Your Cyber Path: How to Get Your Dream Cybersecurity Job

What's next after season 2? About this Episode In the grand wrap-up of season two of the podcast 'Your Cyber Path', hosts Kip Boyle and Jason Dion reflect on their four-year podcast journey. They also reveal that for the time being, there won't be a season three as originally planned. Several factors have influenced this decision, the primary being their venture Akylade – a cybersecurity certification organization. They're also experiencing increased demand for their time and energy due to factors involving Akylade and other projects. However, they highlight the intention of potentially doing a third season in the future based on the feedback and demand received. Kip Boyle will continue to mentor notes but change the frequency from weekly to monthly. Jason Dion urges listeners to check their cybersecurity course, 'Irresistible' on Udemy. They greatly encourage listeners to stay in touch and seek guidance on cybersecurity careers through email which is available at yourcyberpath.com. Relevant websites for this episode https://cr-map.com https://www.akylade.com https://www.yourcyberpath.com https://www.diontraining.com/udemy

SDP 10: Separation of Privileges About this Episode In this episode of the Your CyberPath podcast, Kip Boyle and Jason Dion delve into the concept of the separation of privilege as a vital component of their series on security architecture and design principles. Jason and Kip talk about how the separation of privilege illustrates its significance through real-world examples. They also help showcase its application in technologies, military operations, and financial transactions. Jason also draws from his military experience to underscore the critical role of separation of privilege in SOVOT (System Operations Verification and Testing) environments. Finally, they underscore its importance in password management systems. They emphasize its pivotal role in upholding cybersecurity standards. Understanding these principles is essential for building robust security frameworks. Relevant websites for this episode The NIST Separation of Duty (SOD) - https://csrc.nist.gov/glossary/term/separation_of_duty Other relevant Episodes EP 94: Ten Security Design Principles (SDP) EP 96: SDP 1: Least Privilege EP 98: Security Design Principles 2: Psychological Acceptability EP 101: SDP 3: Economy of Mechanism EP 103: SDP 4 Compromise Recording EP 105: SDP 5: Work Factor EP 107: SDP 6: Failsafe Defaults EP 109: SDP 7: Complete Mediation EP 111: SDP 8 open Design EP 113: SDP 9 — Least Common Mechanism

About this episode In this episode, Kip Boyle and Jason Dion discuss the importance of cybersecurity in the current digital landscape and focus on comparing two different standards: The NIST Cybersecurity Framework and the CIS Top 18. The NIST Framework was created to assist organizations in becoming cyber resilient and offers an adaptable and comprehensive approach to cyber risks. The CIS Top 18, on the other hand, provides an actionable and practical checklist of controls that is prioritized and sequenced. Both of these frameworks provide us with cybersecurity measures that can be used for different applications. They can be used individually, or they can work together by complementing each other in a comprehensive cybersecurity strategy. It is important to realize that the CIS Top 18 can end up being quite expensive for smaller organizations to operate, though, which is why many people are choosing the NIST CSF instead. You should always consider various factors, such as organizational size and specific needs, the type of threats faced, and the budget available for implementation when selecting the framework for your organization. Relevant websites for this episode The NIST Cyber Security Framework (CSF) - https://www.nist.gov/cyberframework The 18 CIS Critical Security Controls - https://www.cisecurity.org/controls/cis-controls-list Other Relevant Episodes EP 62 – The NIST Cybersecurity Framework EP 79 – Mid-Career Transition Success Story with Steve McMichael EP 83 – Automating NIST Risk Management Frameowrk with Rebecca Onuskanich

