Speaker 1: 0:26

This is the Art of Network Engineering podcast. In this podcast, we explore tools, technologies and intelligent people. We aim to bring you information that will expand your skill sense and toolbox and share the stories of fellow network engineers. Welcome to the Art of Network Engineering. I am AJ Murray at no Blinky Blinky, and I am joined this evening by Tim at Tim Bertino on Twitter. Tim, thanks for joining me. How you doing?

Speaker 2: 1:00

Good, aj, good to see you Been just trying to keep up. Work's been good. Started the I guess it's the final season of Jack Ryan on Amazon Prime. That's a fun one and I was trying to still trying to write a little bit, doing a little bit of studying here and there. I saw not relevant for when this releases, but Cisco did another Rev up to research thing to get some free continuing education credits if you run through one of their courses.

Speaker 1: 1:32

So yeah, 30.

Speaker 2: 1:34

So I'm digging through that Figure. Might as well not let that pass up, but just trying to keep busy.

Speaker 1: 1:41

Very good, very good. Also joining us Andy Laptef. He is at Andy Laptef. Hi Andy.

Speaker 3: 1:47

Hello AJ Murray. How you doing buddy, good man, it's good to be here. The hell am I been doing? I'm studying for my my pool closed today.

Speaker 1: 1:58

I just saw the picture with a cover on it right before we got on here, but when this, when this releases, it'll be back open. I don't know, the cash is running short. It might be out sooner than we think.

Speaker 3: 2:13

Life is pretty good, man. Yeah, the pool is closed. I'm studying for my JNCIA. I saw our guest, who we'll get to in a moment. He's going for his JNCIA data center, which is what I'm going for after this first Juno's JNCIA thing. But I want to take the data center track up as high as I can go and I was working a little bit on my home lab.

Speaker 3: 2:33

Today. I have some VQFXs spun up in the home lab. I'm messing around with some VXLA and EVPN stuff and our good friend Aninda was like yeah, tear them out. There's a new Vjuno's Incivo I should know the marketing terms but there's a new jam that's much more stable than the VQFXs. So, working on the lab, doing some studying, creating some fun content with you guys, so, yeah, man, just keep it on, keep it on. You know I've been in product for like 18 months now. So I feel like the longer I'm on the vendor side, on the business side of things, like my technical skills are kind of atrophying and it bothers me Like I love the business side and I love getting to see what we're working on and what's coming and how we're working on you know some, some cool CX stuff, but I it bothers me that I'm on these technical calls and I'm like I forget what that was and how do?

Speaker 3: 3:19

they do that, and so that's partly why I'm jumping back into the, into the cert track, because you know I need to keep up on these technical calls. I'm on and be like it. Just I don't know. This is, this has been my career for a decade and even though I've been in vendor land a year and a half, it still feels gross to like not be doing some form of engineering Like I want to be on the keyboard. I want to be learning stuff you know, at the very least to be relevant, I mean.

Speaker 3: 3:43

I can't come on this show and be like I don't know anything anymore.

Speaker 2: 3:46

But I started the show with you, so I'm still here, like you know, I feel like I need street cred.

Speaker 3: 3:52

So like, yeah, I did all that stuff today. Aj, Can I still be in the gang?

Speaker 1: 4:01

Do we have like a network engineer, any like gang sign? Is that how that works?

Speaker 3: 4:06

I don't know, I just yeah, I just want to be in the cool club man. How you doing, aj? I ask him as he drinks no, that's quite all right, I'm doing very well.

Speaker 1: 4:13

It's. It's fall here in Vermont. We were talking about that just a moments ago before we started the show, the. The leaves are turning all pretty colors. The mountain side looks like it's on fire and it feels like it's on fire because it's still 84 degrees here, which is very unseasonably warm for Vermont this time of year. But no, I had a great day today. I am taking today and tomorrow off because I have to do a cutover this weekend and then work all of next week. So, uh, squeezing in a few comp days and, uh, I'm taking that time to go fly my drone and take some pretty pictures with my camera, while I can, of the, the pretty landscapes and stuff like that. So it's a it's a good time. I'm set to get up tomorrow morning at four o'clock. I'm going to meet up with another photographer friend of mine and we're going to shoot some awesome sunrise stuff. Uh, you know, out in the middle of of northeast Kingdom, vermont. So it should be a good time.

Speaker 3: 5:02

Listen, if you're going to get a hobby, make sure it's something you can sleep in for like yeah, I'm the same way, like I go fishing and I'm up at three in the car at 330 driving, like you gotta get some hobbies where you can like, just sleep until right, I was gonna say where did that?

Speaker 2: 5:17

that came out of nowhere. Yeah, I'm taking the next. Uh, took today off. Gonna, take tomorrow off. Somebody get up at four.

Speaker 3: 5:24

Okay, my new hobby is gonna be breakfast in bed at like 930.

Speaker 1: 5:30

Fantastic Call that retirement, andy. I think Golds man Golds. All right, uh, anyway, it's time to introduce our guest. He has joined us before on a previous episode of the Art of Network Engineering, where he talked about his transition out of the military and into a technical career. I'm very excited to welcome back John Breth. You might know him better as at cyber insight on YouTube. John, thank you so much for joining us again. It's a pleasure to have you back on the show.

Speaker 4: 5:57

Hey everybody. Uh, appreciate you for having me back. Had a great time last time Finally get to meet Andy and AJ actually. So, uh, yeah, great to great to be here and uh looking forward to chatting with you guys.

Speaker 1: 6:09

Yeah, absolutely so. You're very uh and, as I was saying before the show, you're very networking adjacent you. Your focus is is mainly cyber security, but uh, it sounds like you cut your teeth and uh got a lot of your experience uh in networking, and a lot of your content today is still very networking focused. So I thought it was more than appropriate to welcome you back to the show and dive a little bit deeper into your career, your experiences uh, and and share any advice, which I'm sure you have a ton of, with our listeners, uh, so to to kind of kick things off, can we get the the uh, you know the notes, the Cliff notes version of of your career? Sure, because we've already kind of talked about it a little bit before.

Speaker 4: 6:46

Sure.

Speaker 4: 6:47

Uh so started my career back in 2003, joined the Air Force. Uh in the Air Force I was doing kind of like long haul telecommunications and then uh got asked to go support a special project which uh was supporting Air Force one and the rest of the special air mission uh fleet of aircraft so doing kind of like network and security administration for the, the networks that that traffic was going over. So uh finished out my four years doing that uh in the DC area and then transitioned from there to go uh become a contractor, which I had a lot of people end up doing that once they're here in this area went to go work for one of the more uh well known consulting companies and that was kind of where I really started to become like a network engineer and going down that path. So uh worked doing that for about six years and during that time uh got my CCMP, took CCI written and passed that a few times. Um CISP, went to grad school, you know, just did a whole bunch of stuff. Um, that was, for the most part, primarily focused on network engineering. Uh, after about six years there I ended up transitioning to go work at a tier one, isp, and uh, that was very, very interesting because it was actually starting up a program uh that was focused on providing uh cybersecurity solutions to protect different uh federal agencies against uh different types of advanced persistent threats. So in that role, still doing network engineering, but then also kind of getting a little bit more into uh system design and architecture, and that over a course of I don't know, maybe six years, seven years, eight years, I ended up moving up and becoming the lead architect on that program and then also during that time I ended up kind of deciding I wanted to start my own company.

