Starting Cybersecurity in 2024 - Things I'd Wish I Knew
HTML-код
- Опубликовано: 2 авг 2024
- Going through some of the things I've learned during my career which I wish I knew when I began.
00:00 Introduction
00:05 Job Requirements
01:10 Big vs Small Companies
02:56 Beware Gatekeepers
04:23 Paths Into The Industry
06:51 Salary Ranges
09:22 Salary vs Compensation
10:08 Finding New Skills To Learn
11:04 Red Teaming & Pentesting 
Наука
![MURDER DRONES Series Finale [TRAILER]](http://i.ytimg.com/vi/p6mhC5Iatns/mqdefault.jpg)
Been in this industry for 20+ years and you're spot on. The community is what you make of it. There are jerks everywhere, so find the helpers. Great video.
the part about gate-keepers largely expressing their own insecurity is 100% true, I got pushed around alot at this job 5 years ago, thankfully was able to hold my own and the 4 self-impressive dorks who were constantly gas lighting me about unmanaged risks and opening up certain hardened systems through the firewall means we're compromised- they're are all gonzo now.
Hey Sir, I beginn soon with my Cyber Security Uni, could you give me any tips to become successfully into this carrer ?
@@Maa3zclghlgg "cyber security" is way too broad to give short advice. Cyber security can be hardware or software, but also physical security in the company. Depending on the size of the company, intruders aren't just sitting in front of their screen and typing code and commands all day. They could be an employee of the company or try to impersonate an employee too.
I appreciate your comment.
"There is no right path for everyone. The right path is the path that works for you." I love this so much.
A lot of this feels very relevant to general tech related jobs. Really appreciate this video!
i just disagree with the guy that a computer science course is wholly useless for infosec, spoiler: it's not.
@Oscar G the video author then followed up that claim by saying learning things like python can be very valuable. Python, a thing that is very commonly taught in computer science courses. So even he contradicts himself, but yeah, CompTia certs, that's great man.
@@p.chuckmoralesesquire3965 Most people I've worked along side with in IT, in the past 3-4 years, didn't have any formal education in computer science, when they started their career. Strong interest and willing to spend hours on learning new skills, even outside work, seems to be the key for many people I've met.
@@simonp37 I've been managing servers and doing IT support and engineering, some linux stuff, wamp/lamp webservers, dozens of SAML2/single sign on integrations, a couple API integrations, azure active directory, mobile device management, configured some switches, managed certificates and PKI, managed sql servers and written reports, pretty much anything but full time networking guy and most of the IT people I worked worth over the past 20 years are what I would call schlubs and would benefit from 3-4 years of in class learning of the things you learn in CS- things like data structures, functions, change, chance, discrete math, all of that 10,000%. There's a huge massive chasm of a difference between someone who is self-taught to play an instrument but can barely read sheet music VS someone who can compose the music my bro- and I see that in the IT world daily.
@@simonp37 Even most people who for example go through security degree programs through online colleges are just learning buzz words and fear mongering common morons with very little understanding of the tools they are using, they just know how to use a few tools and do security theater and I do find joy revealing their laziness and all of the fundamental holes in their goofy assumptions while throwing around and abusing terms like "cYBeRRR!!" so hey if this guy is just saying watch some youtube videos and magically become a 'partner' or w/e, that's great.
Hope to see a lot of contents from you in the future sir
This is definitely most helpful! Just recently did a career change into cyber and wanted to know where and how to start. This video helps a ton! Staying humble and listening to everyone helps. Looking for a job is what I find the hardest because all I see is like you said a ton of qualifications and I have none
Found you on a recent David B. video and now after watching this, I’m hooked. Thanks for hitting these topics on the head!
Adding this video to our resources page on Cybersecurity Central. Thanks, Marcus 😉
I've been following and knowing about you since your infamous WannaCry debacle. It's so great to see you making videos and sharing valuable things you have gathered along the years in the cybersec field. Keep it up!