In this episode, Kip and Jason cover the Security Design Principle of “Least Common Mechanism”. The Lease Common Mechanism is the ninth security design principle and focuses on how you can best protect older, legacy systems in large organizations and within the government. Security Design Principle #9 is a crucial concept in the field of cybersecurity. It advocates for minimizing the amount of mechanisms shared by different users or processes, thereby reducing the chances of a security breach. This principle is rooted in the idea that shared resources or functionalities can become potential vulnerabilities, especially if they are used by multiple entities with varying levels of trustworthiness. The principle is based on the understanding that any shared mechanism or resource is a potential attack surface. When different programs or users rely on the same functionality or data paths, a breach in one can easily become a gateway to compromise the others. For instance, if a shared library has a vulnerability, every program using that library is at risk. Therefore, by reducing the number of shared components, the principle of Least Common Mechanism aims to limit the potential damage that can be caused by a security flaw or breach. Implementing this principle involves designing systems where the functionalities are as isolated as possible. This can be achieved through techniques like sandboxing, where programs run in isolated environments, or through the use of microservices architectures, where applications are broken down into smaller, independent services. Each service or program having its unique mechanisms greatly diminishes the risk of a widespread security incident. The principle also underlines the importance of not only securing shared resources but also constantly monitoring them. Regular audits and updates of shared components are vital to ensure they remain secure. In essence, the Least Common Mechanism principle is about understanding the risks associated with shared resources and proactively designing systems to minimize these risks. Relevant websites for this episode Akylade Certified Cyber Resilience Fundamentals (A/CCRF)Your Cyber Path Other Relevant Episodes Episode 96 – SDP 1 – Least PrivilegeEpisode 98 – SDP 2 – Psychological AcceptabilityEpisode 101 – SDP 3 – Economy of MechanismEpisode 103 – SDP 4 – Compromise RecordingEpisode 105 – SDP 5 – Work FactorEpisode 107 – SDP 6 – Failsafe DefaultsEpisode 109 – SDP 7 – Complete MediationEpisode 111 - SDP 8 – Open Design

https://www.yourcyberpath.com/112/ In this episode, Kip and Jason jump into answer questions directly from our listeners! We share valuable advice and insights into starting and advancing in the cybersecurity field by addressing ways to overcome some common challenges such as imposter syndrome, applying skills from diverse industries, and filling employment history gaps.  Further, you will get some guidance on gaining relevant experience, understanding job roles, tackling age bias, and displaying self-confidence to potential employers.  We will then culminate with some valuable tips on overcoming technical skill gaps and making successful career transitions, alongside with coverage of the HIRED course and its transition from a high-cost masterclass to a more accessible Udemy course that anyone can participate in. How do I get started in cybersecurity?How can I gain experience?How to I transition into cybersecurity later in life?How do I identify my desired job and current transferrable skills?How should I address a gap in my resume?How can I deal with imposter syndrome? Relevant websites for this episode Akylade Certified Cyber Resilience Fundamentals (A/CCRF)Your Cyber PathIRRESISTIBLE: How to Land Your Dream Cybersecurity PositionThe Cyber Risk Management Podcast Other Relevant Episodes Episode 90 - How to Get Your First Job as a Pentester with Chris HornerEpisode 45 - Live Resume ReviewEpisode 24 - How to Navigate a Skill GapEpisode 66 - How to Be Irresistible to Hiring Managers

https://www.yourcyberpath.com/111/ In this episode, Kip and Jason delve into the specific security design principle of Open Design. Open Design does not equate to open-source software but refers to transparency in revealing the mechanisms and inner workings of security controls. The hosts discuss the misconceptions surrounding Open Design, emphasizing that it does not require disclosing source code but rather the transparency of security mechanisms. They also stress that Open Design encourages outsiders to review and provide feedback, ultimately enhancing the security of the system. Kip shares an example of an inadequate disclosure of a company’s security architecture which prompted him to switch to another vendor, which offered more transparency. Jason mentions the concept of "security by obscurity," and explains that while obscurity can provide some level of protection, it is not sufficient, as attackers can easily bypass such measures with scanning tools. The hosts suggest that getting involved in Open Design initiatives can help individuals break into the cybersecurity field and gain recognition, urging interested parties to participate in open standards development processes, such as the creation of industry certifications, to establish credibility and build their careers. What You’ll Learn ●    What is open design? ●    What are the common misconceptions surrounding open design? ●     What does the concept of “security by obscurity” mean? ●     How can you break into cybersecurity with open design? Relevant Websites For This Episode ●    Akylade Certified Cyber Resilience Fundamentals (A/CCRF) ●  Your Cyber Path ●  IRRESISTIBLE: How to Land Your Dream Cybersecurity Position ●  The Cyber Risk Management Podcast Other Relevant Episodes ●   Episode 92 - Password Managers ●   Episode 89 - Getting My First Job in Cybersecurity ●   Episode 82 - From Truck Driver to Cybersecurity Analyst

