stage, we want to learn what cyber security is and what you will be doing as a cyber security professional. This is the most exciting step because everything is new and shiny and you will learn a lot of things in a short period of time. Cyber security in a nutshell means to protect data and information from being stolen, destroyed or even accessed by the wrong person. Now, the wrong person could be a hacker or a rogue nation or a group of criminal and even just an employee making an honest mistake. Now, this information is typically stored in computers, laptops, servers, networks, phone, and in the cloud. Now, this usually scares people because they think that in order for you to learn how to protect these data, you need to first become a network engineer or an IT admin. This may have been true when I was starting over 20 years ago. But fortunately, things have changed. Nowadays we have training courses that are cyber security specific that will cover all the foundation and the background that you need to work as a cyber security professional. It will all become more clear to you as we go through the training courses. Now at this stage I want you to do four training courses and the first one is the Google cyber security set. This is a great introduction to cyber security. It's quite broad so it will introduce you to every area of cyber security but more importantly it will give you the background that you need. So you cover things like operating systems, networking and IT and even risk management. So as you go through that training, you will understand what cyber security is. And my favorite part of this training is that you get your face taste of practical hands-on labs. So you do labs that cover Linux, MySQL, and Python. Now, don't freak out. You're not going to be an expert in all these three things. However, it's important that you start practicing from the get- go. This way, things will make sense a lot faster. And when you finish the Google cyber security search, you'll get a 30% discount to do the CompTIA security plus. However, we are not going to do the CompTIA security plus just yet. Bear with me. It's coming soon. Now, as you go through the Google Cyber Security, it's normal that you may feel that you're forgetting things. This is normal. Cyber security is a new field for you and you're not expected to memorize and know everything from the get- go. And that's why the second training course that I want you to do will further cement a lot of those concepts that you've learned in Google cyber security set, but it will also broaden your understanding even more. And that second training course is GRC mastery. Now this is where you'll get to understand cyber security from a business point of view. you will understand why we do the things we do, why we need the firewalls, what does this mean for a business, and the way we learn this is by learning cyber security risk management and audits and popular cyber security frameworks such as the NIST cyber security framework and the ISO 27,01 framework. Now, in this training, you will do a lot of practical assessments. There are also practical case studies where you read reports from real companies and you analyze those reports. Now, when you finish it, you'll get two certificates. You will get a certificate of completion from GRC Mastery, but you'll also get an ISO 27,01 lead auditor certificate, which is an industry recognized certificate as GRC Mastery is recognized by Exemplar Global under the Tpek scheme. And that's how we slowly and surely build your resume to make you a strong cyber security candidate. Now, if you're wondering why you're doing GRC Mastery and Google Cyber Security Cert in the beginning, even if your goal is to be something like a sock analyst or an ethical hacker, the answer is because the goal is to land a cyber security job as fast as possible. Now, the problem with the industry is that a lot of small to medium-sized organizations don't have specialist roles. They simply can't afford to hire a dedicated ethical hacker or a dedicated sock analyst. Instead, they have what we refer to as a cyber security generalist. This is usually an individual with the title of cyber security specialist or cyber security analyst. In those type of roles, you're expected to perform more than one task. For example, you're expected to respond to security incidents, but also do things like cyber security risk assessments and help with compliance programs and even respond to fishing attacks. So, you need that broad grounding, that broad understanding in order for you to land these roles. And that's why it's essential to have this strong foundation that will set you up for success to work in cyber security. whether you decide to pursue GRC or any other role later on. Therefore, after step number two, you can actually handle so many cyber security jobs. And the next step will be a sock analyst training that will further strengthen your position as a cyber security generalist. And that third training course is try hackme sal one. Now sal one is a fairly comprehensive training. It start off covering your basics, but it quickly touches on some intermediate level concepts. It really consists with four parts. You have pre-security, cyber security 101 and sock level one. Now what I really love about this is that it assumes that you have zero knowledge. So it will teach you those basics and fundamentals again which is really good because if you remember when we did the Google cyber security set it was normal to forget things and here you get to revisit them again. And trust me when I tell you this but foundation is something that will stay with you your entire career. You'll always need to revisit them. So don't put too much pressure on yourself and think that you need to memorize everything because you don't. And at the end is my favorite part, which is the sock simulator. This is where you'll get to practice your real cyber security skill in a simulated security operation center environment. You'll get to assign tickets to yourself, investigate them, and respond to them. And as you can see, up to this step, everything we've done is practical hands-on, whether it's the Google Cyber Security, GRC Mastery, and Sal One. Now, for those of you who watched my videos before, there are other platforms that are also good for sock analyst training. The platforms are Cyber Defenders, Hack the Box, and Let's Defend. Those are fantastic platforms and I want you to use them but not at this step. Bear with me. I'll talk about them in step number four. However, for