full
Breaking into Cybersecurity - Raphael Nicolich
Breaking into Cybersecurity - Raphael Nicolich
Raphael Nicolich on LinkedIn https://www.linkedin.com/in/rnicolich/
Sponsored by CPF Coaching LLC - http://cpf-coaching.com
The Breaking into Cybersecurity: It’s a conversation about what they did before, why did they pivot into cyber, what the process was they went through Breaking Into Cybersecurity, how they keep up, and advice/tips/tricks along the way.
The Breaking into Cybersecurity Leadership Series is an additional series focused on cybersecurity leadership and hearing directly from different leaders in cybersecurity (high and low) on what it takes to be a successful leader. We focus on the skills and competencies associated with cybersecurity leadership and tips/tricks/advice from cybersecurity leaders.
This podcast runs on listener support and funding. Consider supporting this podcast:
https://breaking-into-cybersecurity.captivate.fm/support
Check out our books:
Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUI
Hack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com/dp/1801816638/
_________________________________________
About the hosts:
Christophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over ten years of experience as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, processes, and information security by using a consultative approach.
https://www.linkedin.com/in/christophefoulon/
Find out more about CPF-Coaching at https://www.cpf-coaching.com
- Website: https://www.cyberhubpodcast.com/breakingintocybersecurity
- Podcast: https://feeds.captivate.fm/breaking-into-cybersecurity/
- YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity
- Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/
- Twitter: https://twitter.com/BreakintoCyber
- Twitch: https://www.twitch.tv/breakingintocybersecurity
Transcript
Welcome to another episode of Breaking Into Cybersecurity,
2
:where we talk to individuals that have
broken into the field so that they
3
:could share their tips, tricks, and
suggestions for others breaking into
4
:the field Today we have Raphael, Nico,
5
:. First, before we jump right in, let's
put a call out that if you enjoyed
6
:this episode after viewing, please
do share it with all your friends and
7
:family, because we do need to have
that diverse perspective of individuals
8
:coming from different backgrounds
and different varieties into the
9
:cybersecurity field so that we can
tackle the problems from tomorrow.
10
:Rafael tell us a little bit about where
you were before you were in cybersecurity.
11
:Raphael Nicolich: Sure.
12
:First of all thank you so
much for inviting me here.
13
:I'm honored.
14
:I Came to know about your podcast late
:
15
:invited to be here and I've never thought
that one day I'll be the guest talking
16
:how I broke into cybersecurity mode.
17
:Yeah.
18
:So let me just go ahead and start it.
19
:Hi everyone.
20
:I'm Rafael Nicoli.
21
:I was born and raised in Rio Janee,
Brazil, where I graduated from law school.
22
:After getting my Juris doctorate degree,
I continued studying hard and I was able
23
:to join the Rio Jane state police as a
e detective That was made mid:
24
:hoWever during my time in the police
academy, I learned about the police
25
:detectives working as an intelligence
analyst in the police departments
26
:and what they do there and such.
27
:So my plans changed.
28
:So after the police academy graduation
in early:
29
:work in the police departments as an
intelligence analyst, helping other police
30
:detectives with their investigations.
31
:And I've moved a lot from
different police departments.
32
:And during the almost six years I
had been that position before moving
33
:to the US at the beginning, Of 2019.
34
:Let's see.
35
:yeAh, so what brought me here to
the US almost five years ago, Was
36
:a PhD opportunity for my wife.
37
:She had reached to an anniversary
university professor here in the US
38
:whom she met at a conference back
in Brazil, and they had a spot for
39
:international students in their lab.
40
:And since it was a massive
opportunity for her career and was
41
:her dream, we decided to move here.
42
:But but the thing was back in Brazil,
and as I said in the beginning,
43
:I have a juris doctor degree.
44
:I can't really, validate that in the
us take the bar exam and be a lawyer.
45
:If I wanted to adventure
myself on that path and.
46
:What about law enforcement?
47
:Someone might ask.
48
:I discovered back then that here in the
US, regardless of scope or level, state
49
:city detectives or police officers, police
officer, it requires at lease green card.
50
:sOmething I still need to get,
I thought, so what should I do?
51
:Career wise, I thought okay,
it, I really enjoy computers.
52
:I am good at it.
53
:I've always, I.
