So now we're up to the point where we do some participant Q and A questions.
So I've got Team Cyberia E here with me
in the room where I'm presenting. So let's take a look here and see a Perhaps
someone can send me some questions. I can take a stab at the 1st 1 about your science.
So this is for, um, the first question. I have a degree in computer science and currently doing my honors degree. I've measured in computer networking. There were security software, engineering database. I need assistance in accomplishing my goals. Then there's more to it. But the end of the day is it looks like it's kind of
How do I take this degree in computer science and transition and to cyber security?
So one of the things that you're going to do in a computer science degree is you're going to learn how to problem solve. You're gonna go over algorithms. You're going to go over all of the things that you see in that working, you know, whether it's from the Dykstra and the SPF and to, you know, advanced algorithms and neural networks and all of that stuff.
All of that stuff establishes a baseline in the mind set on howto think technically and how to put things together. That's one of the things I learned from, you know, Peter Signs the most was how to get through extremely frustrating
and ridiculous stuff and survive. Present it, pass and move on. And when you look at
pen testing or you look at a stock analyst, whether you're on the offense of our defensive side, most of it is stuff that you have had the ability to
take what you're given, like what you got from cyber. But there are other outside things that you have to dig into a swell learning how to study, and I and at the end of the day, computer science. I'm so thankful that I did it. I never went in development, but understanding programming in any of these positions will help you out greatly.
Whether it's in Python, see reverse engineering
if you truly like the development side. One of things that Joe was kind of specializes in was reverse injury, and their reverse engineering and malware analysis and computer signs set you up for that perfectly. So so you're definitely on the right path, and there's nothing holding you back from making the transition other than kind of just signing up and making that move
fantastic. Mark, thank you so much.
So let's take a look here. Actually, there was one question that came up on this was related to our presentation earlier. I think some folks had a question about the website that I mentioned earlier on where you can get sample resumes and ideas for your own resume. It is velvet jobs dot com. So I wanted to mention that I'm gonna take a question here,
which is it looks like
this person has a master's degree in information security, and the Bachelor was in business administration. And the question is, basically
they're located in Ghana, and I would also like to take some online jobs to gain experience, any help in that regard? So, Shane, do you have any thoughts on potential ease of online work that a person might be able to dio s o I mean work based on just remote remote positions?
Yes, Yes. I mean, uh, that's usually a pretty, uh,
ideal experience of a lot of people. Go for a lot of people like the opportunity of being able to work remote. It's just, you know, finding the right opportunity and finding the right
company. I know there are some websites that I don't have on hand. I could have to pull that off for the ability to Do you know, some type of consulting work consulting work on a project basis remotely, I'm off to pull some of those Resource is, but
some of the larger companies, especially in the technical field, will allow for remote, remote work. Thio obtain, you know, experience through and again that's the thing that's pretty
pretty ideal. Position is just finding the right company that actually offers that work. A lot of places still like people to be actually in office, even if they're the technical
work from their position
would allow them to work remotely. They would not require to be there in person.
Um, that's overall from a technical security standpoint, I think for this specific role being mawr in a management level position.
Ah, lot of a lot of a lot of companies and a lot of jobs would require people to be in office because they're actually that that manager will want to see someone, you know, in person being able Thio. You know, coach and mentor and lead employees.
Yeah, absolutely. I've had other. Shouldn't ask me about working remotely. And, you know, obviously for most of us, it would be ideal if we could do all of our work remotely. But it's not always feasible. So great. Thank you. So I have another question here that I'd like to. I'm sorry, Mark. Did you want to say something? I don't mean to cut you off. And that was that was just saying again. I said,
I see a couple questions based on certifications I can probably jump on after you're done. So go ahead.
Yeah, this might be one for you. So is there any path which focuses on G. R. C. And I'm seeing if I can see the question? Is that the question you're seeing there
based on your C and information Assurance? That's it? Yeah. Can you answer that question? I was going to kind of address that as well, along with a couple other ones. Um, so this
there was another question asked Abound that asked about in regards to the sea recertification it's I s C squared is a risk management certification, and that probably should have been one we had on the list for the actual certifications.
Um, to include in this. And as I mentioned previously, this this specific rule would be tasked with risk management. So the Sierra certification would actually be a good one to look into a CZ Well, and risk management overall is addressed in
a handful. Those other information security management certifications especially
You're talking in terms of the C i S S P, and that kind of goes hand in hand with the GRC asked information assurance aspect of it GRC governance, risking compliance where the specific rule again isn't charged with, you know, governing the information security program for a company
and primarily in charge of risk management and translating.
Ah said risk to you no board of directors or executive team. And then, you know, compliance is well, depending on what specific industry you're in, you might have to be familiar with compliance requirements and being in more of ah, infamy. Security management role is something you would definitely be tasked with.
Wonderful. Awesome. Yeah. And Mark, did you want to jump in. No, I didn't have anything on that one. Okay. Okay. Well, that's good.
Just kidding. Okay, so let's ask another question here, and I will throw this one out to Mark because I know you know the answer to this one. What are the most used tools out there at the enterprise level, and
basically, and for security firms to do audit. So it's kind of a two part question,
so? So I could kind of give you destroyed. What I know is that they're commercially with where I work. It's a lot of kind of proprietary stuff, but, you know, one of the things going to see when vulnerability analysis is you're gonna see messes some flavor of ness. Is that some sort of, you know,
bottom line? Vulnerability scanner opened. Vast is one that you can get to Cali, which is one of one's its future. The labs here
You're definitely gonna use what, depending on the budget of the company. One is called core impact or core Impact Pro. That's kind of like the high dollar. I think it's $31,000 a year for a license, So you're obviously gonna be probably a larger company. Ah, and its pen testing in a box. But as a cyber story professional, even an engineer,
you also have to understand that
you have to. You can click a button, do lots of things. But do you know what that button does? And that's one of the things when you're leading a team or coaching a team that to make sure that, you know, although it does do this kind of stuff, you need to understand the wise and house because you don't want to hit, pushed the wrong button on the wrong sudden out of the network and
have lots of really angry people and potentially lose your job.
That would taste. That was just your greatest under pressure, right, Marky? Yeah, yeah,
yes. And I'm not surely kind of what what other tools. But if you're doing in your home lab and you want to work on the skills, I mean, you know, medicine boy, it's gonna be a good wine. And then, you know, that one kind of comes with M s venom and some of the other stuff, but download Kali Lennox. It's got every tool that you ever need is a pen tester as Joe settle on the previous ones.
Download and run and you snort at home.
That's gonna prepare you from the network defense side in any of the past with any time that I that I mentor someone chain and I don't know if you do the same. But you know you have to have a strong background and networking in order to succeed in any of these roles. And I'm not saying that you need to be at the CCN Air CCMP level with knowing Cisco where Juniper, CNN or any of these other
things that are out there. But
you do need to have a good base on what networking is in orderto talk intelligently in order to kind of
find your your path in cyber.
Wonderful. Thank you. So let's do two more questions if we can. Ah, one question is,
do you have Canadian based engineering mentors that would work with cybersecurity, engineers and training? So
I feel like it are good response to that is, you know, obviously we've got people throughout the US here, and then, of course, Mark is in Bahrain and we have a worldwide reach, so we don't have anybody in Canada specifically, but we're obviously more than willing to help anyone worldwide with the questions and issues that they have, so
I just wanted to answer that one.