now, I want you to start with Try Hack Meal one because it makes the most sense for a beginner in cyber security with the goal of landing a cyber security job as fast as possible. Stick to the plan and don't change it. Now, the fourth certification that I want you to do at the foundational step is Compia Security Plus. This is usually a favorite of all beginners. They love to do it. They recommend it to each other. The problem with it is that it's pure theory and it's a multiple choice exam. So what ends up happening is a lot of beginners memorize a bunch of concepts, pass the exam and then forget everything as soon as the exam finish. Then they go into interviews and they can't answer anything. However, the way we've done it, the way we structured it is when you do it after you've done the Google cyber and GC mastery and cell one, you will actually have an understanding of all the cyber security concepts that are covered in comia security plus. So you'll have context and you don't need to memorize that much. However, it's still a challenging exam. You still need to pass those multiple choice questions. And for that, I recommend one resource, which is the CompTIA Security Plus Cybex book. I'll put a link to it in the description box of this video. Please don't waste time in any school communities or any boot camps. You don't need any of that nonsense. If you've done the three courses before, Security Plus, it should be fairly easy for you to pass. Now, some of you might be wondering, well, how long would finish all of this take me? And the truth is, no one knows how fast you will learn. Some of us take longer time to learn the same concepts whereas other individuals can finish fast. And therefore, I want you to remember you're trying to land a cyber security job to have a long-term career. So don't set arbitrary timelines on yourself. Instead, use the time that you have efficiently. If it takes you 6 months, fantastic. few months longer, that's also fine because at the end of the day, you will reach your goal if you stick to the plan. Now, when you finish those four certificates, this is where a lot of people make the mistake of finishing these certificates. Then they spend 5 minutes creating a resume and apply to jobs and they get disappointed when they get no interviews. This is a huge issue that I see every day from frustrated candidates. And we're going to fix it in step number two of this video. Resume.
This needs to be a step on its own because you need to spend time building your resume. It can't be something that you spend 10 minutes on and hope for the best. We need to package all the skills and all the labs that you've done in a way that HR and hiring managers appreciate. Now, the good news is I've done the hard work for you. I've created a free cyberc resume template with everything populated for you. Go to unixgu. com/free and download this free cyber security template. Now, let me show you the template and explain to you how you can tweak it to your particular situation. We have one paragraph which is your professional summary. This line is short and it serves one purpose is to tell the person reading this document that you're someone who's interested in a cyber security job. It shouldn't be your life story and it shouldn't include everything you've done because we're going to show that in the next sections. Then we have training and certifications. It include the ISO 27,0001 lead auditor, GRC mastery, Google cyber securityert, but it also includes more certificates. So as you grow and do more, you can add to it. It's the first section because you don't have cyber security experience and therefore it should be the first thing that someone sees when they look at your resume. Next we have education. If you have a degree, put it there. If not, then skip this section. Next we have practical projects. Now I populated it with four practical projects from GC Mastery. feel free to add more to it from your one or other courses that you do as long as it's not too long. So try to be brief and just explain what you did in one sentence. Now, professional experience is intentionally empty because this is something that you've put on, but I just gave you an example of someone who worked in a gym. However, I highlighted things that they did in the gym that are relevant to cyber security. So, we talked about consult with clients. We talked about IT systems. Even though this was probably 5% of what they've done, just make it brief and make it relevant to the job. Now once your resume is ready, it's time to start applying to jobs. Now technically you could start applying to jobs right after the Google cyber security search. My recommendation however is to start applying after GRC mastery. This way you'll have stronger understanding of cyber security and you'll have more to show in your resume. Now the way I want you to look for cyber security jobs and apply to jobs is by filtering for one keyword and that keyword is cyber. Go to LinkedIn, click on jobs and just type the word cyber. This will list a lot of cyber security jobs and you will see that there are cyber security jobs that want you to have a lot of experience. That is perfectly fine. We're not trying to qualify for every single cyber security job in the world, but we're trying to qualify for those cyber security jobs that maybe require zero experience or one to two years of experience. Yes, even if the job is asking for one to two years of experience, I want you to still apply because the practical hands-on labs that you've done is your way to overcome that experience requirement. You see, the reason why companies want experience is because they want to know that you can do the job or so that they know that you're coachable. You have some knowledge and you can build on top of it. So, don't be afraid and start applying to jobs. And the way to do it is to spend at least half an hour every single day applying to jobs. It's not something that you just do on the weekend or on your free. This is what you do. Your job is to apply to jobs. Do it consistently. I recommend you use LinkedIn as your primary platform, but also look for a secondary platform that might be relevant in your country. For example, in the US, you have Indeed and DICE. In Australia, we have seek. com. au. Now, this is also the step where fear and anxiety really start to kick in. You see the job requirement, you see that they want experience, so you get scared. You don't apply. Or you apply, you get rejected, and then you start to think that, oh, maybe I'm not good