Cyber Security career advice, expert interviews, threat intelligence, and training content! Click for info ➡️
MY MISSION: Jon Good (me) is a cybersecurity industry leader passionate about helping people break into cybersecurity jobs and helping those in the field accelerate their career journey to reach their ultimate goals. Jon holds a bunch of industry certifications (CISSP, CISM, CISA, GCIH, GWAPT, plus more) and has held a variety of jobs, including Cloud Security and Compliance Manager, Cybersecurity Architect, Engineer, Analyst, and Consultant.
If you like what you hear so far, why not subscribe to the channel?!
Want training or career services? Visit ➡️ www.cybertrainingpro.com/
Looking to start a career in Cyber Security? Visit ➡️ jongood.com/getstarted/
Interested in having your product or service reviewed, sponsored content, or other brand partnerships? Visit ➡️ www.jongood.com/sponsor/
The Google cert is better than security + from a learning and experience standpoint….IF you actually execute cybersecurity tasks in as a part of your portfolio.
It's a huge mistake if you think either one will prepare you for the career field by itself. Another common mistake that people make, which also addresses your comment, is regarding the delivery of the information. Google (via Coursera) is the single place where the Google Cybersecurity Certificate is offered, where the CompTIA Security+ exam is delivered by CompTIA (via exam partners), but the training can be offered by anybody. I've seen more than enough Security+ training (CompTIA, Cyber Training Pro, study guide books, etc.) that includes practical hands-on exercises for students to complete...so if you are in a program that provides these exercises and aren't doing them, that's your failure as a student, not the training provider or certification vendor.
I'm glad that you enjoyed the content! Do you mean as in Career Coaching / Mentorship? If that's what you mean, yes I do, and you can find more information on Cyber Training Pro ( www.cybertrainingpro.com/ ).
Please help me select a laptop I'm like really confused Lenovo loq with i5 12 gen hx processor with 4 performance core and 4 efficiency core (12 threads) with a rtx 3050 95 watt tgp and 16 gb ddr5 ram Acer alg with i7 13 gen h processor with 6 performance core and 4 efficiency core (16 threads) with rtx 3050 75 watt and 16 gb ddr4 ram I'm getting this for roughly same price but now one has better ram and gpu and other has better cpu, don't know which one should I get
Any modern CPU should be fine for cybersecurity as long as you at least get the specifications that I recommend in this video. Beyond that, there are plenty of performance benchmarks on the internet to determine if you can/will justify one option over the other. I'm not sure why you would go with an older generation CPU if they are roughly the same cost though...RAM is easy to replace/upgrade.
Does 5 technically have benefits over 4? Sure, but only if you use it in a way that takes advantage of the benefits, which just learning about enterprise technology or cybersecurity you won’t be doing so. It’s like getting a Ferrari to cruise at a slow speed versus getting a Honda or some other standard car and being fine. The processor is always going to set your performance ceiling, so you should invest there first. Also, I never recommend 16GB for RAM (as said in this video).
@@denimsahu7718 You're welcome and always happy to help! It's become really challenging to sort through some of these different system components because they've become so good across the board compared to what we actually need. It's even more challenging with laptops because RAM and sometimes storage are about the only things you might be able to upgrade later.
This is what I'm wondering actually. I work in an ISP where we do basic cloud stuff like backups using CommVault and work with firewalls and routers on a tier 2 level... Don't really do cyber security stuff
Definitely if you want to focus on cloud, the emphasis by employers will be more on the infrastructure providers (AWS, Azure, GCP, etc.) than it will be on SaaS products/services. That doesn't mean companies will ignore your skill with various other technologies, but it isn't going to dramatically speed up your journey.
I’m considering becoming a cyber security analyst and have a few questions. 1. What do you like most/least about your job? 2. What does a typical day look like? 3. How busy can it get? What is the work environment like? 4. Does it ever get loud? (I am sensitive to loud noises)
Excellent...it's a great time to get into the career field! Question numbers 1, 2, and 4 are quite long responses, and I've already answered them throughout this video and others about the career field on the channel, so I recommend working through the content to get the full answers. Question 3, it really depends on the environment, the job, the team, and lots of factors. But if you are in an operations job, it could be quite busy, whereas a non-operations job such as GRC tends to be slower-paced and more spread out over the year. Question 4, I'm not sure about your perspective of the job...but it's an office job, so it's entirely dependent on the specific work environment, which can vary drastically from company to company. Some companies will make you work in cube farms, some will have small team rooms or bullpens, or you might be able to work remotely from home. Hope that helps!
The Google Cybersecurity Certificate is highly unlikely to lead directly to a job or make any substantial impact on a career. In fact, the two items that you mentioned would put you well past the audience targeted for the program and you still probably aren't qualified for the job.
Everybody has different situations that could call for an exception, for example if you can't afford some of the other options that exist or you need any job and time is limited, it might be ok because it's free (I'm assuming you are saying the exam is free and not just training). I still recommend grabbing my free eBook, which includes a roadmap of skills and certifications that you need to be working towards for a successful career in IT or Cyber Security ( jongood.com/getstarted/ ).
