ConvoCourses

https://youtube.com/live/l_jx9KjeJkI

http://convocourses.net

The Zero Trust security model is a cybersecurity framework that operates on the principle of "never trust, always verify." Unlike traditional security models that rely on a strong perimeter defense, Zero Trust assumes that threats can come from both outside and inside the network. Therefore, no user or system should be trusted by default, regardless of whether they are inside or outside the network perimeter.

Here are the key principles and components of the Zero Trust security model:

Verify Explicitly: Authenticate and authorize based on all available data points, including user identity, location, device health, service or workload, data classification, and anomalies.

Least Privilege Access: Limit user access with just-in-time and just-enough-access (JIT/JEA), risk-based adaptive policies, and data protection to reduce the risk of lateral movement.

Assume Breach: Assume that a breach has already occurred or will occur. Minimize the blast radius and segment access by using micro-segmentation and real-time threat detection and response.

Micro-Segmentation: Divide the network into smaller, more manageable segments to prevent lateral movement of threats within the network.

Continuous Monitoring and Validation: Implement continuous monitoring and validation of user and device activity to detect and respond to anomalies in real-time.

Strong Authentication: Use multi-factor authentication (MFA) and other advanced authentication mechanisms to ensure that only legitimate users can access resources.

Device Security: Ensure that devices accessing the network are secure, trusted, and compliant with security policies.

Data Protection: Encrypt data at rest and in transit, and implement data loss prevention (DLP) measures to protect sensitive information.

Implementing a Zero Trust security model requires a shift in thinking and architecture, involving the integration of various security technologies and practices to create a robust and adaptive security posture.

http://convocoures.net

http://convocourses.net

http://convocourses.net

https://www.amazon.com/Cyber-FISMA-Compliance-Cybersecurity-Privacy-ebook/dp/B0D4KR6F2C

convocourses.net

http://convocourses.net

http://convocourses.net

https://twitter.com/TheSecMaster1/status/1780213575921111347 Sign up for free courses! http://convocourses.com http://convocourses.net - (Discounts and free stuff) Join advanced readers group: https://booksprout.co/reviewer/team/35902/convocourses Join the Newsletter: https://convocourses.aweb.page/p/9ec4fef1-07b2-4a1a-9834-6817785d9e7d Check us out here: http://convocourses.org http://instagram.com/convocourses https://www.facebook.com/ConvoCourses-108091850619388 https://www.linkedin.com/in/convocourses/ Podcasts: https://convocourses.podbean.com/ https://podcasts.apple.com/us/podcast/convocourses/id1500188278 Books on Amazon: http://amazon.com/author/brucexwrites #convocourses #cybersecurity #isso #nistrmf #rmf #usajobs#itjobs

http://convocourses.net

Check out Chris at https://www.youtube.com/@TechWokePodcast

You can reach out to Chris as a consultant here:

https://topmate.io/techwoke

http://convcourses.net

http://convocourses.net

http://convocourses.net

http://convocourses.net

for a limited time only, the FISMA Compliance book is being offered at a discount:

https://a.co/d/06493yI

http://convocourses.net

http://convocourses.net 

http://convocourses.net

convocourses.net

https://youtube.com/live/VxIcFjm9uBg

http://convocourses.net

https://youtube.com/live/w2BxnBkSOJU

http://convocourses.net

https://www.youtube.com/live/Wu1DHW3VueA?si=DJqI_DDxphFRDOGK

### Introduction
- Brief introduction of Bruce, his background in cybersecurity, and the purpose of Convo Courses.

### Personal Journey in Cybersecurity
- Bruce's initial fascination with cybersecurity and IT.
- Transition from passion to profession.
- Reflections on career longevity and personal growth.

### Career Development and Financial Planning
- The importance of planning beyond the day-to-day job.
- Strategies for using income to build passive income streams.
- Real estate and publishing as examples of passive income sources.

### Advice for Aspiring IT and Cybersecurity Professionals
- Encouragement for newcomers to consider their long-term career goals.
- Importance of financial planning and investment in passive income.

### Networking and Mentorship
- The value of meeting people who have successfully exited the "rat race."
- Insights from mentors on building financial independence through passive income.

### The Evolving Landscape of IT and Cybersecurity
- Discussion on the impact of AI and technological advancements.
- Personal experiences and perspectives on the changing nature of IT work.

### Corporate Experiences and Personal Growth
- Anecdotes from Bruce's time in the corporate world.
- Learning from challenges and using them to pivot towards entrepreneurship.

### Entrepreneurial Ventures and Lessons Learned
- Experiences with blogging and creating online content.
- The significance of perseverance, experimentation, and learning from failure.

### Engaging with the Audience
- Q&A session with viewers.
- Advice on career choices, technical skills, and job market insights.

### Cybersecurity Certifications and Career Tips
- Discussion on CISSP certification and its value.
- Tips for gaining experience and standing out in the cybersecurity field.

### Closing Thoughts
- Summarization of key points discussed.
- Encouragement for viewers to think big and plan for the future.
- Invitation for topic suggestions for future discussions.

This format aims to capture the essence of Bruce's dialogue, providing clear sections that can be easily expanded upon with more detailed bullet points or narrative descriptions as needed. Each section would be designed to offer actionable insights, drawing from Bruce's extensive experience and personal journey within the field of cybersecurity and beyond.