enough, maybe I'm not smart enough, maybe all companies want degrees. And that's just not true. Some companies want degrees, some companies don't. An increasing number of companies don't really want degrees. But all of these ideas start to come in because you're just afraid of rejection. Nobody like rejections. I hate rejection. However, surprise surprise, part of landing a professional job is to get rejected. It's just the way it is. I get rejected, everyone gets rejected, even after 20 years in the field. There is no such thing as a guarantee that every job will accept you. So the way you do it is you apply to jobs, you try to land interviews, and you go to those interviews and learn from them. It's a matter of consistency and continuing to put yourself out there. So, please acknowledge that rejection sucks, but you will do it anyway. Now, speaking of anxiety, we need to talk about the elephant in the room, which is AI. Everyone is scared that even AI will take the job that they don't even have. However, in the next step, you're going to go from being afraid of AI into using AI as your competitive advantage. We're going to
landing a cyber security job is inevitable. At this step, most of you would have landed a cyber security job or are close to getting a cyber security job. Perhaps you've done some interviews. Perhaps you went back to learn a certain topic a bit more. Regardless of where you are in the journey, at this stage you have two jobs. The first one is applying to jobs consistently and the second one is continuing to learn. This is your focus from now on. So you learn and apply to jobs up until you reach your goal. And even if you've already landed a job, you could choose to stop learning. However, I recommend you continue to learn if you want to become an expert in your field, but also if you want to get promoted and do well and get opportunities come your way without even applying. And the way to do that is by gaining skills. Now, learning at this step shouldn't be random. You shouldn't just do whatever. Instead, we want to focus on three areas, which is advanced blue teaming skills, cloud, and offensive security. You've already learn GRC. You've already got a good foundation. So, the first area to focus on, I want it to be intermediate to advanced blue teaming skills. Here, I want you to do certifications from cyber defenders. You could start with CCDL1, then CCDL2. Those are really challenging. You will get to touch on concepts such as digital forensics and incident response. And honestly, doing them will give you skills more than a lot of senior sock analysts. And speaking of challenging, I also recommend Hack the Box and their flagship certification, CDSA. It's another excellent intermediate level sock analyst certificate. It will challenge you, but it will further strengthen your skills as a blue teaming professional. And if you want more practice, then let's defend have an excellent sock analyst path. It's more beginner level. It's comparable to cell one, but it could give you another chance to practice those foundational skills. For example, if you have a sock analyst interview next week, you could do let's defend sock analyst pathway just to practice what you've already learned in sal one. So, this is how we continue to learn and we continue to apply to jobs. So instead of being frustrated that you couldn't answer in the interview or instead of being frustrated that you're not getting the interviews that you think you deserve. This way you focus on the learning and as you learn more and grow more opportunities will come your way. Now as far as cloud is concerned we want to focus on Microsoft Azure and Amazon AWS. For Microsoft Azure I want you to start with SC900. It's fairly straightforward. You can finish it in a week or even in a weekend. And then I want you to tackle something a bit harder like SC 200. This is where you'll start to challenge yourself a bit more with Microsoft Azure concepts and eventually I'd like you to get the Microsoft Azure engineer associate. It's a really crucial skills because most organizations now have their data in the cloud and it's something that you'll definitely come across if you work in the cyber security industry. Likewise from Amazon AWS start with something easy like the AWS cloud practitioner then move on to something like the AWS solution architect and eventually the AWS security specialty. Both Azure and AWS is something that you will 100% come across in the industry as a cyber security professional regardless of your specialty. And again, as you do these certificates, you naturally qualify for more cyber security jobs. You could work as a cloud security engineer or as a sock analyst or as a GRC professional. Suddenly, you're not limited by one or two jobs that you see. Instead, you have tens if not hundreds of jobs that you can apply to every single week. Now, as far as offensive security is concerned, this is purely optional and only for those who want to become ethical hacker and insist that this is something they want to do. At this stage, you can start tackling that. You could start with a beginner level search such as EJPT. It's my favorite entry-level pen testing. Practical hands-on gives you good introduction to penetration testing. Now, after EJPT, I recommend you do try hackme PT1. It's similar to EJPT. There is a lot of crossover, but you'll also get a chance to practice with more pentesting concepts. Now, eventually you should do something like offensive security or SCP. This is what most penetration testing jobs ask for. However, be prepared to be challenged. It's not an easy certificate. Now, there are also other good options from Hack the Box. They have one of my favorite pentesting sets, Hack the Box CPTS. It's even harder than the OCP. And if you do it, you will have the skills that you need to land a pentesting job, but also land a cyber security job where you perform a number of tasks, including some basic penetration testing. Now remember, in this step, you're no longer a beginner. You're actually establishing yourself as someone with strong cyber security knowledge, with strong practice. And trust me when I tell you this, you will stand out. I interview candidates every single week. And if you do the training courses that I mentioned, even in step one, you will be a lot better than most of them. So be prepared to work hard, and you're guaranteed to have opportunities coming your way. Which brings me to the most crucial part of this video. The three deadly mistakes that I see people do over and over that
