Security Jobs Industrial Control Systems. Dragos' Josh Fullmer

Show Notes

Security Jobs Industrial Control Systems
 
Dragos’ top Cybersecurity recruiter JOSH FULLMER joins Cyber Crime Junkies in the studio to discuss security jobs industrial control systems and what employers want in cybersecurity.


Topics: what employers want in cybersecurity careers, what employers want in cybersecurity, new approaches to enter cyber security, new approaches to enter cybersecurity, how red team exercises help you stay protected, how transition fro military into cybersecurity today, How start a career in cybersecurity today, effective communication for security internally in business, security best practices for business, how to choose the right bootcamps, How To Select The Right BootCamps, new approaches to enter the cybersecurity field, how can we spot fraud in business, where to start cyber security career, how to have effective communication internally in business, best ways to keep up to date on security news.
 
CHECK OUT THE FULL DISCUSSION VIDEO HERE: https://youtu.be/LIbfIx6BVy4

 

Connect with Josh directly: https://www.linkedin.com/in/josh-fullmer/ 

 

Full VIDEO Link: 👩‍💻 https://youtu.be/LIbfIx6BVy4

  

Thanks for Listening and Watching. Many watch/listen but don't subscribe. Help us out please by Subscribing Today. Thanks. 

 

PLEASE CONSIDER SUBSCRIBING. It's FREE and it will help us to help others. 

Our Video Channel @Cybercrimejunkiespodcast https://www.youtube.com/channel/UCNrU8kX3b4M8ZiQ-GW7Z1yg 

 

Connect with us.  

 

 DAVID MAURO Linkedin: https://www.linkedin.com/in/daviddmauro/  

 Cyber Crime Junkies Linkedin: https://www.linkedin.com/in/cybercrimejunkies/ 

 Cyber Crime Junkies Instagram: https://www.instagram.com/cybercrimejunkies/ 

Cyber Crime Junkies Facebook: https://www.facebook.com/CyberCrimeJunkies 

Podcast Cyber Crime Junkies: https://cybercrimejunkies.buzzsprout.com   

Site, Research and Marketplace: https://cybercrimejunkies.com     

 

 Want  EXCLUSIVE Content? For only $4  SUBSCRIBE to Cyber Crime Junkies PRIME 

Try KiteWorks today at www.KiteWorks.com

Don't Miss our Video on this Exciting KiteWorks Offer!

Try KiteWorks today at www.KiteWorks.com

Don't miss this Video on it!

The Most Secure Managed File Transfer System. 

• Watch Video Episodes! And Please...Subscribe to our YouTube Channel.
  • Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews.
  • Submit Your Questions Direct and Find out more www.CyberCrimeJunkies.com
  • Stay up-to-date on Cybersecurity with VIGILANCE Newsletter.
• Want Gear? We love our Small Business Sponsor, BlushingIntrovert.com. has it all. Women’s clothing, cool accessories supporting Mental Health Research. https://blushingintrovert.com

Transcript

What Employers Want In Cybersecurity. Dragos’ JOSH FULLMER

 

 

What Employers Want In Cybersecurity

 

Dragos top Cybersecurity recruiter joins Cyber Crime Junkies in the studio to discuss what employers want in cybersecurity. Topics: what employers want in cybersecurity careers, what employers want in cybersecurity, new approaches to enter cyber security, new approaches to enter cybersecurity, how red team exercises help you stay protected, how transition fro military into cybersecurity today, How start a career in cybersecurity today, effective communication for security internally in business, security best practices for business, how to choose the right bootcamps, How To Select The Right BootCamps, new approaches to enter the cybersecurity field, how can we spot fraud in business, where to start cyber security career, how to have effective communication internally in business, best ways to keep up to date on security news.

 

We discuss how to build a strong security culture and importance of building your personal brand. 

 

[00:00:00] All right, let's get going.

It's always in the news. Cyber criminals attacking great organizations wreaking havoc on the trust of their brand. We socialized cybersecurity for you to raise awareness. Interviewing leaders who built and protect great brands. We help talented people enter into this incredible field and we share our research and blockbuster true cyber crime stories.

This is Cyber Crime junkies, and now the show.

All right, well, welcome everybody to Cybercrime Junkies. I am your host, David Morrow. In the studio is my always [00:01:00] positive, co-host and, co-worker. Mark the mark Mosher, like the Ohio State. Thank you, David. How. Doing well, doing well. Today we have a great talk. Josh Filmer joins us, one of the leading cyber security recruiters with a fantastic firm.

So Josh, welcome to the studio. We're really excited about having you. Yeah, welcome. Yeah, appreciate it. Really excited to be here. Sorry, I just threw on a little background music really, really loud without any intro, so if that's too loud, let you guys let me know, but let's kind of keep a little music in the background.

