Cybersecurity is Bigger Than Hacking | Nate Butler on Career Pathways, Mentorship & GRC

[00:00:03] Ever notice it's always the overconfident leader that thinks cybercrime doesn't apply to them who gets selected and hurt the most? Moving Target. Books 1 and 2, out now. Hardcover, paperback, Kindle, and audiobook. Amazon, Barnes & Noble, and independent bookstores. Book 3, coming soon. Be a Moving Target.

[00:00:42] Well, welcome everybody to Cyber Crime Junkies. I am your host, David Mauro. And in the studio today is a friend of the podcast, Nate Butler, a professional cybersecurity practitioner, somebody who has broken into the field, has a lot of content sharing, an author active on social media, as well as an active practitioner,

[00:01:09] and gonna share some great insight today. Nate, welcome to the studio, man. Hey, thank you for having me, David. Glad to be here. Glad to be here. Alright, so tell everybody, you work in a security operations center, in a SOC. Like, tell us kind of what that was like, or what you're currently doing.

[00:01:33] I know your job roles have changed. Like, tell us about some of your experience, and then we can back into it from there. Yeah, for sure. So I have worked for several different MSSPs and MSPs. And so I've never actually worked in a SOC, but I've worked very closely with the SOC team members, and especially around product and getting the Microsoft Sentinel SIM stood up, for example,

[00:01:59] and working with different teams to ensure that they have everything they need from playbooks to just normal operations of the tooling. Different comes with the implementation, comes with a lot of data connectors, and ensuring things are firing off, and triggers are working. So that's the space that I've been in, and that's where, you know, I'm an engineer at heart,

[00:02:22] but I have been working in different architecture roles as well, and a lot of pre-sale side of the house, too. So talking with different stakeholders, talking with... Yeah, prospective customers, talking with people that are engaged in kind of rolling out the agreements that will help an organization reduce their risk. Absolutely. So sorry about that. I thought, you know, and I didn't mean to misstate it,

[00:02:49] but the key is, is that when you're working hand-in-hand with those in the SOC, I mean, the SOC itself, being an analyst, you can burn out pretty quick, and you see all of that, especially when you're tuning detection tools and things like that, getting them all set up. Absolutely. How did you get interested in cybersecurity? Like, what was the driver?

[00:03:16] Like, anything that, you know, any moment or any experience that you kind of were like, this is something I really want to do? Yeah. Well, I went to college. I did the college thing, did the bachelor's, did the master's. And even then, I took cybersecurity classes, but everyone at those, at that time, it was, hey, this is buzzing, it's hot, get into it.

[00:03:42] But I never was drawn towards it. At that time, I was still focused on computer networking and telecommunications. So I was deep on that side. And then things started shifting. And the major pivotal moment was when I moved to Charlotte, North Carolina. And all before that, I had been doing IT, working on two-man teams, wearing multiple hats. So not realizing that I was doing

[00:04:08] cybersecurity in different forms and sharing some of those responsibilities. And the moment was when I went, I moved to Charlotte and I met the mentor that I have today. And he enlightened me to some of the different things that I wasn't paying attention to and threw some material at me. He threw ISACA at me, he threw CISM, and then I just started digging in. And that was my area. And so

[00:04:35] certified information security manager, that material was amazing. That's CISM, right? For non-technical listeners or viewers, CISM is what you just described. And you just said a bunch of things. So let me pick some of it apart in a positive way. The role of a mentor

[00:04:56] in any career, forget tech and cyber, but any career, the role of a mentor to open doors in your mind, open possibilities, recognize something in somebody that is coming behind them in experience, regardless of age, and saying, hey, you might be interested in this. Have you looked in this? Have you explored this? It's really powerful, isn't it?

[00:05:23] Super powerful. And I never really, I've had great leaders. I have had great leaders that I've worked for, great people that I've worked around and have taken mentor roles and have put invested in me and wanted to see me be successful. Whenever I met Keith is his name, I met Keith and he just, shout out to Keith. He, he just, it was an open book. Does he have a last name? Yeah. Keith Harmon.

