 Hello everyone. Thank you for joining us today. We are doing an interview with Deirdre File So we have the pleasure of speaking with her. She's an IT security specialist with the United States International Internal Revenue Service. We're better known how everyone knows it as the IRS So Miss File has worked a lot on bridging the gap In information security and business skills for new practitioners, and we're very excited that she has a moment to speak with us today I will be monitoring chat while she's answering some of our questions If you could hold your questions to the end, we will have a Q&A session But if something comes up in the chat, I'll try to write it down and then I'll ask her at the end So thank you so much for Being with us today. All right. So without further ado Deirdre, hello. Good morning. Thank you for joining us. How are you today? Hi Josh. Thank you. Thank you. Thank you guys for joining us today All right, so we've talked a lot, but if you could please introduce yourself to the audience Okay, I sure will. Hi again. So my name is Deirdre File And I am so excited to be partnering with Josh from DFIR science For the share to Mike and cyber. So just a little bit about me My background is in IT. My experience pretty much expands over 15 years in IT And I have about five years in the cyberspace. I have a bachelor's of science in management information systems From an HBCU, Western Salem State University in North Carolina And then I have a master's in cyber and information security from right here in Maryland capital technology university Some of the IT areas that I have worked in are software development That's where I spent a chunk of my career Software development and testing requirement and risk management Data visualization and analytics I've dealt with a lot of FSMA compliance and just monitoring the servers Information security awareness and then training and development And as Josh mentioned, I currently work for the people that we all love the internal revenue service Where I am an IT security specialist and I am the administrator for the cyber management analytics portal, which is also known as CMAP and also I am the co-lead for the strategic hiring initiative And employee learning and development the shield program and I'll dive into that a little bit more Later, but that's a little bit of background about me. I love learning I'm a continuous learner growth development. It pretty much lives in me I love networking and inspiring others to get out and learn everything Yeah, that wasn't a little bit. It was just you you're doing so much so much stuff going on So, um, thank you for that. Um, I don't even know where to begin. I didn't know actually half of that So thank you um for that introduction So, I mean you oh man, you've done a lot of stuff. Um It all sounds super interesting, but I guess just to make it a break it down and make it a little bit easier for us Um, imagine that you were just getting into Just coming from where you were starting from um Can you tell us about kind of your path through cyber security in a very kind of simplified way So how did you get started? Where did you come from? How did you know that you wanted to get into this? Yeah, so with my IT background and being IT for Look almost 15 years with the five in cyber I also I took a stretch a stretch assignment um in cyber security and that's when I was like Oh, this is interesting. Let me go back to school and learn more So I went back and got my masters in the cyber information security and that's from there my career just flew off So with that IT background already had that um that cyber security the IT Experience which kind of led me into the getting into cyber security so the degree I mean It do you think it was because the degree program that it took off or people you met there or what about the program helped you actually go Yeah, so I think it was the degree mainly it was a degree and it was also just the assignment that I took um It was the power of networking when I say I took the assignment and I met so many people Even people in um the cyber security space that has helped me in my career So I can definitely say the networking piece the degree keys and just being open minded and not afraid to get out of your comfort zone Okay, great great advice. Um So, yeah, there's been of course, you probably know there's been a lot of discussion about uh qualifications and certifications and everything in especially information security and a lot of people are asking the question Is the degree worth it? Should I go through that and You know, I always tell them the the networking is probably one of the most important parts. So I'm happy that um You're kind of confirming that but also I mean the formal education part was also useful for you, obviously, right? Yes, and I always say certifications are good, but I think certs pretty much get you the audition but you gotta have the skills the skills is going to get you that role so the certs are good the um Education the degrees are good, but you need the experience. So I am a big fan of like home labs On the job experience and having that one on one that's going to enable you to get that skill set Great, okay. Like the certs are good. They're good and expensive. They're good. Yeah, the education is good, but you need the um experience definitely Okay, yeah, I won't don't get me on expense of the certs. So especially in forensics um Talking about the the skills one of the things that I was I was most intrigued whenever I learned about you was that you actually worked on Kind of bridging the skills gap at the irs for new hires coming on. Is that is that right that I get that correct? Okay, can you can you um Tell me how you're actually trying to bridge that gap in cyber security I can yep. Yeah, so um Why why first of all, let me just go into why I think there's a talent and skill gap In cyber security. So the one of the reasons I think cyber security is so broad There's a ton of jobs technical and non-technical, but of course we all want the technical job So I think that's one of the reasons another