Adopting Zero Trust
Adopting Zero Trust
AZT: Hacker Valley Dishes on Breaking Into Cybersecurity
0:00
-49:49

AZT: Hacker Valley Dishes on Breaking Into Cybersecurity

Season 3, Episode 1: To start the new season, we are joined by Hacker Valley Media’s Ron Eddings and Chris Cochran, who discuss breaking into cybersecurity and the role storytelling plays.
Transcript

No transcript...

Catch this episode on YouTubeAppleSpotifyAmazon, or GoogleYou can read the show notes here.

A new year, a new season, and plenty of new threats to impact the world of cybersecurity. This week we break from our typical conversations about modern cybersecurity strategies and concepts to focus on one of the most important aspects of our space: people.

People are the why behind what we do. We protect, support, and educate them about the dangers that lurk online. However, cybersecurity is also driven by people, and for new entries into our field, it can feel nearly impossible to break in. This week we turn to two experts who lived the lives of practitioners and shifted their energy toward telling amazing stories that drive our industry forward. This duo has built a masterclass on what it means to be in cybersecurity and has guided countless people through every nook and cranny.

And with that, we’re excited to introduce Hacker Valley’s Ron Eddings and Chris Cochran, who discuss breaking down the barriers to cybersecurity and why practitioners need to invest in soft skills.

TL;DL

Don’t have time to listen to the full episode? Here are the key takeaways

  • Breaking into cybersecurity requires curiosity, interest, and a willingness to learn

  • Networking and building connections within the industry are crucial for career advancement

  • Seek out mentors who can provide guidance and advice

  • Tell your own story and showcase your skills through platforms like podcasts and social media

  • Cold applications can be challenging, so connect with someone who can vouch for you

  • Be open to continuous learning and staying updated on industry trends

Editor’s Note

AZT has made it to year 3, and our numbers are growing like crazy. But, we don’t really care about all that jazz. Neal and I started this series to help gut the marketing fluff behind Zero Trust and ensure the message wasn’t watered down. With our new season, we will, of course, continue with that focus, but our primary mission going forward is around elevating modern cybersecurity strategies and approaches and hearing the stories behind people making them happen.

If you want visibility into upcoming episodes or pitch to join one, you can see our publishing calendar here.

Breaking into Cybersecurity: Insights from Chris and Ron

Here are some key takeaways from our conversation:

1. Be Curious and Start Talking to People

According to Chris, one of the first things you must do is foster a genuine curiosity about cybersecurity. Start exploring different aspects of the field and engage in conversations with professionals. Chris emphasized the importance of understanding the different roles and skill sets within cybersecurity, which can be learned through networking, attending meetups, and being part of communities.

Ron added that networking plays a crucial role in breaking into the industry. He highlighted the power of connections and how reaching out to the right people can open doors for opportunities. Ron suggested leveraging platforms like LinkedIn to make yourself known and to connect with individuals who can showcase your skills and potential.

2. Leverage Your Existing Skills and Seek Mentorship

Both Chris and Ron emphasized the value of leveraging your existing skills when entering the cybersecurity field. Chris pointed out that you don't need all the skills necessary for a job from day one. Instead, focus on the skills you currently possess and find ways to apply them to cybersecurity. Whether through personal projects or learning opportunities, building on your existing skills can help you gain experience and confidence.

Mentorship is another crucial aspect of breaking into cybersecurity. Ron shared his experience with mentorship and emphasized its impact on his career. He encouraged individuals to seek mentors who can provide guidance, support, and advice. Chris highlighted the importance of doing your homework and being specific when reaching out to potential mentors. Demonstrating your passion and preparedness can increase your chances of finding a mentor who can help accelerate your growth in the field.

3. Embrace Continuous Learning and Perseverance

Chris and Ron both emphasized the need for continuous learning in the cybersecurity field. As the industry evolves rapidly, staying updated with the latest trends, technologies, and best practices is essential. They encouraged aspiring cybersecurity professionals to invest time in learning new skills, obtaining certifications, and participating in relevant training programs.

Perseverance was another key theme in our conversation. Ron shared his journey of moving across the country and seizing opportunities despite challenges. Both hosts emphasized the importance of resilience and a growth mindset. Breaking into cybersecurity may not be easy, but with dedication and perseverance, you can overcome obstacles and achieve your career goals.

The Power of Storytelling in Cybersecurity

Storytelling is a necessary soft skill that applies to any field, but even more so when you need to break down complex issues that pose a significant impact on people.

"I think the thing that gets people hosed up is like, 'Oh, I don't have all of the skills necessary to start the job.' But think about some of the skills that you do have right now that you can start leveraging in that position," said Cochran.

Chris emphasizes the importance of being curious and interested in the field, and using storytelling to showcase one's existing skills and experiences.

Ron adds to this by highlighting the power of connections and networking. He suggests that individuals should focus on building relationships and connecting with others who can help them tell their stories.

"If I'm trying to break in today, I'm looking at how can I be connected with someone that could show me in the most positive light? How can I go on a podcast like this or go on Hacker Valley Studio? All I need is just one chance to speak about what I want to do. And someone's gonna see that. And that's your opportunity," said Eddings.

Both Chris and Ron recognize the value of mentorship in storytelling. Chris shares his experience with mentors throughout his life and their impact on his journey. He advises aspiring professionals to seek out mentors who can provide guidance and support, helping them navigate the challenges and learn from their experiences.

Additionally, Ron introduces a unique perspective on mentorship, mentioning the concept of a Table of Mentors. This exercise involves envisioning a diverse group of mentors, including real and fictional characters, and seeking their insights and advice. It allows individuals to expand their thinking and gain different perspectives on storytelling in cybersecurity.

Transcript

This transcript was automatically created and is undoubtedly filled with typos. As usual, we blame the machines for any errors.

