Prepare for a deep-dive into the exhilarating world of Defcon, where the brilliant and the curious unite. This year was a spectacular display of innovative minds, intriguing events, and diverse vendors, making it potentially the best one yet. Disregard the media's fear-mongering about Defcon's purported dangers; if you're not attending, there's no need for panic or to switch off your Wi-Fi or Bluetooth.
You'll find solace in my personal journey through the tumultuous path of preparing for the CISSP exam. I unravel the complexities of finding the right resources and speak of my experience with Ben Malisow's practice platform, a treasure compared to the meandering paths of Udemy courses. As I share my last-minute strategy leading up to my second CISSP attempt, you might just find the inspiration you need for your certification journey.
Finally, we'll explore the importance of giving back to the DefCon community and the power of creating a personal brand. Don't let feelings of inadequacy hold you back; authenticity is the key to standing out in a sea of faces. Stay tuned as we discuss the surprising rarity of imposters and introduce a series of swift mentorship episodes. Get ready for a rollercoaster of insights, advice, and inspiring stories as we delve into the fascinating world of tech and personal development.
Affiliate Links:
NordVPN: https://go.nordvpn.net/aff_c?offer_id=15&aff_id=87753&url_id=902
Follow the Podcast on Social Media!
Instagram: https://www.instagram.com/secunfpodcast/
Twitter: https://twitter.com/SecUnfPodcast
Patreon: https://www.patreon.com/SecurityUnfilteredPodcast
YouTube: https://www.youtube.com/@securityunfilteredpodcast
TikTok: Not today China! Not today
1
00:00:01
Speaker 1: How's it going everyone?
00:00:02
So this is another security unfiltered mentorship episode.
00:00:06
So I want to do a bit of a catch up.
00:00:10
So you know, last week slash weekend Was Defcon in Las Vegas,
00:00:17
which was, I mean, it was fantastic.
00:00:19
You know, I think it was probably the best Defcon that
00:00:23
we've had on a long time, maybe ever.
00:00:25
That's like actually the consensus that is going around.
00:00:30
It's not just me saying it, it's a whole lot of people, it seems
00:00:34
like everyone in the community who's anyone really, you know
00:00:39
showed up this year.
00:00:41
You know, I saw a lot of the people that I've had on the
00:00:45
podcast and, to be completely honest with you, I just didn't
00:00:48
have the time to stop and talk with them and whatnot, like I
00:00:51
would have liked to.
00:00:52
So, you know, if you've been on the podcast before and you were
00:00:57
at Defcon, I apologize for not, you know, stopping by and
00:01:03
saying hello and whatnot, but literally my days were
00:01:07
completely jam-packed with meetings, introductions, happy
00:01:12
hours, dinners, lunches, all the above, which is pretty typical
00:01:21
for someone, I guess, in in the field.
00:01:24
You know, every vendor in security knows where all the
00:01:29
security professionals are going , and so all the vendors kind of
00:01:31
go to black hat in the first day or two of Defcon, the black
00:01:36
hat vendors are still typically in town and they will, you know,
00:01:40
invite you to their parties, to lunches, to dinners, drinks,
00:01:47
all of the above.
00:01:48
You know some of them have events off the strip and you
00:01:50
know things like that, which is really awesome.
00:01:52
That's, like I guess, one of the perks, right, that you don't
00:01:57
really think about or hear about that much when you're
00:02:00
getting into this field is, you know, the vendors actually spend
00:02:04
a decent amount of money on you most of the time, but you know
00:02:09
they do that right, because they want to generate more business
00:02:12
for themselves and whatnot.
00:02:14
But overall, it was a fantastic time.
00:02:18
It was a great time to just, you know, spend in Vegas with
00:02:23
like-minded individuals, you know, that come from all
00:02:28
different backgrounds and whatnot.
00:02:29
To be completely honest, I didn't watch or attend too many
00:02:34
talks, mostly because all those will be, you know, on YouTube in
00:02:38
a couple months.
00:02:39
So, you know, I don't really feel bad about that, because I
00:02:43
spent the majority of my time in villages handing out stickers.
00:02:46
You know I handed out 300 stickers, right, so I should
00:02:52
probably should have brought more honestly, but it was
00:02:55
fantastic, you know, meeting people, making new connections,
00:03:00
you know potentially exploring, right, like where things can go.
00:03:08
Just talking to people of all different kinds of backgrounds,
00:03:12
everything from reverse engineers in malware to you know
00:03:17
pen testers to you know people that hack airplanes and
00:03:22
everything in between.
00:03:23
You know people that hack satellites.
00:03:25
There was actually a contest that the military put on this
00:03:29
year was with a bunch of hackers to hack a satellite and try to
00:03:35
traverse from one satellite to another satellite.
00:03:37
Now, I don't know if they were successful in doing that or
00:03:42
whatnot.
00:03:42
It was behind closed doors, which is typically how it is for
00:03:47
those sorts of things, but you know, still like that's an
00:03:52
amazing thing, right?
00:03:54
I always find it funny when the news outlets put stories out
00:03:59
there.
00:04:00
Every year it happens with DEF CON, where they say that, like
00:04:06
the most dangerous time to be in Vegas is during DEF CON,
00:04:10
because you know you're more than likely going to be hacked
00:04:13
and the top hackers in the entire world are all centered in
00:04:16
this conference and they're going to be targeting everyone
00:04:20
and anyone.
00:04:20
You shouldn't be using your phone, you shouldn't use any
00:04:23
Wi-Fi or Bluetooth when you're in Vegas, or anything like that.
00:04:27
You know, I talked about this before.
00:04:29
I talked about this in the DEF CON 101 episode last week where
00:04:37
you know, yeah, you probably shouldn't use Wi-Fi or Bluetooth
00:04:41
if you're going to the conference.
00:04:44
You know, when you're going towards conference grounds, you
00:04:46
probably shouldn't be doing that or you probably shouldn't be
00:04:49
connected to that.
00:04:49
I should say, right, but if you're not attending the
00:04:55
conference, if you're not going anywhere near where the
00:04:57
conference is, there's no reason for you to not have your Wi-Fi
00:05:00
and Bluetooth enabled.
00:05:01
Obviously, when you connect to Wi-Fi, only connect to networks
00:05:06
that you know are legitimate.
00:05:08
Don't be connecting to the alpha beta, charlie, delta, you
00:05:13
know all of those other hacker networks.
00:05:17
You know don't randomly click on one.
00:05:19
Make sure that you're clicking on the right one when you
00:05:22
connect to one.
00:05:23
And if you're really that paranoid, use a VPN.
00:05:26
You know, like that's a really good way to protect yourself.
00:05:29
Yes, right like it, hackers can still get in, right, I'll say
00:05:36
that.
00:05:36
Right, they can still get in, but it makes you a harder target
00:05:41
.
00:05:41
And so when you're dealing with a drunk hacker, maybe they're
00:05:45
not looking for the hardest target out of a million people
00:05:48
that are in Vegas.
00:05:49
Maybe they just want, like, a quick, you know, a hack or
00:05:53
whatever might be right, but it's.
00:05:58
It's always funny when the news stations start saying you know,
00:06:02
basically shouldn't go to Vegas during Def Con.
00:06:05
I mean I wouldn't recommend it because Literally there's like
00:06:09
60 people that are in Vegas for a conference, for one
00:06:15
purpose, that normally aren't in Vegas.
00:06:18
You know, like, like we don't, or at least I don't I don't
00:06:22
typically go to Vegas throughout the year multiple times.
