Okay , we've all been there . 200 pages into your Security Plus study guide reading and your eyes are crossing from exhaustion . You're wondering does any of this even connect with the real world ?
One of the best ways to apply your learning is to try it out for yourself , and my guest today , infosec Skills author , professor Robert McMillan , has a host of suggestions for low-cost , low-risk security tasks that you can try for yourself to determine whether you have what it takes to keep going in cybersecurity .
And , as a bonus , robert gives some pretty outstanding advice for taking these hands-on experiences and interjecting them into your first job interviews . All that and a lot more in this week's CyberWork Hack . Hello and welcome to a new episode of CyberWork Hacks .
The purpose of this spinoff of our popular Cyber Work podcast is to take a single fundamental question and give you a quick , clear and actionable solution or a new insight into how to utilize InfoSec products and training to achieve your work and career goals .
So today's hack is a little different , but my guest is longtime friend and collaborator of InfoSec Professor Robert McMillan . Robert has been an instructor and creator of our InfoSec Professor Robert McMillan . Robert has been an instructor and creator of our InfoSec skills modules for a while now and I had Robert on an early episode of CyberWork .
It was a great chat . Hope you check it out . But as well as Robert's other hacks in the series , we've got several others in the can . Hopefully you've seen them by now , but I'm very excited to have him back for this particular hack , which is aimed at cybersecurity novices .
So the idea here is we're talking to beginning learners and this is for folks who aren't sure if they have what it takes to go down a cybersecurity career path and really go for it .
So I wanted to see if we can come up with some ways to prove to yourself and , by extension , a future employer , that you have what it takes in the old brain box to work in cybersecurity . So thank you for your time again , robert , and pleasure to have you back on the show . Thanks for having me , chris .
So yeah , like I said , a lot of my guests have talked about a time where , when they were young and they tried a certain thing , maybe they they finished , you know , programming something and it worked .
Or they designed an app for a class and it was a big hit , you know , with their fellow students , or they built their own computer from scratch and their family used it for years . So it could be a big thing or a small thing , but it was something that they could accomplish .
And it said you know you can do this , and it also got them excited to see what's the next thing that I can do , you know . So you know it can be easy to keep studying abstractly and maybe even , you know , collect a bunch of certs , but I think some hands-on experience can really lock things in faster .
So , robert , can you suggest a manageable security project , something you can get your head around and finish ? That will help . You know you've got a good handle on the concepts around cybersecurity , sure .
Sure , chris . You know , I remember when I first started making video courses and what I found was that the more complex the courses became , the more difficult it was for the company as I was doing the courses for to even provide me with the equipment I needed .
So , for instance , you know , my first video course , after just doing YouTube videos , was with LinkedIn Learning , and they said , oh , they said you know what do you need ? And I said , oh , I just need a couple of Windows 2012 servers and have them network together . Ok , fine . And then they started saying , ok , what do you need now ?
Well , I'm going to be doing software defined networking that requires this , this and this , and they go . We don't have that . Yeah right , this and this , and they go , we don't have that .
So I had to procure my own equipment for that and , to this day , a lot of the courses , including the ones I do for InfoSec , I use my own equipment , just because it's gotten more and more complicated . But for those of you just starting out , there's a lot of great options .
So when you sign up for the InfoSec Institute , of course you do get a free trial , and so definitely recommend that you do that , and there's all kinds of great labs and great things that you can sign up to take . For instance , on my courses . I have a Windows Server and client course on security .
I created labs for people at the intro and at the intermediate range that you could do online . The great thing about online labs are you don't need high end equipment . You don't need to buy $40,000 like I did .
I bought $40,000 equipment just so I could do my courses , because all that stuff's in there , it's in the background , it's it's sitting on , you know , servers that have the complexity and things like that like you would have in a corporate environment .
So you may not be able to attain all of these different pieces to you know , to do some of the more complex stuff . However , it is certainly possible for you to get your own lab going , just as I did in the early days .
Now , besides the InfoSec Institute , I have found that if you don't have the money yet to do a long-term monthly subscription , yeah , because you're really just getting started and maybe you need something just as basic as basic can be .
I remember trying to save a file the first time on a Windows computer because I started out as an Apple guy a Macintosh Okay and I had to save it with a file extension . I'm like we don't use that in Macintosh . What do we need that for ?
So you know if you're really at that level you know , like I was when I first got started then you can go to learnmicrosoftcom , sign up with your email account and they have some free projects that you can do online and they walk you through . I mean , it's basic , basic stuff . We call this high level , 50,000 foot level .
Don't expect that once you take these that you're ready to get a job in cybersecurity . Yeah , right , right . This is just you know real hand-holding intro stuff here , oh yeah .
Make sure you're really comfortable yeah yeah , exactly , you know the InfoSec Institute is going to does have introductory courses , but I've never seen anything as simple as what I've seen at LearnMicrosoftcom . Love it . So you can go there . They've got the videos and the intro text and and then you know the labs and stuff like that .