Elliot: Welcome back to Adapting Zero Trust, or AZT. I am Elliot Volkman, your producer, alongside Neal, our host. And we are kicking off this season with probably the best guest we could have ever brought to the table for y'all. So instead of our standard approach, I'm gonna put them on the spot and ask an awkward question, but to our lovely guests, can I ask for a huge favor?

You all start with an iconic entry for your episodes. Sorry, you, you know where I'm going with this. Can we get. Your intro, I want to just paste right over what we're doing. What

Chris Cochran: are we talking like old school, like original intro?

Elliot: intro? Yeah, yeah. Oh,

Chris Cochran: Oh, wow. I haven't done that in two years. What's going on everybody? You're in the Hacker Valley studio with your hosts, Ron and Chris,

Ron Eddings: with your hosts, Ron and Chris. Yes,

Yes, sir.

Neal Dennis: to the show.

Chris Cochran: to the show.

Ron Eddings: Glad to be back again.

Elliot: yeah. All right. I'm sorry. I had to do that. I knew it would also make our lovely host over here his day, but thank you so much. I think we don't need an actual introduction after that, right? So we've got Hacker Valley here. We have Chris, we've got Ron. These are like the storytellers of our cybersecurity space.

They have lived and breathed. Everything that we have talked about for the last couple of years and for the foreseeable future until Neal gets tired of me and we kill the show. But we have fantastic guests and we're going to just start with some really basic stuff. So you all hopefully should be familiar with Acker Valley and media and what they do, not a Chris around.

Maybe we can just start there. What, what sparked the creation? How did you all connect up? And how did what you all do today even start?

Chris Cochran: You want to start Ron?

Ron Eddings: Let's do it. We got started with me and Chris. We met around 2015 2016. We worked at the same company back in Maryland, worked at a startup called Iron at cyber security. Chris was a threat intel guy. I was a threat hunter. And we, we also just so happen to be the only black people that worked in this office at the company.

They sat us right next to each other. Great idea, by the way, because we hit it off. And we, we just, grew towards each other. We, we loved personal growth. We loved just putting ourselves out there in new ways. But, with that, best friend love story, I moved away to the other side of the country.

And, I started working at a company, a startup a few startups and also worked at Intel as well, and I was there for about two years. And at that time, around the year or two of me being in California. I started doing YouTube videos and then I saw that Chris was also doing like this workout series.

He hired a professional film crew and everything. They were following him when he woke up and they were doing these workouts and and just like parks in the gym. It looked really good. He's got a, maybe he'll pull those up someday. But we, I was doing this YouTube series. Chris. moved to California. So hey, me and my family were moving out to Cali.

I'm moving before my family because they have a school and whatnot that my kids still have to finish up for the year. I had just rented a hacker house with another friend. And it was like this big six bedroom mansion. At the time when I moved in, it was just me and one other friend. So we, we needed other people to move in to make this a hacker house.

We also built a studio in the house and the studio God bless my landlord. He didn't know until we moved out that we built this studio at this house that we rented. But we had these sound blankets draped across the room and it was from the ceiling. It's not draped across from the, the wall.

Cause he didn't have that attachment when I was trying to build this studio. So I was like, I'm just going to go through the ceiling. I wouldn't recommend that for anyone that wants to get into the, the content game. But at this time I was doing YouTube videos. Chris said, hey, I know that you're doing the YouTube video thing, but let's go up to that studio and let's jump on the mics and see what happens.

So we did that and little did we know that we had, when we're having that conversation was episode one of Hacker Valley Studio.

Elliot: thank you so much for that story in the background. It's similar to how I connect up with Neal. We used to work together. I terrorized him. I actually wrote most of his presentations. I left and I was like, hey, this is probably 1 of the smarter guys about threat until I'll just get him in his beard on camera and that'll work out.

Great. But

Neal Dennis: hand him over to you. Mostly what I'm trying to do is expand the three of you.

Elliot: and I even forgot about that. But. The reason why I specifically ask about that is because you all actually come from the practitioner side. I am more from the journalism unfortunately, marketing side. But you all bring conversations to the table and now you work, you joined enemy line, so to speak, but your.

Helping these companies be able to actually tell stories and appeal to people who have been in your shoes. So I think that is one of the biggest things to call out here. And the reason why I say that is because there are primarily our listeners are one, maybe watchers. We have three of those mostly listeners they.

Are in have been in your shoes, how do they move up? How do they expand their careers and, do more in their space? You all created stories. You all created an entire company around telling stories and appealing to people and that nature. So that is that is the, the focal point of where I will hand this off to Neal.

Neal has this love and interest of helping people break into the career, but not just the entry points, but how do you expand and you all have. Built an entire company around expansion. So Neal, that's where I'm going to throw it to you. You can figure it out from there.

Neal Dennis: This is awesome. This is the, this is the least nuggets he's made me have to work with in a while. So this is definitely going to go someplace. That, that being said, I just want to share one quick anecdote with Chris. I don't know if Chris remembers this or not, but I've worked at TrueStar. I've worked at another place that I'll mention here in a few seconds, but I was, I was on the, the.

I don't know what you'd call me over there anymore, but I was the guy that did all the normal crap that actually got people to buy the product. So sales engineer stuff and other weird crap. But that being said, when you were at, at, at Netflix for a few years, a couple years, however long that was, I know our team was hard charging you from a sales perspective, but then you were starting this podcast charity.

And then coincidentally enough, I moved from, from Truestar over to another company with a friend of mine from Truestar, Doug. And we were at King and Union for all of four months. So I remember, this is my intro to podcasting in general. I'd seen, read, listened to a lot, never participated in. I've done a lot of other things, webinars, stuff, but never podcasting.

Y'all come into our space and you sit up at that spot in the back of our little room and you're there for two days straight, just nonstop lights up. Microphones going, y'all are going to town and all this stuff. Hey, that kind of looks fun. Don't know if I'm ever going to do that. Don't know if I have the motivation to put forth that much effort on my own, of course, to do that and then flash forward a couple of years and here's Elliot and whispering in the back of my ear while he's on vacation.

