full
Breaking into Cybersecurity with Brad Rager
Breaking into Cybersecurity with Brad Rager
Brad Rager on Linkedin - https://www.linkedin.com/in/brad-rager/
Sponsored by CPF Coaching LLC - http://cpf-coaching.com
The Breaking into Cybersecurity: It’s a conversation about what they did before, why did they pivot into cyber, what the process was they went through Breaking Into Cybersecurity, how they keep up, and advice/tips/tricks along the way.
The Breaking into Cybersecurity Leadership Series is an additional series focused on cybersecurity leadership and hearing directly from different leaders in cybersecurity (high and low) on what it takes to be a successful leader. We focus on the skills and competencies associated with cybersecurity leadership and tips/tricks/advice from cybersecurity leaders.
This podcast runs on listener support and funding. Consider supporting this podcast:
https://breaking-into-cybersecurity.captivate.fm/support
Check out our books:
Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level: https://amzn.to/3443AUI
Hack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com/dp/1801816638/
_________________________________________
About the hosts:
Christophe Foulon focuses on helping to secure people and processes with a solid understanding of the technology involved. He has over ten years of experience as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement, and information security. He has significant experience in optimizing the use of technology while balancing the implications to people, processes, and information security by using a consultative approach.
https://www.linkedin.com/in/christophefoulon/
Find out more about CPF-Coaching at https://www.cpf-coaching.com
- Website: https://www.cyberhubpodcast.com/breakingintocybersecurity
- Podcast: https://feeds.captivate.fm/breaking-into-cybersecurity/
- YouTube: https://www.youtube.com/c/BreakingIntoCybersecurity
- Linkedin: https://www.linkedin.com/company/breaking-into-cybersecurity/
- Twitter: https://twitter.com/BreakintoCyber
- Twitch: https://www.twitch.tv/breakingintocybersecurity
Mentioned in this episode:
Thank you to CPF Coaching for Sponsoring
CPF Coaching: Cybersecurity Leadership and Talent Development Consultant
CPF Coaching: Cybersecurity Leadership and Talent Development Consultant
Transcript
Welcome to another episode of breaking into cybersecurity
2
:leadership, where we talk to different
cybersecurity leaders about what we
3
:could do to develop the next generation
of cybersecurity professionals.
4
:Today, we have with us, Brad Rager, who
will be sharing About recruiting the next
5
:level of cyber security professionals and.
6
:I'll let him introduce himself.
7
:Brad, do you want to introduce
8
:Brad Rager: yourself to the crowd?
9
:Sure.
10
:Hey, thanks for having me on Chris.
11
:Great to be here.
12
:So yeah, I I run a startup
recruiting business called Crux.
13
:We are building the first talent
platform for cybersecurity.
14
:So you can think about us as both a
traditional cybersecurity recruiting
15
:business and a marketplace.
16
:So if you hop on Crux, you'll
be able to see the first version
17
:of our talent marketplace.
18
:I got started in cybersecurity
from the business side about five
19
:years ago when I joined Optiv
where I ran corporate strategy and
20
:was CMO for a few years as well.
21
:So it gave me firsthand way to
view some of the challenges and
22
:opportunities in this space.
23
:And it led me to where I am today.
24
:Chris: So speaking of some of the
challenges and opportunities, what
25
:were some of the challenges and
opportunities that you first saw that
26
:you now wanted to tackle on your own?
27
:Brad Rager: I Think the first thing to
keep into perspective, and the reason
28
:there are so many people that want to
be in cybersecurity is it's a field
29
:that is, most industries go through
this S curve and we're still in the
30
:really early stages of cybersecurity.
31
:As more data moves online, as more of
the company's value is in their IP, their
32
:data and their assets, the criticality of
security is only going to increase, right?
33
:And we operate in this world where
it's this cat and mouse game.
34
:You constantly have an adversary
that's trying to best the defenses.
35
:So It means that the economic importance
and the risk associated with the risk
36
:of poor cyber security hygiene, but the
economic value of protecting a company's
37
:assets and data is only going to be more
important and it requires innovation.