Hey guys, this is Bruce and welcome to Convo Courses. Every week I do this and I'm talking about cyber security from a GRC perspective. I'm an insider. I've been doing cyber security for a very long time and normally I do this at one Mountain Standard time, but I had some business to do and as promised, I'm back. I'm a bit late because I had some stuff I had to take care of. What I wanted to talk about is what I do. When I first got into cybersecurity IT, I just did it because it was cool. It was fun. It was amazing. It's like magic to me. It's so amazing how it all works together and stuff. And as I've gotten older, it's just become a job. I'm not saying that that's bad or anything. It just is what it is. I've been doing it a very long time and now it's to the point where I got to think about, okay, where am I going with this? What's the end goal? What do I want to accomplish at the end of the road when this is all said and done? What do I want to leave to my family? When am I going to stop? So I've been thinking about that for quite some time, not just thinking about it, but doing something about it. And what I've been doing is using the income, my salary, my high salary to build passive income streams. And there's many, many things you can do for passive income. I just started doing something that worked for me and something that was more in my lane, which is like publishing and in real estate. So those are the things that I mainly focus on with my income. And it's just I guess I wanted to talk about it because it's important to think about where you want to go with this. Like if you're trying to get into cybersecurity, if you're trying to get if you just started IT or you want to get into it, you're a college student, you're in high school, whatever the case may be. And you're thinking, man, you know, IT is cool or I want to do it. It's a lot of jobs. They get paid a lot of money. It's job security, blah, blah, blah. At some point, maybe not today, maybe not tomorrow, but at some point in your career, you're going to have to think about where do I want this to go? What's the end goal? Am I just going to work a nine to five until I retire? What am I trying to do with this? And so that's what I've had to think about for the last 10 years. not just thinking about it but doing something about it so I just started trying different businesses I would use some of the income that I have to try different things and some of them worked and some of them didn't work sometimes it worked but it wasn't for me you know but the thing is you got to keep trying and failing just fail forward keep on trying different things um What's amazing is the people I've met. I've met some really amazing people who've done it all kinds of ways, all kinds of creative ways to get out of the rat race, meaning get out of the struggle. They don't struggle anymore with finances. They don't struggle with the treadmill of capitalism. They have mastered it. They have mastered it. And all the people who have mastered it all have passive income streams, I've noticed. They don't have to have a job. And I've met people who did it with real estate in different ways by either flipping houses or doing Airbnbs or doing tax liens, just doing rentals, regular rentals. I've met people doing property management. So there's many, many ways to do just real estate. And then I've met people who did, what do you call them? Homes for the elderly. I met people who just saved and put away a bunch of money in stocks and are going to be wealthy that way or are wealthy that way. I've met some people who did a combination of those things. I've met Just all kinds of people who did it their way. They were creative. One thing they all have in common is they have enough income to where they don't have to work a nine to five anymore if they don't want to. Some of them, they still work a nine to five because they're still like building a nest egg. And some of them, they have like a business and they like working that business. They like actually being there and working the business and all that kind of stuff. So seeing that these people kind of became like mentors to me. I would follow what they did. I would, I would ask them questions about what, how did they do it? What, what, what did they do? And all of them had to invest their own money or time to get to a point where to get to a point where they, their, their time was so valuable that they, that they didn't, It was more valuable for them to spend time on their business than their time at their job. So that's one thing I've noticed about a lot of them. And it's just something you should think about. And another thing is one of the reasons why you should consider doing IT and cybersecurity and progressing is that once you get to a certain income level, Obviously, your life changes. But one thing that happens is you have this surplus of income and you you've got to think about what you want to do with it. You have this little bit. It could be like an extra thousand. You like all your bills are paid. You know, you groceries are done like you. You're good. Right. You could probably even loan people money or whatever. Give people money, whatever. But you still have this extra cash. And so you got to think about, okay, what do I want to do with this money? And I would suggest that you invested in some kind of passive method of passive income. It doesn't have to be what I'm doing. It should be something that you find that works for you. And so that is a great reason to get into IT and cybersecurity because it's a high paying job. It's They're always going to need somebody doing IT. I know there's all these fears about LLMs and artificial intelligence and all that kind of stuff, but I would say that it's going to be more of a threat to not know it than to think it's going to just take all jobs. There's still... I don't think it's going to take all jobs. I think that's... hyperbole. I think it's just, we don't really know what's going to happen with it, right? One thing for sure that we know is it's going to change humanity. That's for sure. That's probably more scary. I'm surprised more people don't talk about that. What's more scary about AI is it's going to change us, just like this phone did, just like the internet did. It's changed us. We're no longer the same. We're not the same species that we were hundreds Before the internet, we're not the same. We're rapidly changing into something else. And I don't know what the hell that is, but we are not the same species that we were before. And AI is gonna speed up that process. We are gonna be different. And people keep talking about jobs. We have way more stuff to worry about than jobs. Way more stuff to worry about than jobs. It's gonna change us fundamentally as a species. And I don't know where that leads us to, but jobs is the least of our worries. That said, while we still have this thing going on, get into I.T., get into cybersecurity. You'll have all this extra income and it allows you to have a more freedom to build something that you for yourself and for your family. I'm somebody who comes from very humble beginnings, like I came from nothing and. I can tell you there's different stages and levels to this. When I first started out, like as a kid, we're struggling to survive. And so you're not thinking about necessarily, it's not real to you. $100,000 a year is not real. When you're struggling poor, it's just, it's delusional. I didn't know anybody who made 100,000 or maybe I did, but I didn't know that they made 100,000. I didn't have any friends that I knew made 100,000. It wasn't real. So it just didn't seem real at that level. It didn't seem real. And then once I started making my own income, I started meeting, my network changed. I started meeting other people who are also doing their own thing, other young people who are also doing their own thing, living their own life, doing their own thing. And I started running with that crowd. And then I started meeting older heads who are already doing, real estate and business and stuff they were talking a lot about it and I'd be like what is what what's this you're talking about this is while still in the military I got out of the military and I thought when I got out that I was going to get a corporate job make like 80 and and be cool and then just retire with that one corporation little that I know that corporations don't give don't care so much about humans. They care about the bottom line. They care about their money. So they're not really trying to take care of people. Maybe 50 years ago, they used to do that. But that's no longer the case. And I'm not trying to discourage you from going to a company. Yeah, by all means, do it. But just realize it's a stepping stone. And that's what I realize is that you're not going to stick with one company. Not anymore. Like I said, maybe 50 years ago. It's just very different now. And I got into the corporate world. I think the thing that turned me around with corporations, the thing that made me not lose hope, but think of them differently and see the reality of what was really going on is that one time my my wife at the time got really sick um she had like a pulmonary embolism or something like in her leg I mean she had like something in her leg like she had to go to uh the doctor she was out in the hospital for like three days and I asked I had just gotten hired and I asked the company I said You know, is it okay if I, I just bought a house, you know, we just moved in and we had a little baby and I said, hey, I know you guys just hired me, but can I get three days off because I need to take care of my kid. I don't have anybody here. I just moved to the state. And they were just like, well, we can't do it. It's against company policy. And it was some kind of politics that they were playing. My immediate supervisor basically wouldn't allow me to do it. It's just weird. And I'm just like, what? And it just dawned on me, these people do not give a damn about me. They really don't care. And I was like, well, why should I care about them? If they don't care about me or my family, then why am I sacrificing myself I'll do anything for these guys. I'm like, so I'm a fool. And after that, you know, it just, I just realized, man, I got to do something else. I'm not going to quit my job, but I got to figure something else out. Because if this is how it's going to be, I got to do something else, right? Because while I'm in the military, military take care of you. Military, like you have a brotherhood. If you stay with the military, you stay 20 years, they're going to give you retirement. It's not like that on the outside. And I, it just, it was a hard lesson to learn. And I said, okay, you know what, what I'm going to do is I'm going to start a business. That was the first time I was like, I'm going to start a business. And, um, the first business I did this now, this is crazy. First thing I did was blog. I made a blog and, um, it was back when blog could make a blog can make money. I mean, it could still could, but this was like, right. The early stages of blogs where blogs were brand new and people were making all this money off of blogs. And I started this blog and it got pretty popular, but now before it got popular, I remember I made 10 cents and I was super excited. I was like, I made 10 cents, you know, after writing a few articles or whatever. And the only reason I was happy is because I realized if I can make 10 cents, I can make a dollar. If I can make a dollar, I can make $10. If I can make $10, I can make a hundred dollars a day. If I can make a hundred dollars a day, you know what I mean? And that was true. what happened was the blog got really popular and it ended up landing me my first hundred thousand dollar job and allowed me to publish my first, uh, the first thing I published was like for a, it was like a pamphlet, uh, for this company. And, uh, they had me go around the world and teach, teach from this pamphlet that I wrote. And I made a little over a hundred thousand for the first