Become a Creator today!Start creating today - Share your story with the world!
Start for free
00:00:00
00:00:01
Phish Club is Building a Community for Junior Practitioners
131 Plays3 days ago
Madeline and Oliver from Phish Club joined the show to talk community building for junior practitioners in cybersecurity.
George K and George A talk to Madeline and Oliver about:
The power of lateral networking - building relationships with peers who will rise together rather than just trying to impress executives
What actually gets you hired - home labs and technical write-ups beat certifications every time
Creating inclusive community - from Discord lounges to bringing non-cyber friends, because networking is networking
The real skills that matter - curiosity in interviews, asking questions, and showing initiative beyond just following documentation
Their approach is simple but powerful: consistency, authenticity, and making sure no one sits alone in the back. The result? A thriving community that's helping practitioners actually connect, learn, and advance their careers together.
------
๐ณ๏ธโ๐ It's PRIDE month! ALL PROFITS from all sales of the Pride collection during the month of June will be donated to scholarships for LGBTQ+ students in cybersecurity.
And this year we have generous vendor sponsors who will match our donation!
Shop swag, help students. You can shop the collection here: https://bkbtpodcast.shop/
Recommended
Transcript
Resumes and Practical Experience
00:00:00
Speaker
Like the big thing I've noticed on a lot of resumes is people list out this, like they have a skill section that they list out all these skills that they have and there's nothing that backs it up.
00:00:11
Speaker
It's like, oh, I know, i know Python, but it's like you could just write that if you wrote help. Like what, what does that mean? Like, did you, did you know how to write hello world in Python? Like, What does that actually mean? Like tie that into an actual project that you've worked on. You can actually demonstrate you're you're interested in this. You're passionate about it. You you can learn on your own.
00:00:36
Speaker
i think that's the most important part is like the ability to learn this stuff on your own. I mean, I'm in. That's something too that we tell the students because everybody's getting the same degree. So there's like 200 in the classroom.
00:00:50
Speaker
You're all graduating with the same thing. But what do you have to show for that's different than your peer beside of you?
Introduction to Fish Club
00:01:02
Speaker
Yo, yo, this is the show. This is Bare Knuckles and Brass Tacks, the cybersecurity podcast that looks at the messy human side of the industry. i am George Kay with the vendor side.
00:01:13
Speaker
And I'm George A., Chief Information Security Officer. And this week, our guests are the founders of Fish Club, Dr. Madeline Sides and Oliver Stalinger and It's amazing. So for all the big groups for executives, I mean, I work for the CISO society, but you got a whole bunch of others.
00:01:33
Speaker
Fish club is where it's at for junior practitioners from students in their program, just coming out, uh, to entry level roles. It's really remarkable what they've built and really built
Founding and Purpose of Fish Club
00:01:45
Speaker
it out of necessity. So we cover a lot here, networking, upskilling, uh, Yeah, i was it was really just like a really fun, refreshing take from the from the the junior end of the pool.
00:01:59
Speaker
Yeah, it was actually kind of nice, a little bit refreshing because it validates a lot of โ I know for me, as a see so it validates a lot of my methodologies and my thoughts and and personnel development, kind of hearing the perspective on their side of the house um was really good and refreshing. I think they offer amazing advice. If you are a student who's trying to get into cyber, if you're someone who's on the fence on a career transition, wants to get into cyber.
00:02:23
Speaker
These guys are giving the best advice that you could ask for today. i think they are coming at in a practical perspective. I think they're trying to just do what they can in their arm's length of resource to get the most good for their community. And George, these are our kind of people.
00:02:42
Speaker
I love it. I can't wait to hang with them one day. We'll turn it over to them. Let's get into it. Fish Club, welcome to the show. Thank you for having us. Excited to be here. Yeah, I'm glad to
Challenges for Young Cyber Professionals
00:02:54
Speaker
be here, guys.
00:02:55
Speaker
We will start in the obvious place. You guys are practitioners. i am on the vendor side that by the rules of the show, I get first crack. So I am just going to start with you, Madeline, because we met a few months ago and then Oliver will kick it to you.
00:03:07
Speaker
But for the benefit of our listeners, just tell us what is Fish Club and what do you do? Yeah. So Fish Club is a nonprofit community that Oliver and I started, I guess, a little over a year and a half ago, but basically heavily practitioner.
00:03:23
Speaker
And we saw a need in the Charlotte community where, you know, how do we go and network? How do we go people our age, people new to the industry who don't really feel like they have the best community? How can we go and make friends, but meaningful connections? So we started going to the various events and, you We realized very quickly, you know, we didn't really feel like we fit in.