https://www.yourcyberpath.com/110/ In this episode, hosts Kip Boyle and Jason Dion discuss the topic of ageism in cybersecurity careers. They address a listener's question about whether it is too late for a career change into cybersecurity at the age of 60-65. The hosts acknowledge that ageism does exist in the industry, but they provide tips and strategies for older individuals to overcome this challenge. First, they advise career changers to identify their transferable skills and highlight them on their resumes. They also recommend choosing job titles carefully, avoiding entry-level positions that may be more suited for younger candidates. Instead, older individuals should target higher-level positions that align with their experience and expertise. The hosts also discuss the importance of addressing ageism during the interview process. They suggest talking about new technologies and demonstrating a willingness to adapt and embrace change. Additionally, they advise older candidates to choose employers wisely, considering organizations that value and appreciate the skills and experience they bring to the table. Overall, the episode provides practical advice for older individuals looking to transition into cybersecurity careers and navigate the challenges of ageism in the industry. What You’ll Learn ●    Am I too old to do a career change into cybersecurity? ●   What are some strategies to overcome age-related challenges when pursuing a career change into cybersecurity? ●    Should I highlight my transferable skills when changing careers? ●    What should older individuals consider when targeting job positions in the cybersecurity field? Relevant Websites For This Episode ●    Akylade Certified Cyber Resilience Fundamentals (A/CCRF) ●  Your Cyber Path ●  IRRESISTIBLE: How to Land Your Dream Cybersecurity Position ●  The Cyber Risk Management Podcast Other Relevant Episodes ●  Episode 64 - How I got my first cybersecurity analyst job with Sebastian Whiting ●  Episode 66 - How to be irresistible to hiring Managers ●  Episode 38 -  Wes’ Cybersecurity Job Hunt

https://www.yourcyberpath.com/109/ In this episode, we are returning to the Security Design Principles series, this time with Complete Mediation. Complete mediation means the system checks the user trying to access a file or perform an action is authorized to access this file or perform this action. Complete mediation is also implemented in the security reference monitor (SRM) in Windows operating systems. The SRM checks fully and completely that a user has access to perform an action each time they try to perform it. It also ties back to one of the three As of cybersecurity, which is Authorization, since the user has to prove having access to something when they request it. Complete mediation can be a huge challenge to usability, and it might be something that interferes with your operations. That’s where you need to understand that the security design principles are not a compliance list and that you should use them to enhance your systems. You should not be trying to get every principle to 100%. What You’ll Learn ●    What is complete mediation? ●    What are some examples of complete mediation? ●     How is complete mediation implemented in Windows? ●     What are the challenges of complete mediation? Relevant Websites For This Episode ●    Akylade Certified Cyber Resilience Fundamentals (A/CCRF) ●  Your Cyber Path ●  IRRESISTIBLE: How to Land Your Dream Cybersecurity Position ●  The Cyber Risk Management Podcast Other Relevant Episodes ●  Episode 103 - SDP 4: Compromise Recording ●  Episode 105 - SDB 5: Work Factor ●  Episode 107 -  SDP 6: Failsafe Defaults