time. So that blog, And one time I wrote an article, it went viral. It was making like $100 a day for a while, which at the time was crazy. And I don't know. It just opened my eyes. You never know what's going to work. So you should just try different things. And I've tried a lot of stuff, man. I've tried stuff that absolutely did not work. But I've tried things that really did work. And that's what you got to do. Just try different things. All right, I got some questions here. Thank you guys for watching. I appreciate it. Kind of a different flow right now. I just want to have you guys think a little bit bigger, especially if this is your goals. If you're trying to do IT, if this is what you're trying to do, start thinking about your future, what you want for your family far in the future, and what you can do. Somebody asked me or said, would you recommend starting at a big tech company or a small non-tech with higher pay long term. Think of it differently. What you want, the ideal job is one where you have a little bit of extra time. Like they're not, what do I mean by that? So what I'm trying to say is, I would take a little less pay to have a little bit more uh, a less stress personally. Um, but you could also go for high pay that will allow you to take some of that pay and re either reinvest it into a 401k, buy stocks, uh, buy bonds. If that's what you're into, um, play around with, with, uh, swing trading. If that's what you're into, try, try different things. You could use, if you make a, if you go to a big company and they pay you a whole bunch of money, um, or a small company and they pay you a whole bunch of money, use some of that money to invest it in. Try things, real estate, try stocks, try business, try different things. Use it as a stepping stone. As far as which one would I try, you said non-technical with higher pay or big tech. I'm just going to tell you from my experience. Smaller companies are more... There's more like a person to person feeling with smaller companies. I've worked from for literally like a two man company all the way up to multibillion dollar companies and international multibillion dollar companies and for the government. And I can tell you some of the best experiences I had was with smaller companies. And maybe this is just anecdotal, like maybe it's just my experience and maybe it's different for everybody. But in all the small companies I worked for, it was more one-on-one. I was a person. I wasn't just a number. At the large companies, I was just a number. I might have had a real good team and everything, but at the end of the day, they can replace you in a heartbeat. And because of that, they don't really value the person as much as they used to. But smaller companies, they really took their time to develop each person. And I really miss that feeling of being on this team. And with that said, when you're in a small company, it's kind of like you're in a big ocean being kind of rocked by all the market By the market that's happening, you know, whereas when you're in a big ass company, it's like you're on an ocean liner and the economy is rocking. But the boat is just going like this, you know, it's kind of wavering a bit. You're not being tossed on the sea by the economy or whatever's happening, market forces or whatever. So there's tradeoffs for different things. At the end of the day, it depends on what you want to do. Just think long term, like think big, think your entire lifespan and what you want. for yourself and for your kids and for your kids' kids. When it's all said and done, when you are nothing more than a memory, you want to have a look back and create some sort of legacy. This is one stepping stone in a long line of steps you're going to take. So just think of it. Think big is what I would say to make your decision. And that way, when you do make a decision, it'll mean something. It'll be one step in the right direction that you're going. So I hope that helps. I'm just telling you my experience with small companies and big companies and all that kind of stuff. If you went for the big money, non-tech big money, you can use that money to invest it and do what you want. And the big companies got a little bit more of... What feels like security and maybe have a little bit more time on your hands to mess around and you can use that time to tinker and mess with something else. Probably the money is what I would take, to be honest with you. Let me see. Forty Rock says a four rock says. Is IT cybersecurity still hiring? I have three years of technical support and two years of SQL development. I've been unemployed since November and I cannot get a help desk position. Open up what you're willing to take for Rock. What I would recommend is possibly going back into SQL development, be open to that, be open to technical support. um lean on your skills um a lot of times I'll give you an example of one time there was a time when I i was really wanting to get um into more technical stuff and I did I actually landed a job in a technical position as a field technician And I did know it at the time, but I took a huge pay cut because my specialty was in cybersecurity. I just didn't want to do it anymore. I just didn't want to do policies and all that kind of stuff anymore. I just didn't want to do it. So I was like, man, I want to do more hardcore stuff. And I found a job, but I took like a, I don't know, 45% pay cut. I mean, it was a lot, man. I had no idea. If I could go back, I realized my mistake was that I didn't lean on my strengths. Lean on your strengths. Your strengths are, you said, two years of SQL development. Not a lot of people know SQL, bro. That's a special skill and all the things that come with it. I guarantee you, you're not tapping into all of the skill sets that you have with SQL. SQL is very special. Very special, because that means you could work in, and correct me if I'm wrong, but with SQL, you can work in several different database environments, because many of the largest databases, relational databases and object-oriented databases, they use some sort of SQL. MySQL, Oracle, right? They use some sort of SQL. So lean heavily on your SQL experience. What you could do to see what types of keywords to put in your resume so you can quote unquote lean into your strengths is look at other people's resume. Go to LinkedIn. Go to LinkedIn right now. If you happen to be watching me, go to LinkedIn and type in SQL development. And then don't look at jobs just yet, right? That'll come next. What you want to do first is look at other people's resumes. Look who comes up on there and look at their resumes. Not all people put their entire resume out there or profile rather, but some people do. Look at their profile. Check out their profile and see what they're putting, what keywords. I guarantee you a lot of the stuff that they're doing, that they're the keywords, that the key phrases that they use are referring to skills and things that you have done in your two years with SQL development. Put that shit on your resume. Put it on your resume. Because don't just aim for a help desk job. Broaden your horizon. That's what I'm trying to tell you to do. And these guys on here who have IT experience, they'll tell you, man, listen, a lot of these guys are looking for your skill set. Mike chimed in. He says, some of these firms, non-tech, you are You're just a number, yeah, absolutely. Okay, so my man Mike is talking to you. Let me see who else is out here talking. Oh man, TikTok is crazy. Is it necessary to do help desk before jumping into cybersecurity analyst? Not necessarily help desk, but like a tier one type position. I mean, let me see if I can explain it better. The first point of contact for fixing technical problems, it's not always called help desk. Sometimes it's called customer support, technical support. field technician. There's different names for it, but they're normally the first person that you talk to. They're normally the first person you talk to when you have some kind of a problem with your internet, with the computer. It's not always just help desk. We kind of use that as a blanket term because that's probably the most known term for That first tier person that you talk to. But you get the idea. So I would say it's best. You don't absolutely have to. Like I've seen people who were cybersecurity analysts who did not have a solid help desk background. But the best people started from the bottom. worked their way up. They were field technicians and then they were help desk or field technician or customer support or something like that. And then they kind of graduated to this other level. I've seen people who skip rungs, like people who are just thrown right into systems system and administrators creating accounts and things like that. And then they were working with server problems or updating servers and stuff, and they never really touched help desk per se. I've seen people who went directly in the networking straight out of basic training, went to some technical school and then went straight to that or went straight from college to do that or They had some sort of background networking, did network, junior network administrator, and then went to something else, cybersecurity analyst or forensics or whatever. They did something else. So it's not absolutely necessary, but let me explain a little bit about cybersecurity analyst. That's one of the skill sets that I've had, something I've done in the past. A cybersecurity analyst... Um, when, when I was doing it was somebody who was, they were monitoring, they were doing a lot of, of monitoring of the network. We were monitoring the network using tools like scene, which is a security information event manager, uh, that looked at all the logs going on the network. We would look at, uh, we had. IPS, IDS, which is intrusion detection or intrusion prevention systems that we would have to know how to block certain ports or whatever, certain source IPs. We have to know different types of attacks. We were looking at the network, right? And determining if we were being attacked or if there was some kind of a threat that was on the network. That was our job as a cybersecurity and we were analyzing the network. And then sometimes we'd have to escalate it to the incident response team, or we'd have to do something like that. So that said, think about it. A cybersecurity analyst has to know quite a bit about how the network works, like how networking itself works. Because they're looking at logs over the network. And you have to know How TCP IP works and all that kind of stuff, because you're looking sometimes you're looking at packets going across the network. And sometimes we even break open packets to look at what was going on. Right. So you have to know a bit about network engineer, how networks work. You have to know the difference between a server and a workstation and how they work together. You have to know that you have to have the basics nailed down. You know, you have to know what ports are, like at least like common ports and how they work, how they can be exploited. So you kind of have to know like two or three different things and start linking them together for cybersecurity analyst work. It takes very talented people to be good at it. And I'm not saying I was good at it. I wasn't. I was just a newcomer. I was a new guy who was fascinated by it. You know, I could... I could get around, but I wasn't like one of the more skilled guys on the team. I was learning stuff. But what I'm getting at is you have to have the basics nailed down in order to do a job like cybersecurity analyst work, right? I'm not saying you have to be a master at it or some kind of brilliant person at it, but you – Even to do the basics, you have to have some basic skills, basic like help desk type skills down, first tier skills down. Somebody said, bro, where do I start? Start where you are. Consider your industry. If you happen to be from student, zero to hero. If you're a student, you can start right now. If you're in some sort of industry