reason is the announcements. Um I want you to have all the experts expertise in all in all the world. Like I want you to come in and have 10 years for an entry level role. So I think we have unrealistic job descriptions Um, requiring you to have that three to five years of experience That's another reason why there's a talent skill gap and the last one is um, when you're looking at an entry level Um announcement is hell you to have a cis sp That's not even an entry level third And so I think the job descriptions we have to do better. Um With just the job descriptions and the announcements any hiring managers have to be able to spot that talent and skill when um Looking at those job descriptions and announcements as well. So I think that is a the reason why there's a talent skill gap in cyber security Um, and so what we're doing at the irs We did create the shield program and like I mentioned the shield program is the strategic hiring initiative Employee and learning and development program and this was created created just because of that skill gap We have at the irs Um, and then just elaborating more. Why why do we even create this the shield program? Um, so I can say that they required a lot of creativity a lot of some um A chance to look at like historical data in the cyber security workforce So it required a lot and so when we was doing our analysis at the irs we came up with um, some of the factors and the challenges that we had to deal with was um The struggle to like I said the struggle to attract and retain early career IT professionals with that um critical diversity of talent and skill Um that they bring to the irs another one was we have a rising retirement rate at the irs And that's probably everywhere in the federal government. Um, that would pretty much just drain our workforce as those senior employees age of the system and then the last one was um In the federal government, you know, you're ranked by gs your your pace your pay band is ranked so in our irs organization We have a very high um a top heavy organization. So a lot of the employees are like gs um Just 14 and above which means, you know, they're like in senior management and then um The worker bees which are gs 12 and below was a really low percentage So we had to look at that and like why or why don't we have the gs five the gs? Seven gs nine and gs 12 in our organization. And so this is where shield um came into play and so what shield is shield is um a program where The new hires that come into the irs that are gs five through 12 They have to go through um a two-year program Um, and they have to they have to go through different program elements And so I'll just go through the program elements and this took a lot of work We're this is the second year will be april of 2022 so that would be our first pilot and it is amazing like going well So when they come into the irs and they come into this iris security organization They go through these program elements and those program elements are one um knowledge transfer events And this is where they will attend a briefing. Um that is presented by a subject matter expert And so like um somebody that's an expert in cloud computing They would come in and they would talk for an hour Hour and a half and tell us more about what they do in their field And so they have to attend four of those to to graduate The next one would be the business courses. And so this is vendor led and our business courses are um Selected based off of our current skill gap. And so when we was looking at all of that historical data We looked and we realized we don't have a lot of um individuals that are In acquisitions and that's a huge part of cyber security So whenever you look into that we had to figure out how to add those business courses into um the shield program And so when they come in they have to take three business courses. Um, one is in acquisitions One is in project management and one is in audit and I know the technical people are like, I don't want to take that But I think it's a really good skill To have um just so you can be a well-rounded individual So the next one was the technical challenges and this is like my finest part where They come in and we put them in a group and they're able to test their abilities and deliver a creative solutions to everybody So one of the challenges we did have was a data visualization because I am in that space Um where they had we gave them a data set. They had to play with Go out on tableau get with your group come back and present it and then we judge you guys based off of that Um, and then we have another one called hack the box. I'm sure you guys have heard try to hack me all that So we have another um technical technical challenges as well So this is where they're getting in groups and they're talking and they're coming up with these solutions To deliver to the judges. So that's another and then the last one where whereas um the detail assignments and this is where they come in so let's say if you came in as a um Pen tester and you're like well, I want to I really want to experience what they do in um acquisitions Um, so they get to take that detail assignments and it's up to four months They get to take that detail assignments to experience another field in cyber security So, um after completing all of these trainings, um, we're pretty much developing a well-rounded Employee that has the knowledge of not just cyber security, but you have the knowledge of how the business of it cyber runs Um, and we're just bringing that skill anymore We're just hoping that they bring those skills and abilities and then take it back to, you know, their everyday role Okay It's always a lot. Let me let me let me try to um, um, uh, summarize this just to clarify some things. So First off, you're hiring people. Um that already have a particular skill set. So you said pen tester. So they might have already Are you talking only for entry level positions or is this all through the irs? No, this is only for that's coming into cyber security for entry level positions Okay, so you have an entry level pen pen tester. They