00:06:25
Maybe I'll go for a guys trip every once in a while, but
00:06:29
outside of Def Con I'm not going to Vegas, which is more than
00:06:36
likely the case for a lot of the people that are going to Def
00:06:41
Con, right.
00:06:42
So it's just, it's an interesting time, right, but I
00:06:48
still wouldn't say like, reschedule your, your plan,
00:06:52
tripping one not, which is what the news was actually saying,
00:06:55
which is insane to me but two days, two days after Vegas, you
00:07:04
know, I took the CISP certification for the second
00:07:07
time and I ended up passing it.
00:07:11
So I want to talk about a little bit of the differences between
00:07:14
the first attempt and the second attempt and what I did
00:07:18
differently and all that good stuff.
00:07:20
So you know, first and foremost , the first time around I really
00:07:25
didn't study.
00:07:26
I mean I just I just didn't study, I didn't have the time.
00:07:30
There was several projects that I have on the side that were
00:07:35
wrapping up all at the same time that require a huge amount of
00:07:38
my time, and so I just couldn't, you know, study like I wanted.
00:07:44
But the package that I had purchased from ISC squared was a
00:07:49
two for one.
00:07:50
You get two vouchers for the price of one, and you know, you
00:07:56
had to take the first attempt by a certain date, which was, I
00:08:01
don't know, sometime in June or something like that, and then
00:08:05
the second attempt had to be, you know, in August sometime,
00:08:12
and so I took the first one, really more as if I pass it,
00:08:16
great.
00:08:17
But if I don't, then at least I will have experienced the exam
00:08:22
already and I'll get those kind of first experienced jitters out
00:08:26
of the way and then from there I can focus on the content, see
00:08:31
what I need to improve upon and all that good stuff, right?
00:08:34
So I got to give a big shout out to Ben Maliso.
00:08:39
So, ben Maliso, I've had him on the podcast a couple times.
00:08:43
I'll probably have him back on to talk about his product.
00:08:47
That I'm about to talk about One this episode isn't isn't
00:08:51
sponsored by him.
00:08:52
He doesn't know I'm bringing it up or anything like that.
00:08:55
He'll literally find out tomorrow when I tag him in a
00:08:58
post.
00:08:58
So you know, when he found out that I had failed my first
00:09:03
attempt, he went ahead and, you know, directed me towards the
00:09:12
Want to practice platform that he has created.
00:09:14
Right, and it's it's a great platform.
00:09:15
I didn't know what to expect when I was going into it, to be
00:09:18
completely honest.
00:09:19
I mean, you know these practice questions and whatnot.
00:09:22
You know these practice questions and whatnot.
00:09:26
They can be hit or miss, like I've talked about before.
00:09:30
Right, they can be really hit or miss where you can either
00:09:33
have practice questions that are extraordinarily hard, that are
00:09:37
so hard that they don't even help you prepare For the exam
00:09:41
because they're so far out there , or you could have questions
00:09:44
that are super, super easy.
00:09:46
That is not a total, you know, reflection of the exam, or you
00:09:51
could have something that doesn't Doesn't feel like it
00:09:54
even pertains to the exam.
00:09:55
Maybe the questions are not formatted the same way that isc
00:09:58
squared formats them, and so it can really be hit or miss with
00:10:03
these practice questions and practice tests and everything
00:10:06
like that.
00:10:07
I know someone that went through several thousand practice
00:10:11
questions to pass his CISSP.
00:10:13
I mean that's insane.
00:10:15
I'll tell you right now the amount of practice questions
00:10:21
that I went through in preparation for this CIS CISSP
00:10:27
attempt.
00:10:27
The second attempt Was under.
00:10:31
It was under 500 for sure, 100% under 500.
00:10:35
If I had a guess, maybe 300 or 350.
00:10:39
But I used, like, only Ben Maloso's products To actually
00:10:48
prepare for this second attempt.
00:10:51
You know he, he has online Recorded boot camps of the
00:10:56
certifications for a discounted price.
00:10:58
I think it's actually really good quality.
00:11:01
It's actually fantastic content .
00:11:04
It's better than what you would find, you know.
00:11:06
On Udemy, in my opinion, which you know, udemy I don't know
00:11:11
what's going on with them, but they don't have as many sales as
00:11:13
they used to and now, like the higher-in-demand content is
00:11:19
Basically full price, which is insane.
00:11:22
You know, because when I was looking at getting courses to go
00:11:26
over the, the domains that I messed up on first place I went
00:11:32
was Udemy and you know the top collection for CISSP is, I think
00:11:39
it's like $90 or something like that per domain, which is just
00:11:46
absurd.
00:11:47
I mean $90 per domain.
00:11:49
We're talking about eight domains.
00:11:51
That's just.
00:11:54
That is completely unreasonable .
00:11:56
It's unfathomable even of how they would, you know,
00:12:01
rationalize that.
00:12:02
I guess they would rationalize it where it's like hey, if you,
00:12:06
if you're struggling with two or three domains.
00:12:09
This could make sense.
00:12:10
If you're struggling with two or three domains and you're
00:12:14
totally fine on the others, you're gonna pass the exam Right
00:12:18
, like that isn't going to break you.
00:12:20
It's when it's four or more is when it's really gonna break you
00:12:24
.
00:12:24
Yeah, like if you completely get questions wrong for three
00:12:29
domains, yes, it will break you, but the odds are pretty good
00:12:33
that that's not gonna happen.
00:12:34
You may get lucky even in that mix, and so it just doesn't make
00:12:39
any sense to me.
00:12:42
And so I was at the time.
00:12:43
I was actually kind of stuck.
00:12:44
Then I kind of stumbled upon Ben Maloso's product, went ahead
00:12:50
and started going with that and it was fantastic.
00:12:53
To be completely honest, you know, with the first attempt you
00:12:58
know when you fail an ISC squared exam, they tell you what
00:13:03
domains you struggled with.
00:13:05
You know they're labeled as like below proficiency, what
00:13:09
domains you were near proficiency with and then what
00:13:13
domains you were above proficiency with right.
00:13:15
So there was three domains that I was above proficiency on, and
00:13:19
so I didn't really focus that much on them.
00:13:22
Those domains I touched on two weeks leading up to the exam.
00:13:28
You know, kind of just a quick touch, did some questions to
00:13:31
make sure I knew the, the material reviewed, my notes
00:13:36
Ensured that you know.
00:13:38
Material from those areas that I may struggle with is in my
00:13:41
study guide.
00:13:42
But I focused the vast majority of the time on the domains that
00:13:48
were below proficiency and near proficiency Because I really
00:13:53
wanted to make up or at least get those kind of Easy give me
00:14:00
questions.
00:14:01
You know when it's like.
00:14:02
If you just knew this one thing , you would have got these four
00:14:05
questions right.
00:14:06
You know that, like stuff like that.
00:14:08
So it's really important you know after you, after you fail
00:14:16
an exam like this, to reflect and Adjust your study plan
00:14:21
accordingly.
00:14:21
Right, but again, right, those practice questions from Bell,
00:14:27
ben Maliso, the want to practice , I'll.
00:14:29
I'll have the links and the description and everything like
00:14:32
that.
00:14:32
In case you know anyone is in the same position or they're
00:14:37
looking to start studying for these exams, they can also go to
00:14:41
this resource.
00:14:42
It's very well priced, in my opinion, very well worth the
00:14:47
money.
00:14:48
It's probably the one resource that Is actually worth the money
00:14:54
that you pay for it.
00:14:55
Like you're getting very good quality material and content,
00:15:00
getting very good, very good training, you know, with the
00:15:04
practice questions and everything.
