so [00:24:00] cloud. We're going over. Yep. Yep. So I will say, I think application security is still probably one of the most prominent. We're seeing, I'm seeing a couple things.

[00:24:11] So application and product security sometimes are interchangeable. I'm seeing more so surrounding product security strategies. So with a, a SaaS company, typically that has a, a. Product security strategy of, of how are we going to almost like a marketing tactic of how are we going to sell security strategy to our clients.

[00:24:32] And then AppSec being obviously the security of the application. I think, so these are company, can I ask? Yeah. So these are companies that have a security product or service Correct. Packaged with it, and they want people to have tested it so that they can show the veracity of, in the security levels of their offer.

[00:24:52] Correct. Yep, exactly. That makes sense. So we're seeing a, a bit of an influx in, in that. Cloud security I think is always gonna continue to be in demand. I mean, we're only gonna get increased exposure into the cloud and companies that are still OnPrem are continually fond behind the curve. So that is definitely going to continue to be a, a necessity in the field and then detection.

[00:25:17] Same like that, that is kind of a, an obvious one. You need protection from the company, you need to be able to deal with any sort of breaches and you need to have forward thinking minds surrounding what's going on in the, in the field. In terms of threats, couple things that I should, so that's more the, I'm sorry if I can ask, is that more the, the SOC analysts, the, the people that are managing a SIM tool, things like that?

[00:25:42] Yeah. All of that. Red team hunters and all that. Yeah. A couple positions I think are. One we've seen quite a bit more is GRC individuals. So compliance individuals and security relevant. Yeah. I always wonder about that because that's a great way for people to get to break into the field [00:26:00] that aren't technical by nature.

[00:26:01] Right? Yes. But they understand. Exactly. And that is a, that's a great way to, to join security without having to be hands on keyboard. Right. One thing that we're being. More of to find in our GRC analyst or, or compliance managers is FedRAMP compliance. So that's a lot of dealing with, you know, government companies, compliance within government companies.

[00:26:23] And I think the reason for that being is obviously the, the Biden administration is doing quite a bit of work around cybersecurity and, and. Making sure companies that are working within the government are compliant. And so anybody that has government contracts need to understand FedRAMP. And so we're being asked to find that quite a bit more, and that's a slightly rarer skillset, but I, I think in more individuals are having that skillset as it becomes more popular.

[00:26:50] The last one that I would say, and this is just. Pretending I have a crystal ball, but obviously there's been a a lot of conversations surrounding AI and chat G P T. . Yep. And how it's gonna change the world. And I'm a big believer in that. I don't think we're there yet, but I will say it's got Google nervous.

[00:27:07] Yeah. . It's got Google. Well, when you think about it, I love it. I'm asking chat gbt things like all day. I'm just, I have conversations with it. I, I'm Well, when you think about it, yeah. When you think about it, right. You can ask it the, almost the same things you're asking Google, but rather than getting and filtering through all these, All these indexed different sites, right.

[00:27:28] And then ads and all this stuff that might skew you a certain way. Mm-hmm. , it actually kind of like pulls all that together and just in a plain language will answer your question. Yeah. It's pretty powerful stuff. It is very powerful. It's, it's crazy. I think someone told me that every search is like, Every question to ask chat g b t, like 3 cents cost in, in data power or something like that.

[00:27:50] Ridiculous. So it's not cheap for sure. But I do think it is, it's going to be, it's already being used in cybersecurity. I think it's only gonna increase the, [00:28:00] the, the effectiveness of, of using AI and cybersecurity. , and I think there's going to be a skill. In individuals with AI experience, and automation experience.

[00:28:12] So I think that is something that we're going to be asked more of as time goes on, is to find individuals that have specific ai, you know, security experience. But that is just my prediction. We will, we'll see. No, I would, I would think that, I think that would all follow suit, right? There'll be some, some certification along the way that gets created.