Then you can sort of graduate , you know , on to more advanced courses . I love the fact that InfoSec has some advanced courses for people who are lifelong learners , I mean those folks you know . It's like OK , what's the next thing ? Because technology changes so quickly it's hard for me to keep up with it .
So I'm going to learn from someone who has kept up with it and then I'll be at that level , you know , at some point and you know three years from now .
I got to kind of start all over again , don't I ? Yeah , yeah , as we all do . Yeah , sometimes it's six months from now , but yeah . So yeah , robert was talking about infosecinstitutecom slash skills .
If you sign up for a free month of that , you can sort of poke around in there and see what's what's interesting to you and as , as as Robert said , you can check out his Windows 10 , or is it server 2019 and Windows 11 , server 2022 . Yeah , and a lot of our skills learning paths have cyber ranges and sort of hands on things .
So it's pretty cool , like they'll give you a little simulation of you know a command prompt environment and you can actually go through and do all the pieces yourself .
You can do code injection , you can do you know some sort of capture the flag things or whatever , and you can really lay hands on it in a sort of low stake situation where you're not going to break anything You're not going to . You know .
All you got to do is , you know , reset it and start over if you messed up , and I think that's really really conducive to learning . You know , all you got to do is , you know , reset it and start over if you messed up and I think that that's really , really conducive to learning .
You know , I mean we've had a lot of guests on who have said that you know they dismantled their family's computer when they were , you know , 12 years old and then put it back together . But it can be a little scary if it doesn't work out and maybe you know that's , that's the last thing . You , in this case , yeah .
So so , yeah , let's , let's talk a little bit about doing some of these projects . You do something hands on and , you know , do you have any advice for sort of designing , like the scope of the project that you would want to accomplish ? Because , like you said it's , it's one thing to say , like , learn that Microsoft dot com .
Ok , I did this to this , learnmicrosoftcom . Okay , I did this to this . Now , like , how do you sort of like plan for yourself to say , okay , what's the next hardest thing I can do for myself to sort of feel like I'm moving up the ladder ?
What's your advice there ?
You know , nothing feels as good as getting your hands dirty and you know your own project , and so what I recommend is that you start out , you know , assuming that you have a decent computer with , say , at least 16 gigabytes of RAM , and if you don't see if you can upgrade it or obtain a new or borrowed computer that you're able to do this with , if it's
a Windows computer , you can go ahead and install Hyper-V on it . It's just a feature that you can check the box , you know .
When you go into the control panel , the system settings , you can add Hyper-V and it also includes if you have the professional version , the enterprise version or even the student version , then you can get a free virtual machine operating system for another Windows 10 or 11 , as well as Linux versions that you can install .
That's all included right in there in Hyper-V on any one of those versions of Windows . Now , if you have a home version , you can upgrade it . It's not that expensive . Microsoft would love for you to upgrade it . It's just go to Microsoft's website and say , hey , upgrade my operating system , and then you can get all those advantages .
However , let's say you don't want to use Hyper-V . Let's say you don't want to use Hyper-V , let's say you want to go a different direction . You can install VMware Workstation the current one , I think , is 17 , or VirtualBox , which I believe the current version is 7 .
And you can install that on any computer Windows , macintosh , linux , any one of those computers assuming that your computer has the virtualization feature turned on . You might have to boot into the setup and turn on virtualization . It's just simply a checkbox that you do and by default , a lot of times it's turned off .
And then you can install any one of those virtual machine products VMware Workstation , virtualbox especially for non-Windows and then you can get all kinds of great projects that you can download . Now one place I like to go to you can get some free projects is GitHub . Github is owned by Microsoft .
They have a ton of free projects that you can download onto these virtual machines , and the nice thing about it is is you can break these virtual machines and you can start over again and you know no harm , no foul . So you can start over again and no harm , no foul .
You can get free versions , demo versions , 180-day demo versions that you can use over and over from Microsoft at the Windows Eval Center . Just type in Windows Eval Center in a Google search and you'll find it , and you can download any version of Windows Client or Windows Server for VMware VirtualBox for half a year , which is fantastic .
Another place you can sign up is the Cybersecurity and Infrastructure Security Agency , known as CISA C-I-S-A dot org . Cisa is great . It's the security agency that you can sign up for Now . I've signed up a long time ago to get these updates for when some new vulnerability comes out .
They send me an email anytime you know some new hack has come out or you know , and I learn a ton from them . So it's a great place to go to get various different projects and information that you can do on your own .
Yeah , we love CESA around here . Those are all boy , those are all great , and a lot of those I think are first time we've heard about that on the show , so there's some really great tips in here . I hope people are taking notes , whether on piece of paper or on their phone notes . So I have one last question for you here , robert .