00:15:06
So you know the final week leading up to the exam.
00:15:11
Really, all I did was practice questions.
00:15:14
I'll tell you what I did exactly.
00:15:18
The very first day of that, like seven days out, I went
00:15:23
ahead and and created my study guide.
00:15:26
So I went through each domain because I took notes on each
00:15:29
domain.
00:15:30
When I went through the video, it was notes about things that I
00:15:35
didn't I didn't know before or I had forgotten previously,
00:15:40
things that I had seen on the exam, all of those different
00:15:44
things I took note of, potentially screenshots and
00:15:48
things like that.
00:15:49
Right, you know, one of the things is like the OSI model and
00:15:54
what protocols fall under which layer of the OSI model.
00:15:58
That sounds like a really simple thing, but if you
00:16:03
literally do not look at it every day, you're going to
00:16:06
forget it and that's a Googleable.
00:16:07
You know questions.
00:16:09
So if you're in, if you're encountering that in your day
00:16:12
job, right, one random time, you could just Google it and you'll
00:16:17
be able to find it.
00:16:17
But on the exam it really doesn't, doesn't work like that.
00:16:22
You know you're not going to be able to Google it and find it
00:16:25
or just pull it out of thin air or anything like that, which you
00:16:29
know is challenging, right?
00:16:30
So knowing you know the protocols with those with the
00:16:36
layers and things like that.
00:16:37
That's where I had like a, like a screenshot of right and with
00:16:42
the encryption I had a screenshot of the encryption
00:16:44
that has like a hybrid encryption.
00:16:46
You know architecture or whatnot, just to you know.
00:16:50
Refresh my memory and all this stuff.
00:16:53
You know there was a.
00:16:54
There was a good majority of the stuff on this exam that I
00:16:58
had already touched on with the CCSP.
00:17:01
That's the certified cloud security professional, or maybe
00:17:07
it's practitioner, I don't know, but a lot of it was on the CCSP
00:17:14
.
00:17:14
The difference between the two exams CISSP is more management
00:17:19
based, more management focused.
00:17:21
You're making decisions.
00:17:22
The way that the questions Are worded and everything I mean
00:17:27
your your ask questions about making decisions.
00:17:29
You know about dollar amounts, about you know business critical
00:17:31
situations and things like that .
00:17:31
It really does Prepare you for the next question, does prepare
00:17:38
you a little bit more to be a manager in the field.
00:17:42
Ccsp is really.
00:17:46
It enables you to effectively secure any cloud environment,
00:17:53
regardless of what it is, regardless of whether you know
00:17:59
the architecture or you know that cloud provider or anything
00:18:03
like that.
00:18:03
You're able to secure that cloud no matter what.
00:18:07
So that's a big difference, you know.
00:18:09
Obviously it's focused around the cloud, where CISSP is
00:18:13
focused more around management and whatnot.
00:18:14
But you know, you get the difference right.
00:18:20
So you know, the thing that this certification actually
00:18:26
gives me is it gives me one more thing.
00:18:29
That is checking the box for HR , for hiring managers, for
00:18:36
people that are looking for that sort of thing in their
00:18:39
environment.
00:18:40
It still checks the box for those people to actually get me
00:18:46
in the door to be a manager.
00:18:48
Right, it's more difficult to have that conversation to be a
00:18:52
manager when you don't have your CISSP than it is when you do
00:18:57
have it.
00:18:57
And that may not be true for every single environment, but
00:19:01
I'm talking about the vast majority of the environments out
00:19:04
there, the vast majority of companies out there, because
00:19:07
they have a set of requirements and if you don't hit those
00:19:09
requirements, they just don't, they don't look at you any more
00:19:14
than that.
00:19:15
The reason why is because HR basically sat down with their
00:19:20
legal team and said for this role, what do we need to have in
00:19:24
this role?
00:19:25
Because if we ever get audited, if we're ever breached, if
00:19:29
something bad happens, you know we need to be able to say to the
00:19:35
US government or to whoever is suing us that like hey, we did
00:19:38
our due diligence, we hired someone with this qualification.
00:19:41
This qualification means this in the field, we thought that we
00:19:46
were doing the best job possible.
00:19:48
Right?
00:19:49
They need to be able to say that.
00:19:50
So yeah, it's a cover your own ass type of thing that companies
00:19:57
are doing with certifications in most cases, but it's not for
00:20:03
us to determine, right, we're not the ones that are making
00:20:07
those rules, we're the ones that have to kind of find our way in
00:20:11
there, no matter what.
00:20:13
So I think that sums up.
00:20:20
I'll talk about taking it the second time around.
00:20:22
So again, I took it like two days after DEF CON not the best
00:20:28
idea that I've ever had, that's for sure, especially after a
00:20:34
conference like DEF CON.
00:20:35
But when I was taking the exam, I had reviewed my study guide
00:20:43
thoroughly.
00:20:44
I memorized everything on my study guide.
00:20:46
I understood everything on my study guide.
00:20:48
When I was taking the exam, literally on every single
00:20:55
question, I thought I got it wrong.
00:20:56
I answered with the best answer that I had, that I thought of
00:21:04
right and I thought every single question was wrong.
00:21:13
It got to the point where I was actually contemplating during
00:21:18
the exam how I was going to get another free voucher to retake
00:21:23
it a third time and I was thinking of how I was going to
00:21:27
even explain failing this to the security unfiltered podcast
00:21:32
community.
00:21:32
That's how bad it was.
00:21:37
But I think it was like at question 120 or something like
00:21:42
that.
00:21:43
It's like one of the very first question numbers that you can
00:21:50
hit and pass the exam.
00:21:52
The exam is 150 questions, total it's 175.
00:21:58
They always throw in like 25 questions at the end that are
00:22:02
used as test questions or something like that.
00:22:04
But 150 is the maximum amount and I think it was at like
00:22:11
question 120 or maybe 115 or something, where the exam just
00:22:20
stopped going for me.
00:22:22
It said you're done with the exam, go get your score.
00:22:25
So I figured, okay, I either passed or I failed.
00:22:29
And I figured I failed because I literally thought, you know,
00:22:33
every single question that I was answering was wrong, right, and
00:22:38
so I went and got my my score and said I'm past and now I have
00:22:41
to go through the whole like application process with ISE
00:22:44
squared to get recognized for the certification and all that
00:22:48
good stuff.
00:22:49
But you know I bring that up right Because I was in my head
00:22:55
during this exam.
00:22:57
I was kind of caught up in the fact that, you know, I couldn't
00:23:00
believe that these questions were.
00:23:03
We're just wrong.
00:23:06
You know, like I felt like there was better answers out
00:23:10
there and that the answers that I was given was not good choices
00:23:15
in most cases, and I was choosing, you know, the one that
00:23:19
I thought was the best fit for the scenario, which turns out to
00:23:23
be.
00:23:23
You know that I was correct, but at the same time I was in my
00:23:28
head that entire time and it could have cost me the exam
00:23:33
Because I could have, you know, dialed it back, stopped focusing
00:23:37
as much and I could have just kind of nonchalantly gone
00:23:40
through the exam.
00:23:41
Thankfully I didn't.
00:23:43
I stayed locked in the entire time.
00:23:45
I stayed focused, I stayed, you know, within myself with the
00:23:51
exam and I kept on moving forward and I answered each
00:23:54
question to the best of my ability.
