2022 Start of Year Address

For the Cohort of Jay Jay Davey

Preamble – We can be more
Last year was a test for not just the industry but humanity as a whole, we saw the lowest of
the lows, with some highs mixed in. Yet, despite it all, we remained strong through times of
uncertainty. However, this year is a new year for us to grow and push forward, we need to
stick to our path and work hard.

This year will not be easy, but through hardship, I promise you if you stick to this, you will
see success like you have never imagined, so much so, it will make last year look like a speck
of dust.

I am determined to make the recipients of this document world class professionals, but one
of the critical skills that everyone should have to be world-class is emotional intelligence, to
help people in times of need and to be that leader people want. Leadership is something
you do, not a title you wear.

As you progress, you will become more confident and outspoken, please remain humble
throughout your career.

"Work hard. Be humble, and I think that will serve you well in life." - William H. McRaven

Don't be afraid of failure; failure is a way of telling us we have not given up and are still
trying. It just means you are not there yet and never throw in the towel. Through failure, we
learn the harshest but greatest lessons ever, I have failed more times than I care to
remember and I still fail. But failure is useless if we do not analyse and learn from it, make
sure you take something away from your failures.

"The great leaders know how to fail." - William H. McRaven

Breaking into Cybersecurity 101
Many people are trying to enter the industry, but a lot of these people do not have guidance
from a seasoned professional and mentor. Breaking into the industry is not easy. It is a
combination of many things. There is no single degree or certification that will grant you a
job; why? Because pretty much everyone has these.

The Foundation - Like every great building, there is an even more excellent well-structured
foundation. This is the same for a promising career. The foundation needs to be solid.
Cybersecurity Is NOT an entry-level field, and you will need solid technical foundations
before you can enter the area. Otherwise, you will fail at almost every hurdle. But how do
you build this?

Simple, hard work, dedication, and guidance, you will need to put the time and effort into
building this foundation. There is no silver bullet degree or certification. Instead, you will
need to put the hours into understanding the conceptual foundations of technology through
academic studies to help you know it. Make sure you are learning Networking, Linux,
Windows, Technical Security, Cyber security threats and a bit of GRC. This way, you will be
more holistic when applying for roles.

If you rush, you will fall - If you rush to try and get into the industry, you will soon realise
that you know nothing. The skills gaps will trip you up at every hurdle. as above, make sure
you are learning enough to understand the foundation to apply and articulate it; this even
means in an interview.

Get Practical, but not too much - Everyone wants to hack. Does everyone want to jump on
practical learning? Of course, but everyone seems to take it too far and leave the academics
behind, which is very bad. Anyone can learn the tool; that is the easy part. However, not
everyone can understand the different scenarios and translate the reasons for using the
tools to an audience, and this is because they don't know. So don't be a tool monkey!
Instead, dedicate your time to understanding your craft. Otherwise, you will be a junior
analyst for life.

Have an attacker mindset - All defensive professionals should have good offensive security
knowledge and skills. This way, they can apply it to their defensive activities to help identify
threats, secure a business, and ultimately provide a better service.

Your lack of confidence is holding you back - Want to progress? First, you will need to break
out of the complacency of an introvert like behaviour. Of course, knowing your trade better
will help you become confident, but also making mistakes will help you learn and perform
your work better.

It will help if you become confident. For example, you can find many ways to practice
speaking by presenting, talking on a podcast, or teaching more junior people. Another
aspect is getting feedback, asking your manager, mentor, or senior to identify gaps in your
knowledge and skills to help you progress.
Certifications are not enough everyone has them - It is a sobering fact for some to hear
those certifications and degrees just don't stand out anymore. They also do not teach you
enough to be a good hire, a harsh fact I know. However, there are many ways to make them
enough, such as studying as far as possible to understand the concepts and constructs
adequately to confidently articulate them in videos, articles, and interviews without
prompts. This is what makes a solid junior, someone who has this firm grasp despite their
certifications.