[00:05:50] What's Keith? Yeah. Keith Harmon. Keith Harmon. He's the guy. That's good, man. Crazy credentials. I just, elevator, met on an elevator, did the elevator pitch. Really? Yeah. What do you do? He's like, I'm in IT. That's how he pitched it. And I said, I'm into IT. And then he was like, you should come, come by. And from there, I, every day I showed up with pen and paper. And so the power of that mentor is, is, is, is only as powerful as you are going to

[00:06:19] let it be. You, you can. Man, I can't believe you said that. So that is something that people much smarter than me have told me, like had some people on the show, like Chris Voss, the author of Never Split the Difference, the FBI hostage negotiator. And I mentioned him because other people have heard of him. So that's somebody to do. I'm not just dropping his name, but what he talked

[00:06:43] about was mentorship. And he said, a lot of people will reach out to a mentor, but then not take the advice, not follow it, not act on it. Right. They just want to say, oh, I was mentored by this person or that person. He goes, the ones that actually do are the ones that you see their career kind of have a different trajectory. It's kind of cool. I'll say something about that. It's super true. And there's a lot with that mentor mentee relationship.

[00:07:13] They both have responsibilities and the mentee, you're going to get us so much. It's going to be like a fire hose. You're going to get so much information. It's going to be information overload, but you have to pick something up and you have to drive that something forward. And you have to be invested in a way that's genuine. It has to be authentic. If you're doing it for shallow reasons

[00:07:39] and you're not wanting to push the industry forward, you want to contribute to the industry, you want to grow and climb, then I believe that it's only going to go so far. So to your point, I think that when he gave me that CISM book, I crammed it. And to be fair, when Keith gave me that book, he gave it to me, he gave me his copy and his copy had all his notes in it. So I was seeing... Did he really? See, that is cool.

[00:08:07] And he said, I normally don't do this, Nate, but you're striking a chord with me. Here you go. And I took that book, kept it for a week. Of course, I had invested in my own copy and started deep diving. But yeah, I took the SISM. I sat for the exam. I passed it. And from there, I've been in a CISM for four years now. Going for four years. That's great. That's great. What type of doors has that opened up for you? I mean,

[00:08:35] I would think it does two things. One, it may open up new doors. But two, it gives you subject matter expertise in the rooms you're already in, right? Like it shows that and even not mentioning it to people that you have it, but by the questions that you ask, right? By the follow-up that you do, people are able to tell you know what you're talking about.

[00:09:00] Absolutely. And that you're talking like a SISM. You're talking like a true architect. You're talking like a security manager. But the doors that it has opened up is amazing. This is not a certification. This is not a regular, this is not Security Plus. Security Plus is great. I think that a lot of people, the market is... It's a great launching pad. It's a great first start.

[00:09:24] Fantastic foundation. This is a level up from there and probably a couple levels up. And the weight that it carries on your resume, when you stamp those letters at the end of your name, the attention that it grabs, the... Whenever you show up into the room, to your point, you show up to the room, the expectations are really high. But also, the community is really thriving. So there's people

[00:09:53] to reach out to. There's questions to ask. If you're looking for information, if you're trying to grow, it's an always evolving thing. There's no, hey, you got this SISM or you have this particular certification and you're done. You have to keep working. You have to keep practicing and advancing your knowledge base. Yeah. I look at it almost like a monopoly game

[00:10:17] where you are gathering up properties as you're moving across the board or tokens or any board game or any video game that you think of, right? These are all things that you collect along the way and each one helps you earn more things along the way, right? I mean... Absolutely. It's absolutely critical. So you've built a good brand for such a young guy. You're very active