00:23:56
You know, there's a couple questions that I took, like you
00:23:59
know, two, three minutes on right because I was thinking
00:24:03
through everything so thoroughly , not that I was, not that I was
00:24:08
wasting time, but, like I stated before with the first
00:24:12
attempt, the first attempt was the the time that I actually
00:24:17
first encountered it where you couldn't mark something to be
00:24:22
reviewed at, reviewed later, and you couldn't go back to any
00:24:26
questions on the exam at any point in time.
00:24:28
You couldn't go back, and so I knew on this exam I would have
00:24:34
to answer every single question to the best of my ability,
00:24:39
upfront.
00:24:39
When I'm at that question and as soon as I hit next on the on
00:24:44
the screen, you know I have to forget about it and move on to
00:24:47
the next one.
00:24:49
And I think that was the biggest thing for me that actually
00:24:52
Benefited me.
00:24:53
You know, because as I'll get into my head with a question,
00:24:57
right as soon as I would hit next, all that will go away and
00:25:02
I would start over and sometimes I would take a breath, right.
00:25:05
I would sit back in my chair, take a breath, clear my head and
00:25:10
then get right back in it.
00:25:11
I never lost my focus, which is really fantastic, you know.
00:25:16
But yeah, I don't want to.
00:25:20
You know, kind of beat a dead horse, right.
00:25:22
But I just wanted to let you guys know the whole thought
00:25:25
process, start to finish, because that's what I do.
00:25:29
If you've read any of my previous blogs about search that
00:25:32
I've gotten, that's what I do.
00:25:34
So what's next for certifications?
00:25:37
So this year I have to renew the AWS security specialist
00:25:41
Certification, which I am not excited for that's the most
00:25:44
difficult test I've ever taken and I want to get the AWS
00:25:48
solutions architect associate Certification next year.
00:25:53
I think I'll get the CISM and the AWS solutions architect
00:25:57
Professional certifications and I'll probably like call it done
00:26:01
right there for certifications, or at least, you know, for a
00:26:07
couple years.
00:26:07
But you know that's my goal.
00:26:10
I set that goal back in January .
00:26:12
I'm on pace to get it, so I'm gonna keep on, you know, working
00:26:17
towards it.
00:26:18
You know one thing that I wanted to bring up I talk with a lot
00:26:22
of people at Def Con and there's a lot of people out there that
00:26:27
are actually really smart, that Feel like they aren't able to
00:26:32
give back to the community.
00:26:33
Right, because they feel like, you know, they're not the expert
00:26:38
that's giving the talk at Def Con, right, they're not the
00:26:42
person that is having a following on Social media or
00:26:47
anything like that.
00:26:48
Right, they feel like the the value that they bring to the
00:26:52
community is not valuable enough that the community would not
00:26:56
appreciate it, or anything like that, and they're kind of
00:26:59
getting in their head About that sort of stuff.
00:27:02
You know, this is what I say to that you know you don't need to
00:27:08
be the world's foremost expert to, to actually give back to the
00:27:14
community, to provide value to the community, to.
00:27:17
You know, do these sorts of things that will actually help
00:27:20
people in the in this community.
00:27:22
You, really, the way that you need to view it is that what you
00:27:30
know someone else may not know, and if they don't know it and
00:27:34
they Read your blog or they hear your podcast or whatever it
00:27:38
might be, now they do know it and now they're a step ahead,
00:27:45
whereas if they didn't encounter that content, they wouldn't
00:27:49
have that knowledge, they wouldn't be where they are, you
00:27:52
know, with it right?
00:27:53
So it's not benefiting the community for you to keep it all
00:27:59
to yourself.
00:28:00
There's some really, really smart people out there that
00:28:03
you've never heard of that don't have podcasts, they don't have
00:28:06
blogs that don't really go on.
00:28:09
Social media Don't really, you know, provide very much to the
00:28:13
community.
00:28:13
But there are like freaking geniuses out there.
00:28:16
I and they think that they're not smart enough, that they're
00:28:20
not the expert, they're not the one given the talk, right, and
00:28:25
so who would want to hear from them?
00:28:26
You know, when I was starting this podcast, I had that exact
00:28:31
same thought and there was there was a good amount of people in
00:28:35
my friend group that even said you know who who's gonna listen
00:28:40
to your podcast.
00:28:41
I mean, you're not a world-renowned expert.
00:28:44
You have no name in the community.
00:28:46
No one is gonna recognize you.
00:28:49
Why would someone choose your podcast over another?
00:28:51
You know and I approached it from the angle of they're not
00:28:57
choosing my podcast over another I'm Offering things with my
00:29:01
podcasts that are unique to this podcast.
00:29:04
Right with this episode.
00:29:06
I'm not editing it.
00:29:07
Right, it is 11 pm On Wednesday .
00:29:11
It's going live in an hour.
00:29:12
I'm not editing it, I'm not touching it.
00:29:15
This is the unedited, uncut, unfiltered, right episode or
00:29:22
podcast that it is, and I'm providing value.
00:29:27
That is Helping people be more successful in this field,
00:29:30
potentially.
00:29:31
You know, really, that that's what it all is.
00:29:33
You know another reason that you would give back to the
00:29:38
community, that you would post on social media, that you would
00:29:42
Contribute to the community.
00:29:43
More is about building a personal brand.
00:29:46
You know, the easiest way, the easiest times that I've ever
00:29:52
gotten a job is when the hiring manager heard my podcast and
00:29:57
they understood, understood my personality, just from here in
00:30:01
my podcast.
00:30:01
Now, that's a really interesting thing, right,
00:30:04
because I never thought that that would happen.
00:30:06
I mean, I definitely didn't start this podcast to get jobs
00:30:09
or anything like that.
00:30:10
I didn't think it.
00:30:11
I didn't even think that that was a thing, you know.
00:30:16
But Creating a platform for yourself from nothing I mean you
00:30:20
can have no connections on LinkedIn and build something up
00:30:24
right, but building a community, building that personal brand,
00:30:30
will pay you dividends in the long run, because you know, god
00:30:34
forbid you lose your job, god forbid you have to move to
00:30:38
another country, or you have to move to another state, or you
00:30:42
know, you have to take an extended period of time off of
00:30:45
work for some unforeseen reason.
00:30:47
You have a personal brand out there, you are contributing to
00:30:53
the community, people are listening to you, they're paying
00:30:57
attention to you, and so you're not starting from zero.
00:31:00
You know this is giving you a leg up, and so it really makes a
00:31:05
difference when you have that personal brand, when you have,
00:31:09
you know, something that you have worked towards, where you
00:31:12
have, like, a public persona.
00:31:13
You know, I don't view it as a public persona, right, because
00:31:16
what you see right now is what you get at Def Con.
00:31:19
What you get at Def Con is what you get when I'm at Jewel,
00:31:22
right, like it's the exact same, joe, I really don't know how to
00:31:27
be anyone else.
00:31:28
But I think that my audience and I think that the people that
00:31:33
are listening to my podcast From that perspective or seeing
00:31:37
that as well, is I like hey, this guy is who he says he is.
00:31:41
He is not what he says he is not , and that is a rare thing in
00:31:46
this world, I think.
00:31:47
In my opinion, I think that that's a rare thing as all these
00:31:52
different things are coming out , right as the Linus Media Group
00:31:56
drama Came out this week and all that sort of stuff.
00:32:00
Right it's, it's interesting, to say the least.
00:32:04
But look, guys, I Don't want to .
00:32:06
I don't want to.
00:32:08
You know, drag this episode along.
00:32:11
Right, it's a 30-minute mentorship episode.
00:32:13
For a reason, it's something quick, easily consumable that
00:32:17
you can listen to, grab some knowledge from and excel from
00:32:21
right.
00:32:21
So that's all that I have for this episode.