[00:28:34] There'll be some standards on how to address. Cuz when you look at the standards that are out there that people try and comply with, that organization's try and comply with, there's not really an element necessarily to specific AI platforms or AI compliance. Right. And so how do we address that? Cuz the threat hunters, I mean the threat actors.

[00:28:55] The black hats are definitely leveraging it already to improve social engineering, but also to create polymorphic code and some other things. So it's definitely gonna have a, have a very big sign significance. That's probably a very good forecast. Yeah. Right. Yeah, that's, that's, that's really good. So let's talk about the hiring process.

[00:29:15] How does somebody. Stand out in the hiring process. So, I mean, of course it's gonna matter about the role that they're looking at, but I know that in our, speaking to a lot of people that have served as mentors of others, they, they seem to be big proponents of a home lab things that they can demonstrate for people.

[00:29:34] What, what are you seeing? Yep. So I, I'll say, and this goes across the board, honestly, I'm not gonna say it's for one specific rule, but. Whenever I'm giving interview tips or interview help with, with individuals that I work with, a lot of it is surrounding less so. You know, flexing your technical muscles.

[00:29:56] Obviously there's a time and place for that during the technical interview, but I always [00:30:00] talk about humanization and what I mean by that is we're, we're already losing a bit of the human aspect, just being over camera. These people are doing a lot of virtual interviews, you can get a little tiring for the hiring manager.

[00:30:13] So a lot of it is just going to be learning how to humanize yourself and make a human connection. So what I typically recommend is, especially on your elevator pitch, is making sure that your passion for the field comes through. I typically recommend ending your elevator pitch on your Y. So why are you doing what you're doing?

[00:30:34] Why have you made X your career? What about it gets you outta bed in the morning, basically, and it just shows a little bit of, of who you are, your, your passion for the, the certain field and helps make you stand out. And I think, go ahead. And I think it's really important what you just mentioned about having an elevator pitch.

[00:30:52] Yeah. I know a lot of people that have gone through the process that haven't even prepared one for themselves. And I think that's really important no matter what you're doing. Like in sales and consulting, they're very familiar with elevator pitches cuz they have to succinctly, you know, your company can do 137 different offer.

[00:31:10] How do you succinctly start that out? How do you boil that down when you meet somebody at a networking event or in a first meeting and they say, so, so what do you guys do? How do you, how do you boil that down to a sentence or two? And I think yeah, there's a great deal of sophistication that comes with that succinctness.

[00:31:28] Yeah. Right. Exactly. And it, it is not, it is not second nature also to talk about your achievements. I think for a lot of individuals, It, it can be hard to gloat, so to speak, about what you've done. And I always say that is, that is an interview is not the time to be bashful. Like that is the time to really, really express what you've done in a succinct way.

[00:31:54] For sure. And what I typically recommend in terms of. [00:32:00] Formulating an elevator pitch is look at your resume, look at what you've done, and then what are the top three things that you've done at each company that have shaped the company? Because whether it's small, whether it's larger, you have had an impact in some way, shape, or form for that place.

[00:32:13] So talk about it. And then you helped create a policy. You helped create, you helped solve a problem for whatever it's exactly. And then you can pick one or two, play one or two things from each, and then there's your elevator pitch. All you do, you're just talking about it. What you don't wanna do is go through your career history by naming your job titles.

[00:32:32] That's, no, that's something that, that can be seen on, on a resume. So what can you do to, to stand out of. This is where I was when the company started. Look how much better it was when I left, and that that was because of these three effects that I, I had and the impact that I made. And that can be a very powerful, soft sell of, of yourself.

[00:32:52] So letting their, you know, maybe a lot of people overlook especially when it comes, you know, to the IT world. Not always the, the, the biggest conversationalists or the loudest voice in the. But I, I think that you make a really good point, Sam, that, that, you know, this is the time to not be bashful.

[00:33:08] This is, it's okay to pat yourself on the back and tell somebody why you're good. I mean, historically in my career, I guess I've achieved that cuz I've, I've enjoyed talking about myself. But for does, it may prove to be challenging, but you do it. I think you make a really good point and I hope the listeners uh, should.