[00:10:43] on social media, LinkedIn, TikTok, and more. You also have written a lot. You have a phrase that resonates with me and that is cybersecurity is bigger than hacking, right? So tell us about that. Like, you've said it several times and I think it's absolutely true because when people think of cybersecurity, they think of hackers, right? And when people think of hackers, they think of a kid in a

[00:11:12] hoodie living in his mom's basement, eating hot pockets, like cracking code, all of that. And it's not like that, right? It's not like that. Even though those hot pockets are real. Exactly. It's good. The reality is that the field is vast and that there's a lot of opportunities and there's a lot of, there's so many opportunities available. But the issue is, one of the issues is that when,

[00:11:41] like you said, when people are looking to either transition into the industry or maybe they're already in IT and maybe they're looking to transition into cybersecurity specifically, there's a lot of, there's a lot of people who think, like you're saying, that it's just, there's roles out there are just hacking it. And there are a lot of, you know, red teaming roles

[00:12:08] roles and these type of offensive security roles out there. And they are very, very technical roles as well as they should be. But there are other areas within cybersecurity that are not as deeply technically involved as an offensive security practitioner or a red teamer. Stay with us. We'll be right back.

[00:12:37] Ever notice it's always the overconfident leader that thinks cybercrime doesn't apply to them who gets selected and hurt the most? Moving Target. Books one and two, out now. Hardcover, paperback, Kindle, and audiobook. Amazon, Barnes & Noble, and independent bookstores. Book three, coming soon. Be a moving target.

[00:13:10] Oh yeah. And for, and for those that may not be familiar, there's red teaming, which is considered the, the ethical hacker group, right? It's highly technical. It is, you know, constructing code and social engineering and, you know, breaking in on staying undetected, things like that. So that you can show a company, right? That, that this is how somebody with bad intent would be able to,

[00:13:37] to, to do this so that they can shore that up and patch that. And then there's blue teaming, which is vast majority of people in the industry because it, it tends to be where there's a lot of companies that hire for that. There's a lot of organizations that, that build that. And that is the detection piece, right? And then there's also the GRC piece, right? Which is governance,

[00:14:01] risk compliance, which to me in my philosophically, I feel is the most important because you have to have the, the vision to know what the leadership's risk appetite is, and then implement the policies, the tool sets that the blue team will do, the engagements with the red team. All of that is kind of decided through that, through the governance piece. Yeah. No, I'm glad you, I'm glad you brought

[00:14:30] that up. Fantastic philosophy and logic mainly because, and I, I resonate with that completely because I came from an IT background. So, you know, sysadmin and doing all the work heads down, did some network engineering work, and then started to introduce cybersecurity, information security. Right. And so when I, whenever I was introduced into the GRC space, it felt like I was gluing

[00:14:57] everything together and it felt like... Exactly. It all kind of comes together in that GRC space. It's kind of, you start to see all the roles that are played in an organization. Exactly. When you're, and really what we're talking about high level is reducing risk for an organization, just like you're reducing, you know, if you have a fleet of cars at your company, right, that you're liable for, should they cause an accident, you need to maintain those cars. You need to insure those

[00:15:25] cars. You need to inspect those cars, manage them, right? You need to have quality drivers driving those vehicles, right? Whether they're trucks or logistics or whatever it is. It's, it's, it's all about risk and risk management. And technology is something that flows through every, it's a river that flows through every aspect of our lives, right? Yeah. No matter what. And so, there's risk to that. And so how do we manage that as an organization?