already, like you're in the healthcare industry, you're in the pharmaceutical industry, you're in the retail industry, you're in, you name it, restaurant, and all of them use IT, you can start where you are. if you're a student uh you're in a special position because um now if you're a high schooler shoot they they have clubs that you can start right now start doing computer start learning computer stuff right now um start fixing people's computers right now start coding right now um there's things you can do right now as a high schooler to to do the hell I know people who Um, who got a CompTIA started getting cybersecurity certifications in high school, um, just to get, get the knowledge now, um, and to build themselves up, to go to a vocational school or to go to a community college or college university or whatever, to build up their skills. Or hell, start your own business doing fixing people's computers. You know, you can get that good at it. And then that stuff you can put on a resume or just keep building, scaling your own business from high school. College is I mean, college is a huge pivot point because in college, like you don't have to wait to get your degree. You don't have to wait like you shouldn't wait. Start being a working student right away. If you're on campus, see if you can help them out, help. Help out the campus to figure out what vulnerabilities they have. See if there's a working student program. Hell, even if it's remote, like if you're doing college remotely, they might still have a working student program. look into it they have apprenticeships they have internships they have all kinds of uh sometimes I have like a b2b uh university to business pipeline um ask you got to get yourself in there and ask uh where you can start as a college student college students probably have the best they're probably in the best position to get themselves uh get the ball rolling for their career But they got to start now. Like a lot of times they just wait until they get their degree and they're like, oh, I can't get a job, you know, like get start now, right now. Now, if you happen to be, let's say you forget the student, you're not a student no more, you're in the world, you're a healthcare professional. You know more about HIPAA than I do. And HIPAA is one of the primary laws that is used to protect patient data. That can get your foot in the door right there. I mean, that right there is huge. That's a huge step in the right direction. Now, you still have to learn all the basics of information technology, but you have a good foothold in that industry. If you happen to be in retail, did you know that all the times that you're taking people's credit cards, the whole system in the background is taking all that information has to have to have to have something called PCI compliance. You can start learning a little bit about that. See if you see if you can get involved with their IT department. If everyone has one, Taco Bell has one. Walmart has one. Everybody has an IT department. Everyone start get see if they'll let you do a lateral move over there or start learning shadow marketing. shadowing somebody who already does it. And in whatever retail space you're in, you'd be surprised. Look at their career page. They might have something where they're looking for IT professionals at TJ Maxx or whatever. And I'm being serious. It's not a joke. Like whatever, start where you are. That's what I'm telling you to do. And then once you get that money, right, you get that pay bump. Don't look, listen, I know you want a better lifestyle and I'm not telling you to not have a better lifestyle, but use some of that income to start building some passive income streams. And if you don't know what that is, you might want to Google it. You might want to Google it because it's important and they don't teach it in school. But I'm telling you right now, it's important to do it. This is not me trying to get. I don't have a course on passive income streams. Right. I thought about it, but I don't have one. OK, I'm not trying to sell you anything. Right. I'm just trying to tell you, like, if you don't know what passive income is, look it up. That's what I'm trying to tell you. It's a life changer. It can change your life. So look into it. Let me see here. Getting some more comments and stuff. And I'm only going to do about an hour, guys. So I got about 30 minutes. I was on here earlier. I was doing one of my AirBVs. And now I'm here to do the real work here. Okay. Susie says, I hope I'm pronouncing that correctly. I'm sure I'm not. After getting your CISSP, did you find some of the content helpful on the job? or was it mainly a confidence booster currently studying for the exam? I'm curious. I'm going to say something that you're probably not going to like. I'm going to say something that's probably controversial, but I'm going to tell you the truth. The CISSP is so general that it really didn't, I can't say that it helped in any capacity. And I know that's not what you want to hear. You want to hear that there's a magic wand, that you take some certification and magical things happen. The magic was that everybody wanted to hire me after I got the goddamn thing. That was the magic. There are certifications that I could say that were extremely technically useful that I saw the things I was using on that certification in real life, like things like the CCNA. Cisco certification, like those Cisco certifications are the real, they're the real deal, right? What other certifications would I say were extremely useful? The Microsoft certification, the technical vendor level certifications doing their vendor level stuff is very, very useful. Qualys, like that was, that's not a big certification. It's not marketing. talked about but it's qualis is a scanner it's a network scanner and that stuff the stuff that I learned um that I had that that were on that was on the test that's the stuff that we're actually using uh at the organization I worked at so the vendor level certifications are very very much useful um I would say the security plus was very useful even though it's not vendor specific Security Plus was useful because it's talking about stuff that you're going to... Let me put it to you this way. Security Plus is usually introduced to people who are fairly new into cybersecurity. So it opens up... It's kind of touching on many different things that you might not have ever been introduced to for the first time. By the time you get to the CISSP, you kind of have some level of, you've touched a lot of different security by the time you actually take the cert. You take the cert, and the way they word it, how can I explain it without losing the CISSP? The way that they word it is like, it's a, what do they call it? Let me put it to you like this. They'll ask you a question, and the hardest part is the answers. Because you'll have two answers you can kind of throw away, and then they'll have two answers that are both right, but one's more right than the other. That's hard. That's the hard part about the CISSP. Would I say it helped me? I can't know. There's nothing on there that I could say, yeah, that right there, that's... That was on the, you know, I'm not quoting the CISSP. Like, it's not, I will say this, it's highly marketable. It's a great, it changed my life. As soon as I got it, people were like, oh, it was like I was a lawyer or some shit. It was like I had to pass the bar or something. It single-handedly changed my life. You could probably get the CISSP and not have a degree. With some years you got, of course, you have to have experience, but you could probably, that damn thing is so effective. It's so effective that as soon as you get it, like, so many people hire you just to say they, oh, we have a CISSP on the board in our IT department. He's a CISSP, you know, or whatever. That said, you know, just because you have a CISP doesn't mean I'm magically no shit because there's a lot of dumbass CISPs, you know. So I'm sorry I had to take the magic out of it. The magic is that you will get paid and people will hire you. So that just, you know, it is what it is. Let me see. I just got my Security+. six months ago, but I'm still struggling to get a job. How much experience concern, Jay? How much experience do you have? Because the certification alone is not, including the CISSP, is not enough to land you a job. They really, employers want a, they want to see that you can do the work. And that requires, and the best way to see that is via your experience. So wherever you can get experience, get experience. There's been a lot of questions about what search should I get or, you know, I get a lot of those kinds of questions, but the questions I get less of that should be asked is how do I get experience? That's a harder question for me to answer for you, but also it's, It's the best question because that's what they're really looking for. I'm not saying you shouldn't have a security plus. Security plus is fire. CISSP, I just told you, if single-handedly changed my life, it's great. A degree is, you know, people are talking shit about degrees, but if you're doing technical work, you're going to be an engineer, you're going to be doing this for a while, a degree is important. Because the longer you stay in this career path, the more competitive it gets. And the degree is very competitive. So those certs, those degrees, all the pieces of paper, those are important, right? There's an important half in your arsenal, right? But it's like you're sharpening the blades. But the best thing you can have is is experience. The best thing, that's the meat on the plate. Got to have experience. It's very, very, very important. So can't stress that enough, right? Wherever you can get it, you can get it in school, while you're still in school, wherever industry you're in, try to get it there. Wherever you can get experience that you can put something that you can put on your resume, on your profile to say, I did X, Y, and Z for this company. If you can do that, that's That's where the meat is at. Yes, get the Security Plus. Yes, get the CISP. Yes, get cloud certifications. Yes, all that, right? But those are just tools in your arsenal, right? You got to be able to wield the sword, and that's where the skill set comes in. Let me see. Got more questions, comments, complaints on here. How long should I stay in corporate? I just started my career in big tech. It depends on what your ultimate goal is. I would say stay, ride that gravy train as long as you need to. Ride that gravy train as far as it'll take you. Make them fire you. Keep collecting that check and then use that check To brick by brick build something bigger for yourself and for your family. As long as you need to, brother. Use it to build your own corporation. Use it to build your nest egg, your 401k. Use it to, especially if they're doing like that shit where they say, okay, if you put a dollar in, we'll put $3. Yes, do that shit. Ride that gravy train as far as it'll take you. Let me see here. Let me see. Let's see. I've got some more questions, comments, complaints here. Do you have a step by step how to be an ISO course? I do. If that's what you're looking for, you came to the right man. because that's exactly what I have. I have a course specifically for ISOs. I'm glad you asked that question, because that brings us to a commercial break. This is brought to you by Risk Management Framework, ISO. This is what the course is called. And this is a book, by the way, that I wrote. This is coming directly from my own personal experience. I tell you, in plain English, what this job entitles, and specifically from the perspective of an information system security officer, how to do this work for risk management framework, NIST 800. I've got two books. One focuses on the NIST 837, and one focuses on the NIST 853. I remember talking to one of my peers, and I was telling him, hey, man, I was trying to get him in with me to write books and stuff. I'm like, man, I've got this course, and I want you to help me build