check out: convocourses.com :

the cybersecurity jobs: resume marketing book is coming soon!

Hey guys, this is Bruce and welcome to another podcast of pot of convo courses, where I'm gonna be talking to you. How to get in cyber security and how to market yourself. If you're interested in getting into a career field, that's gonna grow in the next five years, probably double to what it is right now, where you have job security and I've, I've never had to worry about whether or not I'm gonna get a job.

If you are wanting more job security, then this is a great feel to get in. And you're talking to somebody who who's been doing this for 20 years,  I'm speaking to you from inside the industry. All right. So if you have any questions on Facebook, on YouTube, on TikTok live on podcast, then this is a great question.

The time to ask any of your questions regarding it and cyber security. So let's keep it to that. I'm not interested in anything having to do. Anything except cyber security. So let's just keep it to cyber security questions. All right. That being said, let's get into this. If you didn't know, I am the owner and proprietor of combo courses.com.

It's a site where it teaches you how to do site, get into cybersecurity. And specifically my sub, where I'm the subject matter expert is something called security compliance, security compliance has to do with if you've ever gone to a bank, if you've ever used a retail, if you ever used a point of sale device, if you ever gotten a, a card from the DMV, like all of those things require something called.

security compliance that that's the rules and the regulations that go into an organization, cyber security. So not necessarily implementation of the cyber security, like firewalls or IPSS IDSS and all that kind of stuff. Not the technical implementation, but more like, how does this organization, whether it be a bank or your hospital, or your, or target or Walmart or whoever, how do they comply and keep security on their systems?

That's what I do. And that's what I teach people how to do. I've been doing this for a very long time, specifically for the government, the federal government, but I've also done it in the private sector and I've done it in for states. I've done it for a little bit for other countries when it pertained to the us.

So let's get into this. So we've got combo courses. I also wanted to tell you that I'm doing real steady podcasts on pod beam. If you're, if you wanna get some information on that just go to pod beam dot combo courses, dot pod beam.com. Enjoy me there. I'm doing lives every week. I'm putting out more content.

If, if if you prefer to listen to this, or if you're at your job and you wanna listen and learn and stuff, this is a great opportunity for you to do that. And I'm open to any kind of questions you have specifically to this to this genre, to this area of my area of expertise. And a lot of, one of the good things about this community is that if I don't know something, somebody in this community, isn't a subject matter expert on that thing.

And that's one of the things that I personally love about this community that we've been building. So let's get into this. I also wanna let you guys know, I have a book I'm gonna be breaking down and giving you a lot of the stuff that's in this book. Okay. So if you actually stay tuned for this, I'm gonna actually break down exactly how to mark yourself, how to get in this career path and how to level up if you happen to be an it person.

If you happen to be a, a cable jockey, a person who's laying cable for people doing internet stuff. If you happen to be in areas like healthcare, if you happen to be in stuff like banking, this is a really good opportunity for you to transition into a career field that pays better. That has more security and has a lot of opportunities for the next 20, 30 years to come because cyber security is not going anywhere.

Okay. And it's not all super technical. That's anothe

We talk about the cybersecurity workforce

dod 8140

Some one doing social work wanted to get into cybersecurity.

In this episode, we talk about privacy.

It is important to have emotional intelligence in cybersecurity.

get the xls spreadsheet here:

https://securitycompliance.thinkific.com/courses/cis-control-maps

 

Hey guys, this is Bruce and welcome to a convo course podcast. And today I want to talk about one thing in particular, and that is the CIS and how it maps to the ISO 27,000. And one, if you didn't know, both of these are security compliance frameworks that are used in the public sector and private sector, as well as international organizations.

So pretty much a little slice of everybody use. One are the two of these particular security frameworks. CIS is typically used for the private sector. That means like retail stores or banking or community centers or those kind of organizations that are private Lee own organization. And sometimes nonprofits.