00:03:46
Speaker
Freshmen in high school all over again. and And so if we just wanted a way that, you know, how can we be a resource to those going through the same thing that we're going through, but also students that were previously in our footsteps. But I think through Fish Club and starting it up, we realized how big of a need it was for the community, but also other problems that arose that we're helping to solve and address in the process.
00:04:10
Speaker
Nice. Oliver, want weigh in there? Yeah, it's actually an interesting story because really we started... We first started by just networking and going to all these different events, you know, the Charlotte ISSA chapter,
00:04:26
Speaker
um i s c two all the different, you know, large nonprofit organizations. and And we quickly realized we were the youngest people in that crowd by probably like 20 years.
00:04:38
Speaker
And yeah and there's there is no one that was ah that was a practitioner. It was all just CISOs or salespeople, which is a a great, audience for a practitioner, as you all know.
00:04:52
Speaker
Um, so that's, that's really where this started. And, and it, it kind of, it it just blew up
Networking through Creative Activities
00:05:00
Speaker
really. I mean, when we first started this, uh, Madeline, I remember it was just me, Madeline, uh, and Brandon.
00:05:07
Speaker
And, uh, we had, we just were like, well we're going to start something for practitioners. We just threw it out there. and, And I remember our first meetup was at some brewery because it was it was free.
00:05:20
Speaker
We didn't have to pay for the venue or anything like that. And we just went into it like, you know, people, no no one will, people may not show up.
00:05:31
Speaker
Right. But at least we'll have to get ah each other and we'll still have a good time, even if no one shows up. And lo and behold, people actually showed up. We had a great time.
00:05:42
Speaker
People wanted more events. and And so that it it kind of evolved from that. um And then we, you know, the other the other part of this is that a lot of people in the practitioner space are introverted.
00:05:59
Speaker
You know, you don't really see them at these events because it's it's very intimidating. I mean, being, you know, an introvert in a crowd of people wearing suits, people that are, you know, very ah much older than you, different like way more experienced than you, you know, their executive positions um like that's very intimidating for a practitioner.
00:06:21
Speaker
ah So we wanted to really lower ah those stakes. And so we found that actually, if we if we hosted events with with some kind of activity involved, people just naturally started talking. So one of my favorite events that we did, ah we did pottery painting.
00:06:40
Speaker
Nice. And and that was a huge hit because there were so many people that showed up that this is this was their first event. They came solo. And at the beginning, it was kind of awkward. Like everyone sat down. we had all these tables laid out and, you know, they go they all selected what pottery thing they wanted to paint.
00:07:00
Speaker
And what just naturally happened as people started painting this pottery is, you know, as you're working, doing this, like the conversations just happened. And we started to see all of Because focus your attention on the thing and not like...
00:07:14
Speaker
The social. Well, why do men stand beside each other, not across from each other for conversations, right? Yeah, no, exactly. And we, like, it actually formed friendships. Like, that was the coolest part about this, is it instead of just having a networking event where everyone's going in, you know, saying, hey, what's your job title? Where do you work? ah Shake my hand, connect with me on LinkedIn, and then never talking again. how?
00:07:42
Speaker
Literally just described 80% of cybersecurity events. Yeah, exactly. So we wanted to do something different. And we we see we've realized there's ah there's a huge need for
Bridging the Cybersecurity Age Gap
00:07:55
Speaker
this. There's been a lot of success. And I just love it because I love just seeing people connect and forming friendships and making and making those long-term connections, like actual connections.
00:08:07
Speaker
Nice. Yeah. And I will say since we started Fish Club, too, there's been a lot of people who've approached Oliver and myself saying, you know, I didn't really have community before you guys. And so just people trying to make friends in their own lives. so So it's cool that we've been able to be an outlet for them. But also like beyond the meetups in person, we try to build out the ol online platform, which we're just hosted on Discord.
00:08:31
Speaker
So trying to like. Tonight, for example, at seven o'clock, we always have a lounge session where people can just come in, talk, connect that way because not everybody's always available for the in-person events. But we've extended beyond Charlotte to where we do have people in different states now. So how can we cater to the people who are out of town and maybe can't travel every month?
00:08:52
Speaker
So it's pretty cool to see the community grow in that way.
00:08:57
Speaker
Oliver, you brought up a couple of interesting points there, and kind of want to explore that a little bit. Just because in what we've been experiencing and seeing, um the average cyber director in CISO now has like really dropped in age.
00:09:10
Speaker
like Don't get me wrong. I'm 38 years old. I've been a CISO for almost five years. I'm usually like you guys, the youngest guy in a room when I'm in executive sessions by like 10 to 15 years on average.