Stand out from the crowd - Everyone has these Certifications and Degrees. They all look the
same on paper. To get anywhere, you need to create a personal brand and stand out from
the crowd as a confident and capable junior hire. While these paper-based achievements
may help you get past HR filters (Commonly called Applicant tracking systems), people are
missing an essential and critical aspect. Social media has the power to build a brand through
articles, videos, posts, and overall engagement with the industry. Doing this will help you be
seen by your target audience and demonstrate your ability, skills and knowledge to
potential hiring managers.

Treat your LinkedIn as a digital portfolio of you as a professional, produce that content, post
that content, get yourself seen, get yourself hired.

You cannot learn Cybersecurity – You cannot learn "Cybersecurity" because it is simply a
conceptual construct of business activities that ultimately increase the resiliency of their
business value through implementing physical, administrative and technical security
controls to manage technical risk. So how do you learn? Within the industry, multiple
disciplines are required to perform the roles; however, what is needed is relative to the
chosen position or path. To clear this up, a SOC analyst, for example, needs to know
network engineering, threat hunting, security engineering and system administration, to
name a few, and it can not be just "Cybersecurity" it is an accumulation of different
disciplines.

To become the quintessential professional, you must widen your perspective on this.

Just applying for jobs is futile - We live in an age where most roles are found through
LinkedIn and word of mouth, the usefulness of job websites is swiftly diminishing, they host
stale and fake positions. Simple fact, most companies prefer to hire through Linkedin to
save money and have improved vetting on candidates. Also, the fact remains that recruiters
are very active on LinkedIn; it is a candidate pool for them. In summary, most roles are
found word of mouth by recruiters, hiring managers, and Linkedin rather than job boards.
Don't be this person that celebrates applying for 100 positions, I have applied for less than
10 in my entire career.
Studying to become a world class professional
The field is massive, and roles require vast amounts of knowledge to succeed. You can take
a degree or Bootcamp and get into the area, but you will be full of skills and knowledge gaps
that will ultimately become a resource strain as the business make an effort to help you
learn the essential foundations you missed or, worse, remove you from the company.

Research your desired role, understand it - The industry size is significant, which is an
understatement, and each position will require different skills, abilities and knowledge to
perform expected duties and succeed. As mentioned before, you can not learn
Cybersecurity. You must understand the underlying requirements of your desired role. The
research will require job descriptions, job websites and other resources to understand the
needs. Based on this, you can understand what certifications may be required to fulfil the
HR requirements and ultimately teach yourself the required knowledge

Failing to prepare is preparing to fail - Those taking it in their strides, winging it, or waiting
for the moment to come ultimately put themselves at a disadvantage compared to those
who plan, prepare, execute, and align. Study efforts must be aligned to your goals to fulfil
the requirements, manage expectations, and logically cover ground. Make sure that you
research enough to have a holistic plan, make sure you prepare yourself for interviews and
tasks and come equipped with the knowledge and skills.

Build a study plan - When you understand your desired role, you should understand the
requirements, research certifications, skills and required knowledge to succeed in that
position. Remember, Cybersecurity is not an entry-level field, it is an advanced technical
field with entry-level jobs, and these still require experience or a strong foundation. Strong
foundations allow for a strong proverbial career skyscraper.

Reasonable goals, realistic anticipations - There is much ground to cover, be sure to give
yourself enough of a time frame to study, complete a certification, or complete a course.
The last thing you want is to put too much stress on yourself that you lose motivation to
achieve your goals. You also need to give yourself enough time to fully absorb, understand
and articulate your learning to get that firm grasp that will take you forward to success.

Join groups, talk more - A key aspect people forget is that the industry is beneficial, and
there are many groups designed for discussing cybersecurity and advancing your studies.
The other edge of this is that it will allow you to articulate your studies and understand
them better; discussing what you have learnt will help make it concrete in your mind. This
talking is a critical professional skill to take into your career.
Mental fortitude
Failure, excessive studying, long hours can all lead to burnout and feelings of inadequacy,
impostor syndrome and motivation loss; however, this can be managed with an intelligent
and stoic approach to this challenging endeavour.

Failure is a harsh lesson - When we fail, we fall short, that's all, and with failure, we need to
analyse what went wrong, what was missing and what needs doing to rectify this. Feedback
is essential, so be sure to seek it where you can to highlight what happened.

