Видео

Good or bad decisions doesn't directly mean they are less important in the broader picture of things.

You're welcome!

The good news is that you've found my channel! Visit my Getting Started page ( jongood.com/getstarted/ ) and download my free eBook. You'll have a roadmap of skills and certifications to pursue and a lot of additional information to help you in your journey.

You can find all the pricing information in the CISM Exam Candidate Guide ( www.isaca.org/credentialing/cism ). As of today, it says ISACA Members pay $575 (USD) or Nonmembers pay $760 (USD).

That wouldn't be the first time that we've seen governments go right up to the line of legality or even potentially cross the line.

Glad it was helpful!

I have upcoming interview scheduled this week. Can you share basic interview questions that can be asked in splunk Siem tool for security analyst position (2+year)

@@ishwaryanarayan1010 I have several videos on the channel for interview preparation and this Splunk tutorial that you should watch. Also, make sure to let me know how the interview goes and to help other people in a similar situation!

@@JonGoodCyber sure will share:)

You are completely welcome to disagree, but remember that just because that's your assumption doesn't mean that's the reality or that the numbers actually support it. Too often these days, beginners aim way too low using that mindset, and then they wonder why they struggle to land jobs competing against candidates at the same experience level yet are considered far more qualified than themselves.

@@JonGoodCyber it is my opinion. I wouldn’t just get A+ and think I’m going to land a IT gig. But I would get them to combine with whatever direction I choose to go into. Thanks for the reply. But I’ll take my chance doing my way. Plus the way the jobs environment is set up, being a black female in IT is my advantage along 😊 good day

It's all documented in my free eBook: jongood.com/getstarted/

Excellent, and welcome to your new journey!

The only time the knowledge may come into play is on the help desk or IT Support. Most repairs that company staff do is very basic because companies rely heavily on vendor support, or they hire contractors to do repair for them. It's very uncommon for companies to essentially have a Geek Squad type team on staff.

Glad it was helpful! It's not that somebody creating a course is somehow inherently bad, but in the wider landscape of the Internet, it's gotten really out of control with garbage information/training.

Excellent, and thank you for sharing! I think it's always beneficial for people to know that it can be done!

Glad you like them!

This is just like any other subscription fee where if you don't pay, you won't have access.

The primary goal of certifications is to get you an interview/job, plain and simple. If somebody wants to take the program, that's completely fine, but at least after this video, they'll be aware of the problems with the program. Additionally, going from this program to the Security+, doesn't resolve significant knowledge/skill gaps and isn't a path I would endorse. Too often today, beginners are looking for a single program that gives them everything they need immediately instead of doing the things that actually work and will prepare them for the career field.

I recommend visiting my Getting Started page ( jongood.com/getstarted/ ) first, where I've included lots of resources and information to answer many of your initial questions. Additionally, if you would like coaching/mentorship directly, you can schedule a session on Cyber Training Pro ( www.cybertrainingpro.com/p/career-coaching ).

Based on what you've explained, it sounds like you have some early involvement in the identification of possible incidents, which if identified, would start the Incident Response process. Although this does have a connection to IR, you need to be cautious about how you label that. When most people think about Incident Response, they are thinking about the people who get called if something suspicious is identified and will dive deeper into an investigation about it. If you are doing the investigation, I think it's reasonable to assume you are involved in IR, but you need to make that determination.

I have several videos talking about AWS and Splunk so I'll leave those videos to speak for themselves. KQL, like many things, is useful for specific situations but certainly isn't the first thing I would run out and tell people to learn.

@JonGoodCyber I had never heard of KQL until our Soc moved on from Alienvault to using Microsoft. We mostly work from Sentinel and use KQL a lot.

You're certainly welcome to disagree, but to say that somebody has to "pay their due" and spend time in a specific job unnecessarily is a very gatekeeper mindset. In fact, that mindset is what's making it so difficult for people to get into cybersecurity, both with and without prior experience. Don't be a part of the problem-be a part of the solution.

Thanks for watching! You can find all my recommendations in my free eBook ( jongood.com/getstarted/ ).

I recommend watching the full interview to get more context.

Thanks for watching!

I never said it ONLY focused on hardware as it's easy to look at the exam objectives and see that's not the case. The fact is though, that hardware is a major part of the certification and the jobs that it's really targeting. Just because we can learn something, doesn't mean it brings enough value, if any, for it to actually make sense to learn.