I'll also say that in having worked in the public sector from time to time, we'll actually use CIS controls as well. It, just depends on what kind of what we're doing. Like we use the CIS benchmarks. I've seen those used within the government within like department of defense, cuz it's just a great tool to use.

And if you're interested in finding this, just go to Google or being or Yahoo or your favorite search engine and just type in CIS controls and. Right now you have a mapping from the CIS controls version 7.1 to ISEL 27,001. Now right now, CIS controls are on version eight. I'm not, I don't think that one's out yet, but right now we are focusing on.

Version 7.1, but we will revisit this once we get version eight. Okay. So that being said, I sell 27,001 is an international standard for information security management. And they both, do the same thing. It's for an organization to have a guidance on how to actually. Proceed as far as securing their entire network, not even just the software and hardware devices that are connected to the network, but also things like physical security, maintenance.

All aspects of protecting the actual security of the system. Whether it's outside of the system whether who's touching the system who has access to the system, all those things let's start from the top. So what we're gonna do is just focus on the main security controls, like CIS control, one that is inventory and control of hardware assets.

And you'll see that the IO 27,001 has something similar in and it's called a.eight.one.one. So inventory of assets, right? They kind of group 'em all together. They don't break 'em apart in individual things for ISO 27,001. Whereas I CIS controls, they break it up into do different things. CIS control one is hardware.

Whereas CIS two is inventory of security controls. I inventory of security sorry, inventory and control of software assets. That is not broken apart by ISO 27,001. They keep those together as a dot eight, do one.one. Let's keep going here. We're gonna go to the next control, which is CIS control three, which is vulnerability management, continuous vulnerability management, every single security compliance.

Framework does have some sort of vulnerability management, our continuous monitoring and vulnerability management they're hand in hand. And this one is no different, so I sold 27,001, let me see let's see if they have it here. They have more of a risk rating response. That's continuously done.

management of technical vulnerabilities. Yeah. So they have a dot 12, do six.one that matches to CIS control three, 3.7, to be precise. Let's go on, keep moving here to CIS control four. And that covers controlled use of administrative privileges. And that's really important because you don't wanna give your admin accounts to everyone.

That's one. One of the things that some organizations do is they'll just give admin rights to everyone, anyone who needs it, they'll just put it on individual laptops and think it's okay. And it's really not okay. Because if you have an administrative privilege on that system, you can pretty much do what you want with that particular system.

And it might even allow you to escalate privileges on other systems

Hey guys, this is Bruce and welcome to another convo course of this podcast. And today I want to talk to you guys about what's been going on in the last few months. I've been able to actually travel while I was between jobs and because I have a high-paying cyber security job, I had one anyway. I was able to quit.

My job. I had some family issues like I had to take care of. And my, job was, it was a very high level high stress job. So I was a consultant for all these different organizations and it was just, it was really stressful. And I had all these severe family issues that I needed to take care of. And the, actually the corporation that I worked for was really, kind.

And my boss was, took me aside and said, Hey man, if whatever you need we'll, let you. Had to let check a sabbatical and all that kind of stuff, which was very kind, very sweet very good company actually. But the, problem was I had so much travel and I was, I'm a remote worker there, but it was just too much travel.

So I couldn't make that match what I was doing with my home life. So I, went ahead and just, I had to leave, but in between I knew I was gonna get another job. Actually, my.  Side hustles have been doing so good. I thought maybe that I could just live off of that for some time, but the medical stuff was too high  to the medical here in the us is really bad if you didn't know.

Anyway, so neither here nor there. I couldn't afford to actually live off of my. My businesses and my all my income streams and stuff. So I'm processing, as in processing stuff, I've did a whole bunch of interviews and everything. I learned quite a bit more about the current state of getting jobs in cyber security.

But I was able to get one pretty fast and it was, I was able to get something I really wanted. So a hundred percent remote position making the kind of money I wanna make. And for, and just to give you guys some social proof.  what I've been doing. These, if you go to TikTok, a lot of the stuff I posted on TikTok was there's a lot of these videos that I did directly from my travels.