[00:33:26] Yeah, I, I, I would feel that having a time to, I mean, you don't wanna come across as arrogant for sure. Mm-hmm. , you don't wanna come across as, as patronizing or arrogant or anything like that. So you have to be careful. But I think that, Demonstrating or like just painting a picture, like letting your personality come, come through and show, look, I saw this issue and I was able to, I did this and I was able to solve it for somebody.

[00:33:54] And, and they really found it helpful. I think that is a, that's a great way of saying it. Right? It's a great way of [00:34:00] sharing it. Right. Or if there was some emotional component that you were able to solve, paint the picture with words for, for for the interviewer because they'll, they'll see a lot of different people for a lot of different roles.

[00:34:13] Right. And, and so you wanna really make yourself memorable. Yes. Is that okay? I think that's a, I think that's a really good point. And there is certainly. A difference between talking about yourself in a, like you said, letting the words speak for themselves versus actively selling everything that you're saying about how amazing you are.

[00:34:34] And that can be, that can be where ego can come in and, and. Detract from memorability and, and make you memorable in a slightly more negative way than you would like, right? Well, yeah, because what we're not, and you know, and I wasn't trying to imply Mark, that you or you come across that way cuz you don't , but because when you, but I think it's important, like as a recruiter or as the interviewer you are trying to find, is this person.

[00:35:00] Fit in and will they, what impact can they make at this organization? And by sharing and being confident and just sharing ways that you've impacted other organizations, then they could say, oh, that reminds me of this organization. They could do the same thing here, or they could do something similar here.

[00:35:17] I think that's really helpful. Yeah, Absolut. Well, what, what, what things, what tips do you have in the interview process? Like the interview questions, I will say there's a ton of great resources that are no cost. Some might have a small cost, but there's a lot of no cost. Ways you can find out, you know, top interview questions that certain organizations have for certain roles.

[00:35:41] So, Just spend the time researching that so that time you have an idea. Glassdoor great researchers glass confidence with a grain of salt. But Glassdoor typically will have some good good interview questions already posted from the companies, especially if they're bigger companies. So that's a absolutely.

[00:35:58] Yep. Chat. G p t is up [00:36:00] there too, because chat g p t will tell you , you know, you can even prompt chat g p t and say, you are a hire a hiring manager for this company today. Like, what will you ask me? And they'll come up with a, some of it is very generic, but depending on how you can play with it a little bit and, and get some really kind of unique insights.

[00:36:19] Mm-hmm. . Yeah. No, it's very cool. Yeah. Can can go a little. Yeah, I can. Yeah. So, so as, as, what, what other advice do you have for people kind of looking to kind of advance and either break in or advance up within security? How about if they get an offer? How do they go about negotiating that offer?

[00:36:44] Are the offers usually kind of take it or leave it and you just kind of take it? What's, what about it sometimes. Though that is a very strong source to utilize cuz that external recruiter can help negotiate on, on behalf cuz they'll know the hiring manager. But beside the point. So external negotiating.

[00:37:05] So, so let me interrupt you for just a quick second. So external re recruiters can actually serve as your liaison and almost as your advocate, right? So that is that. That is really important, right? That is, that's only, yeah. Yeah. Absolutely. Absolutely. So if you are working with an external recruiter, Talk to them.

[00:37:25] Cause they're, it's nice cause they're not working on behalf of a company. It's very much like I said, the middle man. So it's, it's a sounding board. It's always our, in our candidate. So that's always what we're trying to do because our fee and how we get paid obviously comes from our candidates salary paid by the company.

[00:37:43] So that's why it's, it's an our best interest as well as the candidates to get the highest offer for them. If you are negotiating on behalf of yourself. I always see it as it is a, a conversation, so you should have a, a target in your head. You find that target [00:38:00] by figuring out what the market rate is by talking to recruiters, a, b, talking to peers around you that have similar jobs and having.