00:32:25
I really hope that you enjoyed it.
00:32:27
I will absolutely, you know, continue the mentorship episode
00:32:33
series next week again.
00:32:35
You know, sorry for Missing a couple weeks there, but I think
00:32:39
I'm back on the wagon now.
00:32:41
So, alright, guys, see ya.
Speaker 1: How's it going everyone?
00:00:02
So this is another security unfiltered mentorship episode.
00:00:06
So I want to do a bit of a catch up.
00:00:10
So you know, last week slash weekend Was Defcon in Las Vegas,
00:00:17
which was, I mean, it was fantastic.
00:00:19
You know, I think it was probably the best Defcon that
00:00:23
we've had on a long time, maybe ever.
00:00:25
That's like actually the consensus that is going around.
00:00:30
It's not just me saying it, it's a whole lot of people, it seems
00:00:34
like everyone in the community who's anyone really, you know
00:00:39
showed up this year.
00:00:41
You know, I saw a lot of the people that I've had on the
00:00:45
podcast and, to be completely honest with you, I just didn't
00:00:48
have the time to stop and talk with them and whatnot, like I
00:00:51
would have liked to.
00:00:52
So, you know, if you've been on the podcast before and you were
00:00:57
at Defcon, I apologize for not, you know, stopping by and
00:01:03
saying hello and whatnot, but literally my days were
00:01:07
completely jam-packed with meetings, introductions, happy
00:01:12
hours, dinners, lunches, all the above, which is pretty typical
00:01:21
for someone, I guess, in in the field.
00:01:24
You know, every vendor in security knows where all the
00:01:29
security professionals are going , and so all the vendors kind of
00:01:31
go to black hat in the first day or two of Defcon, the black
00:01:36
hat vendors are still typically in town and they will, you know,
00:01:40
invite you to their parties, to lunches, to dinners, drinks,
00:01:47
all of the above.
00:01:48
You know some of them have events off the strip and you
00:01:50
know things like that, which is really awesome.
00:01:52
That's, like I guess, one of the perks, right, that you don't
00:01:57
really think about or hear about that much when you're
00:02:00
getting into this field is, you know, the vendors actually spend
00:02:04
a decent amount of money on you most of the time, but you know
00:02:09
they do that right, because they want to generate more business
00:02:12
for themselves and whatnot.
00:02:14
But overall, it was a fantastic time.
00:02:18
It was a great time to just, you know, spend in Vegas with
00:02:23
like-minded individuals, you know, that come from all
00:02:28
different backgrounds and whatnot.
00:02:29
To be completely honest, I didn't watch or attend too many
00:02:34
talks, mostly because all those will be, you know, on YouTube in
00:02:38
a couple months.
00:02:39
So, you know, I don't really feel bad about that, because I
00:02:43
spent the majority of my time in villages handing out stickers.
00:02:46
You know I handed out 300 stickers, right, so I should
00:02:52
probably should have brought more honestly, but it was
00:02:55
fantastic, you know, meeting people, making new connections,
00:03:00
you know potentially exploring, right, like where things can go.
00:03:08
Just talking to people of all different kinds of backgrounds,
00:03:12
everything from reverse engineers in malware to you know
00:03:17
pen testers to you know people that hack airplanes and
00:03:22
everything in between.
00:03:23
You know people that hack satellites.
00:03:25
There was actually a contest that the military put on this
00:03:29
year was with a bunch of hackers to hack a satellite and try to
00:03:35
traverse from one satellite to another satellite.
00:03:37
Now, I don't know if they were successful in doing that or
00:03:42
whatnot.
00:03:42
It was behind closed doors, which is typically how it is for
00:03:47
those sorts of things, but you know, still like that's an
00:03:52
amazing thing, right?
00:03:54
I always find it funny when the news outlets put stories out
00:03:59
there.
00:04:00
Every year it happens with DEF CON, where they say that, like
00:04:06
the most dangerous time to be in Vegas is during DEF CON,
00:04:10
because you know you're more than likely going to be hacked
00:04:13
and the top hackers in the entire world are all centered in
00:04:16
this conference and they're going to be targeting everyone
00:04:20
and anyone.
00:04:20
You shouldn't be using your phone, you shouldn't use any
00:04:23
Wi-Fi or Bluetooth when you're in Vegas, or anything like that.
00:04:27
You know, I talked about this before.
00:04:29
I talked about this in the DEF CON 101 episode last week where
00:04:37
you know, yeah, you probably shouldn't use Wi-Fi or Bluetooth
00:04:41
if you're going to the conference.
00:04:44
You know, when you're going towards conference grounds, you
00:04:46
probably shouldn't be doing that or you probably shouldn't be
00:04:49
connected to that.
00:04:49
I should say, right, but if you're not attending the
00:04:55
conference, if you're not going anywhere near where the
00:04:57
conference is, there's no reason for you to not have your Wi-Fi
00:05:00
and Bluetooth enabled.
00:05:01
Obviously, when you connect to Wi-Fi, only connect to networks
00:05:06
that you know are legitimate.
00:05:08
Don't be connecting to the alpha beta, charlie, delta, you
00:05:13
know all of those other hacker networks.
00:05:17
You know don't randomly click on one.
00:05:19
Make sure that you're clicking on the right one when you
00:05:22
connect to one.
00:05:23
And if you're really that paranoid, use a VPN.
00:05:26
You know, like that's a really good way to protect yourself.
00:05:29
Yes, right like it, hackers can still get in, right, I'll say
00:05:36
that.
00:05:36
Right, they can still get in, but it makes you a harder target
00:05:41
.
00:05:41
And so when you're dealing with a drunk hacker, maybe they're
00:05:45
not looking for the hardest target out of a million people
00:05:48
that are in Vegas.
00:05:49
Maybe they just want, like, a quick, you know, a hack or
00:05:53
whatever might be right, but it's.
00:05:58
It's always funny when the news stations start saying you know,
00:06:02
basically shouldn't go to Vegas during Def Con.
00:06:05
I mean I wouldn't recommend it because Literally there's like
00:06:09
60 people that are in Vegas for a conference, for one
00:06:15
purpose, that normally aren't in Vegas.
00:06:18
You know, like, like we don't, or at least I don't I don't
00:06:22
typically go to Vegas throughout the year multiple times.
00:06:25
Maybe I'll go for a guys trip every once in a while, but
00:06:29
outside of Def Con I'm not going to Vegas, which is more than
00:06:36
likely the case for a lot of the people that are going to Def
00:06:41
Con, right.
00:06:42
So it's just, it's an interesting time, right, but I
00:06:48
still wouldn't say like, reschedule your, your plan,
00:06:52
tripping one not, which is what the news was actually saying,
00:06:55
which is insane to me but two days, two days after Vegas, you
00:07:04
know, I took the CISP certification for the second
00:07:07
time and I ended up passing it.
00:07:11
So I want to talk about a little bit of the differences between
00:07:14
the first attempt and the second attempt and what I did
00:07:18
differently and all that good stuff.
00:07:20
So you know, first and foremost , the first time around I really
00:07:25
didn't study.
00:07:26
I mean I just I just didn't study, I didn't have the time.
00:07:30
There was several projects that I have on the side that were
00:07:35
wrapping up all at the same time that require a huge amount of
00:07:38
my time, and so I just couldn't, you know, study like I wanted.
00:07:44
But the package that I had purchased from ISC squared was a
00:07:49
two for one.