might have a degree maybe some certifications Maybe a few years experience and then they're coming in. Um I'll just stay with pen tester, uh with all of these pen testing skills But maybe they've never actually seen the business side of things. So the first thing you do you sit them down and you say Actually, you're going to have to Um get exposed to all of these other areas and you're going to have to take some actual business courses. It sounds like Yes, you're going to have to complete these requirements in order to graduate a lot of a lot of a lot of them are like Oh, I don't want to do that But then once you start to take those courses you you're like, oh, this is really interesting And i'm glad that I took those courses to find out more about how it cyber runs Are those courses actually set up like a like a university program? Is it like a one week course? Is it more like a training? How are they? How are they structured? So the courses are different. They're vendor led. Um, and they're based off of the federal programs that we have So like for acquisitions. Um, I don't know if you ever heard of fai federal acquisitions institute Okay, so fai is like, um, our courses offered for acquisitions Um, but for the federal government for the government Yeah, okay, so they've always been in the land and they're able to go in and select any one of those courses that they can take so, um They can select any courses that are essentially already developed and then I guess these take place uh Maybe a couple hours during the work day or they have to do them at night Like do they get time actually to study this or is it something they have to do separately? So with with that whenever setting up the show program, we have to make sure the managers are on board Yeah, so the managers aren't where the senior managers are aware like they're in the show program And they do have time to take all of them all of the program elements that I mentioned And when did this when did it start a shield program don't start it? um All of the creativity and all the pooling the data was started october 2019 and we launched the program april 2020 oh, wow the two-year program. Yeah two-year program. So it ends april 2020 that is Way faster than I thought I figured you know six years for planning You know Five years for implementation something like that. So that's um, yeah, it's really amazing Okay, yeah, it's like up and running and I mean the feedback that we're getting is just crazy It's just saying how the cyber shield program pretty much just laying out that Romap for success and people are like finding their niche in cyber security because you think you're interested in one thing But then once you get to experience and learn another thing. You just don't know sure so If if somebody wanted to replicate something like this, obviously they don't they don't have access to those federal trainings that have been created already so Business seems to make sense pretty much anywhere, right? If you can teach them business skills, then They should be ready actually for management possibly even um How would you recommend that an organization go about designing some sort of shield program for their own organization? Yeah, so I would definitely say to look at your your your data that you already have look at your workforce your current workforce um Does it consist of people that already have those skill sets? Like when I say we looked at all of that all of that historical data And we kind of came up with a program that we needed we needed the worker bees. We needed the gs five We needed the gs five seven 11 and 12 because we were higher our all of our employees are like higher up So we looked at that data and realized we're going to have to bring in new new skill sets new Talent um, and they have to come in as five seven 11 and 12 And so I would say definitely look at your data Um, and then once you pull that data, I would also want to plug in the nice framework I'm not sure I'm sure a lot of people have heard of that But that's going to help you identify the skills that you need to recruit develop and retain that cybersecurity talent And so when they came into the shield program, we have assigned each and every one of them like nice codes Based off of where they were put Um, so that's another thing that you could look at when you're building up your um If you want to build a shield program. Okay. This um, this question might be might be too sensitive i'm not sure but How did the irs Actually get to the point where they were even thinking about implementing it like did it come about because of a Problem and then somebody's like hey things are broken. Let's identify what the problem is or like was somebody just very proactive Were you very proactive like how did this how did this all actually start because most people aren't even thinking about maybe Uh beginning to design a program like this. Do you know what I mean? Yeah, so it actually came from my aciado So he was I think I was just looking at the data as well and looking at succession planning that's what he was looking at and Um, he was like, yeah, let's get this done and he had the vision and we made it come to light Wow, okay So it's just basically being proactive and and identifying that a problem existed So check your data is the is the lesson here more than anything Yeah, look at your historical data definitely definitely. Okay. So you have um, the new recruits go in through a couple different training programs uh business tech transfer um, and then They can choose the other areas or you have a prescription for them for those areas Like all the data I think was one. Okay. Yeah So it's pretty good that the program is pretty much employee driven like, um, you decide what detail you want to take You decide what business courses you want to take So it's not nothing like set installed because you you're pretty much deciding what you want to do Okay, your cyber career so right now Open it's only open for cyber security employees, but in the future we do hope to um branch it out to other agencies. Um And actually branch it out to