Like I got this idea for a podcast. I want you to come in and help me out. I'm like, yeah, I don't care. Let's do it. Let's have fun. So flash forward two years now, and here we are. And it's been fun. So I want to say y'all were literally my intro. physically into what it is to do this stuff and the commitment level and all the stuff y'all did at that, even at that early on stage is just impressive and amazing.

So thank y'all. And I don't think I ruined any of y'all's recordings, but maybe I did. I don't know.

Chris Cochran: Naw. Naw.

Ron Eddings: that day was awesome.

Neal Dennis: was fun, man. That was fun. That was, that was the last real big event before the world went to pot. So

Chris Cochran: Yeah.

Ron Eddings: was Right

before.

the pandemic.

Chris Cochran: Mhm.

Neal Dennis: February, 2020 sitting there in San Francisco, having a blast, not a care in the world, everybody doing what they want to do, party and having fun interviews, all the fun stuff. And then flash forward a month later and man, we didn't go much.

Did we that being said. Take movers forward to Elliot's points. Yo, I've, I've, I am motivated to do this. This is why I haven't recorded because I am legitimately working on a backdrop and an actual legit spot to set. So I've made this my goal for the next couple of months, month or so to figure out a space over here in my room to actually have a legit spot.

And That being said, the podcast, the idea that I have, I've been, once again, I've been very fortunate in previous engagements to have been asked to be on other people's podcasts a lot and give some insights on the career field, on Intel, on what it takes to be an Intel analyst on the private sector. And pre COVID nobody gave a rat's butt to be fair.

There was only a handful of large companies that were hiring quote Intel. And then they, I'm sure y'all know, weren't really using them the right way. You're a PowerPoint monkeys at best. If we could even do that. So we didn't even really get to do much of that. And so two years ago, did a podcast interview about some career stuff.

And I'll reference that when I get to my, my personal endeavors here. But that podcast was strictly about how to break into the Intel career field on this side. That was the point of the interview. Anyways, did that interview. I was not expecting. I get the occasional email follow up from all the ones we've done, but it's usually more people trying to follow up a story typically that podcast only had maybe 5, 000 views in the first month, but out of those 5, 000 views, I feel like every single person reached out to me on LinkedIn and I felt like a heel.

And this, this keeps recurring. They rerun this thing about once every six months. And every time they rerun it, I get a swath of people reaching out and, 20, 30 people, literally every time. So I feel back because I can never reply to all those. There's people wanting education. They're wanting to learn how to break into the market.

So the idea here and the hope of this conversation is to get some people, some starter packages on where to look both education wise, both and also maybe from interview tips, what types of skillsets to really highlight. And then from my perspective, one of the things I plan to highlight in mine is one, a military influence, cause that's where we come from, Marine Corps background, Intel, all that fun stuff.

But I want to educate people who have a military Intel background a little bit on what those skills are here, as much as I want to give just the audience as a whole, an opportunity to podcast, after whatever discussion happens. Have one or two people literally do a video resume of sorts, if you will, for two to five minutes, and that's the end of the podcast.

So that being said, I'm very curious. Y'all's take on one, just getting started just in cybersecurity as a whole, what y'all think is critical to know whether it's bootcamps, whether it's college, whether it's just OJT, whether it's combinations of all that stuff, or whether it doesn't really matter. So you should just take the leap off the, off the cliff, right?

So I'm going to leave it at that for a few moments and see where we go. Skills started

Chris Cochran: Yeah, so I'll touch on the breaking in thing for a second, because I would say if it's a skill, if it's one skill that I have, it's breaking into communities. Started in the Marine Corps, right? So broken in there. You basically just have to sign up, but then going into the intelligence community, then going from there to break into cybersecurity and then from cybersecurity to content creator, and then from content creator to marketing.

So running that gambit. But I would say that I think the thing that gets people hosed up is like, Oh, I don't have all of the skills necessary to start the job. But think about some of the skills that you do have right now that you can start leveraging in that, that position.

And then you'll learn all the other pieces along the way, whether you're creating a project to learn those secondary skills, whether you're talking to people, belonging to different groups, going

to meetups, those types of things.

all these different things I would say that, yeah, just being interested and being curious about cybersecurity is the first thing that you have to do, and then start talking to people.

Because I think in the beginning it was really tough to meet up with people and get that information because it was like a very clicky in the very beginning, but I'd say today it's probably the most welcoming the field has ever been, and so just talking with people. Understanding what the different roles and different skill sets are I think is where people need to really start But yeah, just start and just do your best and that's how you really break into cyber security

Ron Eddings: in is I think the easiest and also the hardest thing to do. You definitely have to have a plan. It's when I, when I got into the industry, I had a great mentor. I met this person, his name is Marcus Carey. He's a Austin resident, just just like us. And but I met him when I was living in Maryland.

That's where I grew up. And. This person, he, he just really told me, Hey, if you do this certification first, this certification, second, you start reaching out to these types of companies, here's your, your opportunities, network engineer. Cause I was focused on my CCNA and network plus back then.

And, network engineers, that was a very strong profile for them back in like 2010. But today it's a whole different bag because you're not doing like the cold. applications anymore. People might know who you are because of things like LinkedIn. So if I'm trying to break in today, I'm looking at how can I be connected with someone that could show me in the most positive light?

How can I go on a podcast like this or go on Hacker Valley Studio? All I need is just one chance to speak about what I want to do. And someone's gonna someone's gonna see that And that's your opportunity. You still have to work for it after that point, but that's at least your, your entry point in. I think when you're trying to just do like the, the job boards.

That could still be effective, but that could be really defeating as well, getting interviews and not knowing if they're going somewhere because you don't have that reference on the inside that's giving you those at least small updates like, hey, it's, you're still good for now, or you, you might want to go and apply for more places when you're doing a cold, you're lost in the sauce.

You don't really know what's happening.

Neal Dennis: Yep.