Speaker 4: 8:36

Uh, so started my own consulting company, continued doing uh that same type of uh principal architects type of role and, uh, yeah, that's what I do now. So I just have uh various clients do uh architecture work, both on the cybersecurity side, networking side, uh bit of GRC, so things related to, you know, atos and 853 and NIST and all that stuff that people hate talking about. Um, I don't mind diving into that a little bit. Actually find that having the the you know pretty strong technical background makes it a lot easier to understand what those requirements are and kind of be able to relay them to people who maybe aren't as familiar, uh, with the intent of of those types of controls. So that's kind of it from a job perspective.

Speaker 4: 9:21

Um, but, as you mentioned, I also like to do a bit of content creation. So, uh, have a YouTube channel. Uh, I think at this point I probably have maybe 200 videos covering everything from beginner networking concepts, network plus, ccna, ccmp labs, a bit of cloud stuff, devops, a lot of offensive security, defensive security, pretty much anything that's kind of interesting to me. I like making content on it. So, um, if I know about it then I'll talk about it, and if I don't know about it, then I'll pull up Command Prompt and try going through some labs and people can see where I screw up, because that's where we're going to screw up to.

Speaker 1: 9:56

Learning in real time.

Speaker 4: 9:57

Exactly.

Speaker 1: 9:57

Yeah, there's a lot to unpack here. So I want to go back to you said you were assigned a project where you're working with communications on that little airplane called Air Force One. Yes, yep, and it sounds like the support aircraft, that kind of go with it.

Speaker 4: 10:14

Yep, so support aircraft, and then also the rest of the fleet that supported VIPs, so pretty much SecDef, flotis, vice President, a few other like COCOM Commanders and things like that. So pretty much if they were really, really important, then they probably got to fly on one of those blue and white aircraft that kind of looks like Air Force One but is a little bit smaller. So pretty much anybody that was flying on those they were coming through the network that I was working on Wow, and you said it was like 03, 04, 04, 05, somewhere in that all park.

Speaker 1: 10:47

Yeah, so that was like still pretty, pretty fresh off of 9-11. Sure, I have to imagine it was a very heightened sense of security, probably a lot more attention than it got pre 9-11, kind of thing. Sure, what was the vibe like doing that kind of work?

Speaker 4: 11:06

So it's actually interesting because the system and network that was supporting that actually was developed after 9-11, because when 9-11 happened, pretty much all the communication channels were locked up and the government was like, hey, we actually need to get some, some dedicated com paths established so that, if we end up getting into a situation like this again, we have, you know, the right communication devices, paths, availability there so that the leaders are able to communicate. And so that was kind of where that project was birthed out of and I started working on it probably I don't know maybe like two years after its inception or so it's pretty brand new at that time oh sorry, what was that Tim?

Speaker 2: 11:53

The same news, so it was still pretty brand new at that time.

Speaker 3: 11:55

Yeah, super brand new yep, are you still sworn to secrecy, like I love? And I don't love talking to people like you, because when I hear about a network like that, I'm like, oh my god, I can't wait to hear how that all works. And I'm pretty sure it's like, yeah, bro, I mean.

Speaker 4: 12:09

So I don't know. That's a great question, I would. I will say this I think I mean obviously the equipment and stuff like that that was there and that was used back then and the vendors that were used and the different, you know, satellite providers and you know all that type of stuff has definitely changed since this way back then so so that's why I was going with it.

Speaker 3: 12:34

Like so my very dumb, dumb, high level question is like so Air Force One and all the other fancy blue and white planes, they're all talking to each other so that's the network that you're kind of working on, and then my guess was that it was satellite, although I didn't want to call you out and make you say it.

Speaker 4: 12:47

But I mean, I'm guessing that's how they all right, I mean that that's that's pretty much the only option at that point. But uh, yeah, I mean that. So get run cables. Yeah, very, very, very long lasers. Um so, so here's. So they didn't have, they couldn't do that prior right like so I think the the difference was trying to think how to put this um yeah, you don't have it well, no, no, no, because I don't I don't

Speaker 4: 13:14

think I'm sending anything out of school, but the difference was getting things that were dedicated specifically for that particular mission, versus it just being traffic that was normally going over, uh, a satellite, or a satellite that was fighting for contention with everything else that was going over it.

Speaker 3: 13:35

Dedicated satellites, folks more wow, not necessarily cool.

Speaker 4: 13:38

Wow, that's, that's amazing. And how do?

Speaker 3: 13:42

you get a job like that? Is that because your Air Force background?

Speaker 4: 13:46

um so.

Speaker 4: 13:47

I just I just happened to be lucky that I was um working in the building where that program was and I was doing really well at my job in Long Hall telecom and uh, they needed folks and they saw that I had. You know, at that point I ended up doing like my undergrad in about two and a half years when I was in the Air Force, and so they saw that I was like crushing classes and like I think at that point I might have already had my CCNA if I didn't. I already had my network plus and insect plus. So they were like all right, this, this person, even though he's young, uh, you know, is kind of like plugged into stuff, can learn stuff, um, and, you know, is a top performer amongst you know, his peers.

Speaker 3: 14:33

So that's an outage call. I don't want to get what I'm on call, like the president's pissed shit president can't call. You know, play number 32 to yeah.

Speaker 4: 14:43

No, it definitely it definitely prepared me for a lot of of other future things to come. I mean, you look at it from this perspective. Like every day you have to go uh and create PowerPoint presentations and go in brief, um, in essence, kernels in the Air Force, uh, and you're, you know, a 21 year old or E3, which is like one of the lowest ranking. You know people around um, you're also writing up incident reports whenever any of this stuff happens and these incident reports are being fed up through, you know, the chain of command all the way up to, like, the general staff level. So, like, the way that you articulate things, the way that you present information, it all has to be spot on, very concise, very clear, no errors, uh. So having kind of like that, that fear of god instilled in you from that made it very easy to kind of transition over into, um, the non-military world and putting together presentations, talking to clients, things like that. It's like it already was kind of like hammered home were you intimidated by talking to senior leadership?

Speaker 3: 15:49

because I think that I mean I know I have in like certain companies, you know like executive packaging and talking to these big wigs and like even in the private sector, right so, was that? Was that tough for you? Did you have any tricks to like? You know how do you talk to the big super bosses without pooping your pants and um?

Speaker 4: 16:04

I mean, repetition is really all it was, and so it just became you have to do this brief every day, so you know it kind of it.

Speaker 4: 16:13

It kind of is what it is and you, you understand kind of uh, people's temperaments and you understand kind of the expectations of the information that they want to be provided, uh, and when you do that on kind of a constant, consistent basis, then you're kind of like establishing a level of trust with them and then that obviously makes communicating with them much easier.