Sounds good. , so Josh, tell everybody tell everybody kind of, , what you're currently doing and then let's back into that. Yeah, absolutely. So right now I'm the lead cyber recruiter for a company called D Dragos. Mm-hmm. So Dragos is a late stage startup. We've been around. Close to seven years. And we deal with a very niche [00:02:00] kind of aspect of cybersecurity, which is industrial control systems or abbreviated ics.

Or another term we use is operational technology. So basically all of the critical infrastructure that you and I rely on every single day. You know, gas pipelines and electric and manufacturing, , chemical pharma, food and beverage, things like, we specialize in protecting, from cyber adversaries and it's super cool work and absolutely love it.

So we're a global, global company. Yeah. Yes. I didn't mean to interrupt, buddy. No, you're fine. So that, that's a, that's a, that's a sub niche of cybersecurity, right? A obviously a critical one. That's why we call it critical infrastructure. You know, explain to people kind of what that means. So within, so the, the candidates, you guys help them, are you employed by the organizations that are searching or are you employed by the [00:03:00] candidates?

The. Yeah, so I'm, I'm a corporate recruiter, so employee of Dragos. Yeah. There's sort of, you know, we absolutely use external recruiters if we need it, especially globally as we're expanding into other countries. But yeah, for, you know, I'm fully dedicated to recruiting for Dragos full-time, you know, that's, that's an interesting.

Kind of take on it, the international piece, you know, where we talk with a lot of people in cybersecurity obviously, but not a lot of 'em, that are in that, that kind of job placement or job search. Do it on an international level. Are you go overseas, do Europe or the Middle East, you know, are, are, are the norms, the conditions, the, the compliance requirements and regulations, are they different?

Is that, does that come into. Absolutely a hundred percent. We, we have two team members within the human resources team that are fully dedicated to kind of the global employees. So right now we're, you know, uk, Germany, [00:04:00] Dubai, Saudi, Australia, New Zealand. So it's sort of all over the map and every single country has its own, , you know, like you said, compliance, you know, employment laws, you know, there's different benefits and everything that, that each country and employees expect.

 But also the recruiting challenges are unique, I would say, for every, every region that we operate in. So you said Dragos is a late stage startup. What is the, what's kind of the mission and the vision? That's a great question. So the mission is to safeguard civilization and we're a, you know, a super mission driven organization.

You know, it, it's always sort of cliche, you know, as I came into this space, I thought, ah, every company, you know, has this grandiose vision. And they're, they're, they tag themselves as these, you know, superheroes trying to save the world. But, you know, I came to D Dragos and was very, almost shocked at how.

Passionate, you know, not only the founders [00:05:00] were, but all the employees, , about that mission. And the reason it's so important is if you look at the history of i c s security, you know, how critical infrastructure has been, you know, targeted and attacked. You know, it can become a really bad day for.

The asset owners, the companies that are being breached and targeted, but for society, you know, imagine, you know, worst case scenario, you know, oh yeah, shut off a, a whole, you know, electric power to a whole region or, you know, certain facilities can, you know, start a fire or, you know, explode. Or we can really, you know, adversaries are getting really good at affecting certain processes and systems and, you know, loss of life.

Involved in these situations. And so, and totally, you know, we're never downplaying the, the risk of, you know, enterprise cyber attacks to it. Those are devastating, but in our world, [00:06:00] you know, it's, it's non-negotiable. We have to, protect this stuff because the potential outcomes can be, you know, horrific.

Yeah, absolutely. We we were just talking with Carlo Brido has a Silicon Valley think tank and he's got an institute and they're actually working on an ISO for the US government on critical infrastructure frameworks. Right. There isn't, yeah. Anything. I mean, of course there's great frameworks out there.

There's a lot of them, but they, yeah, there needs to be some enforced by go. On private sector to actually make them do something Right. We were asking him about, what do they see as the weakest part of critical infrastructure, you know, trains, planes, automobiles. Yeah you know, water electric.

And he was saying water. Was really one of the, the weakest, is that what you guys are seeing when in the candidates, in the firms that you guys are working with? What, what are some of the weakest things, or, or the highest risk categories in, in critical infrastructure in the [00:07:00] US today? That's a great question.

 I don't think I'm the most qualified to answer that, not not being part of the, you're as qualified as we are to ask it. So, you know, we're, I would say, you know, we're all learning, we're all in the early, in the, in the early days of Dragos, you know, I believe it was. Two parts. You know, we, we had a lot of expertise on the team in electric power and oil and gas.

Mm-hmm. You know, that was, we, we hit that, heavy and hard kind of in the early days to, to build out the company. But we work in, like I said before, so many different verticals. Water treatment being one of them, you know, transportation, pharma, food and beverage. But as far as the, the threat landscape, you know, it's sort of all over the.

