Ever think about how moonlighting could springboard your career to exceptional heights? Buckle up for a thrilling discussion about one of the least explored, career-enhancing strategies - moonlighting. We'll uncover the nuts and bolts of this concept and underline how it stands apart from conventional nine-to-five jobs. We'll highlight how savvy networking can open doors to invaluable experience, and why having a fire in your belly for your job is ever so crucial, especially in the high-stress, high-stakes world of security work.
In the latter half, we're going to connect the dots between moonlighting and self-training that could lead to career progression, productivity gains, and cutting costs. We're also going to dig into the importance of professional certifications like CISSP and CCSP in a fiercely competitive market. So tune in and let's explore how a small investment in yourself now, via moonlighting and gaining certifications, can pay dividends in the future.
Follow the Podcast on Social Media!
TikTok: Not today China! Not today
How's it going? Everyone? This is another security unfiltered mentorship episode. So you know, last couple weeks I did not put an episode in, mostly because I forgot, because I was pretty sick the past couple weeks, even even now, you know, I may cough a little bit or need to clear my throat, you know, during this recording here, just like that. And you know I'm getting over whatever. It was a cold or whatever. But you know, I thought today would be a great time to actually just kind of talk about moonlighting and how to use it to take your career to the next level. Okay, so there's a lot of different kinds of moonlighting, you know, and I think that this is a topic that isn't really talked about. It's not discussed very often. You know, I never even heard the term moonlighting until I actually started doing it myself and someone else actually told me. You know that term and what it was and everything. You know. News to me, right? So let's just start with what it is. You know, moonlighting is basically anything that you're doing sort of work related or career related, outside of work hours, you know. So you weren't, you weren't assigned this. You're not doing it for your nine to five job or anything like that. You know this is something that you're doing to basically better yourself and, you know, get yourself into a different place in your career. You know, and often, often, I forget about this part in my career. You know, early on in my career everyone knows a story by now For two and a half years I worked at a help desk job. You know, I enjoyed the team, I didn't mind the work and whatnot, but it wasn't what I wanted to do. It wasn't cybersecurity, even though I was focused more on the security side of the house. It wasn't a security dedicated or security focused role. And so that's a huge, that's a huge difference, you know, between being in cybersecurity and not being in cybersecurity. And the opportunity came up, just through a friend, to actually be a security analyst for a small consulting firm out of the DC slash, virginia area. I would be in house security consultant. You know I wouldn't be, I wouldn't be, you know, client facing or anything like that. And I think the position was actually like security analyst. But to be completely honest with you, that was a stretch like that. That term, that title was a stretch for what a security analyst actually is, you know, and it doesn't really do a justice to be completely honest with you. But the title was security analyst and that's what mattered, and I'll tell you why that mattered, you know. So I did this job, you know, during my off hours, I mean literally I would go to work from eight to five. I'd get home by about 530, maybe six o'clock let's just call it six o'clock you know, monday through Friday, and I would eat. And by seven o'clock I'm clocking in to start working as a security analyst and I'm setting, I'm setting up, you know, different tools, setting up different solutions, alerting, monitoring, logging, all that sort of stuff, just getting my hands in different technologies. And this is also, this is also why it's important to network with people. You know, I knocked, I networked with someone at my current company, right, someone that not very many people befriended at that company, not many people liked even. But I befriended this person and he made the connection right when I, when I told him like hey, I want to get into security but I don't know how to do it and nothing's working for me, he immediately said, oh, I have a friend that has a security company. It's, you know, sock as a service. Back when, sock as a service was like a cutting edge, brand new thing. You know, very niche area. Not many places even knew about it. You know, when he put me in touch with him, right, and the opportunity overall was pretty poor, it was, it was actually pretty poor. You know, I wasn't making a huge amount of money. I wasn't making, you know, 80 grand, which is the typical salary of a security analyst. Nothing like that, I mean it was. It was hourly. I think I was making maybe $20 an hour, you know, something like that, like nothing crazy, but it was something right. You do notice that for sure it gives you some more spending money and whatnot. But I took that opportunity to really add that title to my resume and the importance of that is that I use that opportunity, that title, that light amount of experience, and I'm very open, you know, with people about what that opportunity was, what I did, what I didn't do, things like that. But I took that opportunity to add that to my resume and then it gave my resume more power, more validity when I'm applying to these security roles. It shows, hey, this person does have a security dedicated role. It's not his day job, he's doing it after hours. For someone to do that, they must really love it. You know, and it's coming out now, that the best security professionals are the ones that love it, the ones that you know actually want to be in this field. And the reason being is that security is literally it is so stressful at times, the work is so difficult at times that if you do not love it and you just love the