00:09:22
Speaker
But there are a growing number of young leaders. and And I would imagine that like you guys would then kind of start building a platform that develops these young leaders because ultimately like, you know, the guys who are, sorry, guys and gals who are part of your club now,
00:09:38
Speaker
who are L1, L2 analysts, just starting their run in defer, just starting their run in content, like whatever, like i i mean, like seam content, um whatever it is, they're eventually going to get into a senior role.
00:09:51
Speaker
Is there, i guess, locally ah such a big gap between leadership and the working levels? Or is this just like... trying to find a way really to build that community that's focused on folks kind of in those like lower working level positions. And then you're going to grow the association kind of with them as their careers grow.
00:10:12
Speaker
I'm just trying to see like, how is this thing going to grow? Because it seems like you have like a really great idea and then you could scale this in like a million different ways. And I just want to understand what you guys like really ultimately want to achieve. Yeah.
00:10:26
Speaker
You know, that's, that's a great question. And I do see, so, so I do see that there is, there's still a lot of gap between ages, between, you know, senior leaders and yeah managers and and whatnot.
00:10:40
Speaker
Um, I don't see a lot of people like my age, the managers there, I have met a few, but it's, it's not a ton. And, And when we're talking about fish club, we're really open to everyone. Like we when we say practitioners, we we have executive level people in the club. We have director level people and they really take the role of that that mentor. And that's really what we want. We want to connect the two and instead of just having one. we Why not?
00:11:10
Speaker
We're bringing everyone together. Right. Because the practitioners, they need that guidance. They need um They need those pathways to leadership. and and i've And I've seen a lot of people that have kind of risen from the ranks that way. and and And you kind of only are able to do that with with some guidance.
00:11:32
Speaker
Madeline, what you seeing in your experience, too, though? Yeah, I would say like it's a push and pull similar to what Oliver's saying, right? Like how can we now invest with the students?
00:11:43
Speaker
Because the students will be in our position
Standing Out in the Job Market
00:11:45
Speaker
as well. So be in that same trickle down effect. But yeah, I think overall, like you think about leadership in cybersecurity, most of the leaders that we see today were like the OGs that started when cyber became like the new buzzword, right?
00:11:59
Speaker
So everybody's just following in those footsteps. um I will say now, like, especially my experience in cybersecurity, there's a lot of emphasis on the talent. But also to like thinking about the job opportunities right now in the market, I think that's kind of a hurdle, especially as people try to break into cyber. And so that's something we've seen in our community where people want to grow, but maybe there's not as many opportunities right now.
00:12:23
Speaker
And so that's been a problem that we've tried to help solve. And that's where, you know, like the senior leaders in our Discord can help mentor the future talent because the opportunity may not be there now, but doesn't mean that it won't be there a year from now or like six months down the road. So it's really just making sure everybody knows what is available because I think that's something to, um,
00:12:46
Speaker
Most of our members are students that become practitioners, but you don't know what jobs are actually out there in the market until you experience cyber for yourself. And so it's a very, ah very textbook, narrow focus of like, hey, I'm just going to be a blue team or a red teamer.
00:13:03
Speaker
Nobody knows about all the other different roles out there. So kind of just making that known, but also just the execution and the timing. ah You always got to continue to practice. And I think that's something that we push through our community is like,
00:13:16
Speaker
you know, the opportunity may not be there now, but if you have the discipline and the drive, you can get to where you want to go. And so um it's all about that execution and ah being ready when, when the time comes. So I think a lot of people have that ambition in our community. And um I think there's a lot of people that is at the practitioner level that would be great leaders one day. And they're just looking for the experience.
00:13:41
Speaker
and And actually I would, I would also say that, um, Fish Club gives people a lot of hope, right? there's from From my experience, and I've gone through this too, I graduated in 2020, the height of COVID, and it took me 10 months to get a job, even though was qualified for a job. It took me 10 months. I literally applied to over a thousand different companies.
00:14:10
Speaker
ah Jesus. and a ah got to a point i literally started so i live in north carolina i started applying for jobs in north carolina ran out of jobs to apply for there i started applying to jobs all over the east coast ran out of jobs there applied to like every job in the us i got to a point where i started applying to jobs like all over the world. I literally didn't care.
00:14:32
Speaker
I was applying to jobs out where it was going to be like, i would i would be doing, um, it work for hospitals out in Afghanistan. Like I was, I was just applying to everything. And that's yeah a lot of people are experienced. That's experiencing that same thing.
00:14:49
Speaker
And but it's, it's wearing, it's really, ah it really is. I'd wake up every morning to like 10 rejection emails. And that's a, that's a slog. And going through that, you start feeling like, oh, I'm not good enough. Oh, like I'm seeing this guy getting a job. Like, why can't I get a job?
00:15:06
Speaker
And there's a lot of people going through that right now. And I feel that pain so much.