You know, we're, we're seeing activity in so many different industrial verticals. I, I, I can't speak to, you know, which ones are at the most risk. Certainly when you do, you know, a reverse engineering of a risk analysis, you know, where, where you know what can, where's the [00:08:00] bad baddest day or the, the worst outcome, where could that be?

You know, you think about, we just can't survive without some of. , infrastructures and, and things, but it's really interesting. Absolutely. So that's a great mission that Dragos is, is formed on. So they're really focused on the critical infrastructure support and finding resources. So do candidates that are searching for those qualified candidates that are searching for those positions reach out to Dragos, or do the companies reach out to Dragos to help them?

That's a great question. Dragos is gaining a lot of momentum in the marketplace, a lot of branding, you know, since I, yeah. But more, more active on LinkedIn. I think, you know, my profile has played a little bit a part in that. Absolutely. Becoming a, a pretty target company for employees, but we get a mix.

So when I go to market with a job posting, I can get, you know, for some roles, hundreds of applicants that we kind of have. Sift through and manage other ones, especially going back to kind of the global team of Dragos, [00:09:00] you have to go chase down and hunt those candidates. And, and that's certainly the case for a lot of roles.

Not, some of them are very specialized and we have all sorts of roles, you know, from software engineering to business. To cybersecurity. So it's not all just the sock or pen tester or things like that. Exactly. It's, it's all of those. Mm-hmm. Okay. So that's really interesting. So so that's something that you know, and we'll have links to D Dragos and to you Sure.

In the show notes. But for those that know people that are looking to get into, or, you know, advance their career in cybersecurity, And other facets to reach out to you guys because I really like what you guys do and I love how you talk about your organization's culture. Do you wanna share a little bit about that?

You guys really seem to have a very kind of a meaning. Meaningful. Yeah. Like a meaningful maybe has to do with the, your founding there really. Yeah. Talks about like, we wanna protect, I love the. The esoteric, [00:10:00] like, we wanna save the world. Like I love that. Cause like, well, who's gonna be against that? Right?

Like, and when you're going to get venture capital and stuff, like, are you against Yeah. Are you opposed to saving the world? Oh yeah, I'm, I'm opposed, you're not getting my money. Like, that's really good, man. Like I love that. Yeah. So coming back to that, I think, I think the mission is at the core of that.

You know, if you. You know, Rob Lee, the c e and one of the founders of Dragos, why he started the company. You know, he always says, you know, I want my son to have running lights, clean water in the future. Mm-hmm. It's that simple. Mm-hmm. Yeah. And that's sort of a powerful you know, people and other companies, you know, and, and I'm not, Trying to say anything about this, but if you can boil down a mission or a purpose and make it mean something to the individual, hey, absolutely.

You know, all of the stuff you rely on is, is under siege. It's a, there's a big threats against it, you know, that kind of hits home. But outside [00:11:00] of that as, as opposed to some organizations I know that are like, our mission is growth. Yeah. And you're like, what does that mean, mean, like growth for what? What are you just throwing an arbitrary number out there and you wanna grow?

Like why? Like what, you know, it's, it gets into the whole Simon Sinek anal aspect of it, right? You're like, are you just like, are you sh playing the short game or are you playing the long game? Right. Yeah. Because the short game always. Yeah, so a hundred percent. So that's, so this, this brings it to light, really a, a, a sector in cybersecurity.

I think that the, the general public just doesn't really know about or is not completely aware of, of how big this is. And David, you know, from our involvement with InfraGuard. This hits to their core value and mission. For those not familiar, ingar is that joint coalition between the FBI and Department of Homeland Security and the private sector to specifically protect from a cybersecurity stand point.

Yeah. [00:12:00] And it's focused on critical infrastructure. Yeah. I think the general public, when, when they think of cybersecurity, In breaches, in threat, in threat actors that it's, you know, ransomware or somebody's gonna hack my bank account or so. Mm-hmm. You know, people don't realize, no, the critical infrastructure is what really is the spine and backbone of our daily lives.

And without that and we got big problems. So I'm, I'm really glad that you guys are focused on this. I think, I think more people need to understand this and I think, you know, hopefully this episode will bring some of this to life for some people that just maybe weren't aware how critical this is to our daily lives.

So, yeah, l let me, let me shift gears here real quick. So, Josh, you're very active on social media and in a meaningful way. Like it's, it's, it's pretty impactful. You talk about some really good things. You're not just like, Hey, we got a big deal. Let's Yeah, look at us. It's, it's always like, because I think that's where social media can give you an audience and where the impact of it is.