38
:It requires new talent, it requires
creative thinking, and it's
39
:going to be driving growth for.
40
:The foreseeable future.
41
:So as an industry, it's an amazing
and dynamic industry to be in.
42
:That also means there's lots
of challenges and things to
43
:figure out along the way, right?
44
:So I think we as an industry
have had so much coming at us.
45
:Oftentimes it's been hard
to do things like build.
46
:Training and development programs for
companies to bring people into and
47
:build people's cyber security skills up.
48
:We have just an incredible amount
of technologies that are out there.
49
:Companies really struggle to integrate
those technologies and bring them
50
:together and fuse kind of the people
dimension and the technology dimension.
51
:I saw, a lot of that when I was at Optiv.
52
:And one thing that I heard from the
folks that I worked with, CISOs and
53
:practitioners, Was that a lot of the
pain points that they had and a lot of
54
:the things that just weren't getting
done from a security program standpoint
55
:wasn't because they didn't have the tools.
56
:It was because they didn't have the
people to run the tools and follow
57
:the processes and frankly, in many
cases, build the processes for
58
:a robust cyber security program.
59
:So we have a.
60
:Significant people
challenge in this industry.
61
:And my goal was to bring some, fresh
approaches to help customers solve
62
:clients, solve those people challenges
and help us as an industry bring
63
:more people into cybersecurity.
64
:So as.
65
:As a country, as an economy, and it's
the civilization we can be secure in what
66
:we do online and with our businesses.
67
:Chris: Now you've said a whole lot there.
68
:Let's talk about how
you do things different.
69
:So you mentioned preparing the talent
for all these new technologies.
70
:What are some of the things that you're
doing on the front end to help prepare
71
:Brad Rager: for that?
72
:I.
73
:I'm going to go to one of my pet
peeves in this industry, which is
74
:the way job descriptions are written.
75
:And there are so many job descriptions
that say, Hey, I've got an identity
76
:and access management engineering
role, and they need to have.
77
:Eight years of ForgeRock
experience, right?
78
:And I don't know how many years ForgeRock
has been around, but it's probably
79
:something around eight years, right?
80
:I think there's a lot of unrealistic
expectations where people are only looking
81
:for folks that have X number of years
experience with technology X, Y, and Z.
82
:But the irony of all of this is
while those job descriptions are
83
:everywhere that you look online.
84
:Most hiring managers, when you sit down
and talk to them, would say something
85
:along the lines of actually what I
really need is somebody who understands
86
:the principles of IAM has a good
degree of engineering experience is a
87
:great problem solver is hardworking.
88
:And as if maybe they know
paying, maybe they know Octa,
89
:maybe they know savvy, but.
90
:That's okay.
91
:We can teach them the ins and
outs of this particular tool.
92
:That's not a problem, right?
93
:And it's why don't you write
your job descriptions that way?
94
:So I draw a few categories.
95
:And as you think about fitting somebody
with a role, you want to balance
96
:things across these categories.
97
:One is what's their kind of core innate.
98
:What are they good at?
99
:Are they good problem solvers?
100
:Are they good communicators?
101
:Do they learn well?
102
:Do they learn quickly?
103
:Were they interested in doing
the second is what do they know?
104
:What's their kind of knowledge base
and domain expertise, which can be
105
:associated with the experiences that
they've had and what they've done.
106
:And then the third set is what are
the teachable things on the job?
107
:And in my mind, there's many tech.
108
:knowledges, specific technologies can
fall into things that are teachable.
109
:If you give somebody training
and time to do it, and there's
110
:levels and degrees to that, right?
111
:You're not going to teach somebody,
cloud infrastructure and in three months
112
:or a month on the job, but can they
move from AWS to GCP may not be the
113
:easiest thing in the world, but yeah,
probably most people can do that, right?
114
:If they understand the underlying skills.
115
:So I think there's a degree of.
116
:flexibility and thinking that we as
an industry need to introduce into
117
:our processes, really look more at
people's skills and not rely so heavily
118
:on how many boxes of technologies
can I check on the job description.