I have been working as a helpdesk technician for almost a year now and I have my Comia security plus certification. I also have a bachelors degree but in criminal justice so it’s unrelated. I am planning to start studying for a CYSA certification soon. My dream job in cyber security is being a cyber security analyst. I am trying to break into the industry, but I haven’t heard back from any of my job applications yet. Hopefully I can get promoted within my company because the company is really great and my boss and supervisor like the work that I do. I am just worried that they would not want to help me get promoted because previous employers have been that way. Breaking into cyber security is pretty challenging so far.
Generally speaking, if you aren't getting calls for interviews, it's either because you don't have the required skills/knowledge for the job (or what they are looking for) and/or your resume has issues that need to be corrected (see my video on resumes - ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-yiqgiZyAGKs.html ). I highly recommend grabbing my free eBook ( jongood.com/getstarted/ ) and checking out the included roadmap, as that's the minimum you will be expected to have. Getting into the career field can be challenging if you are trying to do it on your own, but I'm here to give you the help you need through several different methods.
The United States tax system is tiered, so a range of your income will be taxed at a certain percentage not the same percentage across the board based on your full salary. You can find all the information regarding U.S. taxes on the IRS website.
Many thanks, If a person earns suppose $100k would he give 35,000 to the government if it’s 35% tax? Would it apply for those as well who work remotely for America but are nationals/residents of other than America?
The United States tax system is tiered, so a range of your income will be taxed at a certain percentage not the same percentage across the board based on your full salary. I have no idea if you aren't working in the U.S. but you can find all the tax information on the IRS website.
Thanks for the request! I highly recommend looking through my videos as I currently have several specifically on career paths and roadmaps, but will certainly look into creating more. I also recommend grabbing my free eBook because I've already documented the roadmap you should be following for both skills and certifications based on what's expected of somebody in the cybersecurity career field. jongood.com/getstarted/
Hey Jon, I really benefitted from your review of the google cybersecurity professional cert. Can you do something similar for the Microsoft Cybersecurity Analyst tool as well? Your insights are much appreciated.
All my skill and certification recommendations can be found in my free eBook's roadmap ( jongood.com/getstarted/ ). I highly encourage you to review it as you aren't necessarily expected to take a training course from a specific source, but you are expected to have certain knowledge/skills that I've listed.
Does the Google Cybersecurity professional certificate carry any value? Besides it giving 30% off for Security+ and the content in it? Since i can get both of them without paying for the Google certificate, do you think it’s worth spending $50 only for the certificate alone?
The certification itself does not carry much value. The value (for beginners) is within the knowledge itself. It will also teach you the majority of what you need to know to pass the Security+.
@@Abuhassan7777 In my opinion, it would only be worth it if you really wanted a certificate / Credly badge with your name on it. To my knowledge, there are not any employers looking for Google Cybersecurity certified candidates. If anything, listing it on your resume can show potential employers you’re dedicated to learning, but writing that you audited the coursework will hold about as much value as the actual certificate itself.
I highly recommend checking out my full review video of the Google Cyber Security Certificate ( ru-vid.com/video/%D0%B2%D0%B8%D0%B4%D0%B5%D0%BE-lZ6p_djgNWI.html ). As far as what is expected by employers for skills and certifications, I've provided all that information in my free eBook ( jongood.com/getstarted/ ).
I always recommend beginning with my Getting Started page ( jongood.com/getstarted/ ) and grabbing my free eBook, which includes a lot of helpful information. Additionally, my channel is full of helpful information that would be impossible to summarize in a single comment, so you just need to start working through the videos!
I use linux in my pc, breathed new life into my amd ryzen 5 2400G i didnt know it had, it used to run at a max fps of 120fps now it can run up to 870 fps. Fair to say linux is better than windows and mac. 😂😂😂
"Better" is subjective and relative to the use case. That said, Linux can definitely give your computer a longer lifespan since the OS requirements are generally less.
Although that's pretty vague information for any kind of assistance, what I can tell you is that problems that people have often are a result of one or more of the following: 1. They don't have their BIOS on their host system (i.e., your main computer) configured correctly to allow virtualization. 2. They didn't give the VM at least the minimum required specifications per the vendor for things like storage/memory/etc. 3. They didn't follow instructions as they were provided, which certainly does happen and might lead to different results.
Ha! As stated in this video, there are absolutely minimum requirements that should be met, as well as other considerations. That said, there are differences between a computer that works for students and an employee of a company. As you mentioned, one difference is that an employee may connect to a virtual environment where the host is less of an issue, but a student is less likely to have that option. What do you think another difference might be?
@@JonGoodCyberdevice security. A lot of office computers are disabling usb and providing approved hardware. Students would be expected to connect to personal hardware. My last office pc wouldn’t use split tunnels for internet. A small, but additional risk. Student’s information and resources may be more compartmentalized. Uploads would be funneled and scrubbed. It would depend on the size of the company and the resource level requirements. And my favorite, office politics. My boss refused to change out database passwords. He wanted to keep the back doors. Literally was sabotaging processes to create the illusion that we didn’t have the right software. We had a daily sync job that took 25 hours. I fixed it in dev to 1 hour. It took his boss to get it to production.