https://www.yourcyberpath.com/108/ In this episode, we discuss a critically important topic which is Selfcare. Cybersecurity is a great career, however it is not 100% stress free, burning out and working yourself into oblivion is very common. In this episode our hosts Jason and Kip give you some tips to make sure you have your selfcare in check. The first thing you should do is take time off. It's common to see people who don’t take any time off, and over time it can easily get to you without you being able to realize how much your stress is building up. Next up, always have an emergency fund. It should be between 3 to 12 months of savings. Having this money on the side can help you get out of bad situations and maybe even have the chance to do something fun every once in a while. The last tip we have for you is to make sure you separate self compassion from self judgment. You need to realize that beating yourself up is really stressful and can easily drive you crazy. Always treat yourself with patience, empathy, warmth, and understanding that you would expect from a friend. You should always adopt a growth mindset, which can strengthen your abilities and give you much needed resilience to stress and burnout. What You’ll Learn ●    Why is selfcare important? ●    How to handle your time off? ●    What strategy can you use to save money?  ●    How to avoid self judgment?     Relevant Websites For This Episode ●    Akylade Certified Cyber Resilience Fundamentals (A/CCRF) ●  Your Cyber Path ●  IRRESISTIBLE: How to Land Your Dream Cybersecurity Position ●  The Cyber Risk Management Podcast Other Relevant Episodes ●   Episode 100 - Special with Kip and Jason ●  Episode 95 - The Cybersecurity Student Perspective with Sam Bodine ●  Episode 97 - Which Certification Roadmap Or Path Should I Use?

https://www.yourcyberpath.com/107/ In this episode, we go back to the Security Design Principles series, this time we are discussing Failsafe Defaults. Failsafe defaults simply means that the default condition of a system should always be to deny. An example of a failsafe default is the security reference monitor (SRM) that has been implemented in Windows operating systems since Windows NT. The SRM prevents access to any actions like logging on, accessing a file, or printing something unless the user presents a token to prove that they should have access to a file or an action. There will always be two choices for failsafe defaults - to fail close or to fail open. The DoD and government organization side will tend toward using the fail close option, while the commercial and more streamlined companies will definitely prefer to fail open. There will always be this challenge between security and operations. More security means less operations and more inconveniences, while prioritizing operations means that security will not be the best. It all depends on your organization and its goals. Understanding failsafe defaults and other security design principles will help you become a better analyst and produce more secure, robust, and functional systems. What You’ll Learn ●    What is Failsafe Defaults? ●    What are some examples for Failsafe defaults? ●     What is the Security Reference Monitor? ●     What is the difference between failing close and failing open? Relevant Websites For This Episode ●    Akylade Certified Cyber Resilience Fundamentals (A/CCRF) ●   Your Cyber Path ●   IRRESISTIBLE: How to Land Your Dream Cybersecurity Position ●   The Cyber Risk Management Podcast Other Relevant Episodes ●   Episode 103 - SDP 4: Compromise Recording ●   Episode 105 - SDB 5: Work Factor ●   Episode 101 -   SDP 3: Economy of Mechanism

https://www.yourcyberpath.com/106/ In this episode, we are discussing the much-anticipated topic of Internships! Internships are not that common in cybersecurity and that's because they are a huge long-term investment, which is risky for lots of organizations especially in the private sector. Some of the issues that come along with internships are the time and resources that must be invested, and on the side, the risk of all these resources being blown away when the intern decides to not continue with the organization. You can also expect not to see two internship programs that are similar to each other. They are always different and very customized to fit the organization providing these internships. Internships can also be a great help to break barriers that a lot of entry level workers face when trying to get a job for the first time in many different fields, not just cybersecurity. There are also other benefits to internships, including better networking opportunities and more improvements to your team's communication skills, and the way they work with different skill levels, which can enlighten you about areas of weaknesses and points of improvement. What You’ll Learn ●    Why are internships hard to get? ●    What are the differences between paid and unpaid internships? ●     How do internships help break barriers in cybersecurity? ●     What are the benefits of internships? Relevant Websites For This Episode ●    Your Cyber Path  ●  IRRESISTIBLE: How to Land Your Dream Cybersecurity Position ●  The Cyber Risk Management Podcast Other Relevant Episodes ●   Episode 95 - The Cybersecurity Student Perspective with Sam Bodine ●  Episode 99 - SDP 2: Psychological Acceptability ●  Episode 89 - SDP 3: Economy of Mechanism