[00:15:52] Yeah. I love that. We have the people, we have the people process technology, but then to your point, I think, I think what really we're talking about in one word is sophistication. And whenever you have a sophisticated environment, you are, you do have that risk lens on, but most people may think, okay, so only the big companies have this. Yes, they have it, but it's the small

[00:16:19] to mid-sized businesses that can also have this governance, risk, and compliance in your arms wrapped around this piece. And it doesn't, you don't have to have, you know, you don't have to be a big organization in order to practice the governance piece, the risk piece, and of course, the compliance piece, depending on, you know, your, the industry vertical, you, you may have specific mandatory

[00:16:43] things that you have to follow. Absolutely. So, correct me if I'm wrong, but I believe you went back to your high school to talk about cybersecurity? I did. I did. So, tell us about that. Tell us about that because that seems like something really interesting. Yeah. So, there's programs out there that have, since I've graduated, that want to help the youth. And I'm all about information sharing. I'm all about

[00:17:11] being transparent, open book. So, I'll show up and, and talk about different things that I've done and share some of my experiences in, in hopes to inspire individuals. And so, I'm back here in Missouri, back in my, I'm in St. Louis. And at the very moment, I'm, I'm in my hometown visiting family. So, my dad's here,

[00:17:33] my, my wife's, we're high school sweethearts and her, her parents are here. And ensuring that we are connected with the community is important. And that I was able to go to college, go travel the world, go to Brazil and Amsterdam, and then, you know, Los Angeles and Miami, and then come back, back home and deliver that message, deliver that experience, that testimony. And it resonates,

[00:18:03] it lands with individuals that I connect with. They, you know, and we were talking about cybersecurity, this program, they don't have a program at the school. They don't even have IT classes. So, it's more just, this is all fresh. Although, I think a lot of, I think a lot of K-12 environments don't really have that much of it. Yeah. You know, you, you really start to, and I think that's a gap that'll be filled,

[00:18:31] or needs to be filled in my opinion, you know, in the future, because I think they, people need to understand that, right? Especially young people today are digital natives, right? They've grown up around technology. It's embedded in everything they do. And so, understanding how to use that stuff correctly and how to keep themselves safe is really key.

[00:18:56] I agree. Yeah, you have to. And when you start young, you know, our minds are in the state of, hey, we're in learning mode. So, that's the perfect time to talk about coding, not at a deep level, but at that individual's learning level, you know, not collegiate level material, but you can deliver

[00:19:19] high school or I'll go even to elementary. You can deliver this knowledge. My daughter is three years old and she has these, you know, chemistry, relativity, you know, Einstein books. So, you can start as young as that. Right. Absolutely. I mean, and think about it, being aware of the cyber criminal element, right? Just like you are going to coach children,

[00:19:49] right? Whether they're your own or whether you're coaching a small team, right? Whenever you give advice to somebody younger, it's, I mean, everything from physical, like you're going to tell them not to run in the street. You're going to tell them not to, you know, get into a van because somebody is offering candy or something like that, right? You do that because it's obvious to you and it's something you're like, well, I better say this because if they haven't heard it, like you,

[00:20:17] you want them to hear it from you. But it's the same thing that occurs in gaming, right? A lot of kids, you know, their passion with technology is from gaming, right? And there's a lot of risk involved when kids are gaming unsupervised. Not that parents need to like listen in on the chat and stuff like that. You don't need to be creepy about it. But knowing what children are doing and

[00:20:44] having some safeguards in place to be able to let them know, you know, should, you know, something bad happen, like to always be able to come to you, right? Things like that, having that open communication, it's really key because we've seen as you've talked about, you're aware, like some of the most popular games have, you know, the chat feature and then they're also using discord or

[00:21:11] WhatsApp or whatever. And then, you know, the cyber criminal groups have a playbook. They are targeting kids in those games and, you know, we don't, we don't want them unsafe, right? We want them to just be aware of it. Don't be paranoid. Don't be negative about it, but just be aware that this is a danger, right? You're walking across the street. There's a truck going 40 miles an hour. Like that's

[00:21:39] it. That could be a danger if you're not looking both ways and pause it, right? Same thing in gaming. Like there could be a danger, like don't go off the app. Don't go talk to, you know what I mean? Like it's those common things that I don't think a lot of parents have those conversations with kids because they just either think, well, it'll never happen here, right? Which is odd thing to say today