00:15:13
Speaker
You know, it's it's actually so a lot of exposure that we've had is are with international students and it's it's even worse for them. I don't even know what to tell them most of the time when they come up to me. We'll say political tensions that they're dealing with, too.
00:15:29
Speaker
Yeah. And they're coming up to me. They're like, my visa is going to expire in three months and I haven't heard back from anyone. Like, what do I do? And I just I don't know what to do because the people are just not hiring. They're not sponsoring.
00:15:45
Speaker
And it it's wearing on me, too, because I don't like I want to help them, but I don't know how. So you have got, you guys both touched on a lot of stuff that we've talked about over the course of three seasons. Some of those things are like, when people tell you like, Oh, you should network.
00:16:05
Speaker
A lot of people don't tell you what that means or how to do it. Right. So I think obviously fish club has some, uh, uh, stuff that you can talk about there, especially like these newbies at a school who again, told to go do this.
00:16:21
Speaker
Um, We've been big advocates of networking as the way to make the relationships with people who will talk about you in the rooms that you're not in. That's kind of the longer definition of it, right? Like the last two gigs I've gotten have not involved even a resume. It's somebody recommending me and then you get that first interview.
Building a Supportive Professional Community
00:16:40
Speaker
So you talked a little bit there in the beginning about, yeah know you know, got introverted people, they didn't have a way to network. And we got through those first few awkward meetings. So can you talk a little bit about like, what you're seeing in that skill set? Now we're a couple years outside the pandemic.
00:16:57
Speaker
Maybe people sort of come out of their shell. But like, when people show up for the first time, like, what are you trying to tell them there about? Like, what is how do you quote unquote, network? So that's that's a great question.
00:17:10
Speaker
And that is something that we have been thinking about a lot. And and you know that's kind of our core to make it as easy as possible. And you know really, the the secret sauce ah per se is, is at these, at our events, we ensure that we talk to everyone.
00:17:29
Speaker
Like there's no one that is sitting by themselves in the back. Yeah, no, we will go and talk to them. We will find out like what they're interested in, like what they're here for.
00:17:42
Speaker
And the real trick is, You know, your your the goal is not to just talk to them the whole time. The goal is to figure out what they what they're here for, what they're interested in.
00:17:52
Speaker
You know what? Maybe what kind of, you know, you eventually you'll find something that you've already talked to another member about and you can bring them together. And that's that's really the secret sauce to this is is when people come here, they're not left out.
00:18:07
Speaker
yeah And I think it's about creating that safe environment for them. And so I think something that's unique with us as well is because we are so inclusive. Some people like to come with a friend, but maybe they don't have another nerdy friend. So it's like, just bring your sister, bring your boyfriend, girlfriend, like whoever, like whoever you're going to be comfortable with. Because at the end of the day, networking is networking.
00:18:25
Speaker
even though that person may be in healthcare and not like cyber, or like maybe they're in HR, that's still a network that you're building. Cause they might have a connection later down the road. And so I think that's something unique about us is that we try to stay all inclusive.
00:18:40
Speaker
And so people have brought their friends around and then that friend has had a connection that's helped somebody else in the long run. So I think that's probably one of the coolest things, but creating that safe place where people do feel like they're valued and included, um,
00:18:55
Speaker
Like Oliver said, just going out of your way, like shaking somebody's hand and learning their name. ah Now I'm horrible with names, so it's hard for me to remember from event to event, but that's why you have name tags. But you usually remember a fact about that person that you can bring up later. And then the conversation continues.
00:19:11
Speaker
So yeah, there was a lot. Our past guest, Candace Williams, talked a lot about what you guys have essentially created, which is networking laterally, because a lot of people hear networking and they think it's just this vertical thing. Like I got to go find the leaders and just ingratiate myself to them and they're drag me up. But I think what you guys are creating is this ability to build broadly across. But George, wait, let's go to you because you're giving me, you're giving me reactions. George H. No, I'm giving you like the, you guys are correct. I'll tell you this is a lesson learned as an executive that went my way up from
00:19:45
Speaker
What I've noticed about the most successful execs, and I try to maintain this as well, is they will build up a crew of people around them. And that crew carries with them throughout their career. And you'll see, like, they'll go to a different shop and little by little, they just start hiring their old friends back. And they take the band to a different show. And they do this from company to company to company.
00:20:05
Speaker
My CIO has built our division up essentially like out of every other company he's worked at in his career, he's pulled people in And those of the folks with all the years in together are essentially in the leading positions now.
00:20:19
Speaker
And like, it's just a lesson learned in how to create career longevity, because it's not just like when you go to interview for a higher level role, they're going to ask you not just what you yourself as an individual contributor can bring, but what does your network bring? Can you build a team? Can you build a staff?