Thanks for this video! I ve started studying in cyber 6 months ago, and these type of videos really help new people to get into the industry
This video couldn't have been more suited to my current situation, thank you Marcus for the excellent insight.
My thoughts exactly
As a recruiter this video is great - you cover so many bases for people just looking to get started.
This was well worth a watch, thank you for your views on all this. I am an aspiring Infosec professional, currently working through my education and a little foggy on where I want to end up with all the options, but it is good to know these things when trying to figure that out. Appreciated Marcus!!
Really good information. I do also own a small biz specializing in cisco stuff..hoping my comment could also add value. 1 , a degree isn't a must, but, it definitely an asset. Equivalent diplomas are usually good as well. Degrees helps when it comes to work structure, ability to do quality documentation etc , but if you can show your skill during without that on a resume it really helps...certification matters, to us at least. Persons coming in with comptia (A+,NET+ and now Security) are really good entry level....I recently hired someone who showed us how he used GCP to build his own sdwan lab (for fun)..anyone on an interview panel that is technical, will always smile with this...so show them the things you tinker with, anything at all..this video was well thought out and very objective
Thanks for the video Marcus ! Real solid advice!
Your videos are awesome and have inspired me in my own info sec journey. thanks Marcus , would love to see a pt 2 , 3 of this
You are awesome. My anxiety reduces when I listen to you!
Hey Marcus... First of all thanks a lot for the video 🙏
Can you make a video or tell us more about "Threat Intelligence". Like working process of threat intelligence, a path towards pursuing it, resources to learn it, and what are the daily to daily tasks of people working in this field.
Marcus, great and very informative content! Thanks for sharing!
Thanks for this video, sir. I needed to hear what you had to say, especially in terms of how elastic the requirements can be.
Educational and informative as always. Thank you for this.
Incredibly useful information for me as I'm trying to pivot within the industry , thank you very much.
i really enjoy listening to you dude . huge fan . thanks for the quality content .
Thank you for this, you’ve given me courage to go out an apply!
Great video Marcus, I watched your session with David Bombay recently and know of you from Wannacry. Looking forward to you posting more videos soon, couldn’t agree more that pen testing and red teaming is over saturated, threat intelligence is definitely interesting
This is great stuff. Your insight is valuable beyond words, really. Thank you very, very much for this!
I'd love to see a video where you go into more detail about why you've found Threat Intelligence to be more hacker-y than pentesting
Thanks for sharing :) Wish list from companies is something that happens a lot.
This was reassuring. I am trying to start and have been wanting someone to tell me the right way, but it's a "just do it" thing
Thanks, great advice.
2 points I have.
I'm based in the UK and went onto infosec after wintel and desktop engineer roles spanning almost 18yrs.
My biggest regret is not going into infosec earlier, mostly because it was such an easy transition from what I was doing before and less stressful than supporting end users.
There is so much to infosec than red team, Blue team
There is a regulatory and compliance, risk management and training and awareness.
I did my CISSP and that opened so many doors.
I wouldn't entirely say no to learning pen testing skills, cos knowledge is never wasted and it can help in advisory role. Tech staff wouldn't be able to bamboozle you.
Just came across this channel, absolute gold. Defo no need for degree in this field, personally went the CompTIA cert path and working on CCSP. Thanks for sharing.
What are your thoughts on Google certificates? 🤔
Thank you so much.keep up the good work👍👍
I enjoy your calm voiceover. It's very soothing. Not to mention the good content 😄. Cheers!
I really really really needed to hear this right now
Thank you so much for doing this video. I am a Cyber Professional who has been struggling to find a Cyber position. Your video was watched twice by me today. It helped me a lot.
Thanks mate, as an individual who has just started in cyber security field, it was pretty helpful.
Thank you. Great video!