other organizations in the irs because people um, the employees are asking like, when are you going to be? um When are you going to be expanding it to another program? So we're looking into doing that now Yeah, super interesting. Okay. I had a question uh in the chat Is there any link to the training programs or like which courses are we talking about because they joined a little bit late I told him it's the shield program developed in the irs and I don't think any of the materials would be public, right? Okay, yeah for none of them are public, but I can't share the training material. Um, that means the business courses material I can't share that as public public so I can I'm sure that but I'm not sharing the um of the shield Like the links and stuff. I don't think you even get this is on my internet. So yeah, okay. So this is Deirdre files so I will um Get any links from her and then post them on d4 science and then you can look her up on She's kind of everywhere instagram, linkedin, twitter Just go there and say hey tell me more about your training programs. So Yeah, yeah, and then join the irs She joined the irs then you can uh, you can learn it all right, so Definitely reach out to me um to learn more even if you want me to help you come and start a program Yes, definitely um reach out to me on linkedin. So yeah, I'll get you the information you can definitely um reach out to me Perfect. I'd be glad to help. I love um looking at data and trying to perfect that data and come up with the solution So yeah, that would be great nice, um Okay, so we were talking about this the the The training program and it kind of brought up the question What are the most important skills that you think people need for cyber security people already had? Maybe pin trusting pin testing or digital forensics experience. They're coming into something But you're saying actually you're going to need all these other things too So if you could kind of break it down, what are the most important skills that people would need whenever they're Looking to join a company starting in cyber security Okay, um So my i'm big on like soft skills. I know being technical is great But I think i'm having valuable soft skills will take you a very long way in your career And when I say um soft skills, I mean leadership skills um being creative a desire to learn and research um being open minded like with the program I have to be totally open minded. I have to Stretch my brain like what are we going? What are we doing here? What are we going to create? So being open minded teamwork and collaboration are important and being adaptive to change like changes happen in Cyber and i see so just being adapted to change is a really big one. Um And I know a lot of people and you know, when you get into cyber a lot of people don't even know like the basics of how a computer works I think you need to have that skill to know what how does the computer even work? So I definitely i'm big on soft skills. Um, I know technical skills are great, but I am yeah soft skills matter They do matter okay, so um Looking at that like whenever whenever you said computer how a computer works that is something that I can I can imagine that somebody can easily look up. They can they can experiment with a computer, but whenever you say uh leadership skills Being open minded being able to collaborate being open to change. How do you learn those things like? So one of the um Folks for leadership skills, um leading a presentation or presenting a presentation that helps with leadership and communication skills. Um Talking even having a mentor can help with that. Um being adapted to change is whenever. Um, I'm pretty sure everybody's adapted to change But it's a this skill to have um When something arises you don't get combative or you just you're just being open minded and you're just being able to change with that situation Teamwork is definitely getting into groups. I'm sure if you're in school That's that's all you probably pretty much do but just being a team player And not saying aye aye aye and it's all about being teamwork and collaboration And then what I said um create creative Um, this is just expanding. Um, what you've already been used to so just being creative going out doing your research And just trying to find creative solutions Okay, so taking being kind of proactive and actually putting yourself out there It could be through a presentation If you were really just starting and you're not really ready for presentations yet Like something like a blog post or what what would you recommend? Like how can somebody who hasn't done any of this before? Maybe they've never been Um never presented in front of anyone and they're trying to build up this kind of collaborative mind and these skills Where would they start? Yeah, I would definitely say like you said a blog post is good But get a mentor or it could be a family member get someone where if you're trying to build up your presentation skills or communication skills get someone that you trust and present that presentation or um Present something that you are interested in doing and this way help build up your your confidence and also your Communication skills as well. So presenting to any somebody that you feel that you trust And they can give you constructive feedback So do a small project And then and then just teach teach your mom the small project and then that'll get you some experience And then build up from the air kind of thing Right And and the mom would love that right because she can say look my babies can do everything. Okay, perfect We did have we did have a question from the chat It was in korean. So thank you for that. It was um our computer programming skills important for cyber security Computer programming, I think yeah to an extent to what you would like to do in cyber security I know the thing that is hot right now is python, which helps with um cyber security programming Um, so yeah, definitely. I think it's a must just depends on what you want to do. So um, like me I've done risk management. I didn't need any computer programming skills So