54
:Built my desktop computers,
but what exactly in it realm?
55
:So at that time I was between
IT support and web development.
56
:And during this phase, thinking about
the pros and cons between them, I
57
:saw an advertisement for the Google
IT support certificate program.
58
:And I found that interesting
and I jumped right into it.
59
:And course enough the last module of
that program talk about cybersecurity.
60
:Christophe Foulon: Before we jump in
there let me try to dissect a little bit.
61
:When you were in Brazil, you
were, it sounds like you were part
62
:of the police department as an
intelligence analyst for many years.
63
:What were some of the, now that you're
looking back, transferrable skills
64
:from being an intelligence analyst to
65
:To cybersecurity that you are able to
leverage and transfer from your past
66
:experience to your current experience.
67
:Raphael Nicolich: Sure.
68
:I guess was the part That I had to,
as an intelligence analyst, I had
69
:to gather and triage and correlate
data, from multiple sources.
70
:We had access.
71
:We also use a lot of old syn as well.
72
:But we also had, close sources as well.
73
:I'm presenting all my findings in
intelligence reports or, spreadsheets
74
:or dashboards for My stakeholders should
take preventative or remediate actions.
75
:All my stakeholders, law enforcement
will be, my, the commissioners or,
76
:senior police detectives and such.
77
:If you think about that, it, it's
really relates to cybersecurity,
78
:especially soc analyst as well.
79
:And also, and on top of that also the
mentality of, I will have to be able to
80
:articulate my findings really well for
people to understand what I was able
81
:to gather, and correlate all that data
to, to make sense for their decisions.
82
:So that's another Aspect
of was really important.
83
:For, to help me with with
cybersecurity as well.
84
:So I had a lot of experience with
that because sometimes I was in a
85
:room that, not everyone was from,
actually from law enforcement.
86
:So I had people, in room
like the mayor of the city.
87
:And I had to explain over
there I was super nervous.
88
:I was over there and, this high level,
politician over there and, but, but yeah.
89
:So this is, this has helped you a lot.
90
:That helped me a lot with with
the cybersecurity, so far.
91
:Christophe Foulon: And a, as you finished
up the Google training certificate,
92
:had you started looking for
jobs before then, or you want
93
:to finish the training first?
94
:What was your approach in job hunting?
95
:Raphael Nicolich: My approach was I was
searching to, okay, what it takes to
96
:be, a saw analyst because, before that
I had no idea what cybersecurity was.
97
:I searched about the roles,
what they do and such.
98
:And when I learned about the soc
part, that was, that, that's it.
99
:That's totally it, right?
100
:So I was still to describe my new
career, where should I start, and.
101
:So I've started to, check what
what was the requirements,
102
:certification, certifications and such.
103
:What what was the, what I need?
104
:What was the fundamental knowledge?
105
:And then I just go, yeah, I have to
understand, what what is the internet?
106
:Because before like a tool before
I had a basic level of it, so
107
:I had to learn everything about
network, about networks and such.
108
:So that's why, that's where I
discovered the com TIA certifications
109
:and I did a lot of research.
110
:So I started with a network Plus,
and after I got, I, so after I got
111
:the network, plus I was our thought
was like enough to start applying,
112
:but I noticed that no, okay.
113
:Security Plus is is gonna give me the
days, level that was my understanding
114
:back at the time, so I then after
I got the security plus that I
115
:started to applying for positions,
116
:Christophe Foulon: Okay so right at
this point in time in, in your search
117
:you have, a just doctrine from Brazil.
118
:You have a Google IT
support certification.
119
:You have your network plus,
and now you're security plus.
120
:Raphael Nicolich: Correct.
121
:Christophe Foulon: Okay.
122
:How did you go about you search?
123
:Were you looking at SOC analyst role or
were you looking at more senior roles?
124
:What were you looking at?
125
:Raphael Nicolich: I was
exclusively looking for entry
126
:level, cybersecurity roles.
127
:And from what I could tell,
saw analyst was the one I.
128
:At least for me, because you would have
the both of the of the words, like in,
129
:in this regard of it's entry level.
130
:And I also I really found it was, it
had everything with me what what I've
131
:seen before in law enforcement, right?
132
:So it was perfect for me.
133
:It was the perfect role.