00:07:50
You get two vouchers for the price of one, and you know, you
00:07:56
had to take the first attempt by a certain date, which was, I
00:08:01
don't know, sometime in June or something like that, and then
00:08:05
the second attempt had to be, you know, in August sometime,
00:08:12
and so I took the first one, really more as if I pass it,
00:08:16
great.
00:08:17
But if I don't, then at least I will have experienced the exam
00:08:22
already and I'll get those kind of first experienced jitters out
00:08:26
of the way and then from there I can focus on the content, see
00:08:31
what I need to improve upon and all that good stuff, right?
00:08:34
So I got to give a big shout out to Ben Maliso.
00:08:39
So, ben Maliso, I've had him on the podcast a couple times.
00:08:43
I'll probably have him back on to talk about his product.
00:08:47
That I'm about to talk about One this episode isn't isn't
00:08:51
sponsored by him.
00:08:52
He doesn't know I'm bringing it up or anything like that.
00:08:55
He'll literally find out tomorrow when I tag him in a
00:08:58
post.
00:08:58
So you know, when he found out that I had failed my first
00:09:03
attempt, he went ahead and, you know, directed me towards the
00:09:12
Want to practice platform that he has created.
00:09:14
Right, and it's it's a great platform.
00:09:15
I didn't know what to expect when I was going into it, to be
00:09:18
completely honest.
00:09:19
I mean, you know these practice questions and whatnot.
00:09:22
You know these practice questions and whatnot.
00:09:26
They can be hit or miss, like I've talked about before.
00:09:30
Right, they can be really hit or miss where you can either
00:09:33
have practice questions that are extraordinarily hard, that are
00:09:37
so hard that they don't even help you prepare For the exam
00:09:41
because they're so far out there , or you could have questions
00:09:44
that are super, super easy.
00:09:46
That is not a total, you know, reflection of the exam, or you
00:09:51
could have something that doesn't Doesn't feel like it
00:09:54
even pertains to the exam.
00:09:55
Maybe the questions are not formatted the same way that isc
00:09:58
squared formats them, and so it can really be hit or miss with
00:10:03
these practice questions and practice tests and everything
00:10:06
like that.
00:10:07
I know someone that went through several thousand practice
00:10:11
questions to pass his CISSP.
00:10:13
I mean that's insane.
00:10:15
I'll tell you right now the amount of practice questions
00:10:21
that I went through in preparation for this CIS CISSP
00:10:27
attempt.
00:10:27
The second attempt Was under.
00:10:31
It was under 500 for sure, 100% under 500.
00:10:35
If I had a guess, maybe 300 or 350.
00:10:39
But I used, like, only Ben Maloso's products To actually
00:10:48
prepare for this second attempt.
00:10:51
You know he, he has online Recorded boot camps of the
00:10:56
certifications for a discounted price.
00:10:58
I think it's actually really good quality.
00:11:01
It's actually fantastic content .
00:11:04
It's better than what you would find, you know.
00:11:06
On Udemy, in my opinion, which you know, udemy I don't know
00:11:11
what's going on with them, but they don't have as many sales as
00:11:13
they used to and now, like the higher-in-demand content is
00:11:19
Basically full price, which is insane.
00:11:22
You know, because when I was looking at getting courses to go
00:11:26
over the, the domains that I messed up on first place I went
00:11:32
was Udemy and you know the top collection for CISSP is, I think
00:11:39
it's like $90 or something like that per domain, which is just
00:11:46
absurd.
00:11:47
I mean $90 per domain.
00:11:49
We're talking about eight domains.
00:11:51
That's just.
00:11:54
That is completely unreasonable .
00:11:56
It's unfathomable even of how they would, you know,
00:12:01
rationalize that.
00:12:02
I guess they would rationalize it where it's like hey, if you,
00:12:06
if you're struggling with two or three domains.
00:12:09
This could make sense.
00:12:10
If you're struggling with two or three domains and you're
00:12:14
totally fine on the others, you're gonna pass the exam Right
00:12:18
, like that isn't going to break you.
00:12:20
It's when it's four or more is when it's really gonna break you
00:12:24
.
00:12:24
Yeah, like if you completely get questions wrong for three
00:12:29
domains, yes, it will break you, but the odds are pretty good
00:12:33
that that's not gonna happen.
00:12:34
You may get lucky even in that mix, and so it just doesn't make
00:12:39
any sense to me.
00:12:42
And so I was at the time.
00:12:43
I was actually kind of stuck.
00:12:44
Then I kind of stumbled upon Ben Maloso's product, went ahead
00:12:50
and started going with that and it was fantastic.
00:12:53
To be completely honest, you know, with the first attempt you
00:12:58
know when you fail an ISC squared exam, they tell you what
00:13:03
domains you struggled with.
00:13:05
You know they're labeled as like below proficiency, what
00:13:09
domains you were near proficiency with and then what
00:13:13
domains you were above proficiency with right.
00:13:15
So there was three domains that I was above proficiency on, and
00:13:19
so I didn't really focus that much on them.
00:13:22
Those domains I touched on two weeks leading up to the exam.
00:13:28
You know, kind of just a quick touch, did some questions to
00:13:31
make sure I knew the, the material reviewed, my notes
00:13:36
Ensured that you know.
00:13:38
Material from those areas that I may struggle with is in my
00:13:41
study guide.
00:13:42
But I focused the vast majority of the time on the domains that
00:13:48
were below proficiency and near proficiency Because I really
00:13:53
wanted to make up or at least get those kind of Easy give me
00:14:00
questions.
00:14:01
You know when it's like.
00:14:02
If you just knew this one thing , you would have got these four
00:14:05
questions right.
00:14:06
You know that, like stuff like that.
00:14:08
So it's really important you know after you, after you fail
00:14:16
an exam like this, to reflect and Adjust your study plan
00:14:21
accordingly.
00:14:21
Right, but again, right, those practice questions from Bell,
00:14:27
ben Maliso, the want to practice , I'll.
00:14:29
I'll have the links and the description and everything like
00:14:32
that.
00:14:32
In case you know anyone is in the same position or they're
00:14:37
looking to start studying for these exams, they can also go to
00:14:41
this resource.
00:14:42
It's very well priced, in my opinion, very well worth the
00:14:47
money.
00:14:48
It's probably the one resource that Is actually worth the money
00:14:54
that you pay for it.
00:14:55
Like you're getting very good quality material and content,
00:15:00
getting very good, very good training, you know, with the
00:15:04
practice questions and everything.
00:15:06
So you know the final week leading up to the exam.
00:15:11
Really, all I did was practice questions.
00:15:14
I'll tell you what I did exactly.
00:15:18
The very first day of that, like seven days out, I went
00:15:23
ahead and and created my study guide.
00:15:26
So I went through each domain because I took notes on each
00:15:29
domain.
00:15:30
When I went through the video, it was notes about things that I
00:15:35
didn't I didn't know before or I had forgotten previously,
00:15:40
things that I had seen on the exam, all of those different
00:15:44
things I took note of, potentially screenshots and
00:15:48
things like that.
00:15:49
Right, you know, one of the things is like the OSI model and
00:15:54
what protocols fall under which layer of the OSI model.
00:15:58
That sounds like a really simple thing, but if you
00:16:03
literally do not look at it every day, you're going to
00:16:06
forget it and that's a Googleable.
00:16:07
You know questions.
00:16:09
So if you're in, if you're encountering that in your day
00:16:12
job, right, one random time, you could just Google it and you'll
00:16:17
be able to find it.
00:16:17
But on the exam it really doesn't, doesn't work like that.
00:16:22
You know you're not going to be able to Google it and find it
00:16:25
or just pull it out of thin air or anything like that, which you
00:16:29
know is challenging, right?