https://www.yourcyberpath.com/105/ In this episode, we are returning to the Security Design Principles series, this time with Work Factor. Work factor refers to how much work it’s going to take an adversary to attack your assets and succeed in doing so. This is coming directly from the world of physical security that was imported into the cybersecurity realm. What you need to understand is you don’t need perfect security. You don’t have to create an impregnable system (if that even existed) to be able to protect yourself from most dangers. You just need to become a more difficult target than other organizations. And this is where work factor comes in. While you need to make it difficult for attackers to consider you as a target, you also need to make sure you are not spending too much time and money doing so, to the point where you are building a $1000 fence to protect a $100 horse. Balancing security and business value is a critical aspect when planning out your security posture. Another important aspect that a lot of people usually ignore is the anticipated resources available to the attacker. Understanding how your adversary works and what kind of resources they might be able to utilize can help you determine how much protection you need to put in. What You’ll Learn ●    What is Work Factor? ●    Do you need perfect security? ●     How do you value how much protection you need? ●     What kind of attacks endanger small to mid-sized businesses? Relevant Websites For This Episode ●    Your Cyber Path  ●   IRRESISTIBLE: How to Land Your Dream Cybersecurity Position ●  The Cyber Risk Management Podcast Other Relevant Episodes ●   Episode 103 - SDP 4: Compromise Recording ●   Episode 98 - SDP 2: Psychological Acceptability ●   Episode 101 - SDP 3: Economy of Mechanism

https://www.yourcyberpath.com/104/ In this episode, our awesome host Jason Dion is back again with another episode of the Your Cyber Path podcast. This time, he’s accompanied by an amazing guest, Meridith Grundei. Meridith is a renowned public speaking coach and owner of Grundei Coaching who specializes in public speaking and presentation skills. Meridith explains that understanding your client and doing your due diligence of research and studying will help you immensely in your attempts to simplify any complex concept to any level of audience. You need to figure out your objective, point out all the key takeaways, and choose the ones that support your argument. It is crucial for you to find out what sets you apart as a presenter and understanding that will help you be more engaging during your presentations. Starting with a story or an open-ended question usually tends to make people lean in and give more attention, and finding an emotional connection with your audience will get them to invest more cognitive attention to your talk. It’s also important to not try to be different for the sake of being different, but to try to innovate to be better. One example of being different is trying to adapt your stories to different audiences. Make sure you always try to make the audience feel like they’re the hero, because most of the time, the audience doesn't care about the speaker but about themselves, and so shifting the focus towards the audience really helps keep them engaged and invested in your presentation. Meridith also emphasizes that if you are going to practice only two things, these should be your introduction and call to action, as your introduction will give you a good boost into your presentation and the call to action makes sure your talk is well concluded. Moving to a different point, recognizing that anxiety and fear is a natural reaction can help you significantly. Doing things like breathing exercises and turning the anxiety into excitement in any way can drastically ease out any anxiety and fear you might have. Finally, you need to realize that with more practice, you are going to understand yourself better, and understand how you can improvise with different situations that can happen during your presentations. What You’ll Learn ●   How do you communicate complex concepts in a simple way ●   How to give engaging and interactive presentations ●   How to keep your audience invested? ●   How can you deal with fear and anxiety of presentations? Relevant Websites For This Episode ●  Grundei Coaching LLC Other Relevant Episodes ●  Episode 72 - DISC Profiles ●  Episode 64 - Can You Demonstrate Too Much Passion for Cybersecurity? ●  Episode 47 - How to Use Your Transferable Skills