If you have [00:13:00] a helpful motive, right, and you're there. Help people, and not to lecture them or not to brag, but we're just. You know, it's like, it's like the playground in school. If you're there to help people, people are gonna like you and they're gonna wanna follow you, right? Mm-hmm. It's not that complicated.

Yeah. You and, and I really like, you're, you're, it's why I've reached out to you originally. Like, you're, you're content is always helpful to people searching for jobs, employers of businesses, owners of of businesses looking for good talent. Like, and you always have some. Some, some really excellent quality posts and statistics and research and stuff.

So tell us about what's, what you guys are seeing in the market. Like what, is there a specialty within cybersecurity that is doing better? Is there a specialty within i c s that's doing better? Like for those looking for a job or for those looking to hire people? Like what, what, tell us what you guys are seeing.

Yeah, that's a great question. So, [00:14:00] The, the I c s security market is, again, very unique. You know, and there's so many, you know, I, I think there's traditional enterprise kind of IT cyber roles that get applied to just the industrial space. So we sort of hire and this is just Josh's roles, right? Cause I'm sort of the cyber person here, cyber recruiter, you can take.

Industrial engineer type person. You know, maybe they grew up working in a plant or maybe they were engineering some of these pipelines or electric grids or what have you, but they understand the industrial process. You know, the systems, the devices, you know the, they understand how that all works. And then they come in here and then they get the cyber piece added on top of that, right?

So we'll train them. You know how to do a compromise assessment, how to do a pen test, you know, all of all of that. The, the threat intelligence aspect and those people are, are [00:15:00] amazing to have on the team because they can go to a water treatment facility and say, yep, that's exactly how you would shut this down.

Here's how this process works. And from an adversary perspective, that's what adversaries have to do to be successful. Yeah. In this space is they have to say all that research, you know, if. Turn this off and hit this valve and, you know, affect this. There's a, there's a kill chain there, right? But then we'll also take, you know, just your average, you know, it, cyber person, security analyst, sock analyst, pen tester reverse engineer, and they have all of that, you know, the tools and the, and the cyber foundation.

And then we'll say, here's the information on industrial. And then we'll train them up through courses and shadowing and mentor. And help them understand how industrial processes work. So, so to kind of blend the two Right. Blend through the cyber security, cyber security knowledge that they have, the certifications, the home labs, the [00:16:00] courses that they've TA taken, all that.

Yeah. And then you'll train 'em on the ICS pieces. Yeah. Right. Exactly. Mm-hmm. Really interesting. So, and that's what you guys are seeing a lot of, I mean, I guess that's a. That's a loaded question cuz you guys have already niched down, right? Yeah. Like you guys are, you guys are focused on that industry, so that's really what you're gonna see the most of.

Cuz that's what you're, that's what you're going at. And I, I think, yeah. And so at times I'll have the, the task, Hey Josh, we really need kind of both skillsets mixed together, which is an even harder position to fill. It's like, oh man, you need someone who's the cyber person and the industrial person. do exist.

You know, there's you know, we have other competitors out there that do the same type of, Especially in the vendor space. We have, you know, there's other firms and other big four shops that are doing I C s OT consulting or or other work in that area. Also, military. These are great people to recruit because all those cyber missions a lot of times have an industrial [00:17:00] security aspect, you know, Hire people all the time out of there.

And they're highly trained through like Sands and G I c and other, other areas. And some of their cyber missions were industrial. Focused. So I, I love my d o d and military brothers and sisters that, that have that mission spirit and, and have some of that training. But as far as broadly, yeah, we're, it's still an emerging market to, to Mark's point, you know Dragos is sort of leading the pack where the world's thought leader on this, and thanks to Rob and.

Presence out there. He's very active. He's an incredible c e o, you know, we're starting to drive more interest in awareness to, cuz to, you know, people don't really realize this stuff is under attack. It's such a Right. You, you turn on the nightly news and, and it's a, it's a ransomware attack and it's, it's cybersecurity on the IT side of stuff.

So Yeah. From mm-hmm. Yeah. I'm sorry, I didn't mean to interrupt you. Go ahead. No, totally. Go ahead. No, I mean, part of the problem is the media [00:18:00] simplifies things too much and they're like, oh, these guys were breached. Oh, and these guys were breached and these, and I'm like, A breach is not A breach is not a breach.

Like one is something completely different. Mm-hmm. One means this one means the data was extracted and is for sale, and the dark web one just means they got access to nothing really important, but it's now it's making news. Something else is like really devastating, but it gets the same treatment as the one that wasn't that important.

I'm like, they don't. Yeah. And so it, I think that's where the security research is so important. Would you agree? Like, it's so important when people actually research the details and then share, this one's really bad because of this. Mm-hmm. This one, okay. A little sloppy, right? They didn't set the right priorities, but they're changing, right?