@@JonGoodCyber I wrote this whole speech that zapped itself. Other stuff: Peripheral management (students need usb and corporate may not be allowed). Student environments will be more expected to be accessible to hacking, viruses, and burst uploads (deadlines). Corporate users can be much more complex permissions wise. Especially with content sharing applications like sharepoint. Some corporations have some very unhealth politics. I had a manager that refused to change the db passwords to keep the backdoor open. T-shirt version... Access = risk. People are lazy and sometimes the cause of the risk.
Both certifications and degrees are just one piece of the puzzle to making you a qualified and competitive professional. That said, certifications are focused on job skills/knowledge where degrees combine some degree skills/knowledge and other areas of study to holistically make you a better employee/professional/person. Sometimes when companies need bodies (i.e., employees), they may focus more on the vocational skills/knowledge and overlook the other stuff.
As other countries get a better handle on their citizens' data privacy, perhaps cybersecurity, it'll be interesting to see how it affects US companies and entities. The internet has no borders.
Like many things, the requirements of what you need can vary, but as long as you at least get the minimum requirements that I list in the linked video, you should be good to go.
Hey Jon, is CySA+ still worth it in this current market for a person who has net+, sec+, BTL1 cert and 1 and a half year of XP as infosec analyst? Do you think it would be a boost to the resume?
You mentioned it will take 6 months to complete if you study 7 hours per day. That sounds intimidating for a basic course. Did you mean per week? Thank you for a detailed review!
My issue with it, normally buy the instructors study guide and take notes inside the book. Only in section 1, I seem to be writting everything down. The best part is the readings.
There is a fine line between taking detailed notes and writing everything down. Notes should not be an exact replica of what you read or learned; instead, they should be an easy place to reference if you need to study or refresh on certain topics. Most people don't take good enough notes to be usable, at least beyond the short term, and very few take too many notes.
Are you talking about from an employee perspective or for the business? Not from an employee perspective, but for the business, it will depend on what you are doing because some industries or data types will force you to become compliant. For example, if you want to handle healthcare data in the United States, you'll need to be HIPAA compliant.
I think the SOC Analyst job is the most attractive job title in cybersecurity and that’s the position I want. Working in a Security Operations Center in a SOC team and utilizing SIEM and EDR tools to monitor alerts and security events as well as detecting, analyzing, and responding to security incidents. SOC Analyst is the dream job in cybersecurity.
That's great that you've identified the type of job you are most attracted to. Remember, every job has pros and cons, and what you like or don't like may change over the years, which is totally normal.
Hey Jon, I have a question, if I work as a SOC Analyst and the company I work for uses NIST, SOC 2 and GLBA (just as example) although I’m not in the GRC, can I still put that on my resume if I understand the concepts of the frameworks? Like, include on my resume that I worked under the guidelines of those standards, assist on the creation and updates of playbooks/procedures, As long as I understand what those frameworks are and how they fit in the business even though I wasn’t the one who worked as GRC analyst directly?
Nearly every technology job, especially anything in security, is going to have responsibilities that are tied to standards like the ones that you've mentioned. That means you don't need to have a GRC title to be involved in those activities or to list them on your resume. Like anything where you have limited experience/exposure though, you should be cautious about not overinflating what you've done because that will be discovered in an interview.
One rebuttal: Aren't No. 2 and No. 8 - Compliance is a one time event; Once compliant, always compliant - the same thing. And No. 9 is my favorite one to debunk. I point them to the Apollo mission success review: Success and achievement were a result of rebuttal, flexibility, and saying "no" in a productive way.
They are absolutely similar but it depends on the context that your approaching them. In this video, #2 is more about if the standards or compliance requirements remain the same versus #8, which happens less often and is more about if the standards or requirements actually change. Either way, you could hear the misconception framed using both.
There's lots of scholarships out there and nearly every major vendor has something. If you Google your preferred vendor, it's fairly easy to find (example, "Cisco scholarship"). I highly recommend not only relying on the potential of a scholarship though and instead trying to identify the things that you need to learn (most can be learned for cheap or free) and try to land at least an entry level job in IT. Once you actually get into the career field, you can start taking advantage of training budgets or at least having more income to invest in yourself. Of course, you can still continue applying to scholarships and use them if you receive any.
Yes i will definitely go for the Security +, because it may make my resume look good and it's not that expensive, since this field is what i want to persuade in. Even if it alone may not be sufficient to land me a job, but at least i will learn some new things while preparing for it, and also i'm so curious to try it's exam just like everyone else. should do the basic Certifications along work, one does not suffice the other. (Many thanks for the great video)
Yea I already knew most of the things that’s on this cert and I 100% don’t believe that you can’t get a job off this but I have to see for myself when ever my contract ends.
From what I've seen, the small amount of people able to land a job after this are very entry level positions in IT Support or help desk. Although getting into a tech-related job is great, there are certainly more efficient and effective ways to do it.