So when we think about the market space, I, I can look back on my career post military and I've only gotten one of my jobs by simply cold contact, and every, every role I've had, or every opportunity I've been solicited for has been because I either knew someone there or someone who'd worked there, one or the other, or because I was working with, A recruiting company of small scales, usually that have always been a trusted advisor.

So basically in road, still through connections and stuff like that. So I think, the old adage is not what you know, it's who you know, is unfortunately very, very true. There are still ways to break in. With, without those connections, but that's a pure numbers game. The only reason why I got that first role, I probably put my resume out there at least 150 plus applications before I got a couple of bites, which led to literally one offer.

And that's where it was. And that was back in 2012 or so, 2013. And

Ron Eddings: And with LinkedIn, there's another category. It's the, who knows you, you don't even have to need to know that person. With LinkedIn, as long as people know who you are, then that, I think that is just as effective of knowing who other people are.

Neal Dennis: Yeah, I agree. I agree. And then mentorship, Ron, you mentioned this one. So I think this is something I think people are afraid to do. They're afraid to solicit for mentorship. They're afraid to reach out to someone and, and whether it's somebody you already know at your company, your current place of work, whether it's somebody literally on LinkedIn, once again, there are a lot of people on LinkedIn that say, I'm a mentor, come talk with me and hopefully they have a lot more time to manage it and do a better job than I have, but there are those people who are willing to do that.

Two perfect strangers. And so I'm curious from that take, mentorship perspective. I know y'all do a lot of that by proxy of your current business model and things like that. But Ron, you mentioned how impactful that was. Chris, how about yourself? Have you had a really solid mentor in your, in your life or multiple at all?

I've had several.

Chris Cochran: yeah, you know when we were talking about breaking into different places each sort of industry or hobby or whatever it is that I break into. I always look for a mentor of some sort because I'm trying to shortcut that learning curve so I can learn as fast as possible, beat my head against those challenges and get to a place where I'm competent or capable to do whatever that thing is.

But yeah, I've had mentors throughout my entire life. Honestly I wouldn't be where I am today without those folks either giving me a shot, giving me knowledge. Hitting me over the head when I make a mistake, all of those different things is, has led me to, to be as capable as I am today.

So yeah, mentorship is huge. And what I will say, just a little piece of advice for folks, especially if you're trying to get a mentor that's super busy. Do your work first, right? And then talk to them. If you decide on day one that you want to be in cybersecurity and you're going to reach out to the CEO of CrowdStrike, you're going to have a hard time getting them to be your mentor.

But if you've done your, your, your homework and you have a specific area where you know that they can help you in that, in your endeavor, it makes it a lot easier for folks to say, yes. So I'll just give that little nugget out for everybody.

Ron Eddings: There's another aspect of mentorship that Chris has discovered that I don't think anyone has looked at yet. Chris, please drop that gem.

Chris Cochran: one.

Ron Eddings: Chat GPT.

Chris Cochran: yeah. I've done this thing called executive coaching for a while. I got my certification a little while back. Ended up not using it, but I'll do it with friends every once in a while. One of the things that, one of the exercises they taught us was having this table of mentors. And this table of mentors could be anyone that your mind can conceive.

People that are alive or dead. Fictional characters, cartoons, animals, whatever. You make this table, whatever you want it to be, and you would ask those individuals those questions. And you think about what, how would they respond to that question? And a lot of times that what that teaches you is that most people have the answers that they need to the questions that they have.

And if you understand like someone's methodology or their philosophy, you could probably get pretty close to what their answer would be in real life, but you could take it another level. When you're using things like chat GPT, you could say, all right, I have these people at my table of mentors. Let's say, if we're talking about marketing, we got Gary V, Chris doe Seth Godin all at a table.

And I have this question, how would they respond? So you could take that to the next level because chat GPT has access to. Number of articles and things and books about those people and how they think about those subjects. And yeah, that's a quick tidbit about how to use chat GPT for, from a mentorship perspective.

Neal Dennis: fun. I've, I've started a cyber history Monday thing that I use chat GPT to supplement every once in a while. I think people need to understand the power of what that brings. That's a, that's an awesome use case. So well played

So awesome. So on the mentorship program, chat GPT, I think that's a wonderful idea around how to leverage that generative AI perspective to get some fun. And you're right, there's a lot of models around in the papers for answers and responses, I think it's pretty cool idea on that note, thinking about mentorship, a little bit more thinking about growth.

One of the things that I think a lot of people fear is on the education side. So we think about, mentorship and networking, definitely fundamentals. I, I think those go a long way more than just your basic education can ever bring you, cause then you can figure out where, like y'all mentioned, Where you need to go, right?

So from an education perspective, let's say somebody wants to just get started in cybersecurity. What would be your Top two or three avenues to approach that from an education perspective and as an example we have a lot of people that come from an IT background, administrative background that transition over, right?

So they do that in company sometimes, or they go do some certs. We have people who look at bootcamps. We have people in college and then we have people who just say, screw it. I'm just going to go use chat GPT and learn how to program things. So what are maybe your top two or three options on the table for educating yourself or approaching the education journey beyond that mentorship and networking perspective?

Ron Eddings: What I have always been a big fan of is like trying to train around other people that are Professionals like if you're trying to get the best body possible you want to go to the best gym possible as well I look at something like SANS as like a place where professionals go and get training. So That that costs money.

There's a nice price tag associated with SANS events What I would do if I was someone breaking into the industry right now That was I will reach out to SANS and ask if I could volunteer there's always going to be at least one of those events per year, maybe a few that are going to have volunteer opportunities, I would either fly or drive to them, and I would get that professional training, and I would also get close with the person that's giving that training.

So that's an opportunity to meet the trainer as well. A lot of them have consulting practices. So that might also be an opportunity to land some work right after getting that training. That would be, that would be my recommendation and how I would do it if I were to have to try to break in today.