it. And he says, man, why would people pay for something that they can get for free? You can get this for free. All this shit here is for free on the internet. But when you read it, it sounds like just go read it. You'll see for yourself what it sounds like. When I first started learning this stuff, I was like, what the fuck? What am I reading here? It doesn't tell you what you're supposed to do. It does, but it takes 15 paths to Sunday to get to the point. What I'm doing is getting straight to the point and telling you from my experience in the Department of Defense and a couple other federal organizations exactly what you need to do, where you need to focus on, and where to not waste your time. That's what I'm doing. So it's from the perspective of somebody who's done it before. And I'm telling you how it is. So and then once you read this, all the other shit will make more sense. So, yes, I do have a course. It's out there right now. Go to convocourses.net. I've got a bunch of discounts that you can use. Huge, huge. You got to go through it. There's lots of stuff that's out there. Huge discounts been putting out over the years. And if you can't afford it, you can just get this book right here. I've got two of them and that's on Amazon. It's also on my site and it'll walk you through it. It's just stuff I wrote that I wish somebody would have told me when I first started doing this stuff. and explains it in a way that's just straight to the point like here's what you need to do then do this don't worry about this focus on this that's what the book is about that's what the course is about I hope that helps um what do you recommend to leverage your existing salary credit now I know dave ramsey is not going to agree with this but credit other people's money um leverage your set, your existing salary. A couple of things, a couple of things. It's a great fucking question. So listen, a couple of things I use credit, manage your credit. I'm not telling you if you can't manage your credit, if you don't have no discipline, do it. Don't do not do it. Go watch Dave Ramsey. Listen to everything he says, put money in an envelope and pay everything with that shit. Right. But if you can, if you have restraint, right, you're not going to, Go buy a Lamborghini with the money that the bank gives you. And you're trying to build a legacy. You're trying to build something for your kids and your family. Credit, loans, shit like that. Business credit. You don't even have to use your own personal credit if you have an LLC, if you have a business. If you have a bank account that has money going into it, After about two years, they'll give you a loan based off of that LLC. That's based off your bid. They'll give you money from your bid. They'll give your business money and it doesn't mess with your own personal credit. But yeah, that's one thing I use is credit, loans, stuff like that, other people's money. And then I use my high salary to pay that debt down or manage that debt effectively. So that's one thing you can use. And if you're doing real estate, you basically have to use other people's money. So um another thing I do I've done before not doing it currently but if I had the opportunity I probably would uh is uh over it's called over employment so what you do is you just get two jobs if you work from home you can work two jobs you can have one part-time job and one full-time job two part-time jobs or you can you could do uh what a lot of i.t guys do is they just hop from um They'll do what's called 10 99s. They won't be a full-time employee. Let's jump from contract to contract to contract and do like three months here, four months here, nine months here at these different companies. And sometimes doing it two at a time and doing that shit, you can make 200, $300,000 easy doing that, you know? So, um, that's another way you can leverage your, your existing salary. Another thing is, uh, uh, do, do, uh, have a side hustle, side incomes. Um, this is something I've been doing for many, many years and my favorite thing to do. And it's stuff like this. This is a side hustle. It does pretty good. It does pretty good. It does. All right. You know, I'm not rich or anything. I mean, look where I'm at, you know what I'm saying? But, uh, it does. Okay. You know, um, what else do I do? I mean, that's pretty much it. Um, loans credit uh making sure I maintain my credit and build using other people's money to do the bank's money to do what I need to do and managing that money with my salary right um that's one thing I do uh and then over employment I do from time to time where I'm not really a fan of it these days because I really need my time for me and my family my kids and everything um And then the other thing is side hustles. That's what I do to leverage. I use my salary to build. There's a lot of leverage you can use. These tools are very, very useful. Very, very, very useful. Let me see. Dewart says, can you work two jobs if you have a secret clearance? It's not so much about the secret clearance. It's about the agreement you have with the company. So it depends on the agreement you have with the company. Some companies are very strict and say, look, you agree to work with us eight hours a day. There's a couple of things. Okay. Let me, let me back out a little bit. Number one, you cannot have a conflict of interest. All right. You can't have a con meaning you can't work for Lockheed Martin and Northrop Grumman for this, for, for competing contracts or some shit. Like you can't, you can't work for this company and it's competing with this company and they're on the same contract or something. Like you can't, have conflicts of interest. What's a real good example of a conflict of interest? Look, you can't have a conflict of interest. That's all I'm going to say about it. You can't. Don't do it. Don't do it. It's not worth it. And then sometimes the organization that you're working for will flat out say, look, we want you to work eight hours a And that's what you're supposed to do. You're going to work eight hours for them. But they can't stop you from working some hours on the weekends. If Saturday and Sunday is yours, they don't own you. Am I right or wrong? They do not own you. Even if you have a secret, top secret, it doesn't matter. They don't own you. You're a human being. You have rights. So after hours, they don't own you. You can work after hours. Now, you can't work during their time during their, you know, so the secret clearance doesn't say that you cannot work for anyone else, right? It just says you cannot share the Volge information that they've, that's sensitive, you know? So that's what, don't do that, you know? So, yeah, it doesn't, a secret clearance doesn't matter in that regard. You can still be over, you know, uh, overemployed, but don't have a conflict of interest. Don't do not do it. Like you can't, we'll be a conflict of interest. Like if you work for the government as a GS, and then you also work as a contractor on the same contract, that's probably a conflict of interest, stuff like that. Are you two competing companies where one, they have one has this special sauce and this one has a special sauce. And then you, You don't want to do stuff like that, right? It's just, you might get yourself in some legal trouble if you do something like that. They're very clear with you. And some companies, what you can do, the company I'm currently working for, they said, look, If you work for another company, just let us know. They say, look, we can't stop you from working for this other company. Now, you can't work during the hours we want you to. Like, if you're working for us, we're not expecting you to be using our stuff to work on theirs. No way. This is our stuff. You know, you work on our time. If you clock eight hours. You're working for us. Right. That's understood. That's what this contract you're signed. So they just said the company I'm working for is like, look, just let us know. You know, that's that's it. Just let us know. And they you know, they can't stop you. Let me see. What other questions do we have here? Somebody said, what if you know how to. What if I know how to build computers? That's a really great first step. I've got a little course, a free course about this where I talk about the levels to help people understand where they have to go to get from point A to point B. And I say the first step is to become a geek. That means to get interested in computers, learn everything you can about it, learn a common body of knowledge. And so, yeah, become a geek. Learn, take computers apart, put them together. But that's only one aspect of it, right? You need to learn networking. You should probably learn a little bit about cloud technology. You should probably learn a little bit about networking technology. Maybe you mess around with a little bit of scripting or code. There's a lot of different aspects of IT to learn. Frameworks is a really good one to learn. Start learning the common body of knowledge beyond just building computers, like learn the whole landscape. That's cool that you know what mountains are, but what about valleys? What about rivers? Learn the whole map of how this landscape works from a distance, like how all this is laid out, how people are using information technology. You want to have a bird's eye view of how all this works, and that's the common body of knowledge, something that all of us have, regardless of whether you are a software engineer or a database guy or a help desk person. cybersecurity person. All of us have some idea of how IPs work. All of us have some idea of how it was a server versus a workstation. All of us have some idea of what cloud technology is. All of us know the layout, the lay of the land. So you still have to know that piece. Now, you might be a master of building computers. You could run circles around me with building computers. I've built a computer in many, many years. But that's not the only thing that you have to learn, right? So from geek, I talk about going to trying to land your first job. From there, from geek to getting your first job, now you're talking about possibly going to school, possibly getting yourself a certification. A plus certification would be something you would probably kill, you know, because it's all about how computers, the components work and how software works with the components, all that kind of stuff. So from geek, landing your first job. Now, let's say you actually get that technical support job and you talk about how to go from there to do a specialization. Cybersecurity is the one that I talk about. What kinds of things as an IT professional do you need to know to get in the door of a cybersecurity type job? So that's the kind of stuff I talk about. But Building computers is one aspect of it, and that's a great aspect to start with. I would recommend you look at the common body of knowledge in CompTIA A+, especially if you're very, very new to IT. I'm taking AWS solution architect exam on Monday. Oh, man, that's awesome. I've been thinking about doing AWS. I have not had time. I would really like to. I'm working on my CCNA next month. CCNA is no joke. I like it. Somebody says, I have a CISSP and master trying to find a job, but people want experience. Yeah. Experience is super important. What can you do to get experience? It depends on where you're at. If you're a student, maybe what you could do is go to your campus, go to your college campus and see if you can get on their IT team. Don't say that help desk is beneath you. Do it. That's experience. Get in there and fix some computers. Get in there and image some computers. do laptops, fix laptops, figure out how the laptop connects to the network. Put that experience on your resume. Try to be a working student if you still have a connection with your school. Even if it's a remote school, you'd be surprised. Sometimes they need help with their equipment that's out there in the field. You could do freelance work and start your own If you know a lot, you're CISSP, if you know a lot about