paycheck, you're not going to last a bit very long. And if you do last in it you will be miserable. You will go home every day, you know, feeling relieved that you left that place right. And you know you will dread the morning when you're waking up, going to work. Like I've had jobs before where you know I have dreaded going to work. I mean, like I wake up that day and I'm literally like man, should I just call in sick? And you know you look down at the calendar and it's like, oh, it's Friday. This is literally the fifth day in a row where I was like can I call? Should I call in sick? You know that's a thing you know and it's not fun. And so if you go into security, you know, just because you want the money, because you want the paycheck right, whatever it might be, if you don't love it, you're going to find yourself in that situation and so moonlighting shows to other people you know, not only that you're capable of doing it, not only that you, you know, have that title or have some light experience, but that you love it. You know, and they feel more comfortable giving you the opportunity, knowing that you're going to probably love it, you're going to enjoy it and you're going to strive in it. Right, that's what people really want. But back then, back then, that wasn't really the mentality. The mentality was not oh, you have to love it to really be in it. It was like you know, you have to be in security to be in security. No, that was the mentality. There was no factor of drive or anything else like that. No one really cared. And so that's why I was such a like an outlier, you know, kind of, in the industry around me. Was that I really wanted it? You know, I really wanted to be in security. I really wanted to do everything that I possibly could to get into this field because it fit my mentality, it fit my personality, it fit you know how I think through problems, how I assess them. You know my thought process. It fit all of those things you know. It allowed me to be very analytical, look at problems from a holistic point of view, which is hard to find. You know, in a lot of careers and a lot of areas it's hard to find, especially if you don't become a doctor or a lawyer. You know if you're a doctor, lawyer, scientist, what other jobs are really going to have that opportunity to really challenge you. You know mentally in those ways, right, and that, look, I'm probably forgetting. You know 99% of the jobs that are like that, right, this is really more of a off the cuff, you know discussion with you guys talking about my path. Well, I bring that up because you know kind of twofold right. One, you take that opportunity to advance your career but you also take it to advance your skill set, to advance. You know your own knowledge of a topic and whatnot, and you don't have to know everything upfront going into it. You really don't. When I took that security analyst job, I didn't know anything. I mean I literally didn't know anything. You know I had my security plus certification at the time, which is a good foundation, but that is it. You know I did some security tasks and security you know work at my day job, but it wasn't the security analyst work or anything like that, and so I didn't know anything. I didn't know what I didn't know, and that's a huge thing. You know, that's where it catches a lot of people up, and I say this because you shouldn't let it catch you up, you shouldn't let it take over your mentality and affect your decision. Right this is something that I've talked about a lot on my podcast with my guests is the fact that you know you don't need to know everything, or you don't need to have everything on the job description ticked off in your resume, in your experience, in order for you to apply to that job. If you're a 50, a lot of people that I've talked to say that if you're at 50% of the requirements for that position and the job description, you should apply to it, because there's a lot of people out there that are realizing that really, the important stuff that they need from a candidate is maybe 50% of what they put on the job description. Anything above that is good to have, it's nice to have, it makes things a little bit easier, but it's not required. And the other 50% that this candidate may be lacking, they can absolutely, you know, train it up, they can absolutely fill those gaps and things like that, and so it's not a big deal. And so in this situation of moonlighting, you know, it was extremely beneficial for me to suck it up and do that job. Now I think, if I remember right, I think this opportunity only lasted maybe nine months. Maybe nine months. It wasn't too crazy long, but it was just enough to give me that line on the resume that allowed me to get in the door somewhere else as a full-time security engineer, which is my goal, and you know I want to bring it. I bring that up because even now, you know, I'm about 10 years into this career, I'm still doing it now. I'm still doing different moonlighting opportunities and sorry, like I'm struggling through recovering from a cold, but I'm struggling, or I'm still going through different moonlighting opportunities. You know it could be something like a virtual see-saw. Could be this podcast, even right. This podcast has opened up doors I never would have expected Could be being an adjunct professor. It could be creating course content for Infosec Institute that recently got bought out by Cengage I can't say their name, cengage. Whatever it could be doing that you know, it could be getting certifications, you know, in my opinion, moonlighting can also be your own training in the career. Right, so it could be you, you know, going out of your way studying for a certification. You know, setting that goal, setting a deadline and then working to achieve it. You know and I say this because there's it seems like it seems like there is a huge debate going on among the millionaires out there that are saying that if you're still working from home and you don't want to return to the office, you've been cheating, you've been stealing, you've been doing something wrong, which is maybe the most incorrect statement I've ever heard, maybe the most that anyone could ever tell you