119
:And
120
:Chris: that's, that seems like a
really hard challenge because you
121
:have to convince hiring managers
that they have to go away from this.
122
:Checkbox certification degree thing to
go into, Hey, these people have skills
123
:and the skills are that they know how
to run foundational cloud technology.
124
:They know how to run foundational
identity and access management
125
:technology, and they just need to learn
this new one that this employer has.
126
:How do you get them?
127
:out of that safety net to be able to open
themselves up to hire this true talent.
128
:Brad Rager: Yeah.
129
:Yeah.
130
:I think the first thing hiring managers
want is somebody who's done this
131
:job before somewhere else, right?
132
:That tends to be the easy button
request that you'll often get.
133
:I actually think what happens in
the job description creation process
134
:is a little bit more laziness than
it is malicious thinking, right?
135
:Or not flexible thinking because so often
what happens is You don't actually find
136
:the humans that check all of the boxes
in that job description when there's,
137
:15 things in the required column.
138
:And the compensation is, maybe at
or below average for the level.
139
:Somebody ends up finding that
job or getting in that job.
140
:That's person who finds their way in there
probably didn't check all of those boxes.
141
:So it's a fallacy to think that there are
all of these people that are living in
142
:these jobs that check all those boxes.
143
:That's not happening today.
144
:Anyways, the question is, are you going
to do that on the back end of the hiring
145
:process in kind of a haphazard way?
146
:Because, it's taken four months, but then
we finally went back to the well and we
147
:found this person and okay, they're good
enough or are you going to do it at the
148
:front end and not find somebody who's
good enough, but think strategically
149
:about a combination of what people are
going to be able to do out of the gate.
150
:And the potential that they
have to bring into the equation.
151
:So from my experience, it's not
necessarily been particularly
152
:contentious conversation.
153
:It just requires a little bit more
thinking up front as to the problem
154
:you're really trying to solve and what
truly is critical to have in that person.
155
:Chris: From my perspective,
there seems to be two problems.
156
:One forcing the site, the hiring managers
to be able to think strategically.
157
:And then for you, Brad, having
them to do that at scale so that
158
:you can hire at scale and help
them do those hires at scale.
159
:How do you do that?
160
:Brad Rager: We haven't reached
scale yet, so you'll have to ask
161
:me in nine months or a year, Chris.
162
:But, the concept that I go to is
Identification of people's skills, both
163
:technical skills and non technical skills.
164
:And if you can change the conversation
from, I want somebody who has done
165
:XYZ for two years, five years, seven
years, eight years to, I want somebody
166
:who knows and understands X, Y,
and Z to a certain level of depth.
167
:And brings to the table interpersonal
communication skills, critical thinking,
168
:they're, highly analytical, they have
a passion for understanding how things
169
:work and breaking it apart, whatever
those things are, if you can reduce
170
:the conversation to that level, you
will find better matches between.
171
:People in the jobs that
are out there to be filled.
172
:So it's just changing the conversation
of it and taking it down to the
173
:idea of skills and saying are there
ways of assessing skills that are
174
:a little bit more thoughtful than
yeah you say you did that before,
175
:so you must be good at it, right?
176
:Cause that, that oftentimes
isn't actually the case, right?
177
:And to think about which skills
are teachable and which ones are.
178
:Chris: And how do you help managers
with determining which skills are
179
:teachable and which skills are not
teachable so that they can help find
180
:those nuggets in a haystack in a resume?
181
:Brad Rager: Yeah, I think that on
the technical side, there are great
182
:programs and pathways out there
and certifications to take a base
183
:level of knowledge up to more.
184
:Advanced sets of knowledge, right?
185
:So you can think about pick
your domain of cybersecurity.
186
:There's sort of the one on one one oh
two one oh three one oh five version.
187
:And there's learning both that happens
and can happen through certifications and
188
:coursework and online programs and study,
and there's work that happens on the
189
:job, most people learn best on the job.
190
:So the question is.