Yeah. Or the, the one I love is, you know, when the news. Sophisticated adversary, sophisticated attack. It was, it was a sophisticated attack. Our analysts are, our analysts are like, they made a lot of mistakes on that code. It's not sophisticated, you know? Yeah. It's not that sophisticated to [00:19:00] like, to like get somebody to, to like to, to pass to password spray.

You know, mm-hmm. The Cleveland Browns won. Yeah. And get in. Right. And then you have it configured inside. So the one person who's in, you know a accounts receivable, has access to like all of the intellectual property of the organization. It's like once they got in, they were able to go all over the place, which shouldn't have been structured that way in the first place.

So it's like, wasn't that sophisticated? It was just pretty s. Yep. Exactly. So, so, so I, you did mention something and, and as Mark mentioned, our involvement with Ingar. So I wanted to, to bring, to ask you about this. Sure. Do you get a lot of people transitioning from military? Because to me it's, it's not only a skill, a transferrable skillset that you learn in the military, depending on your role, obviously, but, but it's really applicable to cybersecurity roles.

But in particular, there's a, there's a, a drive. And the same meaning behind [00:20:00] it, right? They wanna save the world. Mm-hmm. They wanna, they have this belief at their core mm-hmm. To serve and protect. Yeah. I mean, are you, are, are, are you guys getting a lot of candidates that are transitioning from military or at least have military background in the past?

Yeah, absolutely. I think, you know, are, again, going back to Rob, you know, he's former Air Force, former nsa, so that just drives a whole, a whole bunch of community towards us. But we do participate in actual. Placement programs with the military Skill Bridge being one of them. So Skill Bridge allows someone who's really close to Termin leave or their transition date, and they can do sort of like a professional internship while still active duty.

So the company doesn't pay them, they're just court of on loan to us from whatever military branch assign them. Then they get like, you know, three to six months of professional experience in the private market. And then many times [00:21:00] when that internship is finished, you know, they've signed their papers to, to leave the military, we can hire them or they've got a great network to start with.

So I love programs like that. It makes it so easy. And so, I'm sorry. And what and what was that called again? That's the first I've heard of it. I think that's a great service. Absolutely. Yeah. It's called Skill Bridge. Another one I've worked with in the past. Hiring our heroes. So it's, it's pretty simple.

I mean, if you wanna participate, it's Abridge application. Yeah. Skill Bridge on part of the company. That's good. Yeah. Yeah, exactly. Phenomenal. It's a one. And, and, and what's your involvement with Skill Bridge? Like, what's Drago's involvement? Do you mm-hmm. Refer candidates there if they don't know about it yet?

Or are you getting candidates from mm-hmm. That place? Or both? And I was just curious. So it comes through two channels, so, A hiring manager that has a hiring need and an interest in hiring a veteran, they might just start right off the bat, Hey, Josh. We'd like someone from [00:22:00] Skill Bridge. You know, we've got a headcount open, but, you know, let's, let's bring someone on and train them through that internship process and then we can officially place them when they're out of the military, or we just.

Military guys and gals coming to us, you know, and maybe they have a, a skillset that's an immediate match or of interest to us. Then we'll just sort of buzz their name around the company or different teams if someone's interested in bringing them on. You know, it's really simple. We've done the paperwork on the part of the candidate there.

There's a couple of forms to sign and, you know, we have to go through a little bit of a process. But yeah, we'll kind of do both. In terms of. Excellent. Excellent. So share with us kind of a, a person that is trying to advance their career within the cybersecurity field. What. What do you see the successful ones doing?

The ones that reduce the amount of time they're out of work? Mm-hmm. Or that get, get picked off, [00:23:00] right? Yeah. Well, even, even if they have a job, they might not even necessarily be looking, but recruiters kind of find them because of how good they're doing. What is it that they're doing? Are they self-branding on social media or are they.

Presenting at you know, conferences. What, what is it that they're, what is it that separates those that have a smoother transition than others? Mm-hmm. Yeah. So if you've got work experience, you know, over two to three years, I, I think it becomes, I'm not gonna use the word easy, but it becomes infinitely.

Easier to transition because you've built over the past couple years sort of from associate junior level to mid-level type of person or senior, you know, you've got background in that hands-on work experience and a network of people. So usually when I'm hunting a candidate down, you know, it's usually for a higher level role.

Like, I'm not gonna do much sourcing or head hunting for [00:24:00] like a junior. Person or like an intern, of course. But yeah, to your point, the folks that I see at that higher level that have the most opportunity, you know, they have skills that are in demand but they also have a network. And, and that's what, that's what I love about cybersecurity.