[00:22:02] because once you get online, it's global, right? Like it's, it doesn't matter where you are geographically. And so that there's, there's, there's a lot of coaching moments available for parents. Absolutely. Either the, it'll never happen here or maybe I don't know what to tell them type of mindset. So I think that there is, and when you mentioned thing, when we say things like,

[00:22:29] you know, Hey, my child is gaming, I don't even know what games they play. Okay. That's step number one. Classification. That's step number one, right? Probably need to know that. And are they playing with chat or without chat? If they're playing with chat, then that opens up a different type of risk. And, you know, just, and, and making sure that even if they click on something or do something that

[00:22:55] if it gets uncomfortable for them, they can come talk to you as a parent, that's really key. Especially when you hear about these horrible, sad stories about sex store or something like that. Part of the reason these kids get so worked up is they don't feel, they feel like they would be in trouble or embarrassed if they came to their parents or their guardians about it. And it's like, no, you've got to leave that judgment-free zone just come to us. And that, that can save a kid's life.

[00:23:25] Yeah. That communication piece really traverses through that arena as well as the corporate space. Oh yeah. People are terrible at communicating, right? And everybody's always like looking for a skill and, and like, oh, I've got this skill. Yeah. But you can't communicate it. Like if you can't communicate it, having that skill is going to be in a vacuum. Like being able to translate,

[00:23:52] being able to break it down, like I'm seven, like, tell me what it is. Like I'm a kid. Like, if you can't explain what you're doing or what you're trying to, to explain to somebody that's a child, right? Like if you can't explain it simply, I don't know that you really understand it. Right? Yeah. Really understand it and break it down really simply. And then you can go deeper.

[00:24:19] Now you have to get into that. Yeah. Yeah. I mean, there's, there's great sophistication, like to use your word, like there's great sophistication in simplicity, right? Hard to make things simple and understandable, right? It's, it's easy just to go and explain all the details and all the stuff and just rattle and rattle, rattle. But meanwhile, the other person doesn't get it. Right. It hasn't resonated. Yeah.

[00:24:48] Being able to, to explain something real simple is, is really an art that is a skill. You're right. Yeah. It's a mastery thing. And it's, it's, it's almost mandatory to, if you are working with something complex or you're working on a project to try to regurgitate that information to a child. And if you can, because that child is going to hit you with it. Well, why, what is this? And slow you down very fast, slow you down in the sense.

[00:25:17] Yeah. What does that mean to me? What's that word? Why should I care? Right. So then you're like trying to explain things and... That's really good practice. And that's really important. Yeah. That's really important because in the corporate world, we need to explain what we're doing in cybersecurity to business leaders who are not technical. Right. And they don't get it. Right. Like we can't talk about the bifurcated rays

[00:25:46] and the mirrored rays and all this stuff. They're like, yeah, don't know, don't care. Just know it's expensive. Like, I don't know. And all I know is that I don't really understand it. And you want more money. Like, I don't understand what we just bought. Right. Like you've got to be able to break it down and be like, this has allowed us to have, to be able to see bad things over here. And because of that, we've been able to stop the risk and lower the risk by this percentage

[00:26:12] over here. We're asking for an investment because we still have some blind spots over here. Does that match with your risk appetite? Does that match with what you're worried about? Right. And when they say yes, you're like, now I got my investment for my new tools or whatever. Right. And, you know, communicating to non-technical business leaders is really very similar to that. So let me ask you this. You have a really good brand and personal brand,

[00:26:41] and you communicate on a couple of different platforms, but they're different audiences and they're different types. I want to ask you about it. So you talk about cyber security on TikTok as well as LinkedIn, right? Yep. And I guess my question is, is how do you boil it down and make it effective like you do? Because

[00:27:06] you're very, you're good at it. How do you do that on a short video platform compared to like something like LinkedIn? I think LinkedIn is a little easier because some of the business leaders we're talking to are on there, right? And you're able to do a post, you're able to do a video, you're able to do an image. You can talk about an article, news that's out there. It's a good