134
:Yeah.
135
:And.
136
:Reflecting on the initial months of, my
journey when I started, to apply to soc
137
:analyst position after I thought that I
checked all the boxes, for what I believe
138
:to be enough to get a, an entry law,
an entry level job in cybersecurity.
139
:I must admit that they were,
disheartening, receiving rejection
140
:after rejection it was not on the only
disappointment about, but it also deeply
141
:discouraging because especially when
I could even secure an interview, and
142
:Christophe Foulon: Let's
let's dig into there.
143
:So you've, you're applying
for lots of roles on average.
144
:How many roles and how are you
going out about applying for them?
145
:Raphael Nicolich: The thing is I put on
my on my, on medium that I was 60 plus.
146
:But the thing is after at 60 plus, after,
two years of, applying for positions
147
:without even getting an interview.
148
:But I checked that I also applied
for a lot of position through
149
:LinkedIn and some of a lot of those
LinkedIn applications that I did.
150
:I didn't receive any email from that.
151
:So all my accounting was based on
the emails that I receive, that
152
:those initial emails that say, oh,
we received your application and
153
:we soon reach out to you or something.
154
:With my new coding is
80 plus, Of rejections.
155
:Christophe Foulon: It sounds like
a lot of these were just through
156
:applicant tracking systems.
157
:Is that right?
158
:To assume?
159
:Raphael Nicolich: YEah.
160
:Christophe Foulon: Did you use
networking or reaching out to people
161
:as part of your strategy at the time?
162
:Raphael Nicolich: Yes.
163
:But I was connecting to, to a lot of
people, that it was in the InfoSec
164
:realm and, but I never, just reach out
to someone and, say, Hey, I'm working
165
:for a job on anything like that.
166
:I was more like trying to make meaningful
connections and then ask them for, for
167
:any piece of advice, something like that.
168
:And.
169
:And trying to understand where,
I should focus on in order for me
170
:to, to get a, to get an interview,
some, no stuff like that.
171
:And the thing is, another thing that
I've that I remember, I also reach
172
:out to local university professors as
well and ask them for a internship.
173
:And I remember I reached out at least four
or five university professors that was
174
:involved with something related with the
InfoSec just to get, my feet wet and such.
175
:And I was actually
asked, I was actually, I.
176
:Asking for, internship, not
even internship, I'm sorry.
177
:For volunteer, I was volunteering
myself to do something, for free.
178
:I just wanted to be part of something
to have something to put on my resume.
179
:And from those five, I only
heard back from Chu and one
180
:of them asked for my resume.
181
:I sent my resume to them
and I never heard back.
182
:And I was like, okay, so
my resume is that bad.
183
:That's why the , this person's
not reaching back to me.
184
:So it was, I, it was really disappointing,
but and throughout the time I
185
:was thinking okay, so what should
I do to stand out from the crowd?
186
:Christophe Foulon: Let's let,
lemme ask you a question there.
187
:So you brought up the question
that the statement was my resume.
188
:That bad?
189
:Did have anyone that was helping?
190
:Look at your resume or make
evaluations to your resume
191
:Raphael Nicolich: No.
192
:That was one of my mistakes.
193
:Christophe Foulon: or tweaking
your resume for the roles.
194
:Raphael Nicolich: No, I was like
just checking videos and seeing
195
:people, posting on LinkedIn and
saying, oh, your resume should look
196
:like this and should like that.
197
:And such people with with knowledge
and such, with really with an
198
:extensive experience on that.
199
:But I, I never approach someone and
ask them to look at my resume and such.
200
:And I feel like this is one of the
mistakes I made during my path, that I
201
:should also, should reach out to someone
and have them to take a look on my resume.
202
:But but yeah, that was one of
the mistakes that I made early
203
:them,
204
:my
205
:Christophe Foulon: eventually then
your journey started to turn around.
206
:How did you get that interview
for the role, your first role?
207
:Raphael Nicolich: So the turning
point for me wa, was when I started
208
:a medium page where I began to share
some CDF walkthroughs and whatnot.
209
:And, I.
210
:Crazy enough, not even a month,
and a couple of articles, I
211
:finally got my chance finally
interview my first one oh my God.
212
:And honestly, I was feeling super
confident because I had, so much
213
:time to prep for that moment that
when I finally got the chance, of
214
:course I was a little bit nervous.