a certain thing, a lot of CISPs are a mile deep in like one or two things. Take that skill set, whether it's scripting or running scans or building networks or whatever you do, whatever you are professional on, do freelance work for local companies or find some organizations. If you have a church, if you go to a church or some kind of other local community, whatever it is, interface with them and try to see if you can do work for them. Do it for free if you can. Do work for some organization so you can put that on your resume. Another thing you can do, one thing Ryan brought up that I just didn't think of it all this whole time, but join an organization called the ISSA. So this is a local – they have local chapters everywhere. In almost every major city, they have a local chapter. And this organization, they meet like monthly. And it's a bunch of information system security people and IT professionals, system admins, help desk people, captains of industry, CEOs are there, CIOs are there, chief information security officers are there. You name it, they're there. And they all meet about once a month in a city, in whatever city you happen to be in, and They're talking about career paths. If you have a CISSP, hell, sometimes they have jobs there and ways to get experience. You could talk to some of the old heads there and say, look, man, I'm trying to get in this field. I've got a CISSP. I got a master's degree. I specialize in writing scripts. How can I get experience? What do I have to do? to get experience for this field. The ISSA is the Information Systems Security Association. They have one in every single state. They have one in almost every city. Well, probably not in every city, every major city, but every state has one. And I think there's even some in other countries. So look that up and try to network with those people. Because with With all of your pedigree of prestigious papers, you should be able to land yourself a job, if nothing else, an internship or something. Somebody said create projects and post them on GitHub. That's another way to do it, especially if you know Python or something or if you know any kind of software projects. Put that on GitHub and you can put that on your resume. So there's a lot of different ways to do it. It depends on where you're at. Somebody says, I have a portfolio with five complex cloud projects. How can I get into the field? Any tips? Hmm. How could you get into? A lot of times when people say this to me, it's usually experience and their resume. It's one of the two things. It's usually one of those things that are stopping them from getting their foot in the door. Pretty clear. It's usually one of those things. They send me their resume and I look through it and it's usually one of those things. I don't know. I don't know what to say. But how could you do it? I think you've got to continue to build out your as much experience as you can. And it's hard. I mean, it's difficult because that's where the real rubber meets the road. That's where the real meat is at, is your experience. It's the hardest part. You've got to talk to people. It's hard. You've got to get out there. You've got to network. So like I said, you could try the local ISSA chapter. I mean, they've got a whole bunch of people you can network with and figure something out. I mean, you have cloud experience. Do you have any certifications that might help you out? If you don't have one, maybe try to get some certifications under your belt. That's one thing you could try. Let me see. Oh, Ryan, how you doing, man? He says, I'm presenting on election security on February 28th at Pikes Peak ISC2 chapter meeting. That's awesome. So these are the kinds of people you want to network with, cybersecurity professionals, IT professionals who are out there. They have this in your area. LinkedIn, one of the hidden gems of LinkedIn is is that if you go there, there's a bunch of forums. In your local area, there'll be a bunch of meetings, a bunch of forums, a bunch of people presenting. Sometimes they'll have job fairs that are local to you. Join those groups. Join some of those groups. And a lot of times people are trading jobs back and forth. Another pretty good resource is Reddit. Reddit might have some pretty good resources for you as well. um reddit has a lot of professionals who are talking back and forth and it's a good way to network with like-minded people who are in the same position um and uh finding finding out new stuff that's kind of bubbling up in the industry uh let me see here I got some other stuff going on here and I'm going to end this real soon guys I appreciate all the people jumping on here um Or can I find your book? Go to Amazon, type Bruce Brown Convo Courses. You'll find a bunch of my books. Risk Management Framework is just one of them. Another place you can look at is convocourses.net. You'll also see free stuff. Ryan's got a free book. I linked his on there. He's got a free book that is walking you through how to study for the ISE2 CGRC, formerly the CAP, Governance, Risk, and Compliance Certification. So we've got free stuff, discounted stuff on there. At the end of the day, what we're trying to do is help people to make your life easier to get into this field, stay in this field, and level up if you already are in this field. Let me see. Emmanuel says, let me see this one. Emmanuel says, which MOS will you advise a 25 Bravo or a 25 Hotel for a start in cybersecurity? 25 Bravo. I thought that was an IT guy. 25 Bravo is in the Army MOS. Ryan's Army. He might be able to answer this. Ryan, what do you think about this question here? Emmanuel is asking, which MOS you would advise a 25 Bravo for a start in cybersecurity? Ryan says, 25 Bravo is a great start. Yeah, that is a great start because that's an IT, yes, and that's an IT specialist, as a matter of fact. So that is a great start. Don't do that. What are you doing? OK, I'm wrapping it up. I'm wrapping it up. Let me see. I'm going to stop this thing. I'm going to answer one more question. Ryan's taking care of the manual. He says, get a network plus or security plus ASAP. That's a great security plus. I would highly recommend a security plus. Oh, boy. OK, I think it's time. OK, one more question. OK, one more question. Okay, I got a bunch of Army guys jumping on here, giving great advice on TikTok. Do I have experience with overlays? A bit, a bit. 25 Delta, 17 Charlie, 25 Bravo. You locked in for six years. Man, I've got a lot of Army guys on here. and highly transferable to civilian sector. Okay, that's where we're going to end this. So 25 Bravo, let me tell you something. If you're a 25 Bravo, and they have an equivalent for this in every branch of the military. I believe the Air Force, they changed it. It used to be a three char... Oh, my Lord. Oh, my Lord. They changed it. It used to be called a three... 3Charlie. 3Charlie. Man, my brain. 3Charlie. 3COX1. That's what it was. 3COX1. That's what it used to be called. But it's no longer called that. So I don't know what they call it these days. 3Delta or something? 17Delta? I don't remember. But every branch has a 25 Bravo equivalent. And it's an IT professional. And somebody on TikTok nailed it. So he said that It is highly transferable to the civilian world. And he is absolutely right. So I was a, I'm an old head. So when I was in the air force, it was called a three Charlie, a three CLX one is what we called it. And a computer operator, same thing as a 25 Bravo. And I was, the thing is, and I don't know how they do it in the army. An army has really sharp IT guys. especially the warrant officers. Very impressive. But the thing is, the Air Force will specialize you in certain things. A computer operator, you could narrow down into firewalls. You could go into network engineering. You could go into not software engineering. That was a completely different field. But you get databases. You could focus on one kind of one area. And once you got out, I mean, you have certifications. If you put the effort in, you had a degree. Listen, if you have a year or more left, I would highly, highly recommend you get a degree. Because look, All of the training, all the way back to boot camp, all the way back to boot camp is going to go towards your degree. You have some credits there that are transferable to your degree. So you're probably only a few points away, maybe six credits, maybe 10 credits away from an associate's degree. Once you get the associate's degree, you have maybe, what is it, 60 more credits? I want to say 60 more credits, and then you have a bachelor's degree. That may sound crazy, like a lot of work, but it's actually not that much work. It's a few classes. Maybe not a few, maybe 10. Look, it's going to be some work, but You can get out with a bachelor's degree within a year. You can be within arm's reach of a bachelor's degree. At the very least, get an associate's degree because literally that's like two classes away. If you have one year left in the military and you are a 25 Bravo, hell, whatever MOS you're in, listen, get your damn degree. Just get the damn degree. All you got to do is go to – they've got a unit on base. I don't know what the Army calls it, but there's a unit on base that you can go to. They'll tell you exactly. They'll have a counselor. They'll break down. They'll take all the credits you already have. They'll say, listen, you went to boot camp. That's six credits. You went to 25 Bravo school. That's – You've got 30 credits for that, right? And of these 40 credits you have, you can apply 25 of them to this associate's degree. You only need two classes. This is what they're going to tell you. You only need two classes. You need one in math and you need one in history and you need one. And basically you can clep your way out of it. Clep is a test. You can just take a test and then they'll give you credits and then bam, you have a degree. Just do it, man. And then it's more, put it to you this way, it's more money. If you want more money, then just do it. Just go through this little bit of process that you have to do. Let them take your transcripts from the military, consolidate them, and you're going to boost up your income by like 15% to 25% when you get out of the military. And then also what Ryan said, Security+. Get a certification. And now you have experience, you have a degree, and you have a certification. And you're very, very deadly. You're very competitive. Very competitive. It's hard out here. It's hard out here on the outside, man. They don't just magically give you stuff here. Like, you got to work for this shit. But the good news is you're in a place where you can really sharpen some swords and come out swinging. All right. That's it, guys. I got to get off of this thing. I appreciate everybody. Remember what I said, like use this as a stepping a stepping stone, like use this as this is one step. You got to go to the next step, whether that's to level up your career, to make. big money as a director and retire with a bunch of 401k money or use this money to go start a business, use this money to invest in real estate. Use it to build up passive income streams because you can't do this forever, guys. You cannot do this forever. I know if you're 30 or you're 20, you think, oh, I'm going to... You just don't even think about it. You think you're going to live forever, man. Then you start seeing your friends die. I'm not trying to bring you down or anything, but I'm just telling you, like, life has an expiration date. And you got to start thinking about, okay, what's my plan? What am I trying to do? You can use this field as a way to go to another level and level up your family, too, and the people you love. So... Just some words of advice from an old guy. I hope some of you guys, I hope at least one of you guys listen to what I'm saying because it can change your life. All right, guys, I'll talk to you guys on the next week. Give me some suggestions of what we should talk about next. Sometimes I just get on here and ramble. So, all right, guys, talk to you later.