um, it just depends on what you would like to do in cyber But I think they are important to have um for your background Yeah, so the pen testers maybe the forensic investigators, they would be coming in with maybe some Basic python, maybe advanced. Um, but then if you're more on the auditing side, possibly not right? Is that right? Right. Yeah, so it just all depends if you're yeah, like you said if you're a pen tester or um You know the cyber threat any of those you probably do already have that back running program And so it just depends on what type of cyber career cyber security career you are interested in With the programming skills because some you do not you do not need the programming skills But it's always good to have it's always good to have and I think that's that's one of probably one of the big takeaways From listening to the shield program is that Basically, what you're saying is that there are so many different areas and you need to have all that general knowledge That way you can choose which area you want because it's way more than just the technical side or just Maybe the business side of things. So Super interesting Okay, so then we've already talked a little bit about this, but can you kind of distill any tips? Or someone trying to get into information security generally To better prepare like imagine your perfect candidate where they would come in and you would look at them for the shield program And say oh no, you already have everything is does that person exist? Can they exist? What would what would you recommend for them? Um, what would I recommend somebody trying to get into cyber getting in? Yeah, imagine they were going to the irs and they're saying you wanted them to already be well-rounded before they got there. Let's see So what I would say definitely the home labs, um setting up your home labs getting that on That experience with your home labs would definitely um help Um build up your skill set. I would definitely say that um And then i'm trying to think what else um Having a mentor that's going to leave you lead and sponsor you was definitely good to help you get into um a cyber security role um search search Masters going to help you get in the door, but you need to definitely keep those skills rolling in once you get into that role um, so my thing is basically just setting up that that home lab and um Making sure you're you're getting you're learning the skills and not just getting certifications Because once you know those skills, it's going to take you anywhere So set up the home lab and then that's where your um Once you're doing research on that home lab That's where your presentation skills are going to come in because you should be writing blog posts You should be talking to people about what you've done and actually getting out there and that will help get your name out there anyway Right is that it so yeah, okay, great Another thing I want to say is if you're all LinkedIn and you see someone with a job that you're interested in Contact that person. Hi. I see your profile. I'm interested in being a slot analyst. Can can I shadow you for a day? Oh, I mean people are so open to like just showing you what I do Like I I know I've contacted a lot of people like hey Like your profile interests me. Can you show me what you do for a day? And even if it's like an hour just show me how what you're doing and you're building up that relationship You're creating a relationship that's going to help you and expand your cyber security network But if they don't respond don't spam them, right? Show me what you do It's so many of them out there just go to the next person somebody won't respond. Yeah, send a message Maybe move on. Okay. Perfect. So, um, I want to go back to the the mentoring because you've mentioned that a couple times Is there How do you recommend actually finding a mentor? I know Info sec kind of has some mentoring programs, but how should somebody go about it? Um, so the link that thing was real you see anybody that for a position that you're interested in you want to personally be a mentor That's a great way other another one is just joining mentorship programs. Um, so let me just plug in black girls and cyber so what we're doing here is um helping women of color transition into entry level cyber security privacy and STEM careers um And what we're doing is creating an industry awareness and diversity in cyber security privacy and STEM And so we actually have a mentorship Program now where you receive a mentor and the program is a six month cohort Where you're getting a mentor you're learning how to break into the cyber security fields. We have um Memento scholarships webinars conferences and community outreach. So what I would say is definitely joining um Different organizations that already have that mentorship setup. Um, women's and cyber security has another mentorship program So there's so many different diversity All these organizations out here that have mentorship programs. So just joining one of those programs Um to have a formal mentor, but if you want to inform a mentor mentor contact to somebody on LinkedIn I mean Building up your elevator speech so they can realize that you want to mentor meet somebody You got you got to tell them a little bit about yourself. So building that up and then just um Yeah, that's that's pretty much it just pretty much, you know, just once you meet meet people Just pretty much connect with them and just ask to be your mentor. The only thing I can say is no And you just move to the next person Yeah, um, yeah, I'll just add on to that. I see very often especially on linkedin and twitter Um people posting about mentorships. I think she hacks purple does one every like monday something like that so, um Yeah, there there's definitely resources out there If you're looking for a mentorship and then I think the the LinkedIn cold call kind of thing is a great idea because you can actually see if they're right in the area that you're most interested in So, um, that's a really really good insight um, okay So we've been talking about skills that you've um mentioned