00:20:36
Speaker
I think what you guys have built here, even though like it's schoolyard basic, like I can't believe we're actually having our articulate. 2025. Yeah. but But if you just give a chance for people at the same relative levels to come together and rise up together, like it takes a village. Like there are some outlier cases where somebody is like a huge superstar, like somebody is a Marcus Hutchins.
00:21:02
Speaker
Someone's a Chris Roberts. But even those guys still have friends I'm sure that they kind of rely upon. Right. So it's I think what I'm trying to to find from you guys is how do you guys maintain the momentum?
00:21:15
Speaker
Right. Because it's easy to put on one or two good events. It's easy to put on a discord channel, a group. Shit. I'm in like at least half a dozen group chats on any given time from all sorts of things.
00:21:27
Speaker
But having that turn into a cohesive program and you guys have full time jobs, like how do you guys manage this formula? and And really, like, is there going to be a point where you have to scale out with people or is it just always going to be something that's manageable? Like, I just fuck I'm so excited Yeah. So I guess cool early on, like when we were talking about like, how do, how do we do this? What if nobody comes to our events? Like what Oliver was talking about.
00:21:57
Speaker
The biggest thing for us is that we knew if we were consistent, then we, we a hundred, then we gave a hundred percent. And so I think that's kind of been the common denominator that's laid the foundation for most of what we do. As long as we're consistent and we show up, then it doesn't matter how many people come to our event. The event is successful because we, put 100% into whatever we did.
00:22:19
Speaker
And I think just through that and the personalities that we've created in the discord themselves, people will come because of those personalities. And it's like, oh, we get to see like this member this week or, you know, people have their own like ideas and I think it's just the community built on like a foundation of like, hey, going back to the safe environment. Like, you know, this is a place where we can relax. It's not as tense. It's not like, hey, here's my job experience. This is what I do. Like, we actually want to get to know people.
00:22:50
Speaker
And I think that's what brings people back is because they feel... They're able to be themselves. Like there's no pressure involved, like strip the titles down. um You know, just who are you to the core? Not like what your job title is.
00:23:05
Speaker
And so then once we get to. ah Yeah, it's like the most boring conversation starter. Exactly. Who are you with? Well. Yeah. So we try to just make it as personable as possible. But I think the biggest thing that laid the foundation, and I'm sure Oliver has more to this, but as long as we were consistent, because we do get a lot, like, how do you plan on expanding?
00:23:27
Speaker
How do you plan on reaching more people? Because the Charlotte community is a very close community in general. There's a lot of great resources and networks within Charlotte. And so um we always get asked that question, like, how do you how do you going to keep this drive? And Oliver and I have sat there and asked ourselves the same thing, like, how long will we do Fish Club before we pass it off maybe to somebody else?
00:23:47
Speaker
Because eventually one day, you know, we hope that we're in senior leadership and other practitioners can lead the community just like how we did. And so um how can we make that maintainable for the future and other people who want to step into this position?
00:24:05
Speaker
um Hey listeners, it's Pride Month and that means the annual fundraiser is back. In the month of June, all profits from all sales of Pride merch in the BKBT swag shop are donated to scholarships for students in cybersecurity, both undergrad and graduate studies.
00:24:26
Speaker
We have a whole bunch of new swag. So check it out at bkbtpodcast.shop and check out the Pride and Cyber collection. Anything you buy there, we're donating profits from.
00:24:39
Speaker
And this year, we have corporate sponsors who will be matching our donation. So let's see how much we can raise. Thank you for your support. And thank you for listening.
00:24:57
Speaker
Yeah, but but that's kind of like the thing of it too, right? It's, I believe that to make that model work, I think eventually you guys will probably live that out by example because you guys have probably been a bunch of good friends too.
00:25:11
Speaker
And I think what it ultimately comes down to, and Oliver, love to get your kind of take on this because you bring up the point of the introverts, right? That are especially at the at the like practitioner working levels is how do you then get them the skill set of like maintaining the friendships, right? Because networking and having a good time with someone in that you know first impression, that's generally easy-ish to achieve for most people.
00:25:38
Speaker
But then how do you go like three months, six months, a year, you know two years plus later? Because basically to to make this investment, to make it pay off. You're talking about year over year maintaining these friendships. Yeah, long-term investment.
00:25:52
Speaker
And building them
Overcoming Job Market Challenges
00:25:53
Speaker
up. And so do you not find that sometimes some of these folks need a little bit of coaching on almost like how to build and maintain those friendships? Oh, yeah.
00:26:02
Speaker
Yeah. Oliver's face says yes. Oh, yeah. So actually funny story. We've done a lot of work with ah the local university here, UNC Charlotte. And but so we've we've done a lot of talks in front of students where, you know, it's we're talking about like the the basic basics.