about your career. You know, working from home has enabled me to be significantly more productive for my nine to five, significantly more productive. When I was in the office, I was spending time talking to people about shit that I didn't need to be talking to them about around the water cooler, in the cafeteria, wherever it was. I'd worked in the office for maybe two actual hours a day, right, maybe, okay, and I know everyone's going to say, oh, that sounds terrible, that's really bad. You know this and that, right, you're being pulled into meetings. You know you're being pulled into other conversations about different topics. So is it really, hands on keyboard, I'm actually engineering something, I'm actually building something or doing whatever? No, I'm actually in these meetings, you know physically, and you know addressing whatever issues are coming up. Now that I'm at home, you know we can fire up a team's meeting, right, that's scheduled for an hour. This is a perfect example. Today, teams call scheduled for an hour. We got through it in 20 minutes. We got off the call, I went straight into with, literally without leaving my desk. I went straight into my consoles and started working on the projects that I have to deliver by the end of the year, which actually, mind you, I am ahead of schedule. I'm significantly ahead of schedule on those projects. If I was in the office, I would probably be, you know, not not ahead of schedule, I'll tell you that much. Definitely not a schedule, but it's a joke. It's a joke that these millionaires and billionaires are trying to tell us now is that we're cheating, you know, ourselves. We're cheating the company. We're cheating them Because we're working from home, right, because they can't rationalize spending billions of dollars on real estate To house all their employees and they want to have that asset as a write-off in their companies. You know accounting at the end of the year, and that's essentially what it is. You know, like, that's the game. You know, like, if I rented an office building or a you know just an office space For this podcast, right, I could write it all off. I got to write off a hundred percent of it, basically, and you know, declare it as losses and things like that, right, because it's the cost of doing business. Oh, I have to have this office, you know it's. It's all a game, you know, and I'm not, I'm not Knocking them for playing the game, right, it's a game. You need to know the rules. This is the real world, right, if you don't know the rules and you don't know it's a game, you're gonna lose no matter what. But the opportunity of working remote provides more value to the company. It actually does it. It enables me to do the work that I want to do, enables me to actually be happier, because now I get to spend more time with my family. That's brand new, brand new family. I get to spend more time with my brand new family. And While I'm doing that, right, right, right, after hours, there's no one hour commute home or 90 minute commute home, I can get right into studying for different certifications and different skill sets that I need to obtain to be more effective in my nine to five. So please, someone tell me, someone, please educate me as to how I'm cheating a, a multi-billion dollar company. You know, like that's the craziest thing to me, that that I've heard in a long time. You know, it's just absurd to think like that, that that you're stealing Because you're remote. It's like I can see if you're working two, three, four full-time jobs, right, and you're not telling any of your employers about the other employer and you're making, you know, three, four times the salary, right, and you know, mind you, when you do that, other things are gonna be dropped off off of these other jobs and you're gonna be juggling it a lot more than you would actually think. That's now right. In my opinion. That's not right. That's not fair to that company especially. You know, if you're, if you're literally working the security engineering role and you're nine to five and maybe it's a little bit of a slower season You're not doing that much and then you get another full-time, remote job as a security engineer Maybe it's not even the same industry or whatnot as your as your first nine to five, but it's still a security engineer role and you're working that role at this other company. That's kind of shitty, you know. That's not something, that's not something that I would do, that's not something that I have done, that's not something I would advocate for. You know, the the work that you're doing at these moonlighting Opportunities has to be different from what you're nine five is because you need to be using that as a stepping stone To your next role, to your next goal. That's a really good way of actually doing it. That a lot of people, I Think they forget about it, they don't talk about it. You know, this is the first time, and maybe ever, that you know I've heard someone talk about it, right, and so it kind of just hit me and I was like, oh, I need to talk about this because I've actually done this in my career To get me to that next level. That seemed to be unobtainable, unsurmountable, you know. And as soon as I did this moonlighting thing, put in a little bit more effort. Yes, guess what, I was more tired, I got less sleep, but it was all worth it in the long run. So you know, I just wanted to to bring that up. And you know, again, moonlighting is not necessarily Working an entirely separate job. It literally could be you studying for a certification. You know these things. For me, it's really whatever Goes into making you a better professional in your career field. That's what that is. So you know, I just wanted to talk about that because you know I've also I've also seen a lot of you know videos start popping up on YouTube talking about You're you're cheating your employer by working from home. You know that's that's the most frustrating thing, right for me, because it's like, you know, probably 95% of the people that are moonlighting. They're doing it because they want to provide a better life For their family, they want to advance their career. You know they want to make, they want to