Neal Dennis: Nice. Chris, how about

Chris Cochran: Yeah, I would say for me, I think it really depends on the person. I'm a terrible traditional student. Four year degree. I struggled, y'all. I had a hard time making it to that finish line. I did it. Through sheer will and perseverance, but I'm more of ad hoc build your own pathway type of learner, whether it's pulling up articles or studies or videos or taking a short course or going to a SANS thing, I really like being able to shape my own learning myself.

And then I'd say the number one thing for me is project based, right?

Project 80, right?

I learned business, not through college. I learned about business through starting my first company, right? I learned so much just putting my, my head to the grindstone and figuring out all the stuff that needed to happen. And for, in order for a business to be successful.

So I would say it depends on the people. There are some people out there that they would prefer an entire evolution where Hey, for the next four years, I don't want to be dedicated to this. I'm going to let my instructors take me through that entire journey. But some people have to cowboy it and go around and figure out and find all the things that you need to do yourself.

So I would, I would say it depends, but I don't think there's any wrong or right way to do it, but I will say it is really dependent upon like someone's personality.

Neal Dennis: how you do it.

No, that's awesome. I, to hit on some of those things. So Ron, you talk about conference or event networking, my back to networking loosely, right? In a sense, it roundabout way is I, I, I hang these up on purpose because I don't want people to think that going to cons is a bad thing or that going to a lot of them is a bad thing.

I, I think there's this, there used to be this, this kind of. Look down upon people who went to everything they could go to kind of mentality. It's Oh, you went to 500 conferences this year. Good for you. Whoop dee doo. And, I think there's something to be said from a social engagement aspect at an event.

And I I'm very fortunate in my career right now, where I go to probably about 10, 15 different conferences a year for the sake of my clients, like my clients that I help manage at my day job and in and of themselves, their communities, they, they have their own group of people. They have their own management series and things that they do is dissect.

I sell well, but in and of that, what I see a lot, you show up because you're invited, whether, anything or not. And at the end of the conference, something, and hopefully have a better idea of who to talk with to get there. And on that flip side. I also, I don't have a college degree. I, mine is all military OJT, a handful of certs, things like that.

And granted, I'll admit, I think that path is a little more difficult nowadays to have that journey, especially out of the military than it was in the early 2000s. But. I, I think to me, that's the point. I think that people need to understand. College is a path, but it doesn't have to be your path.

Certifications is a path, but it doesn't have to be your path. And to Chris's point, find something that rings true for you, move forward with it, see if it sticks, see if you progress, if you don't reassess and move on to another task, right? And that, that's why I hope people understand is there's, there really is no one, one make it easy path.

I would rather sit in a, in a. Yeah. Two week bootcamp then sit in a six month college course every other day. So just give it to me, fire a host style. And then the last part, and Ron, you mentioned this a little bit as well. There's a gentleman in Dallas named Phillip Wiley. I think most people who've been around know Phillip.

I know y'all know him. He was at y'all's event. Phillip does a wonderful program about hacking the courses. And so he teaches people how to save a few bucks and reverse engineer courses. So you can at least. Break in that direction. I think that's also critical is to understand how to do that and do that things.

Chat GPT probably helped a lot.

Chris Cochran: Yeah. All

Ron Eddings: I think that there is a big difference between breaking in and getting education though. I think that if you're breaking in you're actively trying to get Employment, like for the people that do take the college route, I'd look at that as you're trying to build your knowledge and foundation on security first and then get into the industry.

So I think like you also have to like Address with yourself. Are you trying to get educated or are you trying to get employment?

Neal Dennis: Yeah. Two different goals, definitely. And hopefully assess what the goal of that education is. If you're going just to go, awesome. But if you're going, because you have a job skill in mind or a job set rather that you want to apply for, definitely make sure you're on the right path, right? Don't just go to college because someone said to go, don't give that cert because someone said to get that cert.

Especially if you're paying for it, if somebody else is going to pay for it, hell, I'll go sign me up. But yeah, I totally agree. That's a very fair point, Ron. So I have a, I guess it's a semi sensitive question for some people. We're talking about breaking in. We're talking about getting started. We're talking about what that endeavor looks like a little bit.

My curiosity question, this is also the aim of what I want to bring to the, to the podcast I was mentioning is you have a large group of people who say there's a cybersecurity skills shortage, right? But they're also the same people who put out a job rec that says, I want someone with 10 years of experience in SQL, 18 years with nuclear physics and 32 years with scuba diving instructing, and it's an internship program.

We've gotten a little better with that, but that still exists, right? To this day. So my question to both of y'all, which side of the coin, or are you somewhere in between on a, the cybersecurity skills gap? If that's a reality, simply because there aren't enough people, or be the reality is people are just ignorant in their hiring practices or something in between, that's fine.

And then the secondary part of that question is, how do y'all think from an approach to solve whichever side of that issue this was an entire

Chris Cochran: Yeah. No, this is a great question. In fact this was a question that sparked an entire series that we did called technically divided. And this is our very 1st episode was focused on the skills gap, right? Is there a skills gap or not? And we brought on Alan Alford and had a great conversation about it.

And at the very towards the very end, we're always trying to find a way to like, how do we wrap all of these, these findings up in a nugget? And we basically come to the conclusion that it isn't necessarily a skills gap or a personnel gap is a disconnect. And what we mean by disconnect is there are people with skills that can be useful in cybersecurity.

That might not have that traditional background, but can be applied in cyber security. We just have to open our minds to that possibility. Like you were saying about the job wreck. If I'm someone who's been a lawyer and I understand policies like no one's business, but I look at this job wreck and I need a C.

I. S. S. P. I'm gonna be like, Oh, that's not me next. But. of a

You might be able to do that job because you have the skillset or the mindset or the frameworks in order to do that work. So I would say that it's a bit of a disconnect. There are of course going to be new technologies that people need to learn and develop, but I would say from my skills and personnel perspective, we need to figure out how do we bring all of these people into the industry to help us out.

Ron Eddings: it's, I came to the same conclusion as what Chris just described through that episode that it can't be on one side. There are a lot of people with the skills. There's a lot of jobs. I see jobs all the time on Google, on LinkedIn, Reddit. There's tons of job postings on Reddit and cyber.