That's why I kind of came into this industry, why I want to stay is there's this, there's little pockets of, of communities. You know, all these conferences that people attend. Oh yeah. Rs it's all kinda, yeah. RSA write a boom, DEFCON Black Hat, hackfest, BSides. Yeah. The Wild Hackfest BSides. Like, there's so much knowledge and networking that mm-hmm.

And, and what's interesting is, and let's be transparent here, right? Those that are in technology in general right, tend to not be. Outgoing, extroverted type in general, right? Yeah. They tend to be more clinical, more [00:25:00] mm-hmm. Binary in thinking. And so being social isn't necessarily the, the first thing that they do.

Mm-hmm. Otherwise they would've been in sales probably, right? Yeah. As opposed to in technology. So, but, Even so it's so important, isn't it? Mm-hmm. And so one of the ways to do it, even if you don't like public speaking or networking or going to events, is leveraging social media and the connections you can make there, because there are.

You know, the LinkedIn community in cybersecurity is outstanding. I've never, I've been in several industries throughout my career and I've never seen anything like it. Mm-hmm. Like there's a whole handful of people and they're like, Hey, I'm gonna be in town, who's gonna be in this area over this weekend, or whatever.

And like 15 people jump in and then they go meet live and they're networking. And I'm like, it's all from like a freaking LinkedIn post. It's really. It's really cool. There's great, you know, from a business perspective, that's great [00:26:00] networking. Mm-hmm. That's, mm-hmm. That's a phenomenal thing. Absolutely. You know, I just recently came into contact with a really sharp, kind of intel research type person out of Germany.

You know, we, we had some initial conversations and, and over time you just become friends with these folks and that kind of opens. You know, every person you meet opens up a whole new door. So, you know, not to, you know, and again, back to your point, you know, these cyber folks typically introverted, many of them aren't some of the best folks in this industry.

Some of the smartest people aren't even on social media. They're just really good at what they do. And there's the other, you know, you talk about other platforms Twitter, Mastodon. InfoSec exchange, you know, you know, there's other sort of pockets that are less you know, visible than LinkedIn or, you know, Twitter's a big one.

Some people aren't even on there. Right, right. But it it is a huge leverage point. Absolutely. It is. You know, Mastodon is one of those kind of quiet [00:27:00] ones that tends to be growing, right? I mean, you don't get to, you don't get the visibility. Most people don't get the visibility, but the resources that are there and some of the research that's posted in some of the trends, it's pretty interest.

Yeah. H how are you seeing the job market in general currently? Is it, has it been, I mean, there's, there's news all over the place about tech layoffs. Yeah. How has, how has cybersecurity or cybersecurity niche of i c s, how's that been in impacted, if at all? Yeah, so far so good with Dragos, you know, we're not gonna ignore, you know, a, a looming or session or the signs of that or you know, the economic climate.

But if you look at, again, sort of the bigger picture or what we do, you know, we're supporting a customer base that is typically very stable, you know? Mm-hmm. Huge electric companies, huge gas companies, you know, huge, large supply chain. That are, that are very important that, that keep churning and [00:28:00] going. So, you know, of course I think this climate can affect everybody.

Dragos is still hiring, we're still doing very well. That's great. And, and pushing through it. So, but sad to see, you know, on that other point, a lot of other. In the technology sector, but only also in cybersecurity. You know, a lot of companies reducing to, well, I think it's dangerous. Yeah. I think it's dangerous by doing that.

Right. There are, there are a lot of ways when you look at those Excel spreadsheets, there's a lot of things to cut. Mm-hmm. Right. And Cutting cybersecurity is really dangerous because when you're looking at resources that is protecting the brand that you've built, right? Mm-hmm. You, you, you spend a decade in sales and marketing and venture capital, et cetera, right?

Public, private, doesn't matter. It's all building and building it up, and then you, you know, jeopardize all of. From a reputation damaging data breach. Right. And again, not every [00:29:00] breach is the same. So some, some people are like, well, you know, we had a little breach a couple years ago, it was nothing.

And I'm like, yeah, but they didn't go to Defcon 10. They didn't go to level 10 on that breach. The next one could be, yeah. And once they know that you've got in a little, you know, your name is out there as a target. So so let me ask that, ask you this, Josh, when it comes to Sure. With certs because this is a question David and I get all the time.

Mm-hmm. Yeah, sure. Do you look at, when, when you're out there hunting, do you look at maybe certain certs as a differentiator in candidates or is that something you just consider like a, a foundational knowledge piece that they have to have? Does that, does that weigh into the equation? Drago has a really unique position on this.