191
:on the technical side, what's the
level of proficiency and depth that
192
:you need and what can they learn on
the job and what training resources
193
:can you surround that person with to
get to the level that you want, right?
194
:So you think about pen testing rather
than saying, I need somebody who has five
195
:years of pen testing experience, let's,
let's see where they are on, some of the.
196
:Tools that are out there and boards that
are out there and how they're doing and
197
:oftentimes most pentest hiring managers
are pretty good at assessing their
198
:kind of technical depth of knowledge.
199
:And then you pair that with.
200
:The things that make great pen
testers, and you can assess those
201
:personality attributes, right?
202
:Do they have a strong
technical inclination?
203
:Do they have a passion to break
things down and understand
204
:how things work, right?
205
:Don't give me a job description
that requires that they
206
:have a bachelor's degree.
207
:Let's get rid of that
right out of the gate.
208
:But let's look at the innate
personality characteristics that
209
:tend to fit well with that role.
210
:if You have somebody that doesn't
demonstrate that through their
211
:passions, their history, their action
or communication, it's probably less
212
:likely that they're going to grow
into that path that sort of fits well
213
:with a certain type of personality.
214
:If that makes sense.
215
:I do think there are
things in general that.
216
:are more coachable and more capable of
developing than things that are not right.
217
:You it's difficult to take somebody who
just doesn't have a lot of curiosity and
218
:make them a curious person, for instance.
219
:That, those are the kinds of things
you really want to talk through.
220
:Chris: You brought up.
221
:How do you test for curiosity or
how do you pull curiosity out of
222
:a candidate during a conversation?
223
:Yeah.
224
:Brad Rager: There's, with anything,
there's multiple ways to get at it.
225
:There's one method, which is A
little bit more quantifiable.
226
:So we use personality inventories and
assessments that give a general dynamic
227
:of, Hey, does, where does this person
fall on introversion, extroversion, where
228
:do they fall on, somebody who loves to
go by the rules versus break the rules.
229
:There's a bunch of
different elements to that.
230
:So you can get.
231
:One read from personality assessments,
but you can't necessarily take
232
:that as gospel, so to speak.
233
:Then you really get at
it through conversation.
234
:So if you're testing for curiosity
and if you're testing for somebody
235
:who really wants to understand
the guts of things, then.
236
:You ask them what their passions are.
237
:You ask them what they're interested in.
238
:You ask them what they
do in their spare time.
239
:That's when the hobbies
actually are very relevant.
240
:You look and see if they have a
portfolio, if you will, of things
241
:that they've done to demonstrate
that passion and that interest.
242
:And just that simple idea of a
passion around a given area, that.
243
:Can take you miles, right?
244
:Most good hiring managers that I know,
many of them will look for that as their
245
:first and foremost thing and say, if
I can find somebody who is hungry and
246
:curious and eager to learn and spends
their time building their own knowledge
247
:in this space, rather than somebody who's
just looking for a paycheck or saying,
248
:Hey, I'm getting in this field because I
hear there's a lot of money to be made.
249
:Most people are looking for that
person that really loves the topic
250
:and is hungry and, is putting
themselves out in that community.
251
:And by the way, that's like the best
way to get a job too, because it is
252
:tough in this current market to just.
253
:Click through job boards and apply to jobs
if you have a passion around a given topic
254
:if you put yourself into that Community of
interest if you engage and contribute not
255
:only does that help build your knowledge
base But it gives you opportunity to meet
256
:people and some of those people might
need to hire somebody or know somebody
257
:that might need to hire Somebody so
positioned you really well for finding
258
:a job to you in this current market
259
:How do you
260
:Chris: test for that drive that someone
that's really hungry versus someone
261
:that is just looking for it on paper?
262
:What sort of off screen tests or
questions do you drive into to find those
263
:Brad Rager: answers?
264
:Yeah, drive is something that is a
little bit more difficult to measure
265
:through an assessment or a test.
266
:In my mind, you really dig into it
starts with something as simple as Tell
267
:me why you want to go into the space
or tell me about your career path.