There's a whole thread about cyber job hiring. And read it. I think that the what it really boils down to when people feel as though there is a skills gap is people want the best. They want the best of the best when it comes to cyber security professionals. They want the people that have a big influence.

They want people that are great mentors. They want people that have the skills to do the technical work or the leadership work, and there's not that many people that are available when it comes to that, because they might already have the right employer for for them. So I think that what another gap is, is we're not necessarily raising the next generation of cybersecurity practitioners with the best intention, putting someone in front of a screen that just has alert after alert after alert, that's not a good way to build someone up to be creative.

So I think that that's another piece is like, if we want to like have a ecosystem of where people are the best of the best. Then you have to almost treat them like they're going to become the best of the best one day. And I think that unfortunately with cyber, we need to get the job done. And sometimes we're not necessarily taking the proactive steps.

So we find ourselves in this, this rat race of detection and response.

Neal Dennis: whole nother fun topic, isn't it? The SOC fatigue and analyst fatigue, all the fun stuff that comes around, all that stuff. So I, I think that, thank you all first off for sharing those. That that's a wonderful insight and a good perspective. That that's what I was hoping. I have another quick question on that.

How many times has someone looked at both of y'all and been like, you've gone to them say, Hey, there's a lot of things going on, wish I could have some help here to do X, Y, and Z, or you're complaining, we all like to complain eventually about our jobs, our life, and whenever things aren't going. Easy, smooth, whatever it may be.

But you put forth something and your boss goes, man, I just wish I could clone you. And then everything would be perfectly fine. And you look at them, you go, don't clone me. Just give me five other people that want to learn crap. I'll clone myself, please. And thank you. How many times has someone really said that to you?

And then you're still stuck with the same problems, even though there's a budget to hire, but to your point, they're looking for you, not someone else that you can help become you.

Chris Cochran: I think that's huge. Yeah, we got to train up our folks. We got to pass everything down. This is what you're doing with this show. This is what we do with, all of our shows. We try to help educate and inspire everyone to kind of like take the mantle, take that hill.

And But I think sometimes we get really myopic. We get really focused on the challenge that we have the dumpster fire that we're focused on right now and just the people that we have. But if we I mean, it's all about opening our minds to the other possibilities. Just open your minds like, Oh, what if we could bring in some summer interns and get them exposed to our culture?

And maybe if we train them well enough, they'll say, You know what? When I graduate, I want to come back here and work here full time to continue my journey. There, there's just so many ways to get people excited about the work that we're doing. We just have to open our minds to figuring out how do we make that happen?

Neal Dennis: we've

Ron Eddings: Right.

Neal Dennis: We just have to open our minds to figure out how to make that happen.

Ron Eddings: No, not at all. I think that, what you were, what you also asked was like, Hey, have, have I ever been in that situation where. My manager wants to clone me yes, but not, not where it's an unwilling. I feel like that would be a little bit of a compromised situation for both parties. That means that there's too much work for me and that my manager doesn't have the budget to hire someone.

But I do think, as a subject matter expert or as an individual contributor, you're part of your job is protect your boss. Before that conversation happens, I think it's also important for. Whoever is driving the technical piece to always just be reaching out for help. If you need help, constantly bring it up.

Sometimes you don't get it, but as long as you're having that conversation, at least you can progress something going forward. Even if it's just creative ways to think of how to get additional resources.

Neal Dennis: Yeah, definitely. So paneling it back a little bit more to what y'all mentioned before, talking about hiring and skill sets and what people are looking for. I do agree a hundred percent that that's what people are missing in this bucket. To your point, Chris, you talk about, skill set a maps out to 92 percent of it, but because they're missing.

Assert or whatever key critical piece alluded to that they don't apply for that job or the HR person overlooks them. So that's one of the things, hoping to address is the skillset mapping and getting people comfortable enough to have conversations with, with HR, with whoever the hiring people are in general to say, yeah, I get it.

You think this is important, but here's how I can really help you make an impact in this and more aptly making sure they're receptive of that discussion. And.

Ron Eddings: There's a, there's another layer in there as well. If you had someone that once let's say you, you're doing technical work. You have a manager, your manager says, Hey, I'm opening up this role. And we're going to be hiring a offensive engineer. We'll be hiring a red team engineer. The first thing that's going to go through your mind is which red teamers do I know?

And then you might have three, three great ones, maybe one that's really epic that you just really want to work with. You're going to reach out to those three people. Just like that job search could be over and you didn't even open it up to the public. It was all because of network. So I think that, when you're not on the inside of these people, like people, hiring managers or staff members, when you're not in their network, it actually makes it a.

Way more difficult to get a job. I'm actually hiring for a video editor right now. Any reference that I get already has a level it's a lump, the one level ahead of every other candidate, because I have a recommendation, like someone has certified this person. And if someone I trust, then now I have inherent trust in this new person.

I think that's often how we try to find applicants and the right team members for our job is like. Who can already certify and who's already has that, that level of culture that we're trying to bring into our organization?

Neal Dennis: Yeah, I think that's fair, Ron. And the other part of that, and this goes back to LinkedIn. I think a lot of people are missing on this aspect too, is just because you don't actually know somebody at that company hardcore, look for somebody who's in that shop that you're looking to apply to, solicit them on LinkedIn.

Hopefully they respond. This happens to me a decent amount. People come out, they say, Hey, I see you're at Cyware. I'm looking at this role. What can you tell me about it? Is it a good fit? And I'm not interviewing them. We're just having a cultural vibe check basically. And if we think that it's a good thing, then they give me their resume.

I get bonus points because I'm the referral bonus. If I, and hopefully if you're part of that equation, you're doing a little due diligence and not just throwing them over the fence and hoping you get the referral bonus, soliciting people at a company you're looking to apply for, whether it's HR, whether somebody in that office, I think can bring you a little bit closer to that reality of getting a slightly higher check mark on that Vedic, and then back to headhunters. I, I will

Chris Cochran: Is that your side hustle, Neal? You, you you just bring, you just say, Hey, hey. Come on to the show. And then they're like, Hey, make sure you send me your resume. If you see any any openings, I'll get you in.