You know, as a company policy, we don't require degrees or certifications. I think we look at still interest, first interest and that's Did you, did you hear that, ladies and gentlemen? So out to Josh, so that's great. Yeah. So having said that, are people, [00:30:00] are most of our people highly educated? They have all those certs and and degree types, of course, but really I think that has really helped us because ultimately, You know, education's great.

I, I'm not saying it's not, it's very important, but there is absolutely a gap between on paper what you know, what you've studied and what you can do. And that's the focus of my interview style cuz let's talk about what you can do, what you have done evidence of the work that we do here. And I think that has really been a big game changer culturally for the.

That's a unique outlook. I really like that though. But in general, yeah. Certs are, are a hot, a hot topic, I will say. And, and the newcomers get sucked into this, you know, hamster wheel of. Bootcamp, what? Certification body and all of that. The 97 look. Ok. So what, what my advice is, and, and I'm not an [00:31:00] educator, I'm not a, a technical practitioner, but I, I sort of have a logical approach to the certification game.

And, and it's, and it's this, it's ask yourself just a few questions if you can answer yes to these. I, I think you're on the right track. Is the certification going to help? Learn what I need to know for the job I want. Because don't just get education to get education. I think that's silly, right? You can spend a lot of money.

Look, I've got a four year degree. I went into debt for, luckily that's behind me, but that knowledge really isn't serving me today. I wish it would have better, you know, so is it gonna teach me what I need to know? Is the certification in demand for the job I want, is it on job postings or do people actually have it out?

That are, you know, doing the job I want. And sometimes, you know, do I know, do I know anybody that has it? Do they have any feedback? And then like, am I okay with the cost, time commitment aspect? If some of those things I try to keep in mind, right? And then there's other [00:32:00] ways to demonstrate it, right?

Yeah. If you, if you are looking in the Penetration testing world, right? There are ways to demonstrate through home labs or things like that. Even if you're looking in the, in the blue team world, there are different ways to set it up in a home lab to demonstrate that you understand it, right? Yeah. Yeah, and, and I, I saw some research very recently about knowledge and understanding of some of the key frameworks is even more in demand than certs necessarily, right?

Like if you're going into a particular field and ISO is really important, or HIPAA is really important right then than really having a practical understanding of what those regulations mean. Mm-hmm. In your job. Is really important. And a lot of that can be found online or at little to no cost. Mm-hmm.

Right. So being able, exactly. You know, being able to understand it and speak to it in an interview is really what matters. Not whether you. Went to a school and [00:33:00] studied it four years ago. Right? Yeah. Like, you know and there's so many boot camps and CER certification companies and degrees out there that are popping up.

It's just this, this melting pot now. And what's funny is people ask, well, which, which one do you look for? Which ones should I go get? You know? But honestly, if you even have a hiring manager sit down and look through a resume, they might not even re. You know, there's very common industry-wide ones, but a lot of the other stuff might not make a lot of sense to like a recruiter or a hiring manager.

It's just, Hey, it looks like you took this class or, or went through this course. That's great. You know, what'd you learn? Type of thing. And so, yeah, definitely get a foundation. Focus on what's in demand, what do employers. What are people in your space kind of going after, but I think we can fall into the temptation just to stack up Yeah.

You know, just stack up all this, all these creds. Right. You know, I'm gonna get noticed. That's not true. Right. I [00:34:00] think it can be a red flag, even for someone entry level. It's like you don't have any work experience, but you've got a ci ss p, like what the heck? You know? Right. That, that seems a little off.

But yeah, just, just balance in all things I think is a good approach. What's your view on boot camp? Gotta be careful here cuz I, I think they're fine as, as a kind of, as a principal or a concept. It's great. I, I don't never been to one, but I, I think they can think a lot of these bootcamp companies, I wouldn't say you're taking advantage, but they just saw an opportunity, you know, and they're raising costs every year.

It's just like university. It's like, before you know it, it's gonna. 20 grand to go through a, you know, eight week bootcamp or, or whatever. I think they're a really good starting point. If you can't afford to go to a four year college degree, you know, if you're, if you're pursuing formal education But again, I, I think you should just, people should be more, they kind of get sucked into being sold on, on [00:35:00] these things and they see an ad on LinkedIn or on Facebook, right?

And they say, yeah, I, I need a bootcamp. I, I need it. Yeah, let's go to this one. It's like, do a little more research, you know, look into 'em, don't rush. I think they're fine. I think they can be a really good starting point, but I think there's just a lot of 'em popping up and it's sort of become a. Is there something that a candidate should look at in a bootcamp that could help them select one versus another?

Yeah, specifically I, I'd look at two things are people that went to that bootcamp, getting placed in the job market, and that's actually a fairly easy search on LinkedIn. You put in the job title and then you can go to. Filters and if the bootcamp exists on there, type it in, it'll pop up. So I think that's it.