https://www.yourcyberpath.com/103/ In this episode, we are back with our Security Design Principles series, this time discussing Compromise. In the constantly evolving tech world, we are constantly bombarded with new products, updates, and software changes. To navigate through this ever-changing landscape, we require a foundation of stability. This is precisely where the Security Design Principles step in. In simple words, Compromise Recording simply refers to the logging and alerting. If you are familiar with the three As of security - Authorization, Authentication, and Accounting, Compromise Recording refers to the Accounting part of security. It is important to note that you can log all the details and events you want, but if you are not looking at those logs and analyzing through them, they are just a waste of storage space. You also must make sure that you are logging the important data, not just burying yourself in a mountain of data. Finding that balance of what to log and how much to log is crucial for your work as a cybersecurity practitioner. This is how you can utilize the Security Design Principles to effectively analyze a new product. By doing this, you will fully understand how it works and make sure you have a good understanding of your organization's security. What You’ll Learn ●    What is Compromise Recording? ●    What is a mid market company? ●    What is the practical value of Compromise Recording? ●     How are the Security Design Principles beneficial in the real world? Relevant Websites For This Episode ●    Your Cyber Path  ●   IRRESISTIBLE: How to Land Your Dream Cybersecurity Position Other Relevant Episodes ●   Episode 96 - SDP 1: Least Privilege ●   Episode 98 - SDP 2: Psychological Acceptability ●   Episode 101 - SDP 3: Economy of Mechanism

https://www.yourcyberpath.com/102/ In this episode, we are back with one of our favorite guests, Ed Skipka, to talk about his latest achievements, studying and passing both CISSP and CISM exams. To start, Ed goes on about how you should find your own way of studying and figure out the most efficient way to digest information, whether that is online video training, reading books, or attending bootcamps. Finding a study route that you enjoy is one of the easiest ways to ensure you stay on track. He then goes on to explain how he approached the study materials and how he used multiple resources and figured out a way to grade himself and pinpoint his weaknesses to be able to work on them without spending too much time on topics he already had good experience and knowledge with. Ed also mentions that it’s crucial that you don’t go into studying for the exam being afraid of it. It's indeed a tough exam. However, staying consistent day in and day out and being methodical about how you study should help you break down those fears. After that, Kip and Ed discuss how he approached studying for CISM and why he chose to tackle that certification right after CISSP, highlighting that due to the overlap of information between the two certifications, he was able to conserve a lot of time and energy. In the end, Ed mentions that you should not just take the certification for the sake of taking them, but you should use them to widen your knowledge and to know why and how things are happening and how to relate that to your current job and future positions. What You’ll Learn ●    How long do you have to study before taking the test? ●    How to organize your time to study for the exam? ●    How to approach the study Materials? ●    What are the differences and similarities between CISM and CISSP? ●    What are some tips of success for the CISSP and CISM exams? Relevant Websites For This Episode ●    https://www.cyberriskopportunities.com/cyber-risk-resources/cyber-risk-management-podcast/ ●   https://www.udemy.com/course/better-testing/ ●   https://www.certmike.com/ ●   https://thorteaches.com/ Other Relevant Episodes ●   Episode 55 - Which cybersecurity certifications should you get? ●  Episode 58 - How to Get Hired With No Experience ●  Episode 81 - How to Negotiate a Pay Raise with Edward Skipka

https://www.yourcyberpath.com/101/ In this short episode, we are back discussing the Security Design Principles, with the third principle, Economy of Mechanism. Jason and Kip explain the principle of Economy of Mechanism and how you want to apply it in your career as a cybersecurity professional without falling into the trap of overcomplicating things and most importantly, staying within the limits of your budget. You should always keep things simple and practical and focus on providing value instead of following tedious complex processes. Economy of Mechanism can be simplified in the following, “You don’t want to build a $100,000 fence to protect a $1000 horse”. Context is everything here, you need to understand what you are protecting and how your protections should be relevant to that. What You’ll Learn ●   What is the Economy of Mechanism? ●   What happens when you overcomplicate technical controls? ●   What are some examples of Economy of Mechanism? Relevant Websites For This Episode ●  https://www.yourcyberpath.com/ ●  https://www.udemy.com/course/irresistible-cybersecurity/ ●  https://www.yourcyberpath.com/ask/ Other Relevant Episodes ●  Episode 94 - Ten Security Design Principles (SDP) ●  Episode 96 - SDP 1: Least Privilege ●  Episode 98 - SDP 2: Psychological Acceptability