Neal Dennis: I, I, I think I'm on the other side. Can you have my resume for me? No.

Chris Cochran: Mm-Hmm.

Neal Dennis: I, I, I will give a call out to, to a headhunter organization, ninja Jobs drew and Matt and a few others over there that run that program. I call them out specifically because they're focused on a little bit more mid to senior tier talent, but I've never seen Drew and Matt say no to a resume that didn't have any experience.

To at least to find something started. It may not even be in their docket of list of jobs that they have, but they take those resumes and they still will make an effort to solicit on behalf. And not every headhunter company is going to do that. Fair play, but there are some that are, are pretty good to work with.

There's some that are nice to be around and they can at least get you, and for me, this is critical in front of enough interviews to where you can get comfortable with explaining your role and what you think your impact is. If you've never done an interview before, it's just like this. If you've never done a podcast or a webinar before, you're probably going to have a little doubts, a little fears, maybe a little shaking in your boots, but get out there and do a bunch of interviews.

Even if they all suck, even if you're applying for things that don't make sense, but you get an interview. Take that exposure and leverage it to help you be able to engage your story towards the next HR endeavor.

Chris Cochran: Mm-Hmm.

Ron Eddings: the coolest things happened a while back. We, I had this interview with someone when I worked at Palo Alto networks. I was working at a startup though, Domisto. I had an interview with someone who was trying to be customer success engineer. I was one of the architects and manager of the customer success team, and we had a great interview.

We gave him an offer. He, he declined it. Years later, he discovers Hacker Valley. He's Hey, I know, I know this company. I like, I like Ron, I like Chris and he worked at CrowdStrike. CrowdStrike ultimately became one of our biggest partners at Hacker Valley. And it. Part of it stemmed from just this interview that turned into business in a way that I never expected or ever planned.

So I think like by interviewing as well, like you just have a lot of opportunity to meet people and make a positive impression.

Elliot: right, Neal, I gotta, I gotta throw a curve ball in here because I want to take advantage of not just your experience as practitioners and you building companies in that regard, but you all are absolutely fantastic storytellers. And I, I promise there's a direct connection between what we're we're covering here.

So I think it was a previous episode where we were chatting with Chris Lovejoy, Kindral, if I didn't screw up that name, but one of the elements that, Okay. stood out in that conversation was the soft skills that come along with this. It can't just all be technical, but you realistically have to be a really good storyteller.

So I'm just curious. And this is like a really basic, broad question. We can go from there, what do you see in value of being a storyteller? As someone on the technical side, maybe not in the sock cause it might be pressing buttons, but as you have to convey information, is there value in investing in being able to communicate and tell like a good story behind what you see there?

Chris Cochran: You just opened a whole

Elliot: I know.

Chris Cochran: Storytelling is a skill set that is very, very human and applicable to every single person on the planet. Because when you're, you're, you're storytelling, you're, you're not just marketing, right? You're not just making movies. You're not just doing podcasts. But when you're interviewing your storytelling, when you're conveying information to anyone, your storytelling, when you're asking for resources for a red team, when you're asking for personnel to bring on to the sock, these are all aspects which you need to leverage storytelling in order to get your point across.

Because if I just shoot data at you, It might go in one ear and out the other, but if I can tie that data and evoke an emotion on any level, you're, it's going to be tied to that emotion. It's going to be deep seated in that person's mind. And sure, they may not agree with it, but at a minimum, they heard you and they understood you.

But if you don't leverage storytelling, you're missing the mark in a lot of different ways. And so I would say for anyone out there that is in cybersecurity or out, like really focus on that skill of storytelling. We used to tell stories all the time as kids, but I think as we go through school and we go to our jobs and we do, we have families, we lose that skill a little bit.

But if you just start to flex that muscle every once in a while you'll start to see that. People will start to listen to you. And so I would say, Storytell as much as possible, get intentional about storytelling and leverage it in everything that you're doing in cybersecurity and in life.

Neal Dennis: you're doing. It's not just

Ron Eddings: We're always telling stories about any type of information that we communicate to another person. I've had two people on the podcast that really have opened my eyes to what storytelling could be. The first one was there's this gentleman Neal Bearden that we had on. He really focuses on storytelling and one of his prime stories is a chance encounter that he had with a homeless person that was that he spent like the day with that ended up being like one of the better days of his life.

And Just this one story still sticks with me. I don't want to get into telling all of this story. I would, I would say, check out Neal Bearden. For one, he's a great storyteller.

The, the second one that really opened up my eyes was this gentleman named Robin Black. He's a MMA analyst, and the, he literally punched me in the face with stories during our podcast episode.

I've never been punched like this with stories, but the way that he breaks His insights on martial arts down relates that back to cyber security and makes me feel like I'm all a part of that journey. It was special and one of the words that he used to describe his technique is by providing nutrient rich pieces of information.

This is the scenic details. Where were you at when this experience happened? What time was it? Who was around you? Kind of like take me on that journey, make it as though it feels like I'm there with you. This gentleman really dropped on the podcast. And after that, me and Chris, we started to do courses.

We even hired a few storytelling coaches. One coach that we hired was a vocal coach who showed us how to tell stories by using inflection in our voice. She told me that I had a awesome forehead for telling stories. She's if you lift your eyes up, just think about, the, the information that you're, you're giving to the next person.

And no, there's just so many tools, but using these tools is native and built into us, like Chris was describing. And it's just knowing like how to intensify the tools that you have and how you use them for a specific story.

Elliot: All right, Neal, I'm sorry, but we got to shave your head. Yeah, I'm way ahead of you there. So Ron, I think there's one piece that I want to pull a little bit further because both you and Chris, fantastic storytellers. And you can definitely tell that you put in the work to do it, but it's not just the words that come out of your mouth and how you say it, but you all, y'all are put together.