Speaker 4: 16:33

Going forward, but definitely I mean being being 20 or 21 and you know having to report on these things that you know have an impact to national security really, and you know, communicating this to to senior leadership definitely, you know, definitely gets your stomach in a knot for sure. The first, the first few times or few months that you're doing that, um, but I think you know, like like anything, you do it enough times and then, as you move on to other stuff in life, you can kind of reflect back on things that you've previously done. Whenever you're in new situations where you're kind of, you know, worried or nervous, you know that you've performed in the past, so you can kind of lean on that jb, let's let's talk about the tie between business and technology.

Speaker 2: 17:19

So a lot, a long part of your career. You were very highly technical, both in the air force and in the private sector, and also as a contractor, and then you decided to pivot to essentially running your own business and and having clients. How difficult for one, how difficult of a decision was that for you, and where? Where do you feel like you started gaining some of that business acumen? Was it as you started jumping into architecture roles, or how did you pick that up along the way?

Speaker 4: 17:48

so I think kind of a few things. So it was starting to work out of the air force for consulting company, so they did a very good job, um, kind of teaching the fundamentals of of what that is, of building relationships. Problem solving. It's not, you know, just coming in with what you think the right solution is, or or having a particular solution in mind that you're trying to fit, you know, uh or round peg into a square hole, right, it's, it's actually listening, developing relationships with people. Um, through that you're able to kind of get a better pulse on what their primary problem is and then kind of their secondary problems, and then you might be able to end up coming up with a whole bunch of different types of solutions. Some of those might not even be technical right. So I think that part of it definitely uh helped.

Speaker 4: 18:35

I think kind of the thing for me that pushed me more towards wanting to go the route of owning my own business was, um, I ended up, you know, getting friends along the way who had started their own companies, so that definitely there was a level of kind of mentorship and seeing other people doing it. Uh, and then there also was the aspect of doing business development for some of these large companies and not necessarily getting any benefit from that. So if you're, you know, working 40 hours a week and then you got to go and do another 10 or 15 hours of business development for the company you're working for and you know you end up winning a contract, the senior leadership ends up getting bonuses. You don't get anything from it. You're like, okay, I'll do that a few times, I'll kind of work some lessons from this, but eventually you got to be like I have no issues working really hard in busting my ass, but I'd much rather prefer to do it for myself and and get something out of it than do it for somebody else and they don't even know who.

Speaker 4: 19:38

You are right. So that was kind of what, what pushed me in that direction. And once I had that epiphany, I didn't it wasn't like I just went and started my company. After that I still, like that seed was planted and it still took another I don't know five or six years of you know, continuing to develop even more technical skills before I got to the point where I was comfortable and felt that I had, you know, a wide enough network to where it would make sense to kind of go that route and to follow up on that from the business side of things starting your own company.

Speaker 2: 20:13

Is there anything looking back now that you would have done different to get it started? Are you pretty happy with how it's turned out?

Speaker 4: 20:20

um, no, I'm, I'm I'm pretty happy with how everything went. Um, I think for me, a lot of the, a lot of the business that I've been able to to get over the years has kind of just been through my network and people who've already worked with me and wanted to work with me again and would recommend me, you know, to the company that they, that they were working for um and when it would bring me in that way. So I'm definitely not someone who's good at uh, I wouldn't, I shouldn't say that I'm not good at it. I don't have as much of a desire to try and like cold sell somebody on my services. I'd much rather just be like, hey, I already have a relationship with this person, I know that they have a need, they want to bring me in and it kind of, you know, works that way.

Speaker 4: 21:02

Um, up to this point I really haven't grown the business too much as far as like bringing on a whole bunch of other employees. I brought on some 1099s at different points. Um, so maybe that's one thing that, uh, at least I know in the future that I'm focusing on wanting to get growth that way. Uh, but again that even that there's, there's a balance to you know what you want to do with that.

Speaker 4: 21:23

I definitely don't want to have a company where I end up getting so many people that I'm not able to still do technical stuff myself. Uh, and I'm not just trying to get a company where I just get you know contracts to just get people's you know what they call butts and seats right where it's kind of like lower level admin roles and things like that. I think, uh, if I do grow the company and bring other people on, I prefer to kind of keep it kind of like a boutique me consultancy, so other people that have skill sets similar to mine, just a handful of people. You know we're all adults. No one needs to be babysat like you just go out, do good things for clients, develop relationships and you know um, just kind of go that way.

Speaker 2: 22:00

That's good. I think it's important to know what you want and and how you're going to run your business and and not just kind of trying to guess and check to try to to grow it. I mean, you know exactly what you want and you heard it here first kids, people, networking is just as important.

Speaker 2: 22:16

I mean like you said it's got to be a good feeling to pick up clients and or have people reach out to you and then come to find out that they heard about you through somebody else that they know or you know. That's that's really cool. So let's let's shift into technical skill sets a little bit. We've talked in the past about how people who want to get into app development or cloud or some other IT adjacent disciplines there are a lot of good reasons to at least get some basic networking skills. Do you feel that that would be a similar recommendation on the information security or cybersecurity side of things as well? How important is net understanding, networking fundamentals to learning sec.

Speaker 4: 23:02

A hundred percent. So I don't like to use, like you know, blanket statements. There are people who definitely can get in Without having the background and do well and, you know, have a great career and pick things up as they go, but I think, generally speaking, not having a fundamental understanding of networking and fundamental that understanding of kind of some other branches within it, so maybe like some system stuff, definitely makes it a lot more challenging to get spun up and get into a info sec or cyber position, especially one that is requiring you to be technical, because if you don't understand how networking works is really hard to defend something if you don't understand what it is you're defending. So it's, it's definitely something. Whenever anybody you know ask my opinion on that, I'm definitely like you definitely want to go just a definitely like five times.

Speaker 1: 23:56

You want to go super important focus on networking fundamentals.

Speaker 4: 24:00

I've never heard anybody who's gone and done that been like I regret. I regret learning about, like you know, I got I'm doing cloud stuff now and cloud security and I wish I hadn't spent that that four months digging down into network plus to really get understanding of data flows and different applications, port protocols. You know different, different devices in the architecture and things like that.

Speaker 1: 24:24

So pretty much where I would point folks to I have an embarrassing question like and you say that, but then you ask like the best questions ever saw here, with thank you, I love you for that, just made my day.

Speaker 3: 24:40

I don't understand what the hell cyber security is, right? So you know my, my first question is like, what was your first job? And you know, you seem to have transitioned and I know you haven't because you do a lot of things, but there seems to be a transition from networking to cyber security. Right, unless you, unless you're, unless you believe the boot camps, that in ninety days you can make a hundred and cyber with no experience, right? I say that kind of tongue in cheek, that some of the nonsense going around. But so you know, yeah, you get the foundational stuff and networking, like you said. But I mean, what was your first job in cyber? Like there seems to be this very vague gray area of, like you are networking and now you're in cyber and it and it happened so.

Speaker 3: 25:21

How does that happen? Like what the hell cyber security, and how does that happen?