[00:38:08] Very open conversation about salary, just to see where the market is. Cause that can be kind of hard. There are salary guides out there to look at, so you have the resources, it's just compiling it together. And then once you have an offer in hand, it is very rare that if you negotiate it on an offer, they're gonna revoke the offer.

[00:38:26] And I think there's a little bit of a fear behind that for some candidates in terms of, if I say like, I want 5K more, they're just gonna take it. And I think that is a bit of a misconception, and if the company does that, it's probably not a company that you wanna be working for anyway. Right. It's probably a sign of the culture there that you wouldn't Yeah, you're probably dodging a bullet by Exactly.

[00:38:46] Anyway. Yeah. So if there's something that isn't sitting well with you in the contract, there's a couple things that you can do. I always suggest Negoti. Over over phone and then following up with an email as well, just so it's documented somewhere, but Absolutely. Cause it's just about expectations, right?

[00:39:03] Like some of it isn't necessarily intentional, but mm-hmm. your impression, oh, we talked about this. I'm getting this amount of PT o or I'm getting this. But they didn't say that they meant this. Just confirm. And you know, and just be very firm but polite. Just be like, I, you know, just wanna confirm. Thanks for the time.

[00:39:22] Just wanna confirm as I understood, here's what I understand exactly. If there's any edits, please just let me know. Looking forward to hearing back from you, whatever, right? Yep, that's exactly right. And the reason why I say it over the phone as well is cuz some contacts can get lost in an email. You know, it, it can't come across depending on how a person's reading it in maybe an arrogant or negative way.

[00:39:43] So hopping on a phone call with HR or whoever the hiring manager is to talk about comp, talk about pto, and then like I just, like you said, following up with that email. I think that's the best way to negotiate. But my, my biggest thing is, is never be scared to have a conversation. [00:40:00] Because at the worst, the worst at the end of the day that someone can say is, you know, that's not in the budget.

[00:40:03] Unfortunately, we can't do that. And then that's where the conversation turns into, okay, well what does it look like? You know, a year down the road, if this is really where I wanna reach, how, how is that gonna work between us? Because all it is, it's an agreement for both you and the company. It's not a hundred percent for the company and then none for you.

[00:40:21] It, it should very much be 50 50 an agreement between partners. That's really good. Yeah, that's very. Yeah. So let me ask you this. Did what about if they. Our balancing between a couple different companies. Mm-hmm. . Right. And, and even more so what happens if people, I guess I have two questions, if you don't mind, before we wrap up.

[00:40:41] What, like what about the people that are getting frustrated? You know, in the security community on LinkedIn, I see a lot of we try and help, we, we throw up. You know, remote jobs that we see, jobs that don't need four year degrees. Like, here's a bunch that we found in our, as as we're posting jobs for our own company, we came across all of these, you know, here guys, go just, just share.

[00:41:03] And people really like that stuff. But then there's always the one or two people that will comment and say, yeah, but I've been looking for six months and it's just not working. Whatever. What do we Fatigue? Yeah. Interview fatigue, right? Because it, it's heartbreaking when you really can picture yourself.

[00:41:19] At a company, you know, with a team, and then they, for whatever reason, falls through. What do we, what do we do to help them? What are you, what, what are you seeing? What do you guys do? Yep. So I always strip it back. If someone's been telling me they've been job searching for, you know, six to eight months, or even longer than that, sometimes there is probably something missing and we just need to figure out what that is.

[00:41:41] First thing obviously we'll do is review a resume. We'll make sure the resume is concise, it's up to date, it makes sense. Sometimes that's honestly the issue is that they're just getting passed over because their resume is, is either doesn't have the right information or has too much of the wrong information.

[00:41:57] So it, it's a little bit of both. And then we'll [00:42:00] also go through some interview activities, those kind of smaller things, just to make sure that it's, it's not, it's not those basic activit. And then from there, if, if all those things check out, I'll start prompting into what is your job search strategy?