268
:Tell me about the decisions
that you've made and the choices
269
:that you've made along the way.
270
:And then you can dig into it and
ask why questions underneath that.
271
:And what you're trying to get at is what
is the motivation and the driver and
272
:Individuals level of self awareness in
their journey of self discovery, right?
273
:I don't expect everybody, and I think
it's just human nature to people don't
274
:always know exactly what they want to do.
275
:And I think that's fine to me.
276
:What matters.
277
:More almost is are you actively part
of a journey of self discovery where
278
:you are trying things and you are
finding things that you love and
279
:that you're good at and then you're
doubling down in those areas, right?
280
:And if you can form a story and
demonstrate that with things that
281
:you've done or things that you've
learned or where you're spending your
282
:time in those areas that you love.
283
:That's great, right?
284
:So to me, that comes out through
storytelling and through unpacking
285
:a person's career path, decision
making, and the things that they
286
:do to build their own career.
287
:Chris: Any frameworks that you would
recommend for candidates to use to
288
:really be able to pull that out?
289
:Brad Rager: That's a great question.
290
:I don't think I have any.
291
:Frameworks offhand.
292
:The, when we kind of classify
folks by their areas of expertise
293
:within cybersecurity, we'll use
the, this nice framework, which
294
:is a great framework, but it has.
295
:I think 140 different job types.
296
:So in some ways it's almost too
detailed, but you can roll that up to
297
:the major domains or disciplines within
security, GRC, pen testing, IR cloud
298
:security app stack, things like that.
299
:And that kind of, to me sits at the level
of a good spot where you can really drive.
300
:Domain expertise.
301
:It in many ways aligns with a lot of
the certifications that are out there,
302
:but I think it's also okay to build
skills across domains, not just within
303
:domains, because the more senior you
have this kind of paradox, right?
304
:As a junior person or a
person in a smaller company.
305
:As a security expert, you're
gonna be doing everything right
306
:or a lot of different things.
307
:You go to a big company
as a junior person.
308
:You may be very specialized.
309
:Then as you get more senior once again,
you really have to have a generalist
310
:perspective on security and be able
to operate across domains, identify
311
:relative risk in various domains and
work across a business to make sure
312
:that security hygiene is embedded.
313
:Across all the stakeholders
in the company.
314
:So moving across domains and disciplines
and building generous knowledge and
315
:CISSP type broad knowledge of security.
316
:That's great, too.
317
:What I would ask an individual is
where do they feel comfortable?
318
:What do they want to do?
319
:Are you a person that wants to go super
deep and build really, strong domain
320
:expertise in one particular area?
321
:And bring that potentially to multiple
companies over the course of your career.
322
:Or are you a person who likes to see
things from a bigger picture, operate
323
:at a more strategic level or build a lot
of variety and build a, just a really
324
:strong set of experiences across things.
325
:There's a need for both types of people,
but I would encourage somebody to think
326
:about who they are and what makes them
tick and what do they enjoy doing.
327
:And then it built career
experiences that align with that
328
:philosophy for that approach.
329
:Chris: Yeah one of the frameworks that
I was hinting to was like the STAR
330
:format with situation, task, action,
reaction to try to pull out what
331
:exactly they did within a situation.
332
:And I know that's a great
one, but there's others.
333
:Yes.
334
:Brad Rager: To your point, I think
that when you're going through
335
:somebody's experience in the
background, you can't just be content
336
:to take a thing at face value.
337
:I like to dig in and say, all
right, what was the context?
338
:What was the problem you
were trying to solve?
339
:That question can get to ability
to see context and bigger
340
:picture and strategic thinking.
341
:And then to understand as part of a team
or as an individual, what did you do?
342
:What did you contribute?
343
:What value did you bring to the table?
344
:Cause let's be honest, people will
embellish on their resumes and oftentimes
345
:a lot of team accomplishments get, get
tasked as an individual accomplishment.
346
:So you're also trying to assess for
that and really understand how did
347
:you contribute within this team?
348
:What did you bring to the table?