certifications just a little bit and we kind of started on that, but um Which do you think are more important certifications or degree programs? You said certifications get you in the door degree programs, are they are they worth it or can we just focus on the home lab like Um, I know this is a super difficult question and nobody has the answer to it But but what what what's your opinion about this? These questions, yeah this question right here is very debatable It goes different. Um, so okay, so experience is major it's relevant and certs are major irrelevant I just think it goes back to the job description A lot of them are asking you to just have a bachelor's and then some are asking you to have certs So it's kind of good to have both I know that it's not like answering the question but it's kind of good to have The education and also the cert at least when I say cert I say the security plus the found the basic foundation cert And then once you get that cert you can pretty much see that you're in the job descriptions along with having a bachelor's degree So I I think most of them are good. Um, it's just hard to debate which one So yeah, like I said, look at your resume and they see you got certain. They see you got Factions you meet you pretty much. Yeah, they get you the audition but remember those skills can get you the role Uh, okay, I know I know I didn't ask your question, but I'm like I think no matter. I think that I think that was that was perfect. Um certs and A degree pretty much no matter what it is. We'll get you the audition or the interview And then and then the skills which hopefully you're getting from both certs and and degrees, but maybe not We'll get you the The skills so definitely make a homelab and start practicing and then you can bring that up also in the interview And say hey, this is the research I've done on my own That shows that you're you're willing to actually start those things. Um, what about Yep, I was gonna say you could say yep I have a homelab in addition to having my security plus I also have a homelab where I have learned such and such So that shows that you're not just you know, I just have the degrees and the certs. I'm going um the extra mile Great. Um, what about people who maybe uh, didn't Get a degree in the program that they're they're actually Applying for so maybe they didn't do an information security or even technology degree Maybe they did something in in literature and decided they wanted to switch over. Do you think that that's a big hindrance? Should they go back? Should they do the masters or? Should they just start a homelab? Um, what's your opinion on that? You can people move over like that? And what have you seen at your time in in irs So I want to say that um a lot of um people that start they are in cyber security don't even have that it's your cyber background I just I think every degree Matters and every degree in the skill set that you have gained from that degree are transferable into cyber So um, even if you're like a nursing major you're dealt with like HIPAA you're dealing with cyber security You're dealing with all of that. Um, so you're able to transfer those skills over you just have to tell that user story How you're able to transfer those skills over into cyber security? So I think they're all it's all transferable like you use communication skills in nursing you use And you need it in cyber security. You have to do briefings. So you need that in cyber security Um, you're I'm sure you're on a computer and every field So you can you know, you have the basic computer knowledge Like though you all you have to just pinpoint all of those skills that you already have just know that they're transferable into this I'm scared space So actually literature degrees might be the best because you can be like, hey I can read and write and that's a really difficult skill for people to get the right so And writing writing is important. Yeah. Heck yeah it is You just got to be able to tell that you use a story on how your skills are transferable Especially like during the interview they ask that question like how are your skills going to be transferable? This is when you would have to write out like what what are my skills what i'm doing now And how are they going to transfer over into that cyber security space? Okay, but they are It doesn't matter what degree you have already you can still get into cyber security Okay, so the big the big takeaway is no matter what your background was if you want to get into information security um first off practice and make sure you have the skills and then anything that you've done in the Done before um figure out How those skills are useful. So for example writing I think a lot of people really underestimate the the power of writing and then Tell the story about how those particular skills can transfer over and that comes from from your practice. Perfect. Okay You got it. Yep. Yep. You got it. Great All right, um Just to get in the door then You said that the degree program degree program is a little bit more difficult But certifications can at least get you in the door and then you have those skills and and lab practice. Hopefully in the background What certifications at least for now? Do you think the candidates? Should go after if they're trying to apply and kind of make the switch and up into information security Yeah, I would just say the security plus just the basic If you're just trying to get into the cyberspace, um, the basic fundamental cert is the security Plus and then once you get into that sorry, that's comp tia, right? That was yeah Comp tx of pretty plus and then once you get into your your cyber role, um, or you've realized oh, I want to do So forensics then you start to look into those specialties and what certs involve with those specialties that cert But yeah, the basic I would say just the comp tx security plus The basic fundamentals is going to give you what cyber security is all about give you the basic terminology That's the basic cert to get Okay, so if somebody, um It's kind of a hope it's not a nasty question But if somebody