https://www.yourcyberpath.com/100/ We're celebrating the 100th episode of Your Cyber Path podcast with a special edition episode. It's going to be a little different this time. We are going to sit back and reflect on all our 100 previous episodes and take in the things that we learned, so basically welcome to the highlight reel of the Your Cyber Path podcast! Our hosts are Kip Boyle, a cybersecurity hiring manager who started in the Air Force, and Jason Dion, who has over 20 years of experience in the defense industry, including positions at the Navy and NSA. Ayub Yusuf, also known as the WhiteCyberDuck, stresses the significance of tailoring your resume to align with the specific job requirements you are interested in. Doing so will enhance your prospects of advancing through the initial stage of the recruitment process. With the help of ChatGPT and Bard, you can take advantage of the latest AI technologies to effortlessly create resumes and streamline the task of resume making. Our next tip comes from Episode 45, with experienced hiring manager, Glenn Sorensen. Demonstrate enthusiasm and interest in your job applications. This is what hiring managers seek. Also, connect your previous roles and present a complete picture of your experience. Clip three features Ed Skipka, a favorite guest on the show, discussing how he entered cybersecurity without a background in IT. He emphasizes the importance of networking and showing a desire to learn to excel in your career. John Strand, owner of Black Hills Information Security, discusses the pay-what-you-can model in the fourth clip. He emphasizes how this model contributes to the expansion of diversity within the cybersecurity sector and how diversity, in turn, enhances the growth of cybersecurity. Ultimately, this fosters higher quality problem-solving abilities within our cybersecurity teams. After that we discuss a clip from Episode 74, Top Five Mistakes People Make When Negotiating. Negotiating for the right package can be difficult, but having more information can give you an advantage. Kip suggests that it would be a smart strategy to not disclose your salary history. Instead, you should inquire with your potential employer about the job's market value. This will equip you with valuable knowledge and give you a stronger stance to discuss your salary. The next clip discusses how to succeed in your first 90 days of a job, specifically in cybersecurity. It emphasizes the importance of programming skills in this field. Some jobs require high-end coding skills, while others do not require any coding skills at all. To determine the requirements for the positions you are interested in, research the specific roles. Our guest in the last video, Arthurine Brown, talked about her daily routine and shared some of the lessons she learned while working as a business information security officer at Altria Client Services. Arthurine works in a unique role that combines being an information security analyst with understanding how this information is used to accomplish tasks. This shows how the way we add value to businesses is changing due to fast technological advancements. What You’ll Learn ●   Who are our Hosts, Kip and Jason? ●   What do hiring managers look for in a resume? And how to relate your previous experience to Cybersecurity? ●   How do I get experience If I can’t get hired? ●   What is the role of Certification, Degrees, and Experience? ●    How can diversity help Cybersecurity grow? ●    How can you approach salary negotiations? ●    Is programming important in Cybersecurity? ●    How can we add business value as cybersecurity practitioners? ●    What are some things to keep in mind during your career as a cybersecurity practitioner?