I feel it to me also, but never got a single job in cybersecurity till now. But i just motivate myself that one day i would get a job in this field. thanks bro for this.😀
Thanks for this Marcus, you are the 🐐🐐🐐
This is amazing thank you for this bro 🙏🏼
As someone who started literally 2 weeks ago, I kindly thank you for that sir! stay as cool as u are!
Are you doing the CompTIA cyber security course?
Very helpful video! Thank you!
Wow! Where have you been?!? I have been looking for you! This is EXACTLY what I needed! New subscriber!
Thank you so much this is very useful
brilliant, you're doing it
thank you so much for everything you provide! c:
You are a good man bro , thanks for giving me hope.
Its great that I found your video, this is clean content. No dramaa👏👏
Great Info!.. Thank you so much!
Very helpful!! Thank you👏🏻
The opening of this video means a lot, I’m actually trying to get into tech
As usual Marcus you make a lot of sense. I too would recommend to study what interests you, don't just chase what you think is the money. If you are interested in something you are more likely to remember stuff and do well. I went back to school to do a CS course in 1995 (having left school in 1977!). Hardest thing I ever did but well worth it for the spin offs learnt along the way. Thanks for the video, I hope the young folks are paying attention.
he said on one hand that a computer science course is absolutely useless but then said programming can boost your subject matter knowledge so I dunno if he really understands what is taught in computer science classes but that's a gaffe
Great advice!
Great video, thanks!
Great advice Marcus.
Whatever field you work in, be and perform the best you can (sustainably in the long term). Learn your position relative to others from talking to various people privately and professionally, read some certification requirements and higher ed syllabi and job listings to know what there is to know. And it can be easier to think about your value to an organization in terms of what they'd lose if you left. Finally, try to find a workplace that values real ability to contribute to work being done rather than degrees, certs and resumés.
Be good.
thank you Marcus 🙏🏻♥️
Well said! Thank you
Love this video. thanks.
Bout 50 seconds in and I subbed lol gg’s dude, well said!
What a great video. Excellent 👌 thank you Marcus. My concern is that I’m 39 and breaking into the industry may be difficult 😞
Thanks. This is great.
Wicked thanks Marcus!
God bless you. This speaks to me
Thanks for useful video.
Glad this video came up for me. I was applying for nursing school which I don’t want to do because I’m a cna and I see what they go through. But while studying for my a+ I couldn’t find people who’s in tech that love there job and told me that there was to many people in the tech field. Everyone I met in tech was rude. One could even have me an entry level job but refuse to because he told me the field was terrible and he was gonna quit. That was 4 years ago and he’s still there
Would love of you to keep posting vid on how to properly get started.
This is good general advice for pretty much any industry. Also if you are interested in working for a government entity, then the salaries of each position should be publicly available on their website; also for jobs for a public educational institution. (true for U.S. jobs)
Absolutely helpful tips
I love you man! That was so great. I've got some of those amazon "stop signs" (what my 11 year old calls them). They look fab, but do you think they are helping you? Your room does sound good. You are right about all of this, fwiw.
Hi Marcus, Please make videos on a Path for someone trying to break into Threat Intelligence... If possible, share resources to start, labs to learn from, anything please! It's been a dream.
Your voice is so pleasant to listen to
You are a legend man !
Thanks for sharing ❤️
Super helpful thank you.
This video is great but I couldn't help but feeling like I was watching an ASMR video haha. Your voice is so smooth and soothing.
I appreciate the transparency and honesty in this video. I am starting a 2-month course with a small IT tech institute, and after i complete it they will assist me with resume building and job placement. I have no idea where this journey will take me but a wise guy once said the unknown is growth.
Hello, I'd really to know the name of this IT company, so I can enroll.
Saw your podcast with David it was dope’
Marcus such a chill dude.
Great advice. Thank you Marcus.
They need to feature you in Watchdogs. 😁
Would not say cs degree is useless tho... working in blue team I think it helped me quite a bit. Apart from that, thanks for the insights!