349
:And we know that it's always a team
game, but you have to you have to
350
:dig in to really understand that.
351
:And it doesn't always pop out.
352
:That's a good framework.
353
:Chris: Now, for those that don't
understand the difference between
354
:recruiters, hiring managers,
internal recruiters, sourcers,
355
:things like that would you want
to describe how you're structured
356
:and how they might be different?
357
:Brad Rager: Yeah, absolutely.
358
:Recruiter tends to be the person on
the front end who is bringing a person
359
:into a situation or an opportunity.
360
:There are external recruiters and
there are internal recruiters.
361
:External recruiters are engaged by a
company to find talent on their behalf.
362
:That could be contract talent.
363
:It could be.
364
:Full time talent.
365
:It depends on the nature of the
opportunity, but you're basically
366
:acting as a representative
or an agent for that company.
367
:And you're trying to find
somebody who's a great man.
368
:Companies will look to external folks
because they can bring a network.
369
:They can bring particular
domain expertise, really from
370
:a hiring manager's perspective.
371
:They want to help finding
great people and finding them.
372
:quickly.
373
:So that's the value proposition
of an external recruiter.
374
:Internal recruiters work
on behalf of a company.
375
:What you tend to find in our industry
is the quality and the strength of
376
:those internal recruiters, whether they
really understand the job to be done
377
:will vary and it tends to vary where.
378
:If the company is a cybersecurity company,
a tech company, or cybersecurity services
379
:company, typically those recruiters have
a pretty good understanding of the job and
380
:the job to be done, and they can represent
that well when talking to a candidate.
381
:In enterprise, that's often
tougher because you may have a.
382
:Food manufacturing company or an
aerospace company or a hospital
383
:hiring a cybersecurity person.
384
:And that's where the conversations can
get a little bit challenging because
385
:that recruiter will struggle to play
the translation layer between the
386
:candidates and the hiring managers.
387
:And so in, in my line of
business, we mostly work with
388
:enterprises to help solve that gap.
389
:And.
390
:Bring that expertise into the hiring
equation, but then really the decision
391
:making at the end of the day is with
the hiring manager, because that's
392
:going to be the person who is the
boss and who is building the team.
393
:And so I think a good
recruiter works both ways.
394
:They work with the hiring manager.
395
:The front end of our conversation,
Chris, to say, what's the
396
:problem you're trying to solve?
397
:What are the skills that you really need?
398
:What's the type of person who's going to
be really successful, not just in this
399
:role, but in this company, who what's the
culture like, and then you can go out and
400
:you may know that person who would be a
great fit already within your network.
401
:Or you can help find that
person on behalf of a client.
402
:And that's really the job of,
403
:Chris: and with regards to your
experience of how efficient
404
:one is in each of those roles.
405
:I know that each served their own
purpose, but, if I were a client,
406
:would I look out for those external
recruiters, those internal recruiters?
407
:Who do I try to reach out to if I'm
doing an outbound campaign looking
408
:for a recruiter that might be able to
fill a spot that I'm looking to fill?
409
:Brad Rager: Yeah great question.
410
:I think if you're a hiring
manager and you've got a great
411
:recruiting team internally in your
company, that's fantastic, right?
412
:And that's gonna be the most cost
efficient route from an individual,
413
:hire basis most of the time,
if you've got a good recruiter.
414
:Now, if you're struggling to find people,
actually not having good recruiting
415
:capabilities can be very costly because
the cost of a bad hire, Is really high.
416
:You think about the time that is lost
getting the work done or the cultural
417
:issues that happen when you make a
hiring mistake, that's really the value
418
:proposition of having a good recruiter.
419
:So I think it starts
with an assessment of.
420
:Do I know people and network?
421
:How long?
422
:How hard will this be to find
a great person for our team?
423
:And then from there you want to think
about, okay if, if the principal
424
:criteria are finding a great person
and finding them quickly, you want
425
:to go with companies or recruiters
that understand the space, understand
426
:the nature of the job to be done.