Here's let me show you one. Here's one right here where I'm on. I'm in Manila beach, I think so. Yeah. That's Manila beach right there. That's the embassy behind me in Manila. So yeah just did a whole bunch of videos. I was gonna. I was gonna go to all these other sites. I was gonna go to Bali and go to Singapore and, places like that.

But I, I just didn't, we had some issues with the flights. So I was just, I just ended up staying in the Philippines the whole time, but I just wanted to let you guys know, like what's possible because I was I'm working this high level job was able to save some money and able to go. Actually take a break for three months.

I've been off of work for three months and I could afford it because I just had, I had money and savings. I had all these other resources that I created. And so that's why I, was able to do it, but now I'm going back to work and everything. And I'm not sad about it, but I, would've been a lot happier if my business would've been able to support me and sustain my family for that whole time.

But unfortunately  unfortunately not . So yeah, thanks everybody for watching me doing this live once again on, on the podcast. And I wanted to talk to you guys about a few things, show you my, new podcast and where that stuff is at. I'm gonna show you the new book that I have. That's coming out to show you to do exactly what I've been doing.

It's gonna break all that stuff down and give you a preview of what that's all.  and and then I'll just answer some questions. We'll just, we'll keep it loose on this one. Let me show you another picture. This is me. I, was on a rooftop hotels, like a resort. It was really nice.

And I'm just telling, talking about showing like me actually doing it and. I've been able to do it by marketing myself. So that's what this video's all about. The video just shows me on the rooftop, jumping in a pool having a go

http://convocourses.com

 

Hey, happy new year, everybody.  This is a podcast for combo courses, and today we're gonna be talking about  we got some, a few questions that, that have been  asked of me. I've got a resume to go through. And  I wanna talk to you guys about 20, 21 and what  what I'm gonna be studying this year  as a focus for like certifications or just sharpening my skill and some things that I would recommend that you  look at too.

Cause I think it's  looking forward five years ahead.  What I think is gonna happen as far as our industry is concerned, cyber security or  data analysis and things like that. And so let's get started. So the first thing I wanna talk to you guys about is some of the things that I'm gonna study in 2021, the things that I think that  are gonna be relevant going forward in the future.

And let me just switch my screen here to show you the very first thing.  that I wanna show you is  blockchain technology. This is  something I think that's gonna be more and more re relevant. If you've been watching the news, you've been seeing cryptocurrency going  off the rails lately. And a lot of this technology  the money is based on blockchain.

And I don't think that this technology's going away. It has all the hallmarks of what I saw with cloud computing many years ago, and everybody kept  talking about it and it just kept coming up over and over again. It's really the same  trends I'm seeing  where all these gigantic companies and all these giant organizations are really  dipping their toe in a blockchain technology and very quickly what it  is a basically it's a digital ledger.

It's a distributed digital ledger that allows you to basic you, you can essentially  you. , you don't have to have a middleman. It allows you to not have a middleman because there's something there's a, normally, if you like a, with a bank, for example, a bank is a middleman to your money.  Your money is there.

You have to go to the bank to get your money, but with a digital ledger, basically, essentially your money is out there on the web and distribute. It's all over the place it's distributed and encrypted  so that you can access it. And it has  it's a cure. It allows you to be anonymous and  and it's something, it validates it so that you can't, you people can't say that they didn't make that a payment or could, or didn't get a payment.

It's immutable. That's what that means. So the technology is emerging  slowly but surely  and not just cryptocurrency by the way, but also    for things like logistics. And even  voting can be done with the blockchain, many other  things that we use every day can be used with blockchain technology.

And so that's why I'm gonna be studying more on this    the actual technology behind it    as opposed to just  cryptocurrency for the sake of making money and investments and things, that's a whole separate issue. Blockchain itself does much more than just  money and essentially, like what, another thing that you should know about blockchain technology is that  let me see Oracle starting to use it.