Speaker 4: 25:24

so I would say that there's a depending on the organization, there can be a lot of overlap between roles, and so that makes it so it's kind of nebulous from that perspective, but just from a high level, just so you know. This is this is my opinion on what the definition of cyber security is is dealing with monitoring and protecting it infrastructure and the data that resides within that. Now I also caveat with that is there's a difference between cyber security and info sec, because info sec also kind of goes over that same thing, but info sec also includes data that might not be residing on computers.

Speaker 3: 26:02

So, monitoring, protecting. So when I was working at a knock, I was monitoring. I do not believe us protecting anything but were you?

Speaker 4: 26:09

but were you monitoring things from a cyber security perspective? Are you monitoring things from?

Speaker 3: 26:14

No, just break exactly you know it was an isp knock, so monitoring is in a knock looking for a fix. It is watching traffic patterns and looking for people, weird, nefarious traffic stuff like. Is that we need my monitoring?

Speaker 4: 26:29

Yes, most definitely so look at traffic logs, putting stuff back through a sim, right, looking for stuff that way, doing analysis, like if you got a z or core lights and you're looking for anomalous traffic in the environment. Different things related, different types of security tools. Right, so that could be a host based firewalls. The web based firewalls could be your network based firewalls idea.

Speaker 3: 26:57

So you're looking for bad actors, people trying to get in and do bad stuff, how I mean, it seems like from your, your first job out of you know the military was working on the president's damn network. So it seems like you've been pretty security focused, cyber ish, from the beginning. I mean, do you feel like there was a transition or you've always just kind of been in that?

Speaker 4: 27:18

Protect. I feel like so I say this, this is said this before a few times like you've heard the term like blue team, when people, when people talk about cyber stuff, so those are like kind of like the network, the defenders versus like a red team which comes in does was penetration testing. My feeling is that everybody that works in it is a member of the blue team. They just don't know it right. So if you're working on I T infrastructure, you are probably or if you aren't, you should be doing some things that are cyber security adjacent, whether that's looking at logs, doing configuration hardening, working with, like, maybe, scan and remediation teams, patch teams, right. If you go and you do patches on your, on your juniper and X's, right, that that's part of security remediation. So you are doing a role in cyber security, even though you aren't necessarily a security engineer. Again, that comes back to depending on the organization. Sometimes they do have people who are security engineers who are doing the patching for certain things. So that's why I say it's, it's.

Speaker 3: 28:23

It could be a little nebulous, depending on the organization so I made a decision that I wanted to be a network engineer someday and then did the things that you do to be a network engineer. So is it similar To being in cyber security? Like did you do? Did you make a decision that you want to be in cyber or it's just part of your networking?

Speaker 4: 28:41

No, I actually I didn't make the decision.

Speaker 4: 28:43

What ended up happening was I was a senior engineer and had to be responsible for building out systems that needed to be accredited.

Speaker 4: 28:55

And in order to get accredited by, let's say, like the government, in order for the government to credit a system, you have to Go through and have certain types of protections and configurations in place, right? So all sorts of different things, from like Having an I virus, having a sim, having idp on your firewall, having you know all these different things. So since I was the lead on I team implementing these things, I had to become familiar with all of these things and familiar with what you say from there are responsible for documenting how it was being built, the design, the policies, the procedures. All of those things create artifacts, package them together so that, when it came time for an approval body to sign off on, the system is secure. I put all that stuff together. The team didn't have anybody who is cyber security and since I was, it was my team and it was my project and it kind of just fell on my lap and that's kind of how I went from being a senior engineer into architect role to get a government job.

Speaker 4: 30:02

I mean that doesn't necessarily just have to be that either, right, I mean because there's commercial needs depending upon the type of compliance that they have for different types of systems. Right, if you gotta meet you know, pc I or something like that, right, you're still going through, I think, where you have to configure the environment a certain way and create artifacts and your your documenting your system against the standard right.

Speaker 3: 30:26

so Is the last thing I'm gonna say about security and it's an it's an embarrassing thing to say out loud. I think in, I think in ten years, is a network engineer. I don't know if I ever thought about security and I know that's like a thing you're not supposed to say out loud, but I worked. I worked in like really big organization, so like we had a security team, we had a cyber team, we had a firewall team.

Speaker 3: 30:46

We're very siloed, so I was just working on transit or out filtering and I never, never thought about security. And it's at this point in my career now, like you, dumb, dumb what do you mean? You didn't think about security. And why are you?

Speaker 3: 30:59

saying this out loud on the show. But but I just didn't, you know, and but it's so important and maybe it's just because of the size of the orc I worked in is there were the whole teams working on that like I wasn't even. I didn't even have visibility of firewalls, I didn't know where they were, login to them and that was by design. But it's just. It's amazing to me. Like you, you've been so ensconced in that security. Cyber world seems like from the beginning. I spent a decade and you know global networks and Never thought about security, what's like.

Speaker 4: 31:29

It's such a weird thing to say, I'm sure there were certain things that you did, you see, about rout filters. Rout filters does have a security application to it. I'm sure you're putting, but I never thought like you're putting a cel's on stuff right, maybe your management interface, maybe yeah, right, yeah I'll be totally just.

Speaker 3: 31:48

I never, I guess. I just didn't think of it as security. I mean it was, but I was also just following star company like you're standing up new gear. Here's the cel. She need to put the right I mean I know I remember from cc and a what they're there for cc and p studies, but like I didn't, I just never had the posture managing a network of like oh no, the baddies are coming, I have to stop them because it was somebody else job but it's really job like you said, like so are you, I'm gonna add blue team to my resume because

Speaker 2: 32:20

Make sure you make sure you put a reference in there to the baddies as well protector against the baddies.

Speaker 3: 32:28

So do you ever jump teams like have you done pen testing? If you did some, yeah, yeah, okay, because that's not I mean it definitely, it definitely can be.

Speaker 4: 32:37

I've done a little bit of that.

Speaker 3: 32:39

I'm a little bit of assessment work, so like Comparing environments against, you know, different types of requirements, vulnerability assessments, stuff like nessus, vulnerability type of stuff thrown around so many acronyms, they are not even gonna ask, because you can spend all night with you said sims like three times and I'm like is it simulation?

Speaker 4: 33:01

it's. It's a server that collects logs from everything and then has you can create different rules depending on select. If you see Fail login attempts on your router, right, maybe you want to know about that, so maybe it kick something off or send it to a different dashboard and then it kind of A lot of the more advanced ones. So stuff like splunk will have, you know, different types of analysis where it might correlate between different types of logs. So it's like, okay, we see this type of failed login and we see this type of attack signature coming from a different device. We see this thing. Well, those three things together means like, oh crap, it's hit the fan, like we need to do something about that.

Speaker 3: 33:40

So that's so amazing to me and so cool, like you could see all that data and start like this looks like An attack or threat actor.