427
:We'll take the time to work with you
and understand exactly what you're
428
:looking for and what you need so that.
429
:You don't have to spend a lot of time
saying, yes, this person needs this.
430
:No, this person doesn't.
431
:And that's where I think.
432
:Our industry and there's a lot of
recruiters out there that look at this
433
:very transactionally and they'll say,
give me a job description and I will go,
434
:spam 1000 people on linked in and try and
check as many of these boxes as possible.
435
:And then I'll flip it back over to you.
436
:To me, that's totally.
437
:Totally the wrong framework.
438
:This is about people and
this is about relationships.
439
:And there are there's brand to
be built on both sides, right?
440
:As a recruiter, the best thing
you can do for a client is help
441
:them with their people strategy,
help them find great people.
442
:And the best thing you can do for
candidates is help them find a place
443
:that they are going to thrive and grow.
444
:And that is in line with what they want.
445
:So I think you got to take.
446
:A long term perspective as you think
about those relationships, and that's
447
:why, the quality of the experience
on both sides really matters.
448
:And in the poor behavior around
hosting and stuff like that, it just
449
:it gives our industry a bad name.
450
:And it.
451
:It's a shame that it's right.
452
:We shouldn't treat folks like numbers.
453
:Everybody's special, everybody's
individual, and it's our
454
:job to get to know people.
455
:Chris: And as we wrap up, any final
advice you'd give to candidates that are
456
:hunting for a role in this job market?
457
:Brad Rager: Yeah.
458
:Yeah.
459
:Look, I think this job market is the most
challenging that the cybersecurity job
460
:market has been at least in the past 5
to 10 years where you used to see jobs
461
:going up that would get 5 applicants.
462
:Now the same job is going
to get 100 or 100 to 50.
463
:So it's a challenging market and Yeah.
464
:What I've seen is a number of
people that have been able to
465
:go from job to job in the past.
466
:Maybe they got recruited out of a
company and now they're saying, okay.
467
:I've got to go do this job search and
I've almost got to run it like a job.
468
:And we posted a few blogs on my
website recently just to give some
469
:tactical guidance around this.
470
:But the best thing I would say is in this
sounds cliche, but it really is true.
471
:Network is super important, but there is
a methodology that you can apply towards.
472
:Leaning on your network and growing
your network in such a way that
473
:it is maximally likely to help
you land a job that you like.
474
:And that really involves engaging
people that you know, having a very
475
:crisp story on what you want to do,
so you can help people help you.
476
:And then people make introductions.
477
:And so if you go into the
process with a really crisp.
478
:Narrative on what you're good at, what
you want to do, and you understand
479
:the types of companies or specific
companies that you would want to work at.
480
:You can build a network and help find
your way to get to meet people that
481
:are inside those companies or that
are likely to be hiring managers.
482
:And then just knowing somebody
totally flips the odds of you
483
:being able to get an interview.
484
:And then from there, run the process
and do what you're good at and
485
:trying to bring out your strengths.
486
:But that's the challenge that
so many people are having is.
487
:They're dropping applications online.
488
:They're getting rejections.
489
:They don't understand why it's
happening over and over again, even
490
:for jobs that are qualified with.
491
:So in this market, if you're seeking
and you're hunting, it does require
492
:that extra above and beyond effort.
493
:To build network and get
referred into those jobs.
494
:Chris: Well, Brad,
thank you for coming on.
495
:Thank you for sharing
your tips and tricks.
496
:Really appreciate it.
497
:We'll definitely have you back on again
in the near future and maybe we'll
498
:have some of your success candidates
come on and share their journey
499
:and share their Brad experience.
500
:Getting through this market,
but all thank you for joining.
501
:Thank you for all the
questions and comments.
502
:We really appreciate it.
503
:Feel free to share this with others that
might be interested because that's the
504
:whole point of these episodes is to share
it with those that are also looking to
505
:break in and are looking to learn from the
tips and tricks of individuals like Brad.
506
:Brad Rager: Thanks so much, Chris.
507
:Great chat with you.
508
:Thank you all.