I always recommend looking at my free eBook's roadmap ( jongood.com/getstarted/ ), which provides a ton of information to help you be successful. In most cases, if you aren't getting calls for interviews, it's because you don't have the required skills/knowledge, you aren't the most qualified candidate meaning you need more skills/knowledge to stand out, or your resume needs work.

Which do you think?

I'm glad that you enjoyed it!

I always recommend beginning with my Getting Started page and eBook ( jongood.com/getstarted/ ). Additionally, if you are interested in a university/college program, I highly recommend sticking to the NSA's Centers of Academic Excellence list ( www.nsa.gov/Academics/Centers-of-Academic-Excellence/ ).

Changing your passwords is the first step in securing your accounts. There are lots of tutorials out there on how to respond.

I'm glad that you enjoyed it! I will consider it if the shows become popular enough, but I wouldn't count on it for these daily episodes while I'm a one man show.

Quantity over quality is a misconception that many new professionals have, and although there can be some benefit to that early on, it is rarely the BEST approach.

Such a long time!

I recommend checking out my Getting Started page and grabbing my free eBook ( jongood.com/getstarted/ ), which includes a roadmap of skills and certifications to pursue.

@@JonGoodCyber that doesn't help me at all.

No certification will guarantee you a job but GIAC certifications are certainly beneficial to possess. The GFACT isn't really going to do much but the GSEC and GCIH are absolutely certifications that employers like to see, especially in SOC (Security Operation Center) staff. The GIAC certifications will absolutely give you a good security foundation but you won't get some of the IT foundation that you should have in the career field. I recommend also looking at the roadmap in my free eBook ( jongood.com/getstarted/ ) to identify and resolve any gaps in knowledge/skill that you might have. From there it will be about how well you present yourself to employers and your ability to find an opportunity matching your skill/knowledge level, which in theory should be plenty for an entry level security role.

If you just want to work break-fix issues all day long, more power to you! The issue has nothing to do with the pay. Obviously the higher jobs that you go, the more pay that you get...but really it's about aiming higher than the most entry level position that exists. The people that really succeed in both IT and Cyber Security are the ones who aren't willing to accept the traditional mindset or the bottom level jobs just because somebody says to do it that way. My advice might not always be "easy," but that's also why my students shoot to the top of the pile and corporate hierarchy quickly!

To clarify, there are no requirements for the exam, just to be certified. All the requirements for the CISSP, including possible waiver options, can be found on the ISC2 website: www.isc2.org/certifications/cissp/cissp-experience-requirements

There are breaches happening every day that we don't know about and may not know about for some time.

You found an Easter egg…way to pay attention!

Nice one bro

First of all, congrats on your job! It is completely your option to disagree, but remember that you are speaking based on your single experience, which rarely tells the story for the entire career field...and I am speaking regarding well over a decade of personal experience in the career field, years of work experience outside of the career field, and having helped countless professionals break into the industry. Additionally, my advice is geared at getting people into higher level positions than what the A+ will allow, which is generally more lucrative but comes with a different mindset and professional requirements.

Happy to help!

You're welcome!

Lucrative means different things to different people, but overall, the pay is very similar across all positions so it really comes down to the company if that is your major driver. GRC and Cloud are where the greatest opportunity exists in the current job market.

Thank you! Honestly, there are so many great resources out there depending on the subject, so it would be difficult to pick just one.

Thanks for listening!

Thanks for the suggestion! That said, these shorts are not meant to cover a topic entirely as that's what the full show, Cyber Threat Intel, is meant to do if people want to know more about it.

@JonGoodCyber Awesome! Didn't mean to come across anything else than positive, it made my day coming across something that I'm interested in like this! Keep up the hard work, there is definitely a need for good quality short content like this! (Subbed)

@@joshxwho No worries. I always appreciate the feedback. Welcome aboard!

I'm glad that you are enjoying the content!

I highly recommend working through my free eBook's roadmap to make sure you have the knowledge and skills that employers are going to expect. If you only have a CySA+, you definitely have some glaring gaps in your foundation. Common job titles include Information Security Analyst/Engineer, SOC Analyst/Engineer, etc. but you really need to look at the experience/skills listed and see if it's a good fit because titles mean relatively little.

My pleasure!