00:16:30
So knowing you know the protocols with those with the
00:16:36
layers and things like that.
00:16:37
That's where I had like a, like a screenshot of right and with
00:16:42
the encryption I had a screenshot of the encryption
00:16:44
that has like a hybrid encryption.
00:16:46
You know architecture or whatnot, just to you know.
00:16:50
Refresh my memory and all this stuff.
00:16:53
You know there was a.
00:16:54
There was a good majority of the stuff on this exam that I
00:16:58
had already touched on with the CCSP.
00:17:01
That's the certified cloud security professional, or maybe
00:17:07
it's practitioner, I don't know, but a lot of it was on the CCSP
00:17:14
.
00:17:14
The difference between the two exams CISSP is more management
00:17:19
based, more management focused.
00:17:21
You're making decisions.
00:17:22
The way that the questions Are worded and everything I mean
00:17:27
your your ask questions about making decisions.
00:17:29
You know about dollar amounts, about you know business critical
00:17:31
situations and things like that .
00:17:31
It really does Prepare you for the next question, does prepare
00:17:38
you a little bit more to be a manager in the field.
00:17:42
Ccsp is really.
00:17:46
It enables you to effectively secure any cloud environment,
00:17:53
regardless of what it is, regardless of whether you know
00:17:59
the architecture or you know that cloud provider or anything
00:18:03
like that.
00:18:03
You're able to secure that cloud no matter what.
00:18:07
So that's a big difference, you know.
00:18:09
Obviously it's focused around the cloud, where CISSP is
00:18:13
focused more around management and whatnot.
00:18:14
But you know, you get the difference right.
00:18:20
So you know, the thing that this certification actually
00:18:26
gives me is it gives me one more thing.
00:18:29
That is checking the box for HR , for hiring managers, for
00:18:36
people that are looking for that sort of thing in their
00:18:39
environment.
00:18:40
It still checks the box for those people to actually get me
00:18:46
in the door to be a manager.
00:18:48
Right, it's more difficult to have that conversation to be a
00:18:52
manager when you don't have your CISSP than it is when you do
00:18:57
have it.
00:18:57
And that may not be true for every single environment, but
00:19:01
I'm talking about the vast majority of the environments out
00:19:04
there, the vast majority of companies out there, because
00:19:07
they have a set of requirements and if you don't hit those
00:19:09
requirements, they just don't, they don't look at you any more
00:19:14
than that.
00:19:15
The reason why is because HR basically sat down with their
00:19:20
legal team and said for this role, what do we need to have in
00:19:24
this role?
00:19:25
Because if we ever get audited, if we're ever breached, if
00:19:29
something bad happens, you know we need to be able to say to the
00:19:35
US government or to whoever is suing us that like hey, we did
00:19:38
our due diligence, we hired someone with this qualification.
00:19:41
This qualification means this in the field, we thought that we
00:19:46
were doing the best job possible.
00:19:48
Right?
00:19:49
They need to be able to say that.
00:19:50
So yeah, it's a cover your own ass type of thing that companies
00:19:57
are doing with certifications in most cases, but it's not for
00:20:03
us to determine, right, we're not the ones that are making
00:20:07
those rules, we're the ones that have to kind of find our way in
00:20:11
there, no matter what.
00:20:13
So I think that sums up.
00:20:20
I'll talk about taking it the second time around.
00:20:22
So again, I took it like two days after DEF CON not the best
00:20:28
idea that I've ever had, that's for sure, especially after a
00:20:34
conference like DEF CON.
00:20:35
But when I was taking the exam, I had reviewed my study guide
00:20:43
thoroughly.
00:20:44
I memorized everything on my study guide.
00:20:46
I understood everything on my study guide.
00:20:48
When I was taking the exam, literally on every single
00:20:55
question, I thought I got it wrong.
00:20:56
I answered with the best answer that I had, that I thought of
00:21:04
right and I thought every single question was wrong.
00:21:13
It got to the point where I was actually contemplating during
00:21:18
the exam how I was going to get another free voucher to retake
00:21:23
it a third time and I was thinking of how I was going to
00:21:27
even explain failing this to the security unfiltered podcast
00:21:32
community.
00:21:32
That's how bad it was.
00:21:37
But I think it was like at question 120 or something like
00:21:42
that.
00:21:43
It's like one of the very first question numbers that you can
00:21:50
hit and pass the exam.
00:21:52
The exam is 150 questions, total it's 175.
00:21:58
They always throw in like 25 questions at the end that are
00:22:02
used as test questions or something like that.
00:22:04
But 150 is the maximum amount and I think it was at like
00:22:11
question 120 or maybe 115 or something, where the exam just
00:22:20
stopped going for me.
00:22:22
It said you're done with the exam, go get your score.
00:22:25
So I figured, okay, I either passed or I failed.
00:22:29
And I figured I failed because I literally thought, you know,
00:22:33
every single question that I was answering was wrong, right, and
00:22:38
so I went and got my my score and said I'm past and now I have
00:22:41
to go through the whole like application process with ISE
00:22:44
squared to get recognized for the certification and all that
00:22:48
good stuff.
00:22:49
But you know I bring that up right Because I was in my head
00:22:55
during this exam.
00:22:57
I was kind of caught up in the fact that, you know, I couldn't
00:23:00
believe that these questions were.
00:23:03
We're just wrong.
00:23:06
You know, like I felt like there was better answers out
00:23:10
there and that the answers that I was given was not good choices
00:23:15
in most cases, and I was choosing, you know, the one that
00:23:19
I thought was the best fit for the scenario, which turns out to
00:23:23
be.
00:23:23
You know that I was correct, but at the same time I was in my
00:23:28
head that entire time and it could have cost me the exam
00:23:33
Because I could have, you know, dialed it back, stopped focusing
00:23:37
as much and I could have just kind of nonchalantly gone
00:23:40
through the exam.
00:23:41
Thankfully I didn't.
00:23:43
I stayed locked in the entire time.
00:23:45
I stayed focused, I stayed, you know, within myself with the
00:23:51
exam and I kept on moving forward and I answered each
00:23:54
question to the best of my ability.
00:23:56
You know, there's a couple questions that I took, like you
00:23:59
know, two, three minutes on right because I was thinking
00:24:03
through everything so thoroughly , not that I was, not that I was
00:24:08
wasting time, but, like I stated before with the first
00:24:12
attempt, the first attempt was the the time that I actually
00:24:17
first encountered it where you couldn't mark something to be
00:24:22
reviewed at, reviewed later, and you couldn't go back to any
00:24:26
questions on the exam at any point in time.
00:24:28
You couldn't go back, and so I knew on this exam I would have
00:24:34
to answer every single question to the best of my ability,
00:24:39
upfront.
00:24:39
When I'm at that question and as soon as I hit next on the on
00:24:44
the screen, you know I have to forget about it and move on to
00:24:47
the next one.
00:24:49
And I think that was the biggest thing for me that actually
00:24:52
Benefited me.
00:24:53
You know, because as I'll get into my head with a question,
00:24:57
right as soon as I would hit next, all that will go away and
00:25:02
I would start over and sometimes I would take a breath, right.
00:25:05
I would sit back in my chair, take a breath, clear my head and
00:25:10
then get right back in it.
00:25:11
I never lost my focus, which is really fantastic, you know.
00:25:16
But yeah, I don't want to.
00:25:20
You know, kind of beat a dead horse, right.
00:25:22
But I just wanted to let you guys know the whole thought
00:25:25
process, start to finish, because that's what I do.
00:25:29
If you've read any of my previous blogs about search that
00:25:32
I've gotten, that's what I do.