Speaker 4: 33:49

This looks like what someone would look like jumping around inside of a network trying to get access, and kind of the cool thing from a networking perspective is it's the Only, it's the only service in every in the it environment that actually has visibility and everything right. So if you are a windows server engineer, right, the only thing that you're gonna be seeing is you know what's happening to your windows boxes. Being a network guy, you can do a span port office something and you're able to see everything. So it's really that's why. That's why network engineers are the best.

Speaker 1: 34:22

I like it any. You know you mentioned that you've worked for large companies and you're very silent. I have the opposite experience. I've only ever worked for small companies and I had to wear like four different hats, you know. I had my network engineer hat, I had my virtualization hat, I had my windows server hat, you know.

Speaker 1: 34:38

And then there was like the cyber security, everything that we did we had to think about, okay, how do we best protect this device, prevent stuff like this happening?

Speaker 1: 34:47

And sometimes it was just we got to prevent the obvious things, right like we gotta make sure we got secure passwords. We're not gonna Put clear tech stuff anywhere, just try to do our due diligence, let alone build up those iron walls and do anything else extra. And we also had to do the compliance stuff to. So I've worked at places that had to do like I saw, 27,000 one, the PCI compliance and hippest off. And you know, on top of all of my other daily duties I had to work with these contractors to make sure that this testing got done, the remediation got done, and then we kept up on the remediation so we could keep all of those, those sign offs and make sure that you know we were PCI compliant or whatever compliant, and I wish I had had a team full of people that you know worried about just this thing. I wish I was one of those guys that just worried about just this thing, but I, you know man and I wish I had more experience like you do.

Speaker 3: 35:40

You know it's. You know you have such a more well rounded skill set. You know it's just funny looking at both sides of the coin right, right.

Speaker 1: 35:47

yeah, there's definitely two sides to you're right, because, well stuff than I do, I know more than I know more about when than you do, but you know so yeah stuff right.

Speaker 3: 35:56

I think that's more useful. Yeah, I think the well rounded thing is much better. What's up, tim? I don't mean to cut you off.

Speaker 2: 36:01

Why you brought up earlier the concept of all these different acronyms and in different terms that were thrown around. So I got something I want to throw at John around that. So, john, what a client. Our perspective client approaches you and wants assistance. They've got a presence on the internet, they have some regulations that they need to abide by and they just want to make sure they're, you know, they have proper internet hygiene from an infosec perspective. Do you have like a run book or set of templates that you approach clients with, or is it, is it more just a listening session and then, going through experience that you've had to, to bring back solutions to them? What is that?

Speaker 4: 36:44

it's definitely more of a listening session, because I think, if you like, I could come in with. You know, my top five or top ten best practices of like these are the playbooks. I want to run and push this stuff out, but it doesn't necessarily account for the uniqueness of an environment, threat surfaces that are open, whether or not. Sometimes, if you go in and you want to do something, that's maybe like mid-level or advanced level, that might not even be really what the client needs. At this point it could be such a disaster that you really need to start more rudimentary or fundamentally with some really really basic stuff, I mean, for instance. So one of the things that I absolutely love and I could talk for like an hour and a half is about network segmentation. It's one of my favorite topics and it's something that I don't see done very often, almost anywhere.

Speaker 4: 37:38

A lot of times people just go, they create VLANs. If we're lucky, they create multiple VLANs. Sometimes it's not even that right and they just throw everything in there and there's no protection of traffic within the VLAN. There might not be protection of traffic going between the different VLANs. There's nothing there monitoring what that traffic could be, and so you're just completely wide open to anything happening, because at this point, if that's how your network is, chances are your patching process probably isn't all that great.

Speaker 4: 38:12

You probably have a whole bunch of rules in your firewall allowing things out to the internet or in from the internet. God forbid that. You probably shouldn't have. It's just simple stuff like that where sometimes it takes taking a step back, looking at what the environment is, what the assets are. The thing is, in some of those cases there's some little hanging fruit that you can definitely take care of. In other cases it really takes re-architecture and design and plan to move forward in a way to get an organization in a much more hardened and secure state I love this topic because I think that how we segment devices and networks has evolved a bit over the years.

Speaker 2: 38:54

Because you brought up just a minute ago with VLANs.

Speaker 2: 38:57

It used to always be VLANs and if you didn't have separate VLANs, especially recently, then you were doing it wrong.

Speaker 2: 39:06

I would always come back with well, first off, even if you have separate VLANs, if you're not doing anything at the router between them, then you still have an issue.

Speaker 2: 39:14

But where I think it's evolved a bit is with concepts like micro segmentation to where you can have a major VLAN for the purpose of simplicity in your environment, if you want, obviously, prototypical network engineer, you don't want to span VLANs all over hell and deal with spanning tree. But there's overlay technologies and things that can help out with that, where you can have layer 3 everywhere and then make it look like you're spanning VLANs. But the concept of micro segmentation, where you can have clients in the same layer 2, but there's policies pushed down to the client at the switch port, at the wireless controller, that once they are, once the devices are profiled, they get policy and, yeah, they're on the same VLAN, they can route to each other, but any traffic that isn't allowed, deemed not allowed stops at the edge or before it can reach the destination. So I do think it's evolved and I think it's evolved in a better way.

Speaker 4: 40:18

Yeah, micro segmentation is awesome. I think the challenge with that then comes to do you have the money to implement it with the tool sets? Do you have the skills to be able to do that, and does it kind of align with the type of architecture, depending on the micro segmentation tool that you'd be using? Does it align with the other stuff that you have in the environment, kind of like some other stuff that I think equally works as well, and depending on the size of the environment, it might not be an issue to implement. Obviously, a stuff kind of grows larger. This might not scale as well, but private VLANs are great.

Speaker 4: 40:57

That's definitely a thing you can do to limit communication within a VLAN. So you got your promiscuous ports, you got your community ports, you got your isolated ports and you can kind of be smart with the way that you design that Host-based firewalls. You can definitely do a lot of controlling of traffic with those Inter-VLAN ACLs. That's another thing that I've implemented in different solutions. So pretty much you attach an ACL to a VLAN. Anything that's destined outside of the VLAN or coming from outside the VLAN you let it through because you're going to be doing that, filtering more at your firewall or wherever your layer 3 stuff is, but you then are being specific with the traffic that you are allowing within the VLAN, and so there's a whole bunch of different ways you can go about tackling that problem and, depending upon the skill sets, the resources, the money and all that type of stuff, there's definitely options available there.

Speaker 1: 41:54

And now a work from our sponsors.

Speaker 2: 41:57

Unimus is a configuration management and network automation solution designed for fast deployment and ease of use. Unimus approaches network automation differently. The goal is to lower the barriers of entry to automation Without having to learn any programming or templating languages. Unimus lets you use rapid automation features for common workflows like pushing large scale configuration changes or upgrading your routers or switches firmware across your network in minutes, supporting 300 plus device types across 100 plus vendors. With disaster recovery, change tracking and config auditing features on top of automation, unimus is the most versatile NCM out there.

Speaker 3: 42:38

now back to the show when the bad man is in the network when the book I love.

Speaker 1: 42:42

This is guys.