Failure is much better than quitting. It is a reminder that we are trying, moving forward,
taking that shot, and although we missed, we tried. Someone who failed is ten times more
of a person than someone who quit because at least they tried. So seek the lesson inside
failure, learn from it, I fell more times than I care to remember. Failure breeds success if you
let it.

Manage your time, Manage your life - Don't let study and your career absorb your energy.
Instead, make time for hobbies, family and friends; it is important both physically and
mentally that we are active and not falling into introverted ways. Time management is
crucial, allocate reasonable time for your goals and save time for your life.

The brain is a sponge, don't drown it - There is no glory in pulling late nights and long hours
studying; your brain can only absorb so much daily before it runs out of energy and nothing
else is retained. So be sure to look after your number one tool, the brain, with proper time
management, good diet, rest and plenty of water.

Do what works for you - We all learn differently, try different styles to help you learn, but
make sure it is balanced because there is still a lot of theory and academic study required to
be an excellent professional. For example, I used videos and reading app to help me study.
Forcing yourself to learn in a way that does not work for you is counterproductive and
should be avoided where possible.

Remove negativity and toxicity - There is much negativity and toxicity online, which can
passively take away our energy and sometimes our time, if you find yourself in an
environment like this, it is best to remove yourself from it and try not to engage with it.
Likewise, if you encounter someone negative and abrasive to your goals and journey, it is
best that you remove them from your life to focus on yourself. Invest your time and energy
in your goals, the return on investment will be much greater.
Recommended resources
Here is some suggested resources to help you build a solid foundation regardless of what
role you seek. This foundation is the expected knowledge that juniors should possess when
entering the field, and if you do have it, you will be at an advantage over other juniors and
ultimately progress quicker.

Be sure not to rush when you study this foundation as it is what your career is built on, and
you want it to be strong, and you want to understand it as much as you can.

Networking

Fundamentally one of the most critical components of a cybersecurity professional

foundation because everything we do involves a network, that element of which computers
talk to each other, allowing threats to reach their target. Therefore, we need to understand
how networks work and how they are built, how we troubleshoot them, and secure them.
Having a firm grasp on this will help everyone from SOC analysts to technical auditors.

Professer Messer’s Network+ Course | CCNA Full Course | Cisco Network Academy

Operating Systems & System administration

Another essential piece in a professional foundation is the knowledge of operating systems

themselves, the endpoints that talk on a network, how they are configured, managed and
installed. Understanding these operating systems will allow you to know how they can be
attacked, miscofnigured and how they can be secured. You will need to get hands-on with
these, and there will be times in your career where you may have to install security services,
patches or harden an operating system.

Linux Server course | Linux administration course | Linux terminal course

Windows server course | Powershell for beginners | System administration Course

Security foundations

The foundational knowledge in security is essential, and you will be speaking to different
audiences and expected to translate technical security to the language of the business. This
only happens if you have a good understanding of the core concepts and constructs.
Examples include governance basics and technical security basics. Everything you have
learnt up to this point should now be approached with a security perspective, such as
securing a network, securely deploying operating systems and an overall emphasis on
security.

Professer Messer’s’ Security+ course | NCSC Guidance on risk management | CISM short
course
Closing statement

While challenges do indeed lay ahead, and they may seem impossible, you should approach
them with due diligence, stern pertinacity, strength and sagacity, you will best these
challenges. Do not let the fear of failure hold you back, as all successful people have failed,
and they don't talk about it.

"Everything is theoretically impossible, until it is done. One could write a history of science in
reverse by assembling the solemn pronouncements of highest authority about what could
not be done and could never happen." ― Robert A. Heinlein.

I hope you make this year your own, and take challenges and failure in your stride without
letting them oppose you. I look forward to helping you grow in 2022.

CyberMentorDojo statement

CyberMentorDoJo has some significant developments in the pipeline this year, and we look
forward to announcing them soon. These developments will have one thing in mind: "help
people unlock their potential", we hope that our hard work will have a profound positive
impact.

Our ask, is to help spread the word of CyberMentorDoJo, tag us in your posts to see your
successes, tag your mentor so they can see you grow and help CyberMentorDoJo become a
leader in mentoring and positive impact on the industry and the people.

All the Best,

Chief Educational Support Officer,