do better overall, and for me, in my opinion, there's nothing wrong with that. You know, if, if you have no ill intentions, you know, and you don't want to, you know, harm anyone or harm the company that you're working for, anything like that, then there should be no issue. And you know it's like these people are out of touch. You know, because I'm sure some of them Did this earlier on in their career where they were working. You know, two jobs are doing multiple things trying to get to where they are today. It just doesn't make any sense to me, you know, honestly, like, at the end of the day, I think the whole push to go back into the office, in my opinion, is Really just so that they can rationalize. You know, spending the money utilizing the real estate that they invested in, that's turning into a liability, used to be an asset, and now they're debating about getting rid of it, you know, and they don't want to get that asset off of their, off of their P&L, and that's what it is, you know, in my opinion, that's what it is, because, you know people want to say oh You're, you're missing out on the water cooler talks. You know, you're missing out on promotions Because of these water cooler talks. You know, whatever, whatever, that is right, and I think, though, that's absolute BS. You know, when I start a fully remote job, when I start a new one, a fully remote job, the very first thing I do for the first 90 days is I'm meeting with all of my Managers, peers, and I'm meeting with all of their managers. So I'm meeting with directors, vps, I'm meeting with other, you know, managers. All of these people are the teams that I will be working with. They own these teams. So I'm building that relationship and then I have monthly touch bases with all of them. Like, hey, how can I help you? You know what areas are you struggling with? What areas do you need more help with? How can I actually help you and make your life easier? So that replaces the water cooler talk, right, and that's a quick 30 minutes. Maybe a monthly, maybe a quarterly call, where you know you're just reaching out seeing if you can help them in some way. That's all that. That is that replaces the hour that I'm spending at the water cooler over, you know, an entire week, so to speak. You know, talking to these people to get a promotion. That's BS, in my opinion. That is BS, you know. I know CISOs that are fully remote and and there's no need for them to to go back into the office and their companies are trying to order everyone back into the office and you know these CISOs are telling their security teams like, hey, everyone else is going to go back into the office. This doesn't apply to you, because they know if they don't offer these benefits, right, If they don't give these benefits to their security team, their security team is literally just going to go somewhere else because, literally, the last time I checked, I think there's a five million headcount shortage in cybersecurity. Literally there's five million roles more than what there are actually in the profession. And so in security, literally the stat is, I think it's 99%, 98 or 99% of people employed in cybersecurity are Switching jobs rather than getting laid off or fired and then finding another, another job or, you know, quitting without having another job lined up. 98 or 99% are just switching jobs. You know so like they're working and then they put in their two weeks notice and then they go to another job. So they're not on them, they're not unemployed for a certain amount of time, they're just going from one job to another. That shows you that cybersecurity professionals are still in very high demand and that's not going away. You know that's not changing anytime soon. There's literally five million open roles more than the Amount of professionals that we have in the field. You know, I, the best way to get into security is to start getting the certifications that no one else wants to get. To be quite honest with you, you know I was a little bit stunned with this stat. I've looked up how many people in America I think it was America that have the CCSP, csp certification right, the the certified cloud security Professional or practitioner or whatever it is. I have it. So you would think I would know what it is, but it's ISC squared cloud version of the CISSP. Essentially, there's only five thousand people in America that have that certification. That certification is growing in demand. I can tell that it's growing in demand because more on more and more job applications You're seeing CISSP or CCSP on cloud security and architect roles. The reason being is that people are seeing oh, not everyone has a CISSP. Well, the next best thing CCSP that fits more with the cloud. We can use that. But there's only 5,000 of us roughly that have this certification in North America or in America. And then if you look at the CISSP, that number is not dramatically higher. I thought it would be millions, I think when I checked it was like 50,000, which is insane because the CISSP has been around for like 20 years. At this point. It's been around for 20 years. I think the CISSP has been around for six or seven years, something like that. Don't quote me, I don't know how long these things have been around, but I know CISSP has been around significantly longer than the CISSP. I would have thought more people had them, and so how you get these roles is getting those certifications that not many other people have. When you're getting them, you think everyone has them and you see them on all these job descriptions and you probably see them on people on LinkedIn, their profile and whatnot. Those are the minority. Those are not the majority. Those are the minority. This is something that I'm learning myself, but that should add a little bit of fire in you to actually go out there and moonlight and learn new skills, go after new certifications, make the changes that you need to make so that yourself, in 10 years, will thank the old self for making those sacrifices. All right, guys, that's all that I have for this episode. I hope you guys enjoyed it. I hope it helps someone out there. Go out there and make a difference. All right, see you guys.