One indicator. And then just look at their curriculum, you know, if they've got a brochure or some sort of paperwork on what they teach, who are the instructors? Do they have a good reputation? If some of those things are not lighting up, I'd probably avoid it. That's excellent advice. Those two [00:36:00] pieces are fantastic.

I feel the same way, Josh. It's like a lot of these boot camps just in the last like two years. Have just like, it's like they pop up on every corner. Yeah. And then one's more expensive than the next, and then this one goes up in prices. Shorter period. But it's more expensive. And I, I think you're right.

You gotta really look at, mm-hmm. Does the outcome that the bootcamp produces. Yeah. Drive or enhance your ability or your chance. Mm-hmm. To either advance your career or get the job that you're looking for. Yep. Yeah, I would. I would. Yeah. You could go to Booth. I would, I would even take that second step.

You just gave two great examples. I would suggest even taking the second step a little bit further, not only find the alumni from that bootcamp, but connect with them and reach out and say, Hey, I'm, yeah, I'm interested. Exactly. People wanna help. People wanna help. First of all, it's flattering. Like they, you're be, you're asking them to kind of be a mentor.

Yeah. And they're working every day. They're like, does this even [00:37:00] matter? And then all of a sudden somebody younger in their career, maybe not younger in age, but younger in their career, right, is reaching out and saying, Hey, I saw that you went to this bootcamp and you're having success. You know what were, what is your thought of this bootcamp?

And they might say, you know what? I don't think that one was. I really wish I would've gone to this one because I know a buddy who went there and this happened, and this happened really well. Compared to my experience. It just saved you. Yeah. Eight weeks. Eight weeks and 15 grand Exactly right. Of going to the wrong one.

And maybe this other one, maybe it's even more right, but it's, but you're going in the right direction for yourself, so reach out and connect to these people like they will when you ask somebody for help, they wanna help. So that's, Yeah. That's excellent. So what's on the horizon for you? So as, as, as we kinda wrap up here, kinda what, what is on the horizon for you and then what's on the horizon for Dragos?

Yeah, so, you know, last April I sort of committed to LinkedIn content. [00:38:00] You know, it just started as you know, Dragos is this super niche company, you know, in some pockets of the world and the, and the community. We were well known, but for the most, Excuse me. For the most part, we were very well unknown. So I thought initially, Hey, if I can see all these, all this content getting thrown out there and, and lots of likes and clicks and comments and community, you know, maybe if I jump in, I can sort of create some sort of awareness for the company.

That was the intention at the start, and now it is snowballed and evolved to so much more. Now I've got this thing called a, a personal brand, a following a community. I'm helping job seek. So definitely want to continue on and, and sort of evolve what I do for that market, for the job seekers.

Absolutely. You know, absolutely. I just started a blog six weeks ago going to kind of keep driving other content forward and definitely see myself long-term with this company. You know, I love the culture that people I work with. I think it's gonna be very [00:39:00] exciting. Company. Love to hear that continues to push forward into new markets.

And, and we're se seven years old, you know, we, we know what we're doing by now. It's a very mm-hmm. Established company. But we're still in that startup mode where we're developing and maturing and improving product lines and what we do. And we're going into markets where d Dragos. We don't have any customers, and that's very exciting to me.

You know, we launched a team, the, the New Frontier. I've done that in my career and I think it's really exciting when you're like, yeah, so what's our market share in that market? Zero. Like, love it. Like let, let's go, let's hop on the horses, you know, circle the wagons and let's go. Like, it's really fun because.

In some ways it's, it's interesting cuz you're like cool and new and then you get to say like, here, give us a shot, right? Like, yeah, let us do this. Let us help these people. Let us help you. And, and it's, it's really exciting. So, absolutely. That's great, man. Well, we wish you the best. We will have links to your [00:40:00] blog as well in the show notes.

Great. So and we encourage everybody to follow and watch for Josh's content on LinkedIn and other social media platforms. Great stuff. You're really there with the right mission, with the right intent. You're there to help and that's what's, what's, what's, so I. Yeah. Thanks. Thanks for having me.

It's much appreciated. No, that was good stuff. That was really good. Absolutely. So thanks everybody for joining. We will we will talk again soon. Josh, this was absolutely not the last time we talked, buddy. Yep, absolutely. Take care buddy. Thanks. Okay, we'll see you buddy. See you guys soon.

Hey, well that's a wrap. Thank you for listening. Our next episode starts right. Please be sure to subscribe to our YouTube channel. It's free, and download the podcast episodes available everywhere you get podcasts. To support our show and get exclusive pre-release episodes and bonus content, please subscribe to Cyber Crime Junkies Prime Lincoln, [00:41:00] the description and show notes, and thanks for being a cyber crime junkie.