came to the irs and they're like, please hire me I have security plus I have a homelab. My degree is in painting Um, please hire me Would you say yeah, it's it's possible. Tell me how painting skills transfer over is that Would that be enough you think to to actually get in is that or or do you think that? It will be enough to get in but I think it's going to be how you actually do an interview and how you sell yourself Okay And see that you have a degree in painting and you got a security plus and then you talk about your homelabs In the interview and how that painting Um degree has there's going to be transfer when to cyber security It just depends on how you're going to sell yourself in that interview, but just looking at that background I mean just looking at that on paper. It looks good to me Creativity you said have an open mind be creative. There you go Um, so I'm going to actually add sell yourself or the ability to sell yourself Uh to the soft skills Yes, because you'll have to do that pretty much anywhere In there, okay, really interesting All right, um, yeah, people don't people don't think just because they got like another degree is not in it They're like, oh, I can't get it to cyber. That's so hard to get into but remember that just feels a transfer rule That's the main thing Okay, we have a we have a couple Comments coming in from the chat. So first we have to figure out the main paths Areas and then enhance our skills and those certifications and I think um From what you said people are coming in with like this very narrow path that they've been studying And then what you're doing at the irs through the shield program is expanding that path and saying look at all these other areas And then from that they kind of have a better idea of which way they want to go And then they'll focus on that area again, or does the irs try to keep them broad like these broad skills Yeah, so it's making them a more well-rounded individual So they're not just coming in with that especially to learning more about what you know what they would like to learn about Um, and then at the end they have a choice. Um, they could stay where they are And if they don't like where they are we could move them to another position Okay And then another question we have will it be helpful to win an international hacking competition? Security plus I think maybe is the question again Um, I'll just answer that one. Yeah, maybe it depends on the competition um Actually, that's that would So I think he's referring to like when I mentioned technical challenges when you have to get into a group and Um, present that to a judge. I'm not sure if that's what he's referring to the person that asked the question. But um We celebrate our winners. Yeah, whenever we have um the technical challenges and they when we do celebrate them and give them Awards and stuff for winning that the competitions. Oh, yeah, I miss I misread it It's will it be help will it be helpful to win and will it be helpful to win the ctf? Basically, I think yeah, like if you put down that you won ctfs. That's that's great Yeah, definitely put it on your LinkedIn profile your resume. Yes, that's awesome. Yes Okay, ctf uh ctf winners or certifications, which which would you choose? A good combination Good good combination of both, right Yeah, they're both good. They're both and agree throw it all in there. All of them are good All of these building up your experience. Sorry. I misread your question. Um, yeah But that was a good question actually. Um, I I think about ctfs Well, okay, I think about them a little bit differently But yeah as if you're like coming in, you know, top five top 10 in a an international competition Yeah, I've seen people put that on your LinkedIn profile top five percent. Yeah in the capture the flag Yes, I've seen that so I will definitely put it on my LinkedIn and talk about it in the interview of you. Yeah That's experience. Yep. It's experience. That's that's essentially your labs. Um Celebrate ctf for mobile phone forensics. I think they're doing it every year now It just finished for this year, but they are amazing. They have new challenges and uh, they are They're real problems that you face in the field. So I would check out the celebrate ctf last year the magnet forensics had a ctf that was Quite long, but it was super practical and really interesting. So there are a lot of digital forensic ctfs Coming out. I think we're going to talk about sock bell Which is just an ongoing ctf. So keep an eye out for that. Um, yeah, I didn't even think of them as a resume lines But that's that's great Okay, well is there's anything else you want to add or does the chat have any other questions for? um Me oh anything. Um, I would just say um, don't compare your if you're trying to get into cyber Always tell people don't compare your journey to someone else's journey Because you just never know how they got into cyber security and your journey will be different Everybody's journey is going to be different. Like how I got into cyber was Different and I have I talked to somebody else their journey was different. So don't compare um, definitely network Network network the power of networking is powerful. Like it's about who Isn't it's about what you know, but it's also about who knows you the power of networking is huge Um, and then just give your give your all and find a mentor That was that was like my last words. Yes All right. Well, I mean that's a perfect place to end on um Excellent. So thank you so much for um, for the really interesting discussion on What the irs is doing to try to bridge that gap and uh, just all the great advice for people Starting in information security already in information security. Heck, I learned a lot like and I've been around for a while So, um, it's just fantastic. So thank you so much Awesome. Thank you guys and connect with me on LinkedIn. Thanks again, Josh All right, so thanks everyone. Um, we will uh, uh, post links online and we'll uh, also give the links to all of her social media So keep an eye out for that. So that's it for today. Thank you so much