So one of the things that we talk about a lot on the show is that you know , especially when you're just getting started in your career in cybersecurity , you know it's one thing to have okay , I have a certification on my resume that shows I can do that but one of the things especially with people who have no experience trying to get into a job that requires
experience is documenting outside experience that you've done . So some of these things that seems like would make really good kind of calling cards when you're trying to sort of show off what you can do . So you know , I think an important part of this whole endeavor is documenting what you've learned from these small projects .
So do you have any tips for how to document completed projects in a way that others can understand and that you could maybe put on your resume ?
Lots of good tips for this , definitely want to , you know , write some of these down as well . So on the simple side , you know , if I think about my first IT job , what I found was when I was troubleshooting issues , I would notice , like every you know , two , three weeks , maybe every month or so , the same problems would happen over and over .
And that's because every you know version of Windows that people were using had the same bugs in them as all the other ones , or software that they were downloading and installing , or whatever it was .
And so what I found was is that after a month , if you haven't seen that problem in a month and you're , you know , I was solving 20 problems a day , you know . So you know , over the course of a month we're talking about hundreds of issues I've solved . A month later that same issue comes up .
I'm like wow , I know I've seen this before , but I sure can't remember how I fixed it .
Yeah , yeah , exactly Right , right . I don't remember how I did it , but I fixed it Exactly .
So a lot of . If you're using Microsoft Office and if you're a student , you can get Microsoft Office for free using your edu email address . Then you can use OneNote . Onenote is a great way to you can create a different note for every different project , if you'd like , or different operating system , different problems , you know .
However it is , you want to organize it , onenote is very customizable , very easy to use . It'll sit down in your system tray so you can easily recall it . Now , if you want to get a little fancier , you can . And again , microsoft Office , you can use Microsoft Access . Access is sort of a simple , low-grade SQL server , right ?
It uses an MDB type of a database , so you can't put hundreds of thousands of records into it , but you can certainly put in thousands of records so you create . There's plenty of YouTube videos out there if you want to learn how to create your Access database and customize it the way you want to .
I've got over 4,000 videos on my YouTube channel , not just on Access but Windows and other things , so just that channel alone has plenty you can learn from there . 4,000 videos on my YouTube channel , not just on Access but Windows and other things , so just that channel alone has plenty you can learn from there .
And so you make your Access database and then it's searchable . So the next time you have an issue , you say , hey , put in some keywords , click search and boom , you saw how you solved it last time .
Now for employers , when you go to do an interview , here's a tip for you Is that let's say , you've already got some experience in a job , or maybe you have experience in college or on your own home lab that you can relate to some of these questions that are coming to you in this interview .
Try to get no more than around five really good stories , because what you're going to find is pretty much any of the questions that they're going to ask . You are going to relate to at least one of them . What you're going to find is pretty much any of the questions that they're going to ask . You are going to relate to at least one of them .
If you try to get 10 stories or 20 stories , you're not going to remember all the details . Right , it's going to come out funny , you know so . But if you have five really good stories that you practice ahead of time , practice with your family . You know somebody in your family .
Practice with one of your friends you know about , you know explain , you know how it is that something happened . Then when you do go to get interviewed , then you'll have all those different things down pat . So if they say you know , what did you do in order to , you know , secure this computer from ransomware , you know .
Or what happened when ransomware broke out , what did you do ? And now you have a story you know and you can , you can talk about that , that and you've got it , you know , very well explained in your head , so now you can explain it , you know , to that potential person .
Yeah , I think that's , yeah , I think that's a really really great point , and I think it is hard to imagine , like , how am I going to put that on a resume in a way that they're going to , you know , see it or whatever ? But if you're , if you're in the interview , then it's going to be real easy to bring it up .
You know , and , like you said , you can crowbar it in , as long as it makes sense to what they're talking about , but you know never mind to be of a story of this one time when , blah , blah , blah , blah , next thing you know they're putting check marks next to your name in their hire pile .
Exactly exactly .
All right . Well , that's all great advice , so I'm going to let you go here . But , Robert McMillan , thank you so much for guiding our listeners through this important early phase of their studies . My pleasure , chris , thanks for having me , and thank you all for watching this episode of CyberWork Hacks .
If you enjoyed this video and felt that it helped you , please share it with your colleagues and on any forums you're on and on your social media accounts , and please like the video and subscribe to our podcast feed and our YouTube page . You can type in CyberWorks InfoSec on YouTube . You'll come to our page . Just hit subscribe . Hit the bell .
Everything will be delivered to you just like magic . There's plenty more to come for listeners of all levels , and so if you have any topics you want us to cover about any aspect of the cybersecurity career experience , drop them in the comments below and we'll get to them very soon .
But until then , we will see you next time , and this is Chris Sanko saying happy learning . Hey , if you're worried about choosing the right cybersecurity career , click here to see the 12 most in-demand cybersecurity roles . I asked experts working in the field how to get hired and how to do the work of these security roles so you can choose .