[00:27:32] platform for that. I mean, it's very logical. Very logical. Now, TikTok is where I like want to dance and I want to like learn how to cook and I want to do fun stuff that's generally stuff after work, right? Yeah. But there's a lot of really good cyber security stuff on there. Oh yeah. And,

[00:27:56] and I like it because you have to boil it down to like 60 seconds. Like something just happened in the news. Here's what it means. So like, how are you, how are you addressing it? You also talk about like a lot of secrets revealed and stuff like that. I want, I want to also tell us like, what are some of the secrets? What are some of the things that you're seeing that you share on that

[00:28:22] platform? And we'll have links to Nate's both LinkedIn and TikTok in the show. Yeah. So I love LinkedIn and I love TikTok. They're two different animals. Three platforms. Fantastic. And both have their respective areas where they, where they shine. I can go on LinkedIn and connect with a more sophisticated audience and people who are in the industry who will have nothing to do with TikTok. Zero,

[00:28:50] I don't want a TikTok account. I don't want it. And, but then on the TikTok side of the house, it's all about genuine and authenticity. So you can show up as you are not polished, kind of rough around the edges. In fact, that gets more traction. If you are rough around the edges, if you come in too polished, I don't want to see that. I just want the raw facts and give it to me straight. And that's where I've seen a lot of success on the TikTok side.

[00:29:20] And going live. That's where I play. That's where I've been able to build the cyber community around me and hunt and find the folks who are out there. And it's thriving. It's thriving right now. And I, and I did not know, well, I knew that they, there were individuals who were talking about cybersecurity on TikTok. But the biggest gap that I saw was why are we not talking about it in a,

[00:29:48] you know, in a forum where we're live? Why am I not seeing multiple guests? And that's the area that I introduced is let's, let's all connect and chat about this live. Cause Nate's opinion is not the only opinion that matters. And my perspective is not the only perspective. There are many perspectives out there and they're coming in and they're chatting. And so I see people who are in the industry. That's a great point. I think you bring up a really good point. And that is, it's very authentic,

[00:30:18] right? When something happens, you know, when you think about AI being rolled out in organizations and like the risks that that creates, like, yeah, it's really cool. Yeah. We can be more productive. Yeah. We could build our own mini agents and train it, but if we're not doing it right, we could be harming ourselves as well. And so it's one thing to see that on LinkedIn. It's another thing though, to

[00:30:43] like sit there with a baseball hat on, on a Saturday and talk live with a bunch of people that were like, yeah, my company tried to roll this out. Our freaking intellectual property got out there, right? Like, and you can actually talk about what that means and like, holy crap. We had no idea. Nobody guided us and you can have real conversations. And to me, that's a full, that's the full 360 of really talking about a topic, right? Different views, right? Like different

[00:31:11] people, you know, you know, the non-technical view of it, the dabbler in AI, and then like the security people going, we want you to use this stuff. We just want you to use it safely so that you can, you can keep building without like being torpedoed unexpectedly. Yeah. And that's, that's the main thing that I always talk about whenever I do go live. I talk

[00:31:36] about the relationship between the people who are established in this space and the people who are emerging. And we need to bridge that gap between the two. And we want that, we want that gap bridged. And we, we know that the people who are established, there's folks that just are oozing out information. But when I brought on a guest that wanted to talk about open claw, and there were people who showed up

[00:32:02] that were deep in the space that were able to speak, I had slowed the conversation down just because they were dropping tools and processes and frameworks that, that most people hadn't, it was way over their heads. And yeah, exactly. So I like that piece where we're, we're knowledge sharing and we're helping the people who, I mean, maybe you consider yourself emerging, but you're two, three years in the space.