Speaker 3: 42:45

I mean it right, like I mean, what do you do like, so you, you know your first you got to know he's there right, well, that's what I'm getting. I'm setting the stage, so you know all your fancy expensive software and your sims and all that other great stuff that I don't know about tells you like right row yeah somebody's doing the farthest things and it's after they've been there for four months find them and right because

Speaker 3: 43:07

sure, yeah, like they're hanging out, you know hopefully they haven't locked everything down with, uh, what's up? Well, I you know what's that new thing they do, or they lock everything down that's a bitcoin or whatever. But so like, what do you? Yeah, yeah, yeah, that's fun. Um, it's like what do you? What do you do? Like you get notified that they're in. They haven't completely destroyed you yet, but like, right row, there's somebody in. You have to find them.

Speaker 4: 43:27

Root amount like yeah, it's almost, can you?

Speaker 3: 43:30

find them and get rid of them? Do you just start changing passwords everywhere?

Speaker 4: 43:33

I mean there's definitely you mitigate that right, so you should have a incident response plan for your organization. You probably will have a uh dfir team. So, like data forensics, incident response right, different um, and depending upon what it is that you're seeing right in the environment, dictates what you're going to be doing with that. Uh, as far as isolation and shutting things down or not shutting things down, or I mean there's no, there's no 100 right answer for every single scenario, I guess because just because they're in there, you have no idea of what they have access to what damage they've done.

Speaker 3: 44:12

Yeah, like, so that is that part of the cis sp. Like you need a plan sure, I mean they definitely.

Speaker 4: 44:18

They definitely do talk about like incident response, incident response in that and all that right, that's the first time I heard it like we so normally by that point you you're obviously, you know, in in uphill battle.

Speaker 4: 44:29

So I think the better thing to do is look at how you can get alerting quicker to something potentially happening right. And so there's this um, I want to say theory, but methodology maybe. Uh thought uh called active defense, and so what that involves is kind of putting trip wires and honeypots at different points in your environment and kind of enticing the, the baddies right to uh, to go and hit those things and then, when that happens, then you're able to see that this is happening, where they're coming from, and you're much better able to respond and see kind of how they got in the environment and, depending upon what it is, you can actually do some stuff that can kind of just keep them guessing for for a while, because you can place yeah, last cyber question.

Speaker 3: 45:21

So can you see them or you can just see the effects of them. Like you can't go there he is. You're like, oh, he logged into this thing, what's he gonna do next? Like can you look at a network and see where this I mean sure.

Speaker 4: 45:32

I mean, depending upon if you actually are setting something up that is a honeypot, then yeah, you could see stuff in real time.

Speaker 3: 45:39

As far as like honeypot, let's say he's smarter to not go through your nonsense honeypot. Like he knows that's a honeypot and it's not what he wants. He's trying to get in your database.

Speaker 4: 45:46

He wants you know well, I mean, so you get there actually. So, uh, with the database you can do something called honey tables, which is same idea. It's great, it's the same idea, it sounds delicious right.

Speaker 2: 45:58

So you know, you can you uh same idea as a honeypot, right.

Speaker 4: 46:05

It's just, uh, some you make some information in your database look like it's the most important thing there and maybe it's a separate table that has much easier access to be able to get into.

Speaker 4: 46:16

I'm and that's kind of thing. You want to leave the door open a little bit and then you can kind of see what they're doing, alert on that, you know which IP they're coming from, right, and then you can. You can Kind of start to at least trace back how it was they got into the environment, right, because that's the thing is like. It's probably wasn't necessarily a direct connection from the internet, it probably was a pop the box somewhere because somebody clicked on something they shouldn't know. They were able to get persistence on a box and from there they started doing other things in the environment, which then comes back to what we were just talking about with network segmentation. And if you aren't doing that, then it becomes a lot easier for them to just start hopping all over the place, right? If you did have network segmentation, then the work station that the person who works in finances on should have absolutely no reason to be able to connect to a SQL database. You know, in in the database view, in.

Speaker 3: 47:06

What depends? You have a plan you might be shutting things down, changing passwords everywhere?

Speaker 4: 47:10

yeah, I mean that that can suck for sure. Having to go through and nuke everything, I mean, like you know, everybody, everybody was affected, like when all that solar wind stuff happened. I mean that was wild, which kind of sucks, because I like solar winds a lot of them using them for A long, long time and think, think the tool sets pretty solid, but yeah, I mean that pretty much had everyone's hair on fire because they were trying to figure out you know what, what the hell is going on. A lot of people got popped. But again that comes back to proper network filtering, because there really is no reason why your solar winds server should be able to connect anywhere out on the internet. There's absolutely no reason for that. If they had implemented it that way, then Stuff would have gotten popped in the cyber sounds way more fun than when.

Speaker 2: 47:56

The honeypot concept is like the Steve Buscemi character in a grown up dresses himself up to make himself look like he goes to high school and how do you do hello kids Skateboard and all I don't want to.

Speaker 1: 48:12

I don't want to gloss over the fact that during your intro you said that you Took the CCI. You written a few times and past it, you know, since we are a engineering podcast. So, so, so. So, first of all, the you said you took it a few times and past it. Did you ever go take the lab? Did you finish it? You have your numbers. Is that still? On the to do list, or is the every you just?

Speaker 4: 48:33

So that was back when I definitely was just on the network engineering path and the non business on the path. I was definitely doing that. And back then so when I passed mine, it was when it was like for exams to get the CCMP. So it was the BCSI which was the switch one, bc, msn I think, which was like maybe the routing one maybe, and then there was like a QOS one and then A kind of like VoIP and security one is kind of security. I think it was like IPsec tunnels and a little bit of. They were picks back then but whatever, whatever firewall you want to call it.

Speaker 4: 49:17

I know they're fire powers now, but there was another Instanciation in between there, yeah, so it was cool. And then, like doing the IE written, it just was okay. I think I might want to go do this, but it's also kind of Easy to just like research. Just go take that and research, and it really wasn't tougher than the CCMP exams.

Speaker 1: 49:35

So that's why, after I did it the first time, I was like, okay, I'll just so I want to change gears a little bit, as as content creator to content creator at what point in your career did you decide to start creating content and why like? Why did you decide?

Speaker 4: 49:52

so it was because covid hit and I was working from home and I'm like I have all this time Sounds like I guess I should start doing something you know a little, a little bit productive and kind of aligned with.

Speaker 4: 50:08

Like a lot of the vendors were like doing free training right, it's free training and free certs for a lot of stuff. So that kind of pushed me into, I think, that one of some of the first few things I started doing, like a few Cisco videos, just you know, some lab stuff and then Juniper was doing a thing where they were giving away free vouchers for their associate exams. So at that point they had like five of them. So I made this video where I like created a Juniper network certification challenge and I was like, hey, these things are all free, I'm gonna go take all five of them and see how it goes. And you know, I had experience with Juniper at that point probably I don't know seven years of experience with Juniper, so I wasn't too worried about not passing at least the routing and switch stuff. And yeah, from there it was just kind of took off with maybe doing some other certifications.