https://www.yourcyberpath.com/99/ In this episode, we are going over the latest trend in AI and NLP, ChatGPT, with our guest, Sean Melis, seasoned multi-modal developer and designer and the founder of bot•hello. In the beginning, Sean explains how chatbots work and the main difference between them and ChatGPT, explaining that ChatGPT leverages a huge dataset, unlike chatbots that use canned responses. However, it is worthy of mention that although ChatGPT is very beneficial and could prove useful to a lot of people, it is still a computer. It might not always understand the context or the intonation behind a question and that’s the reason why it generates responses that sometimes don’t make much sense. After that, Sean and Jason go over how you can use ChatGPT to tailor your resume and make it suitable for specific jobs and how you can understand and work around its limitations. In the end, Sean highlights some advice on how to use ChatGPT and encourages everyone to experiment with it as it could be very helpful to save money and time. What You’ll Learn ●   What is ChatGPT? How does it work? ●    Is ChatGPT perfect? What are its limitations? ●    How can you use ChatGPT on your job hunt?  ●   What is prompt engineering? Relevant Websites For This Episode ● https://www.bothello.io/ ● https://www.udemy.com/course/chatgpt-101-supercharge-your-work-life-500-prompts-inc/ ● https://chat.openai.com/ Other Relevant Episodes ●  Episode 56 - Cybersecurity careers in the Defense sector ●  Episode 58 - How to Get Hired with No Experience ●  Episode 89 - Getting My First Job in Cybersecurity with Ayub Yusuf

https://www.yourcyberpath.com/98/ In this episode, we are back discussing Security Design Principles, and this time we are focusing on Psychological Acceptability. The Security design principles are crucial for your work as a cybersecurity professional, they will not only help you do really well, they will also help your work stand out. Psychological Acceptability is defined as “the protection mechanism should be easy to use, at least as easy as not using it” and here comes the struggle of wanting to make controls easier to use while still providing high level security. Kip mentions the term “False sense of security” which is really common in the field where you as a cybersecurity professional are under the impression that you have everything under control while in fact you are missing a lot of risks due to your workforce not psychologically accepting the high level controls put in place and trying to find workarounds to make their jobs more convenient. In the end, Jason discusses Password Managers, which is a great example of Psychological Acceptability, and how it can be one of the few controls in cybersecurity where you can increase security and productivity at the same time. What You’ll Learn ●   What is Psychological Acceptability? ●   What are the challenges that come with Psychological Acceptability? ●   What is a False sense of security? And how can it be dangerous? ●    What is a good example of Psychological Acceptability? Relevant Websites For This Episode ●   https://www.udemy.com/course/irresistible-cybersecurity/ Other Relevant Episodes ●   Episode 57 - Best time of the year to get hired ●   Episode 80 - Risk Management Framework with Drew Church ●   Episode 92 - Password Managers

https://www.yourcyberpath.com/97/ In today’s episode, we discuss the emerging topic of passwordless authentication with our guest James Azar, CTO and CSO of AP4 group who are well known for their work in critical infrastructure. Passwords have been here for decades, but with the ever-changing nature of the technology industry, passwords are becoming a little weak for our needs. Our hosts take the time to discuss what passwordless authentication is, how it can be implemented, and why there is a move towards passwordless. After that, they go over the issue of balancing security and user experience and making sure our customers are satisfied and provided with solutions that fix their problems without sacrificing security. Following that, they discuss some of the challenges that are associated with utilizing passwordless authentication, including different organization policies, user acceptance, and the lack of usability it could pose. James then goes on to highlight that passwordless authentication is only as good as the user, and it always goes back to the human factor - it only changes the sophistication of the attack. In the end, James highlights that the biggest decisive factor on whether an organization will move to passwordless authentication is going to be cost. What You’ll Learn ●    What is passwordless authentication? And why is it relevant? ●    How is passwordless authentication implemented? ●    How to balance security and good user experience? ●    What are the challenges of using passwordless authentication? ●    What is Zero Trust? Relevant Websites For This Episode ●  https://www.udemy.com/course/irresistible-cybersecurity/ ●  https://www.cyberhubpodcast.com/ Other Relevant Episodes ●  Episode 88 - The CIA Triad – The Basis of Cybersecurity (Authentication) ●  Episode 91 - Mobile Device Security with Haseeb Awan ●  Episode 92 - Password Managers