00:26:22
Speaker
Like, how do you dress? How do you approach someone? And like, how do you talk to someone? Um, and actually I wanted to slightly go back a little bit about, you know, the lateral networking part is something ah tell people a lot, like, especially when you're trying to get like a technical role, uh, a role on a sock, um,
00:26:45
Speaker
you know Going to the CISO or going to the even just the hiring manager isn't usually the person that's deciding that that you get that job. It's the people on that team.
00:26:58
Speaker
So once you if you network with people on that team, like the actual practitioners that will be working with you and they like you, you're probably they're probably going to want you over all these random people that have applied, even if, you know, maybe some guy is like a some crazy credential or whatever. I don't know.
00:27:16
Speaker
But they're going to want to pick the person they know and they like and they know they like and they like to work with and they like to be around. Yes. Yeah. so So that's that's the biggest thing. it's funny because in my actual process for hiring, the most important phase in the interview with me, it's the interview with my team.
00:27:33
Speaker
And can tell you I ain't going to work with you. You're going to work with them. I talked to my my talk team leads after these, like, you know, those and those meetings, if they give the old thumbs down. It doesn't matter how, and I've had to say no to some super, super duper qualified people, but the vibe wasn't right.
00:27:51
Speaker
And it's what I explain to people all the time when I try to help students and do coaching myself. It's like, don't worry about the certs. Figure out enough basic project knowledge so that you can get planted and learn, but be a good vibe, be a good vibe. And I think that's like in all these boot camps, quote unquote, that's the part they fail to teach you is people have to find you tolerable.
00:28:13
Speaker
Yeah. Or even enjoyable. or enjoyable, yes. But here you go. That's actually great segue. It's almost like we do this every week.
00:28:24
Speaker
um He was talking about certs. We've talked about this. We call them paper tigers, where you've got like a lot of letters after your name, but you don't have any practical skills. um We have also...
00:28:36
Speaker
talked about a lot of students who I feel tend to narrow very quickly. Like everyone wants to be a pen tester. It's also like the stuff that's going to get automated, like right away, right? Like that's a commodity skillset that AI is going to drive the cost of way down. So now that you're in contact ah among our listeners, you guys are probably the closest to the bone in terms of the very entry level talent.
Aligning Strengths with Cybersecurity Roles
00:29:03
Speaker
what are you guys talking about? What are the conversations about? Like, what are the skill sets that people are looking to acquire to kind of put themselves over? Like a machine could do that basically.
00:29:14
Speaker
Right. Cause that's the, the fear is that the machine just takes out the bottom rung of a lot of the work. I mean, honestly, um What I tell most people is to demonstrate that you're actually passionate about it by working on projects in your own time.
00:29:35
Speaker
Like you could, I mean, honestly, if, if you can build a home lab, if you can like engineer your own like defensive home lab off it, whatever it is, i mean, you really can work in any entry level role in cybersecurity, at least technical role.
00:29:54
Speaker
Um, So that's, that's the first thing I tell people is like, if you don't have a home lab, that's should be your first thing that you start because it, it shows that you're not just going to a bootcamp and getting a checkbox, uh, or you know how to just cheat on a test or cheat your way through college.
00:30:14
Speaker
Um, or you like the big thing I've noticed on a lot of resumes is people list out this like they have a skill section that they list out all these skills that they have. And there's nothing that backs it up.
00:30:27
Speaker
It's like, oh, I know i know Python. But it's like you could just write that if you wrote help. Like what what does that mean? Like, did do you know how to write hello world in Python? Like what does that actually mean? Like tie that into an actual project that you've worked on. You can actually demonstrate you you're interested in this. You're passionate about it. You you can learn on your own.
00:30:52
Speaker
i think that's the most important part is like the ability to learn this stuff on your own. I mean, I'm in. That's something too that we tell the students because everybody's getting the same degree. So there's like 200 in the classroom.
00:31:06
Speaker
You're all graduating with the same thing, but what do you have to show for that's different than your peer beside of you? You know, because the job market is not easy to find something, but also like, you know, we have a lot of people in our community who maybe didn't go the traditional college route and just switched in through a different career field. The most recent one I can think of is somebody that was hired less than a year ago as a cyber engineer.
00:31:31
Speaker
But prior to he was ah personal trainer. And he was like, you know, how can I break into cyber? What can I do? And so we told him, like, build home labs. If you don't want to go get a degree, try to study like the security plus know the basics network plus.
00:31:46
Speaker
And he did. He went and got the certifications, but he also did the home labs and did technical write ups on it, created a website to showcase that work. And it was actually incredible because when the hiring managers interviewed him, they were like, the thing that caught our attention the most was your technical write-ups, showing where you actually did the work and you can actually talk through it. And so they talked to him more about those projects that he did than any of the certifications he went and got, or, you know, just, just seeing the drive and the motivation. Cause making a transition from personal trainer to cyber in less than a year is pretty crazy, let alone becoming a cyber engineer. So I thought that was pretty incredible.