Speaker 4: 51:02

I did like some Some Microsoft stuff, because that was free, and then some some AWS stuff, and then it kind of just went from there. Then I started playing around with a try hack me, which is a great learning platform for different types of Started off as offensive and defensive cybersecurity labs. But honestly, they have labs for a whole bunch of different types of like IT fundamentals and stuff like that too. So I asked them I'm like hey, is there any issue with me filming these on my YouTube channel? And they were like no. So I was like alright, sweet. So it was just kind of a lot easier than me coming up with like labs to do, designing my own lab, right.

Speaker 3: 51:39

So yeah, that was kind of what, what kicked that all off?

Speaker 4: 51:43

and then, once you kind of start it's, it's hard to stop, I guess yeah no, no joke.

Speaker 1: 51:48

Right, and as soon as you start getting positive feedback from the community to most definitely so I was gonna say so.

Speaker 4: 51:53

the other kind of thing with that was like my mom was a teacher so when I was a kid, so I think like there's probably a bit of me that kind of got that from her and kind of is like yeah yeah, yeah.

Speaker 4: 52:05

Don't necessarily want to go in a classroom with kids. Maybe, I don't know, maybe once I get older, but having the ability to create content and share it with people is definitely satisfying in a lot of ways. And then Also, I had a lot of people throughout my career that definitely help, mentor me and provide me with resources. And you know, back then that was totally different. Back when, back when I started, there wasn't free resources and if you wanted to learn anything Like, let's say, you want to learn something Cisco, you pretty much had to go to Barnes and Noble and buy the one Cisco press book that was about that topic that was it, it was gonna be super, super dry.

Speaker 4: 52:46

You know, maybe maybe there was a boss on you know CD lab or something for something somewhere, but yeah, it was. It was a lot rougher back then. So having the ability to create stuff based off of stuff that I've learned and able to pass things on, definitely something that that I enjoy doing as a way of giving back Nice nice, I love it.

Speaker 1: 53:09

I love it. You cover so much on your YouTube channel. It's very cool. I mean like if anyone wanted to get started anything, they could probably pop over there and find the topic. So I want to kind of throw a question at you, knowing what you know today and you said you guys started like 2003, 20 years ago. Right, what would you do anything different if you were just starting out today versus how you got started?

Speaker 4: 53:34

So is that what I do, anything different starting back in 2003, or?

Speaker 1: 53:38

I guess, if you had to start again today, fresh, what would?

Speaker 4: 53:42

you do, how would?

Speaker 1: 53:42

you approach it or how would you recommend somebody starting out today it's a good question.

Speaker 4: 53:47

I mean, the landscape's changed a little bit so I probably would end up getting more into the DevOps and cloud stuff earlier than Then what. I kind of did in my career at this point, which is definitely stuff that I've started kind of picking up, maybe the past five years or so, I probably would have tried to embrace coding a little bit more Because, like, I took coding classes in undergrad, I hated them, I hated Java, I hated C++. I was like, yeah, I have no desire to do.

Speaker 4: 54:28

But you know now, at this point, like I like, I like some automation stuff, like you know Ansible school, terraform school I can know enough to be able to go and steal something off of somebody's GitHub and make it work. You know that that's something I guess, so I probably would would focus on those, but I don't know. The flip side of that, though, is and I think this is definitely a challenge for a lot of people is there's just so much stuff now they don't necessarily need to go, and at least before, when I started in 2003, I was like I love networking, so I'm gonna. I'm gonna do networking Because, like the other choices was like system administration, and so Windows was boring to me, linux was scary, and like databases. There was like two people who did it and they all were like 55 years old, so like as a 20 year old like I don't know anything about that, I just leave that.

Speaker 4: 55:28

So I think, at least from that perspective, it was a lot easier to build up, you know, a intermediate to advanced skill set in things Versus. Now I think it might be a little bit hard to do that just because you got to know so much of so many different things.

Speaker 1: 55:49

Yeah, yeah, I mean there's so much you just kind of got to pick somewhere to start right like you'll get to it all eventually. You can't get to it all at once.

Speaker 2: 55:56

The only other question I had was kind of stemming off of something Andy brought up early on, in that somebody that wants to make a conscious effort to get into cybersecurity, information security, I mean I personally see that as like it's just this huge elephant that is cybersecurity. So I know there's really good paths to get started things like the security plus and things like that but once you get beyond the real basics, what recommendations do you have for people that may want to get into cybersecurity? Do you suggest trying to find a specific discipline or something they can hone in on, or is there a more holistic approach?

Speaker 4: 56:40

I mean, what are your recommendations? It's always tough and it really depends on the individual. So that's why, whenever anybody like says that to me, I always ask them why, like, what is the thing about cybersecurity, that is, is pulling you towards it? And if they actually have an answer for that, then it's a lot easier to kind of point them in the direction of the things that they should do to kind of get beyond that foundational level. The other thing that I think is kind of difficult is I don't necessarily think and this is kind of like a controversial statement, I don't know yeah, I don't necessarily think that cybersecurity is like an entry level role, so I feel that no.

Speaker 3: 57:24

It's not an entry level role.

Speaker 1: 57:25

These people are bonkers or high.

Speaker 3: 57:30

I mean you started in the beginning like you need fundamental, foundational.

Speaker 4: 57:35

But I will say that I think that there's instances now because there's such a need within the industry for people that are filling those roles. But there are situations where they are hiring people who don't have the background into those roles. Now whether or not these people end up succeeding or not is completely different, but there are some paths to do that. But I still don't think that that's the best path or the easiest path. I think it probably would be pretty frustrating. So to me, I think it's better to build up that skill set on the IT side. As an engineer, or at least as an admin, you're familiar with how things are communicating. You're familiar with processes.

Speaker 4: 58:19

The other thing is like people come into cybersecurity if they don't have a background in ops, tempo and understanding like mission impact of business. It's very hard to be able to navigate the intricacies of working between different teams that are responsible for different things and trying to protect an environment in a way where you're not necessarily becoming a hindrance. Because if that's the case and you're coming in and you don't necessarily have context to understand why people are doing things a certain way, whether it might be right or wrong, still having the context can help you work with them to develop the right solution for managing and deploying solutions and infrastructure in a way that is secure. And I just think coming in off the street and not necessarily having the foundational technical skills and not kind of having at least a little bit of insight, definitely makes it more of a an uphill battle.

Speaker 3: 59:16

I know this episode is going to be cyber, because now I'm not in any level position. One thing I do recommend to anybody who is interested is definitely go to your local cybersecurity conferences.

Speaker 4: 59:28

So besides is probably the most famous one. There's chapters. Anybody can spin up a chapter anywhere in the world. They're all over the place. They're great. The community there is really solid. The talks normally are going to be, Um, very actionable and technical, but at all levels of the spectrum. So definitely we'll have a lot of stuff geared more towards the folks just getting in. They'll have talks based on career things. They'll have people there doing resume reviews. They'll have companies there that are hiring.