[00:42:15] Because you would be surprised that a lot of these folks, it's a very much kind of like a, a spray and pray, so to speak, where individuals are just easy applying and applying to everything they see. That is not the most effective way to job search. I always say a job search is, is a bit, is two sides, and I use the analogy of a spider web.

[00:42:35] Basically you're creating a job search spiderweb where on one side you do have the active applications that. Need to be tailored. You need to take the time to tailor your resume to that job cert, to that job board. Submit your resume, figure out who the hiring manager is. Email the hiring manager. So your name is, has a little bit of name recognition in terms of going through pile of resumes and doing the, the due diligence that way while on the other side of the job.

[00:43:02] Is active networking. We have a conversation with them, see how they got there, see what advice that they have for you. And then that all creates that, that spider web that I was talking about to eventually the risk of staying with the analogy catch a job. So, I I, that's really good. That's, that's actually something that, yeah, I don't think a lot of people recognize that.

[00:43:23] Is there, like, are there some leading software programs that people use that scan resumes, that do resumes have to have certain keywords in it? What can you share Time? Yeah. So there is, there are ATS systems like Greenhouse or, or Workday, things like that. And they do scan resumes for, for certain buzzwords.

[00:43:45] The issue with that though, is you never quite know what the buzzwords are right. So it's hard to figure out what they need. So it's very little you can do other than seeing some key terms of art in the job. In the job [00:44:00] itself. I'm putting it in your resume, correct? Yeah. And that's what I mean by making a, a tailored, a tailored resume.

[00:44:05] But with those, those applications, it can be easy just to submit an application and then wait. You are your own advocate at the end of the day. So that's why it is so important to figure out who the hiring manager, it's, it's very easy with stays technology and LinkedIn just to find who the hiring manager is and reaching out to them, you know, telling them that, that they applied, even if they're not responding, they're gonna most likely see your name as somebody that message you on, on LinkedIn.

[00:44:33] Cause they, they pop up all the time. And. Being able to go through a pile of resumes and be like, wait, I, I recognize that name for some reason. Right? And then that's gonna cause a pause. That's gonna cause a look. And then that's just gonna up your chances whether or not they decide to move you forward.

[00:44:48] It's who really knows. But it's still a good, a good active, you know, practice in, in being yourself, yourself, advocate. That's excellent. Well, hey, Sam Buermeyer, thank you so much. You've, honestly, you've showed us a, a lot of. Tips and, and suggestions. We got a lot out of it. Mark, don't you go anywhere? And , they're taking these tips.

[00:45:11] You're typing up my resume as we speak. Yeah. He's like, I'm dang. I'm, I'm looking, I'm looking on indeed. Man. If I see your resume, you're in trouble. Yeah. No, this was really helpful and I, and I, and I know that the listeners and watchers are, are, are gonna get a lot out of this. Yeah. No course. So before we take off any parting words on what's new or next uh, for Stanton House for yourself?

[00:45:32] Yeah, no, of course. So I think for, for us, we do have quite a bit of, of white papers on these specific topics on our website. We work really hard to be advocates in the field for cybersecurity and really, really try to be, like I said, consultants in the field. So, The reason, you know, my why of why I work for Stanton House is everything is, is relationships, not transactional, really trying to just make a difference.

[00:45:57] And that's, that's at the end of the day, all I [00:46:00] wanna do and all really my company wants to do. So if you are struggling with trying to figure out, you know, you have it in the job search for six to eight months, not sure where you're going from there. You can reach us@cybersecuritystantonhouse.com. You can reach, my email is listed on, on our webpage.

[00:46:17] You know, we're more than more than happy to help. Yep. And we'll have links of that in the show notes on both YouTube and our podcast site. So thank you so much. This was remarkable. So hope everybody enjoyed that. Sam Beyer, thank you so much. Yeah, Stan Stanhouse links to it. Check them out.

[00:46:34] They will be listed in, in, in the show notes and we encourage everybody to reach out to them. It was fantastic. Great insight.