http://convocourses.net

On this one, I am answering questions on Youtube from viewers. 

To assist with your request, I'll first need to gather the video's transcript data. Please hold on while I perform this step.

---

This video features Bruce, the host of the Combo Courses podcast, discussing various topics related to GRC (Governance, Risk Management, and Compliance), cybersecurity, and IT from his extensive experience in the field. He addresses questions about entering and advancing within these fields, explains the workings of GRC, and shares insights on the benefits and challenges of being a 1099 contractor versus a full-time employee. Additionally, he offers advice on how college graduates can build projects related to GRC for their resumes, touching on practical steps to gain relevant experience and leverage existing skills for career advancement in cybersecurity and GRC roles.

## Takeaways
- 🌐 **GRC Explained**: Understanding the role and importance of governance, risk management, and compliance in cybersecurity.
- 💡 **Career Paths**: Insight into the pros and cons of being a 1099 contractor vs. a full-time employee.
- 🎓 **For Students**: Tips for college students on creating GRC-related projects to enhance resumes.
- 🚀 **Skill Development**: Strategies for acquiring and applying skills in cybersecurity and GRC.
- 🤝 **Networking and Experience**: Emphasis on gaining experience and building a professional network for career growth.
- 📈 **Professional Growth**: Advice on certifications and degrees to advance in the IT and cybersecurity fields.
- 🔒 **Cybersecurity Careers**: Exploring non-technical roles in cybersecurity and how to transition into them.
- 🛡️ **Practical Advice**: Real-world examples of how to practically apply GRC principles in various settings.
- 💼 **Leveraging Backgrounds**: How to use your background, such as healthcare experience, to enter GRC roles.
- 🧰 **Tools and Techniques**: Discussion on tools and techniques for risk assessments and compliance checks.

## Summary
1. Bruce shares insights on GRC and cybersecurity from his experience, highlighting the field's dynamics.
2. He discusses the differences between being a 1099 contractor and a full-time employee, including financial and operational aspects.
3. For college students, Bruce suggests projects like updating security policies or conducting risk assessments to build a resume.
4. He emphasizes the importance of certifications and degrees for advancing in IT and cybersecurity.
5. Bruce advises on leveraging existing backgrounds, like healthcare, for a career in GRC.
6. Practical tools and techniques for conducting risk assessments and ensuring compliance are covered.
7. Networking and gaining practical experience are highlighted as crucial for career advancement.
8. The podcast addresses audience questions, offering tailored advice for specific career queries.
9. Bruce touches on the stress factors in cybersecurity roles and strategies for managing them.
10. The video serves as a comprehensive guide for anyone looking to enter or progress within the cybersecurity and GRC fields.

## Diagram

Let's create a summary diagram to visually represent the key points discussed in the video.