[00:32:29] So you're not so much emerging. You may be more established than you think. So there's also a mindset. Oh yeah. Developmental piece. What we're talking about, yeah. When it comes to AI and stuff, even though people have been working with it, right? For years. Look, it's still all wild west stuff. Like this is still pioneer stuff. Like this is not something that like, well, back in the eighties, this is what we did. And like this,

[00:32:57] there's a master program on exactly how to do that. I'm like, no dude, like this is all new. Like, like we are all kind of painting the plane while we're flying it. And it's, it's really exciting because we're going to crash. There's going to be a lot of crashes, but there can't be any judgment because it's not like anybody taught anybody how to do this ahead of time. We're all just trying to figure it out as we keep building things.

[00:33:24] We are all trying to figure it out. And there's so many creators out there that are, Oh yeah. Yeah. You know, in their respective platforms, YouTube and Oh yeah. A YouTube, a gold mine. They say YouTube university and you can learn a lot. Oh yeah. There's so much knowledge there. Oh yeah. And, and in short form, long form, it's fantastic. So tell us about some of your experience with AI. Have you,

[00:33:50] have you built agents? Have you tried open claw? Did you like, have you like any, any, like anything you can share with people? It's okay. Yeah. I'm just curious. Yeah. So my, my exposure has been beyond the normal. I think most people, I would say a big, vast majority are still using AI for querying and asking questions through the web interface, just log in and check.

[00:34:20] It's almost like, yeah, it's like Google, but they can upload documents or something. And they're exploring the other GPTs perplexity, clawed. So I've been finding myself around clawed code. I am developing apps and I've never, I've never, while I've taken college courses on coding and I spent some time on some projects doing Python and JavaScript. I've never considered myself a programmer and I still don't, but the tools

[00:34:49] that we have available to us today with a clawed code, a Gemini, an open AI, you know, codex, incredible. It's incredible. It's amazing. And so there's, there's a lot of learning components to it as well, as far as how to manage tokens and how to really take advantage of how to best leverage

[00:35:13] the AI to do what you want it to do. As far as prompting, there's, there's a whole skill to using AI. And these days I'm finding myself building apps that either at one point I was paying for this particular service, like maybe compressing files or removing backgrounds, it's little things. And so building something, ensuring that I can build that. And then also trying to introduce GitHub into

[00:35:40] the equation. We're able to do CI, CD and have some pipelines in place and look at pull requests and, and just see the actions happening, not just, Hey, you're just coding something up. And now you have the program. I think that there's a, there's a methodology and framework to introduce and to

[00:36:03] follow and introverses into skills and roles that are out there. DevOps engineers, platform engineers, site reliability engineers. There's a lot of roles out there that are needing people who understand infrastructure. Absolutely. And what I find fascinating with Claude code and building

[00:36:28] artifacts, building apps within Claude is first, you kind of look at what it is that you do yourself, right? During the week, like, well, when I want to do something, whether it's for a project, for work or whatever, it could be, you know, I'm spending like six hours a week doing this, I'm pulling from this, I'm doing this, I'm drafting and creating this. And then you can literally go to

[00:36:56] Claude code and be like, here's what I'm doing. I want to build something that knows me, knows my voice, really understands who I am. I want to do it safely. So it doesn't feed the public, right? And I want to be able to do it automatically. Cause I do this every single week and it builds it. Like I've been able to build something that is just like, you know, you go, you do this and you throw it in there and then boom.

[00:37:24] And it's exactly like I would have written it. Like it's exactly my voice. It is, it is not, you know, in this digital age, here's the kicker, blah, blah, blah. It's not AI slop. It is genuine good stuff. Cause it's only been, it's only based on my prior written stuff. Right. So it's fantastic. It's really,

[00:37:50] really powerful. Yeah. If you're, if you are looking to do something in the space, I would look into leveraging cloud code with VS code and trying to do small things like design, design a website for yourself and go through that process. And you will, you will find that you will start to, if you're into this type of stuff that we're talking about, you'll find that you'll want to,

[00:38:20] what's my next project. And to your point, what else am I doing around the house that I can improve? Not even around the house, but in my life, how can I improve my life? And there's so many different things you think of it. There's probably a GitHub repository where you can fork a majority of it and add your features. And customize it for you. Right. Exactly. Yep. Yeah. It's absolutely fantastic.