00:32:27
Speaker
Yeah, I love it. I mean, George, you can speak to that. i mean, I feel like that was like straight out of your your rant that we've had on this show many times about what you want to hire for. yeah I make it as a thing, right? Like I tell people all the time, like, what's your home lab, right? Like literally out of like Oliver's just repeating my words on that. um You know, it's the one piece of advice I always tell people as well.
00:32:49
Speaker
but I think the problem is, and it's not a gatekeeping thing, right? like I think, first of all, people need to understand that the reference that we're talking to are security operations, technical personnel, investigators, like incident responders, right?
00:33:04
Speaker
That does not mean that there isn't value in like the compliance and policy folks, because it was super important too. And that doesn't mean that like you can't be sec ops person and go into GRC and vice versa.
00:33:18
Speaker
But what it does mean is that the path to get in, like just so folks understand what we're referring to in this episode, people that want to work in an operations role where they're either breaking down malware, monitoring systems, going through alerts and managing software versus trying to update policies, review contracts, review SLAs, and then you know go through like trying to reestablish compliance renewals or whatever for the company.
Value of Soft Skills in Cybersecurity
00:33:45
Speaker
right Like that path to was also it's equally hard. And I know Madeline, because I i like to study our guests like before the episode, you also have a compliance background. Do you find then that when you're giving advice to people who maybe they just really don't like looking at code?
00:34:03
Speaker
Because I'm not going lie to you. Like what I remember when was learning, I had to like deal with PCAPs and I was on Wireshark. fucking hated it. It was the worst game in the but it was necessary. Right. But do you find if you're dealing with someone new as a student or maybe they're just doing that career transition and they're not necessarily a technical minded person, how do you give them or what's the advice you give them about directing them to a path of compliance and policy?
00:34:27
Speaker
Yeah, I think I resonate with not liking code. I always complained to Oliver. I was like, I'm so glad I i don't I'm not like a software engineer or anything. But, um you know, sometimes people want to be in it, like you said, and maybe they just don't have that technical expertise, but also being in a sock, having, you know, the patience or the mindset to work in chaos like that.
00:34:50
Speaker
And So, you know, being in a GRC role, there's different skills that you have, soft skills that I think goes a long ways. um So finding what they're good at, you know, it could still be problem solving, but maybe it's not problem solving as let me engineer a new solution or tool.
00:35:09
Speaker
Maybe it's just how can we make this process more efficient? And so so I think the soft skills at the root of it depend on who it is. Maybe it's just managing processes or teams, but, you know, I made the transition from SOC analyst to compliance and it was completely different. It is a different mindset.
00:35:29
Speaker
I went from very much in the weeds to all the tool access to no tool access. And I was having to have a more business mindset of like, what do I need to be worried about downstream? Where's the business heading?
00:35:41
Speaker
And, and less about like, Okay, the threat actor accessed XYZ. We need to remediate that. I was no longer focused on the remediation side, but it was how are we like...
00:35:54
Speaker
making sure the business is okay. We don't have to notify regulators. And I think that's just like a different ah mindset, developing tabletops. I mean, that's just like a whole different skill. You have to be very creative in that. And I don't know if I'm necessarily great at developing tabletops. I like conducting them, but it is hard. Like I would say that's a skill that I find to be very difficult. But if you have that creative mentality and you have an idea of how the the business can be impacted.
00:36:22
Speaker
Like, for example, I never did theater as a kid, but i I have a feeling like people who love to read and like write plays and um things like that of the arts, they're probably great at developing tabletops.
00:36:34
Speaker
Me, not so much. And like people who like to play video games, so ah they have like, especially like, I guess, D&D. I've never gotten into that, but I find that most people that play that, they have that ability to be creative.
00:36:46
Speaker
Whereas I struggle with that. I'm more of like it's black or white and it's hard for me to think of things. But I think it just goes to the soft skills, like find what you're good at and apply that. Don't focus so much on like what you could be better at, but tap into what resources you think that you would be great at.
00:37:03
Speaker
um And it it doesn't necessarily have to be technical. I think you have to know that technical knowledge. But at the end of the day, if somebody is not great at looking through a bunch of logs or um writing new software, then Doesn't mean they still can't be in cyber.
Career Advice from Oliver and Madeline
00:37:18
Speaker
I've seen a lot of people like the training and and stuff.
00:37:21
Speaker
I would definitely say um even if you are technical and you've done the home labs and you've done cool write ups.