Like, I mean, there's probably a reason most of our people are listeners instead of watchers if we if you're watching, which you probably aren't Neal has this fantastic background of stickers, and then I just have these stick on things to help reduce echo, but you all also put so much emphasis and focus on just The full picture, and I think some of that is we might be creating distractions, which is fine.

That's just our thing. And I love it. That aside, but, do you feel it's important to just have balance across all of it? So it's not just what you're saying, but what how you hear it what value do you see in all of those different elements, especially in cybersecurity when you have to be very factual, but you also have to convey information that's captured and you don't want to distract people with certain things.

Thanks.

Ron Eddings: Dying for a good story. I think that the whole, the, people love to be delighted by a good story, as long as it's within reason. You can't go on a 10 minute monologue if you have 30 seconds to tell something to your boss and they really just want to know that piece of information. That's you know, that's.

Just data dissemination. That's part of what we do as people. You tell me what time you were going to meet up. I don't think that you're going to want a long story out of me to tell you what time we're going to meet up. So definitely knowing the time and place know your audience. And when it comes to using this in cyber security and in the world of technology.

I think there's always at least a little bit of space for scenic details, especially when it comes to incident response, saying the what happened is very important. And how it happened. But I think that there's also a how and why for your customer. When me and Chris worked at a fintech startup, there was this.

Incident that brought down payment processors and no one was able, none of the customers that I guess were in a specific region were able to use their cards to pull money out and also to pay for things. So we were going through the incident. Chris was Chris was we used, we had these meetings where we would narrate and describe what happened on an incident, Chris was going through all the details and then it got real quiet.

Because Chris brought up a point about the customer and then the, I think the CTO jumped in and was like, Hey, listen, I just spoke to the customer and they said that people were at the bar. They didn't, they couldn't pay their tab. What do you think happened to them? People needed to get money for their kids.

They couldn't do it. What happened? What do you think happened? And I think like bringing in those elements really changes the dynamic of a cybersecurity incident. When you start to think about the people that were involved and are affected by that incident.

Chris Cochran: content. To be honest with you, when we first started, we were really, really good with audio, right? We, we, we wanted our audio to sound great because it was a podcast, right? And then we started to dabble in video.

And I would say your setups are infinitely better than our first setups when we started doing a video, like if you go back, I'm sure there are still some videos on the hacker Valley YouTube. Of me, like in my other office and there's a wall, smack dab right behind me and it's like bare, terrible, absolutely terrible.

But I will say that attention to detail is one of those really, really important things in anything that you do, whatever your craft is. And so if you're going to create content. Even if you have to like, all right, I'm going to get the audio nailed down, even though my video isn't all that great. Oh, okay.

Now I'm going to get my video nailed down and get it as good as my audio. And then, okay. So my editing is not great right now, but now I want to focus on that. You have to piecemeal it. If you try to do everything all at once, you're going to get overwhelmed yourself. But. I will say focus on the experience that people are going to have the devil's in the detail.

So really focus on those and then just iteratively improve over time. And that's, that's how, that's how people become great. That's how people become champions. It's not overnight. All of a sudden you're the best fighter in the world. You have to piecemeal that thing throughout an entire career. So I would say that that's what I would say about having everything pulled together.

Neal Dennis: you smell that thing throughout your entire career.

I would

Chris Cochran: Yep. True story.

Neal Dennis: what I would call it. I knew it was shit when I set it up, but it was better than the, I know you can see the pink wall back here. Blank wall. It's better than the first one where he, he didn't tell me he was recording for the sake of publishing. I was literally sitting on my bed.

Yeah, we ain't gonna go down that one. But That being said, that, storytelling, emotional responses, things like that, whether you're a guy or gal who makes people laugh, whether you're a person who makes them regret or, or cry or feel scared, feel happy, whatever it is. I find that if you can have an emotional response during whatever it is you're trying to present at some point in that people more likely to latch on to the, whatever it is you're trying to educate or share.

I think those are crucial, most of the time people are laughing because I'm falling on stage, but hey, it works. So I know we're up on time, so I want to be mindful of the hour, but I don't know if Elliot has any other things he

Elliot: No, take us home, man. Wrap it.

Neal Dennis: no. So Ron, Chris, thank you all very, very much for your time today.

This is obviously, for me, it's it's I'll admit to Elliot. It's impressive that we've we're starting year 3 of this journey at season 3 of this. I think it's a great way to kick this off. So thank you all for letting us use your name to get season 3 off the ground, but more importantly. Thank y'all for your insights.

Thank y'all for the knowledge that y'all bring to the community as a whole, consistently and persistently. And, for anyone else that's listening, once again, if you don't know Ron and Chris, but somehow you're listening to us, you, you started the wrong direction, but we appreciate it. And for those of y'all who obviously should know Ron and Chris before us, thank y'all for coming to listen to us chat with them today.

And we look forward to seeing y'all grow even more and congratulations on all y'all success guys.

Ron Eddings: Thank

Chris Cochran: you. Congrats to you. Here's a season three.

Announcer: Thank you for joining a Z T an independent series. Your hosts have been Elliot Volkman and Neil Dennis to learn more about zero. Go to adopting zero trust.com. Subscribe to our newsletter or join our slack community viewpoint express during the show did not reflect the brands, employers, or companies of our hosts, guests or potential sponsors.

0 Comments
Adopting Zero Trust
Adopting Zero Trust
Today, Zero Trust is a fuzzy term with more than a dozen different definitions. Any initial search for Zero Trust leads people to stumble upon technology associated with the concept, but this gives people the wrong impression and sets them off on the wrong foot in their adoption journey. Zero Trust is a concept and framework, not technology. We are on a mission to give a stronger voice to practitioners and others who have been in these shoes, have begun adopting or implementing a Zero Trust strategy, and to share their experience and insight with peers while not influenced by vendor hype.