[00:38:49] So what do you have on the horizon, man? Like, did you say, have you finished a book or are you writing a book? Yeah. What's, what's, what's, I did write a, so it's a trilogy and so I saw trilogy. I saw as you do it, you have a trilogy as well. That's, that's awesome. That's awesome. I'm just wrapping up book three right now. Yeah. It's really fun. I'm in, so I completed book one and

[00:39:11] it's out there. It's on Amazon and it's the, how do you break into the space and stand out? So I have all my tips, tricks and, and it's at the end of every chapter, you're going to do an exercise. So that way it's practical. It's going to be real. It's something that you're going to leverage and I want you to write in it if you can. And then what's on the horizon. I am working with that mentor

[00:39:37] that I mentioned, Keith, and, and we're going to tag team the second book and he's going to have a piece. I already have it majority written, but he's going to have a piece in there about, you know, how to navigate the, the space once you're in it. And that's good. That's important. Yeah. Yeah. How do you manage up? How do you, how do you lead up? How do you, what are the first things as a security practitioner? What are the first things that

[00:40:04] you should be looking at? Even if you're in a specific role, what do you need to understand as far as the moving parts around you for you to be successful? And I think that that's going to be a nice touch. And so that, that's coming and more, more TikTok, more TikTok is coming, more LinkedIn is coming. Live engagements, things like that. Yeah. Have some guests, more guests, bigger guests come through and talk about what they're doing.

[00:40:31] And I'm big into not so much. I want the biggest guests to come through. I'm more about the quality. Hey, it's about the topic and like what, what, what the audience can, can learn from it. Yeah. Like that, that to me is what it's all about. Yeah. So that's fantastic, man. Well, Hey, send me the link for the free book on Amazon and we'll have that in the show notes as well. I encourage everybody to check it out, especially if you're

[00:41:01] interested in, you know, career changes or starting out or looking into getting involved in this fantastic career of cybersecurity. Cause which to me is bigger than anybody. It's bigger than all of us. It's like, it is overall crime fighting. So who doesn't want to do that? Right. We've all wanted to do that. Yeah. And you have a, and you have a spot, whether you think you do or not is kind of

[00:41:27] the message. Oh yeah. No, it's very, it's very welcoming. It's very open. There's people from every walk of life welcomed here. Like it is just a very cool space, you know? And so it's, it's, it's great. And I love the work and the mentorship and the wisdom that you're sharing along the way as you're gaining experience. It's great. Just keep doing it what you're doing, man. It's great. Thank you so much for coming on the show. Yeah. Thanks. Thanks for having me. I'm really, really grateful.

[00:41:57] So send us that link to the book and we will, we will help you push it out as well. Appreciate you. Thank you. Thank you. Thank you all. Have a great day. Cool. Have a great day. Thanks. You too. Bye-bye. Hey everyone, David Dean Morrow, creator and host of Cybercrime Junkies and author of the new nonfiction moving target book series. If you're a leader in an organization curious how to roll out AI safely, or if you have questions on your incident response plan, how to run tabletop

[00:42:26] exercises or looking for 24 seven eyes on glass to protect you and keep you growing without interruption. And I invite you to sit down with me and my team at NetGain Technologies. We've been around since 1984 before cybersecurity even existed. A simple conversation, absolutely no pressure and no salesy fluff. And you will walk away with a great roadmap no matter what.

[00:42:51] So if improving your IT, bolstering your security or rolling out AI interests you, contact me directly today at dmorrow at netgainit.com. That's d-m-a-u-r-o at netgainit.com. Find out more on our website at netgainit. That's netgainit.