## Diagram

Below is the visual summary of the key points discussed in the video:


On this one we talk a little about ISO 27001:2022

http://convocourses.net

https://youtube.com/live/sLn_OkJMMN4

Free cybersecurity GRC information security stuff:

http://convocourses.net

the video: https://youtube.com/live/v3zU7sartu0

In this power-packed episode of the Courses Podcast, dive headfirst into the multifaceted world of Governance, Risk & Compliance (GRC) with host Bruce. He unravels the ins and outs of Information Technology and Cybersecurity, addressing fantastic listener questions and adding valuable insights from his vast experience. Perfect for IT professionals or cybersecurity enthusiasts, it’s a treasure trove of knowledge and a chance to interact with the experts.

Listen to Bruce as he details the challenges of vendor risk management, spotlighting industry giants like Microsoft, Cisco, and Palo Alto. Understand how vendor relationships influence risk and learn enticing strategies for risk mitigation. Plus, explore vulnerability management, software patching, and how to tackle software weaknesses with practical insights from Bruce.

Aspiring for a career in IT or Cybersecurity? Get guidance on various career paths, the importance of security frameworks like NIST 800, NIST CSF, ISO 27001, and SOC 2, plus valuable tips on certifications that can boost your career like the H.C.I.S.P.P. This episode is your comprehensive guide to the exciting and evolving world of IT and Cybersecurity.

Listen to the first-hand experiences of dealing with large-scale enterprise IT systems, particularly within the Department of Defense (DoD). The discussion covers everything from insecure default configurations to skilled personnel, highlighting the complexity and challenges faced in large IT operations.

Take a deep dive into the basics of Information Technology (IT) and cybersecurity, from ports and protocols to the advent of AI and quantum computing. Regardless of your experience level, this conversation offers valuable insights and will inspire continuous learning.

Master the art of assessing controls and security measures in IT, learning from the best in the industry. From creating a security assessment plan to the importance of self-assessments, understand the complete picture of IT security in this informative episode.

As an added bonus, gain expert book recommendations on IT and Cyber Security, learn resume-building tactics for a tough job market, and pick up hacks for maximizing your online visibility. Whether you’re a seasoned IT professional or on the road to entering the IT industry, this episode of the Courses Podcast will fuel your learning journey.

http://convocourses.net

Today we are talking to Ryan LeVier

Check him out on Linkedin: https://www.linkedin.com/in/ryanlevier/

check out his guide for the CGRC (free): https://tinyurl.com/TheMangoV2

more free stuff at convocourses.net

http://convocourses.net

http://convocourses.net

http://convocourses.net

This week we talk about Governance, Risk and Compliance and what it takes to get into GRC.

check out convocourses.net for free stuff.

This is a brief introduction to governance, risk, and compliance (GRC). 

Join my advanced readers team: https://booksprout.co/reviewer/team/35902/convocourses Join the Newletter: http://convocourses.net

Question: Out of GRC analyst, sca, isso, and security compliance analyst; which roles are the easiest to do the overemployed thing?

http://convocourses.net (DEALS)

Discount on books (limited time): NIST CSF Bundle: https://www.amazon.com/dp/B0CLL3HR5N

newsletter: https://convocourses.com

security certification roadmap:

https://pauljerimy.com/security-certification-roadmap/

http://convocourses.com

CODE: blackfriday2023x

http://convocourses.net

http://convocourses.net

the book:

https://www.amazon.com/dp/B0CLL3HR5N

http://convocourses.net

find me on linkedin:

https://www.linkedin.com/in/bruce-cissp-rmf/

Discord:

https://discord.gg/BYWaScfDwj

http://convocoures.net

check out the careers:

https://steampunk.com/

On vacation in the Philippines.

http://convocourses.net

http://convocourses.com

http://convocourses.net

video: https://www.youtube.com/watch?v=W1flDklH5fU

The concept of IT risk management can be applied to all of life. 

http://convocourses.net

http://convocourses.net

http://convocourses.net

free for limited time: 

https://www.amazon.com/Security-Program-Policy-Cybersecurity-Framework-ebook/dp/B0CDF6GX74

http://convocourses.com

http://convocourses.net

Someone asked what they should do. 

a) community college

b) military

c) self study

We talk about my recommendation in the podcast.

http://convocourses.com

http://convocourses.com

http://convocourses.com

Free for limited time:

https://www.amazon.com/Cybersecurity-Framework-Information-Systems-Security-ebook/dp/B0C8YH5HXH

http://convocourses.com

.99 cents (limited time):

https://www.amazon.com/Cybersecurity-Framework-Information-Systems-Security-ebook/dp/B0C8YH5HXH

http://convocourses.com

http://convocourses.com

See the video:

https://youtube.com/live/1uUqDz4EK_I

http://convocourses.com

The video version:

https://www.youtube.com/watch?v=o1dNaLg0XZM&t=2s

http://convocourses.com

http://convocourses.com

http://convocourses.com

http://convocourses.com

get stigs: https://public.cyber.mil/stigs/

http://convocourses.com

get stigs: https://public.cyber.mil/stigs/

More on http://convocourses.com

https://securitycompliance.thinkific.com/courses/rmf-isso-security-control-assessment

http://convocourses.com

check us out on:

http://convocourses.com

Free for limited time:

https://www.amazon.com/dp/B0C57CDTLR

Free book:

https://www.amazon.com/dp/B0C57CDTLR

atomic habits

https://www.amazon.com/Atomic-Habits-James-Clear-audiobook/dp/B07RFSSYBH

12 week year

https://www.amazon.com/12-Week-Year-Others-Months/dp/B08DFFS7K8

Can't hurt me

https://www.amazon.com/Cant-Hurt-Me-David-Goggins-audiobook/dp/B07KKP62FW

We talk about the differences between ISSO, ISSE and ISSM. I am currently an ISSO. 

check out huge discounts here:

https://www.convocourses.net

Episodes are live at 1pm MST Saturday

check out discounts and free stuff here: https://www.convocourses.net

https://youtube.com/live/adF3_G9BCNA

https://convocourses.net

what the video:

https://www.youtube.com/live/EFgbE_a7EPQ?feature=share

For sales on products and services:

https://convocourses.net

Join the community here:

• https://convocourses.com 
• http://youtube.com/@convocourses
• https://www.tiktok.com/@convocourses
• https://www.facebook.com/convocourses/

https://convocourses.net

my linked in:

https://www.linkedin.com/in/bruce-cissp-rmf/

http://convocourses.net

https://convocourses.net

video version here:

https://youtube.com/live/vRYMrtzf5ms

check out https://www.convocourses.com for more

http://convocourses.net

The keywords you are looking for are "eligible for a clearance"

https://youtube.com/live/px9FDENHrvc

This book will be released for free on the convocourses newsletter. Join now at convocourses.com

Here is the video:

https://youtube.com/live/1uyRVmqULFo

Join us at convocourses.com

huge discounts at https://convocourses.net

http://www.convocourses.net

[email protected] 

waiting for your suggestions

To download the POAM in this podcast go to convocourses.com

A Plan of Action and Milestones (POA&M) is a document that identifies tasks needing to be accomplished to remediate or mitigate risks to a system. It is a requirement under NIST 800-53, which is a guideline for federal agencies and contractors to follow when managing their information security programs. A NIST 800 POA&M, therefore, is a POA&M that is developed in compliance with NIST 800-53 standards.

The NIST 800 POA&M details the resources required to accomplish the elements of the plan, any milestones for meeting the tasks, and scheduled milestone completion dates [1]. The document is continuously updated as progress is made towards remediation, making it a living, dynamic document [2]. The POA&M is a critical tool for anyone responsible for tracking and reporting compliance issues or risks identified for a system [3].

NIST 800-53r5 recommends the use of security automation software to support the POA&M process. This software can help with tracking POA&M items and milestones, and integrate with ticketing systems for streamlined management of remediation activities [2].