215
:But I was feeling good, and I
used a lot of resources and one of
216
:them was I got right here with me.
217
:Your book.
218
:And other resources as well,
so how to answer, what are the
219
:most commonly questions asked?
220
:The response, how, the, also
the, also your book also covers,
221
:behavior questions and such.
222
:And I had a lot of time right to
Prepare myself for this and yeah,
223
:and I did interview and when I
finally got that call, Chris, and,
224
:let me ask for your forgiveness
because I cannot express enough.
225
:The magnitude of feelings on that
particular day and know I simply
226
:couldn't believe, but at the same
time, I knew for sure that I freaking
227
:deserve it, so it was amazing.
228
:Christophe Foulon: That's great.
229
:So it sounds like by
creating a brand for yourself
230
:in your Medium article and starting
to go through the capture the flag
231
:challenges by showing that you
understood technically what's happening
232
:versus just saying it on your resume.
233
:You started to notice a
difference and people started
234
:to pay attention to you, right?
235
:Raphael Nicolich: Exactly.
236
:Yeah, 100%.
237
:Because you gotta show your work, right?
238
:In landscape, field with
numerous opportunities.
239
:And also candidate, I started
to ask myself, how can I
240
:distinguish, from the crowd?
241
:And this, I thought about a YouTube
channel and such, but I'm not
242
:I'm more introspective person.
243
:should say it.
244
:So I thought, okay, so maybe I.
245
:Posting something online like a blog
or something that I can show my work to
246
:my, to po potential employers, that I
understand the concept and I know how
247
:to get, dig into, findings and such.
248
:Maybe that's gonna put it, put
me on a better, perspective,
249
:from the other candidates.
250
:Christophe Foulon: So
you got your first role.
251
:Congratulations.
252
:What are some of the things that
you're now doing to keep up?
253
:Because we know getting the first
role is just the first step in.
254
:Now you have to keep the
role and you have to advance.
255
:What are some of the things
that you're doing to keep up
256
:and to advance your career?
257
:Raphael Nicolich: So as of now,
I'm focusing solely on my work,
258
:on my, understanding and working,
studying the platforms that I use,
259
:to do my job as a security analyst.
260
:So I'm focusing on that right now.
261
:But also at the same time,
continuing, checking the news.
262
:We got several web, website, YouTube
channels and podcasts that we can keep us
263
:ourself updated with the latest threats.
264
:So I'm continuing doing
that and I was doing that.
265
:Way before, because also some questions
on the interview could could come
266
:about, what is happening to our, to our
space and such, the latest breaches.
267
:And yeah.
268
:For now I'm gonna continue
that, but later on I'm gonna
269
:pursue and get my next search.
270
:Problem's gonna be the CSA plus from com.
271
:TIA, I guess this is the
second one I wanted to obtain.
272
:And from now on I will just see what is
best for my role, see what is best for me
273
:to take a next step and go to a level two.
274
:And cons, continuing the good
work, continuing, writing.
275
:Christophe Foulon:
That's a great approach.
276
:I think one of the things that you can
always do to progress in your role is
277
:learn more about the platforms that
you're working with on a daily basis
278
:and how to solve problems there and.
279
:Your comment about finding a certification
that would help you advance your career
280
:versus just the next certification.
281
:That's also a highly critical
aspect to, to consider.
282
:Great advice.
283
:Thank you so much for
coming on today, Rafael.
284
:Really appreciate hearing about
you and hearing about your journey.
285
:Raphael Nicolich: No, thank you.
286
:Thank you for, thank you so
much for the opportunity.
287
:Yeah, like I said, I'm honored
to be here and never thought
288
:that one day I'll be here.
289
:Yeah, thank you for the opportunity and I
hope that all the listeners was able to,
290
:catch something, maybe inspire them to
continue the journey because for me it was
291
:very hard, but at the end, it, it worth.
292
:Christophe Foulon: Thank you so much
and those listening, feel free to share.
293
:I'Ll be sharing Raphael's LinkedIn
so you can reach out to him on
294
:LinkedIn if you have any questions.
295
:And have a great day and thank you for
listening, breaking into cybersecurity.
296
:Raphael Nicolich: Thank you.