 Walmart is starting to use it and  many different  other organizations and governments are start.  Dip their toe in this technology. And it looks a lot like  what cloud technology was looking like about 10 years ago. All right. Another thing I'm gonna be studying very heavily is cyber threat intelligence.

This is becoming  much more important  to anybody who does cyber security and what this is from a high level is it's. If you have a customer or if you have an org you're in an organization, either one and you're protecting someone's assets, their laptops, their servers, their information, their personnel, you're protecting their assets.

Cyber threat intelligence is where you  do recon to see if anyone is. Looking into trying to break into those assets and the way you would, one of the ways that you could do it is to have a cyber threat intelligence  cyber threat intelligence system that g

http://convocourses.com

 

from Oct 11, 2020

http://convocourses.com

check out the video: https://youtu.be/TGrw5yT6sSY

 

Hey guys, this is Bruce and welcome to combo course podcast. And today we're gonna be talking about a few things. One of the things I wanna talk to you guys about is process versus prize or system over goals. And this really applies to everything in life, but we're gonna specifically talk about cyber security.

Another thing I'm gonna show you as a new book I'm working on. It's not, it's gonna be out. I don't know, probably within the next month and a half, I gotta get it edited and all that kind of stuff. I'm actually still writing it, but it's gonna come out soon. So that's. Something we're talk about, then I'm gonna open it up to any kind of questions you have about getting into this space in cyber security.

And in the it, I got a lot of people contacting me about how to get in this field. That's growing really fast or how to upgrade themselves and all that kind of stuff. I've been doing this for over 20 years. I'm a subject matter expert specifically in cyber security compliance. That's, what I've been doing for most of this time that I've been in this space.

And so if you have any questions about that, how to get in it, how to, what to do like specific questions even I can answer 'em on this live. All right. Let's get into this. First of all, I want to tell you guys that I have a site called combo courses.com where I sell lots of stuff. A bunch of courses, also books, and a ton of stuff for free.

If you are interested.  So if you're interested in that, go check out convo courses.com. Like, I said, lots of free stuff. It's free to sign up lots of training downloadables if you happen to be in this space I'm constantly giving out free stuff. I'm trying to build a community. And that's why, if you have question, why I'm giving out anything for free, that's the reason why cuz I'm building a community I'm, thinking bigger.

I'm thinking about making a community that helps itself and Built one of these before in a whole different genre. And it, works really well. So that's what I'm doing. If you're interested in joining that community, join me on, YouTube. Join me on discord. Join me on TikTok. Join me everywhere.

Combo courses, just type to combo courses. You'll find us out there where have a growing community of people that's coming together to learn this to, level up together to, get more to, make that money really. That's what it comes down to for take take, care of our families and take care of ourselves.

Okay. So what I'm gonna talk to you today about the first topic of discussion will be about will be about process versus the prize. A lot of people contact me about trying to get to certifications or degrees and which ones should they get and all that kind of stuff.  and it's really the wrong question and I don't fault anybody for it.

Because I was, I had the same kind of questions when I first started. You should be focused more on the process and this, really goes on everything in life. Your focus should be not on the prize, not on how many likes you get, not on how many people are watching you, not on how many people or how many degrees you're gonna get or, courses or any one thing.

It should be on the process itself. And we're gonna specifically talk about cyber security, cuz that's my profession, but this really applies to anything in life. Let me specify what I mean by using this an example. Lately people have been asking me about the a plus comp Tia certification and how do you get it?

Where, do you get it from? How do you know all this kind of, what kind of job can you get if you actually do that, all that kind of all those kinds of questions and is there's nothing wrong going for that certification or any other certifications. Absolutely nothing wrong with that. And I would encourage you to get it if this is your first time getting in, into cyber security, into it in general it's a good thing to get.

But what I wanna say is that