00:25:34
So what's next for certifications?
00:25:37
So this year I have to renew the AWS security specialist
00:25:41
Certification, which I am not excited for that's the most
00:25:44
difficult test I've ever taken and I want to get the AWS
00:25:48
solutions architect associate Certification next year.
00:25:53
I think I'll get the CISM and the AWS solutions architect
00:25:57
Professional certifications and I'll probably like call it done
00:26:01
right there for certifications, or at least, you know, for a
00:26:07
couple years.
00:26:07
But you know that's my goal.
00:26:10
I set that goal back in January .
00:26:12
I'm on pace to get it, so I'm gonna keep on, you know, working
00:26:17
towards it.
00:26:18
You know one thing that I wanted to bring up I talk with a lot
00:26:22
of people at Def Con and there's a lot of people out there that
00:26:27
are actually really smart, that Feel like they aren't able to
00:26:32
give back to the community.
00:26:33
Right, because they feel like, you know, they're not the expert
00:26:38
that's giving the talk at Def Con, right, they're not the
00:26:42
person that is having a following on Social media or
00:26:47
anything like that.
00:26:48
Right, they feel like the the value that they bring to the
00:26:52
community is not valuable enough that the community would not
00:26:56
appreciate it, or anything like that, and they're kind of
00:26:59
getting in their head About that sort of stuff.
00:27:02
You know, this is what I say to that you know you don't need to
00:27:08
be the world's foremost expert to, to actually give back to the
00:27:14
community, to provide value to the community, to.
00:27:17
You know, do these sorts of things that will actually help
00:27:20
people in the in this community.
00:27:22
You, really, the way that you need to view it is that what you
00:27:30
know someone else may not know, and if they don't know it and
00:27:34
they Read your blog or they hear your podcast or whatever it
00:27:38
might be, now they do know it and now they're a step ahead,
00:27:45
whereas if they didn't encounter that content, they wouldn't
00:27:49
have that knowledge, they wouldn't be where they are, you
00:27:52
know, with it right?
00:27:53
So it's not benefiting the community for you to keep it all
00:27:59
to yourself.
00:28:00
There's some really, really smart people out there that
00:28:03
you've never heard of that don't have podcasts, they don't have
00:28:06
blogs that don't really go on.
00:28:09
Social media Don't really, you know, provide very much to the
00:28:13
community.
00:28:13
But there are like freaking geniuses out there.
00:28:16
I and they think that they're not smart enough, that they're
00:28:20
not the expert, they're not the one given the talk, right, and
00:28:25
so who would want to hear from them?
00:28:26
You know, when I was starting this podcast, I had that exact
00:28:31
same thought and there was there was a good amount of people in
00:28:35
my friend group that even said you know who who's gonna listen
00:28:40
to your podcast.
00:28:41
I mean, you're not a world-renowned expert.
00:28:44
You have no name in the community.
00:28:46
No one is gonna recognize you.
00:28:49
Why would someone choose your podcast over another?
00:28:51
You know and I approached it from the angle of they're not
00:28:57
choosing my podcast over another I'm Offering things with my
00:29:01
podcasts that are unique to this podcast.
00:29:04
Right with this episode.
00:29:06
I'm not editing it.
00:29:07
Right, it is 11 pm On Wednesday .
00:29:11
It's going live in an hour.
00:29:12
I'm not editing it, I'm not touching it.
00:29:15
This is the unedited, uncut, unfiltered, right episode or
00:29:22
podcast that it is, and I'm providing value.
00:29:27
That is Helping people be more successful in this field,
00:29:30
potentially.
00:29:31
You know, really, that that's what it all is.
00:29:33
You know another reason that you would give back to the
00:29:38
community, that you would post on social media, that you would
00:29:42
Contribute to the community.
00:29:43
More is about building a personal brand.
00:29:46
You know, the easiest way, the easiest times that I've ever
00:29:52
gotten a job is when the hiring manager heard my podcast and
00:29:57
they understood, understood my personality, just from here in
00:30:01
my podcast.
00:30:01
Now, that's a really interesting thing, right,
00:30:04
because I never thought that that would happen.
00:30:06
I mean, I definitely didn't start this podcast to get jobs
00:30:09
or anything like that.
00:30:10
I didn't think it.
00:30:11
I didn't even think that that was a thing, you know.
00:30:16
But Creating a platform for yourself from nothing I mean you
00:30:20
can have no connections on LinkedIn and build something up
00:30:24
right, but building a community, building that personal brand,
00:30:30
will pay you dividends in the long run, because you know, god
00:30:34
forbid you lose your job, god forbid you have to move to
00:30:38
another country, or you have to move to another state, or you
00:30:42
know, you have to take an extended period of time off of
00:30:45
work for some unforeseen reason.
00:30:47
You have a personal brand out there, you are contributing to
00:30:53
the community, people are listening to you, they're paying
00:30:57
attention to you, and so you're not starting from zero.
00:31:00
You know this is giving you a leg up, and so it really makes a
00:31:05
difference when you have that personal brand, when you have,
00:31:09
you know, something that you have worked towards, where you
00:31:12
have, like, a public persona.
00:31:13
You know, I don't view it as a public persona, right, because
00:31:16
what you see right now is what you get at Def Con.
00:31:19
What you get at Def Con is what you get when I'm at Jewel,
00:31:22
right, like it's the exact same, joe, I really don't know how to
00:31:27
be anyone else.
00:31:28
But I think that my audience and I think that the people that
00:31:33
are listening to my podcast From that perspective or seeing
00:31:37
that as well, is I like hey, this guy is who he says he is.
00:31:41
He is not what he says he is not , and that is a rare thing in
00:31:46
this world, I think.
00:31:47
In my opinion, I think that that's a rare thing as all these
00:31:52
different things are coming out , right as the Linus Media Group
00:31:56
drama Came out this week and all that sort of stuff.
00:32:00
Right it's, it's interesting, to say the least.
00:32:04
But look, guys, I Don't want to .
00:32:06
I don't want to.
00:32:08
You know, drag this episode along.
00:32:11
Right, it's a 30-minute mentorship episode.
00:32:13
For a reason, it's something quick, easily consumable that
00:32:17
you can listen to, grab some knowledge from and excel from
00:32:21
right.
00:32:21
So that's all that I have for this episode.
00:32:25
I really hope that you enjoyed it.
00:32:27
I will absolutely, you know, continue the mentorship episode
00:32:33
series next week again.
00:32:35
You know, sorry for Missing a couple weeks there, but I think
00:32:39
I'm back on the wagon now.
00:32:41
So, alright, guys, see ya.
Related Episodes
In the Mind of a Mercenary: A Dive Into Cyber Warfare
Ever pondered what it takes to transform a childhood fascination with computers into a fruitful career in IT and security? Our guest, Chris, provides a captivating narration of his journey, showcasing how he climbed up the ladder from help desk jobs to security roles in banks. He paints an intrigui...
Unlocking the Excitement of Defcon: An Insider's Guide to the World's Largest Security Conference
Get ready to unlock the thrills and chills of Defcon, the world's largest security conference. I promise to give you an insider's look at this exhilarating event, filled with expert talks that range from AI models cracking safes to taking over vehicles on the highway. And if you've e...
Behind the Scenes: Prepping for the CISSP Exam Twice
Ready to get the inside scoop on the latest happenings of our podcast? This episode is teeming with personal anecdotes, exciting plans, and important updates tailored just for our loyal listeners. From unraveling our recent endeavors to sharing our firsthand experiences with the daunting CISSP exam...