I think with in the second section you very well described my exact thoughts i would hate to work in a big company because I wouldn't feel like i was benefiting anyone or having a actual impact on it. Im not any expert in cybersecurity but i am interested in programming
His voice is so soothing.
5 years experience in CyberSec, absolutely agree with smaller companies, it's a great chance to gain invaluable experience. I turned down a law firm in London & I'm currently working in a small company and they've given me a Greenfield project to improve and make significant changes to their security company (Including ISO-27001).
Hi what certificates do you recommend
@@johntiles Depends what path you want to take, if you're a newbie to it all, start with the Network+ and Security+ to get those foundations in. Won't be sitting any of the advanced ones for at least 5-10 years. Experience counts more than certs these days for definete.
Much appreciated.
I am in cybersecuriy for 3 years now and I needed to hear this. Thanks mate, wise words.
What role?
You have a very soothing voice 😂 but good info! Subscribed!
u have a calm voice its beautiful
The new style in thumbnails is hilarious XD
Would love if you did a podcast with John Strand/thecybermentor.
Keep up the good work!
Thank you,just started PEH, there is a lot to take in as a newby..So it gets overwhelming
If I may chime in. When it comes to getting a degree you should be showing the ability to learn beyond concepts taught in the classroom. Ex learning a programming language and being as proficient as possible. Doing Linux projects. Learning a new skill that coincides with cybersecurity. Joining meetups to get to meet people in the field.
I’m a new grad from a cybersecurity bootcamp and I’ve been looking for a job since April. I’ve applied for around 60 positions so far and I’m still not getting interviews. To be honest, I got only one interview in the cybersecurity industry. I’m applying now for IT support roles so I can at least enter the field and build my career from there. I think mostly of the companies are looking for experienced people rather than training new people for those roles.
Yup this
IT support experience will do absolutely nothing to help you get into cybersecurity. The only way to get interviews is to copy/paste experience onto your resume from someone else's linkedin profile. I've gotten dozens of interviews this way, but you still have to be able to talk knowledgeably about the stuff you put on there
@@stuntman083 are you for real? Most companies would spot you for a fraud straight away. I actually thought OP's approach was really sensible.
Which certs do you have? Was the cost of testing for the certs included in the final cost of attendance?
Same here bruh! Finished grad school, no cyber luck, I ended up becoming a technical writer and getting my sec +. Still searching til this day 😒
Great Marcus...
Great tips! I love being in cybersecurity 😀
Hey just wondering what kind of daily tasks do you do working in cybersecurity
@@amb4368 Hey! I a non technical Campaign & Program Manager so I develop marketing campaigns with a focus on two cybersecurity products-- I create and optimize landing pages, work with paid search and Google ads, record product webinars and do video editing, create email nurture campaigns, and just find creative ways to market the products to bring in new customers and increase interest🙂 I hope that helps!
@@mayahicks2999 thanks, yes very helpful. I've been learning about all kinds of things to do in the cybersecurity field. Definitely a lot more to do than I thought.
Hey Marcus I’m currently a pentester and really enjoying it but would like to hear more about your threat intelligence work. Thanks!
Could you tell me about your experience as a pentester and is it as boring as he mentioned? i am studying for ethical haking
great video. can you make a follow up video on how you got your first job with no certifications or degrees? I'm just starting out and would love to hear what you did. also, how did you showcase that you knew what you learned?
I'm a 3rd year Cyber Security Student, gonna get my bachelor next summer, wishing for the best after the biggest down fall I had this year..
You are a hero Marcus, remember that
Hi Marcus!
Could you please share your view on Bug Bounty and give us a brief guide to get started into this.
I'll be waiting for your response.
What you said from 5:00 is especially important. The ability to understand how the technology works and the implications of a C, I or A attack on the system is paramount to protecting the system and understanding how to get it back to business as usual post attack.
The industry specific knowledge is very important for certain sectors, especially in OT or CNI.
I agree Marcus. I am with a small and it is the most powerful, creative and rewarding experience of my life. I will never work for a big again.