Speaker 4: 1:00:00

Tickets to B-Sides events normally are maybe like $30. Then normally the day before the actual events, they normally do all-day workshops. Those normally go for like $75. So it'd be like, oh, sock analysis 101. You don't know anything about being a blue team sock person. You can go to that class and they're going to give you just like a very introductory breakdown of this is what we do in a sock. These are the tools that we do. We're going to spin this up in a virtual environment. You can poke around and look at stuff. So B-Sides is awesome. Like I said, depending on where you are, there might be a whole bunch. For me, being in the DC area, there's actually three. So there's the one in Northern Virginia, there's the one in DC and then there's the one in Baltimore. So those of us that live here were pretty blessed to be able to have three cyber security conferences that are pretty cheap and have a really good community of folks that go to them.

Speaker 3: 1:00:50

Are there any vendor certifications?

Speaker 4: 1:00:52

Most definitely. So it depends upon the vendor I mean. So Cisco has security certifications, juniper has security certifications, so I have the JNCI.

Speaker 3: 1:01:06

So we're saying security and cyber the same thing, Like, because what I'm getting at, I'm going back to your like cyber isn't an entry level position. So if there was a cyber security vendor certification, I only have to assume that networking fundamentals is going to be part of that core curriculum. You're not going to learn how to secure the networking.

Speaker 4: 1:01:26

But no, I think the closest thing that you're going to have to that is probably the security plus, but that's vendor agnostic, right, so that. So when you were saying vendor, I was thinking of like actual specific vendors. So Cisco, splunk, juniper.

Speaker 3: 1:01:38

So like so for me to get in a networking, I was told to get a CCNA. And that's what CCNA is an entry level.

Speaker 4: 1:01:44

CCNA is a pretty like follow up. It's a challenging exam to people who don't have back down to that advice, I guess.

Speaker 3: 1:01:50

It kicked my butt on the street for two years. But yeah so so you know, but you know, for networking that seems to be like, oh, you want to get in a networking get your.

Speaker 1: 1:01:58

CCNA at the very least to get through the HR screening, because it's going to be on all the job descriptions. Right.

Speaker 3: 1:02:02

So in cyber is there an equivalent to CCNA. That isn't security, because when I think security, I don't think. When I think vendor security, that's not cybersecurity. Yeah, I mean.

Speaker 4: 1:02:13

I would say the security plus is is what that would be. If you're looking at when we're saying entry level, we're looking at the most junior cyber roles, they're probably going to be looking or requiring something like that, but they're probably going to require more than that as well. But that that would kind of be like the the bait. If someone was like I want to get a cybersecurity cert and they don't have any background or anything, that would be probably what I point them to first. But there are a lot of other cyber certs that more on, like the CCNA level, right. So again, like I say, ccna to me isn't necessarily all the way at the bottom, it's, it's, it's up a little bit more. So, like, depending upon the, the cloud service provider use, they all have different cyber certs for their stuff. Cisco has their cyber certs.

Speaker 3: 1:03:03

Yes, so I guess you could look at your descriptions of cyber, if you're somebody trying to get in and look at what they're looking for. I mean you could.

Speaker 4: 1:03:10

Or if you're going kind of like down the the network security path right, that's obviously different than going down like the SOC analyst path, right. And same thing if you're maybe going down like the governance risk and compliance path. That's going to be where you're going to get more into, like you know, the CISP type of stuff which, again, you know people throw that out there, but you actually can't get a CISP until you have five years of guess I guess is why you asked those qualifying questions to those people Like what is it about cyber that?

Speaker 3: 1:03:38

exactly you, because there's different answers within that field.

Speaker 1: 1:03:41

Yeah, Very good. Well, I want to take a moment to remind our listeners if you're on the social media as you can find us anywhere use social at art of net edge. We're on Tiktok, instagram, twitter, youtube. Now you can get us youtubecom forward. Slash at art of net edge. We're releasing some pretty funny content these days. I'm enjoying making it. Tim's also doing a fantastic job playing every single part in the video.

Speaker 3: 1:04:07

Tim, he's a raise.

Speaker 1: 1:04:11

He's acting resumes growing by the minute, it seems, and please share this podcast with the fellow network engineer and help spread the word, the good words that we're sharing with folks like John here. John, where can people find you?

Speaker 4: 1:04:25

So on Twitter, jay Bezel 703, youtube, cyber insight, and then you know a whole bunch of other other websites that people are trying to do stuff on. If you look up cyber insight, you'll probably find me there.

Speaker 3: 1:04:39

Are you a Snoop Dogg Nickname that some folks at work gave me?

Speaker 4: 1:04:45

And yeah. And then once it was kind of stuck in, I made a Twitter account that I didn't think was ever going to grow and it was like I can't really change.

Speaker 1: 1:04:57

Yeah, yeah.

Speaker 3: 1:04:59

I love Jay Bezel.

Speaker 4: 1:05:00

That's great.

Speaker 1: 1:05:00

That's great. Do you have a favorite or popular video that you've released?

Speaker 4: 1:05:08

I think of like some. Yeah, I know Seriously I should. I should have thought about that.

Speaker 1: 1:05:14

I don't know if you got like a favorite. Turn to my favorite child.

Speaker 4: 1:05:18

I just dropped a video on my my trip to go visit Juniper headquarters. That was. That was kind of cool. If you want to see their lab that they have there that they do all their different testing for customers, it's a pretty cool like technical stuff it depends on. Depends on what you want. You want some CCMP stuff. I got a whole bunch of labs. Ccna stuff I got a whole bunch of labs. Like you said, pretty much, if there's anything that you want to learn, I probably have a video on it.

Speaker 1: 1:05:41

Yeah, yeah, awesome John, before we let you go, is there anything we should have asked you that we did?

Speaker 4: 1:05:47

It's a good question. Yeah, I try to.

Speaker 1: 1:05:51

I try to end the end, the episodes like this. You know like we ask, all we're asking a lot of questions.

Speaker 4: 1:05:56

I think you guys hit everything, and then you also asked me a lot of good questions last time I was on too. So, yeah, I think, yeah, yeah.

Speaker 1: 1:06:03

Well, we'll have the link in the show notes to everything that John mentioned so you can find more of him, and we'll also make sure that we drop a link to the previous episode that John was on, where he shared his experience departing the military and crossing into the civilian world. That was another great episode with some other good guests. So that's John. Thank you so much for joining us this evening. This has been such a fun conversation. I've learned a whole lot. I know Andy's learned it done. I don't know, I don't know about Tim. No, I don't think he always, every day.

Speaker 1: 1:06:30

Awesome. Well, thanks for joining us and we'll see you next time on another episode of the arts of network.

Speaker 2: 1:06:37

Good luck keeping the baddies out.

Speaker 3: 1:06:39

Hey everyone, this is Andy. If you like what you heard today, then please subscribe to our podcast and your favorite pod catcher. Click that bell icon to get notified of all of our future episodes. Also follow us on Twitter and Instagram. We are at Art of Net Eng. That's art of net Eng. You can also find us on the web at art of network engineeringcom, where we post all of our show notes, blog articles and general networking nerdery. You can also see our pretty faces on our YouTube channel, named the art of network engineering. Thanks for listening.