00:37:30
Speaker
Eventually, you have to explain what happened to somebody who doesn't understand that. Right. And like a lot we've talked a lot on the show that you can be super technical, but if you can't translate it to the business, you kind of get railroaded into that individual contributor role. It's hard to like ever get into management because management is just about communicating across the business. Right. It's like ah it's a different skill set.
00:37:52
Speaker
But as we kind of round to home here, I want to turn our, I guess, our view a little backwards and ask you, we'll start with you, Oliver.
00:38:05
Speaker
Knowing what you know now and, you know, the time you have under your belt in the job market, what would you have told your graduate self? Like if you had if you had the benefit of of your experience today?
00:38:21
Speaker
The way i would answer this is is it's just through what I've observed. right People fail in certain areas. um Number one people don't network.
00:38:37
Speaker
they don't They're not getting out there. They're not networking with other practitioners. Right. That's number one. And that's kind of like your, your way to, to getting a referral or getting, getting that first interview practitioners or hiring manager is getting that first interview. Then number two, not asking questions like people in like when you're in an interview,
00:39:04
Speaker
And you're given and kind of an open-ended technical question. And if like I would be very surprised if if people aren't doing open-ended technical questions for a technical role, like ah like a security operations center.
00:39:18
Speaker
um If you're not asking like a million questions to break down that question that they just asked, then you're doing it wrong. I love it.
00:39:29
Speaker
I love it. We talk about curiosity on the show all the time. Just curiosity. I kid you not. So I've, I've done, I've, I've interviewed a lot of people, um, especially for security operations.
00:39:43
Speaker
And I've asked them these technical questions and I was honestly surprised by the amount of people that will immediately not ask, ask me a single question. Just take the question that is like, uh, at its face value and just start running with it. Like that's where they were supposed to go. Like they knew everything about it.
00:40:02
Speaker
And And that I guarantee none of those people got the job. um So that's that's the other side. That's the other thing I see where people fail at. And then the other thing was what I mentioned before is just not doing things outside of school, outside of getting a certification or outside your boot camp, um obviously building those home labs. So those are like the top three things that I think if you want to get a job in cybersecurity, you need to do.
00:40:34
Speaker
Love it. Madeline, what would you tell what would you tell former Madeline? I would tell my former self to think more outside of the box. I definitely was the type that came into a SOC and followed the process documentation to a T. And that ended up um not allowing me to promote one year, which thankfully I did get to promote six months later, but it was because I siloed myself to the process documentation versus being more creative because I put those restrictions and limitations on myself.
00:41:05
Speaker
So I think it would be, you know, utilize the resources that's available to you, but don't be afraid to be expressive and do a little bit more work, even if it's outside of your scope and then come back after you exhausted all those resources and say, okay,
00:41:21
Speaker
this is what I know. um and this is what I don't know.
Impact of Fish Club
00:41:25
Speaker
And then ask somebody for help. I think I was too focused on like making sure all the check boxes were checked before anything else and not really using my full abilities to, you know, dig deeper. So I, that's what I would tell my former self that. And, um,
00:41:41
Speaker
you know, don't be scared. and think I was ah always intimidated by people being smarter than me, but everybody's there to learn. And I think that's what I would tell myself, like, don't be afraid to fail.
00:41:53
Speaker
And I i think just to round it out, like if you have that lateral network and you have this meetup and you're talking with another SOC analyst, you can share that experience and they can you get the benefit of somebody, maybe a peer telling you like, oh, I also did that.
00:42:08
Speaker
But then I learned how to, you know, like you can bounce a little bit of your fear off of one another and you're you know learning at the same rate. anyway And I can also validate and confirm you don't get promoted if you don't show initiative.
00:42:23
Speaker
Absolutely. Very true. All right. Well, um for those who are listening outside the Charlotte area, by all means, check out Fish Club. And they got a Discord server. And you guys got a sick swag store.
00:42:35
Speaker
just going to say. Yeah, pretty solid, actually. Yeah. It's, you know, people who take swag very seriously. So thank you for your time. Thank you for your attention. We really Love what you guys are doing. And hopefully we'll run into you at one of these conferences that is not just executive. So I'll see you soon. Thank you. Awesome. Thank you guys so much.
00:42:59
Speaker
If you like this conversation, share it with friends and subscribe wherever you get your podcasts for a weekly ballistic payload of snark, insights, and laughs. New episodes of Bare Knuckles and Brass Tacks drop every Monday.
00:43:12
Speaker
If you're already subscribed, thank you for your support and your swagger. Please consider leaving a rating or a review. It helps others find the show. We'll catch you next week, but until then, stay real.
00:43:26
Speaker
There's no charge. Yeah. Give me one second because there's a small child knocking at the door. Give me one moment. Real life.