 Before we discuss cybersecurity, you need to understand some key concepts that are crucial for this entire industry. Without any doubt, the CIA tried is the most essential concept that you should understand. You cannot understand information security, cybersecurity and ethical hacking without understanding these core security concepts. So let's begin. Alright now so consider your information resides in this particular building. What concerns you the most? Obviously only you or the people you allow can access the information. This is confidentiality. You are also worried about data alteration. Let's say you allow your friends to see the data but you refrain from their alteration rights. Simply you don't want them to edit, alter or amend it. This is integrity. Now consider you being an authorized user wish to access this particular data. However, the security guard over there tells you to wait or you cannot reach the data due to other restrictions. This is unavailability of the intended data and the reverse is the availability of the data. Confidentiality, integrity and availability referred as the CIA tried are the three critical tenants of information security. While there are many factors that help determine the security posture of a system, confidentiality, integrity and availability are the most prominent among them. Confidentiality as I explained before, it is the protection of information from unauthorized access. It requires majors to ensure that only authorized people are allowed to access the information. For example, your medical record should only be assessed by the authorized people, not everyone else. Encryption is an example that ensures the confidentiality. Apart from this, to fully implement the confidentiality, we need to understand the two A's of Infosec that are authentication and authorization. We will discuss these two concepts later on. Let's move towards the integrity first. Integrity makes sure that information is not tampered whenever it travels from source to destination or even stored at rest. Information stored in underlying systems, databases, etc. must be protected through access controls. Integrity has three main goals, preventing the modification of information by unauthorized users, preventing the unauthorized or unintentional change of data by authorized users. And the third one is preserving internal and external consistency. Whereas the internal consistency means to ensure that the data is internally consistent. For example, in an organizational database, the total number of items owned by an organization must equal to the sum of the same items shown in the database as held by each organization's element. Whereas the external consistency means or it ensures that the data stored in the database is consistent with the real world. For instance, the total number of items physically sitting on a shelf must match the total number of items indicated by the database. And then we have the availability. The availability principle states that if an authorized individual makes a request for a resource or information, it should be available without any disruption. For example, a person wants to download his bank account statement using an online banking facility. For some reason, the bank's website is down and the person is unable to access it. In this case, the availability is affected as the person is unable to make a transaction on the bank's website. Some of the most fundamental threats to availability are non-malicious in nature and include hardware failures, unscheduled software downtime, and network bandwidth issues. However, some attacks such as the denial of service attack or DAW's attack and the distributed denial of service attack, are the intention or the malicious way to make sure that particular resources are not available for the intended users. Whereas, now let's move further and discuss the authentication and authorization. All right, authentication is often considered the first step of interaction with the system. If you physically go to the building, you have to prove your identity by showing an ID card using password or pen and other ways. For initiating the process of authentication, authorization, a subject must provide an identity to a system. So, the identification is the first step which is not mentioned here, but it is required to initiate the two As, which is the authentication and authorization. The authentication comes after identification, verifying and testing that the claimed identity is correct and valid is known as the process of authentication. The security system might ask you to provide additional information, but that should match to the already provided information to fully authenticate you. For example, after providing the password, the security system might ask you to provide a particular security code, or for example, the last transaction that you made or maybe your mother name or any other way to cross check the identity. Identification and authentication are always used together as a single two-step process. Once a subject has successfully authenticated, the next logical step is to get an authorized access to the resource assigned. For example, if I successfully provide all the authentication to the system and bypass the security check, then the next step is to access the particular resource with the permission right. For example, I may have a right to just view the content or the data or maybe I might have the right to edit the content or the information. So, this is the authorization that makes sure that upon successful authorization and authenticated identity can request access to an object provided it has the necessary rights and privileges such as the building has various files, but you are authorized to access only one file. Non-repudiation, now this is a very interesting concept. Non-repudiation is an assurance that the subject of an activity or event cannot later deny that the event occurred. For example, I might change the password and then after that I will deny that no, I didn't change the password. Non-repudiation prevents a subject from claiming not to have sent a message, not to have performed an action or not to have been the cause of an event. For instance, the security system at that building maintains the visit logs having visitors, signatures so that they cannot deny their visit on a particular date on a particular time. Another example is that a person could send a threatening email to his colleague and later simply deny that he sent the email. This is a case of repudiation. However, had the email been digitally signed, the person would not have had the chance to deny his actions. So alright, so these were the core concepts that you should understand. I shall meet you in the next or in the following video. Consider you have adopted cybersecurity measures to protect a server that is very crucial and important. You have placed IDS firewall continuously monitoring the server and hired an ethical hacking firm to conduct the pentesting. However, someone comes to the data center, unplugs this machine and takes the most secure server with him. Tada! All your security measures failed because you had implemented 50% of what we call information security. Information security also called data security revolves around protecting information in all its forms. In contrast, cybersecurity are relatively new term focuses on the safety of data stored in electronic devices and connected to the internet or intranet. IDS, IPS, firewall and ethical hacking are the modern world's problem. However, information has been there since the beginning. A decade ago, all the confidential information was in the files locked in the cabinet. But protection of this information was crucial or necessary at that time as well. Anyway, all these things go around the CIA triad. I am considering you are already aware of this concept. However, I am sharing the concept in the description as well. Information security, which is the act of securing the information by all means can be further divided into cybersecurity and information protection. Additionally, cybersecurity focuses on the cyber space. Whereas, so this is all about the cyber space. And apart from this one, information protection considers the physical assets. Everything you are building, physical, sorry, including your documents, files, building or the facility. Over there, you can say that the servers, computers, laptop, logical security and all these things come here. But the overall goal of the information security is to achieve the CIA triad. The concept of information assurance comes here. NIST defines it as measures that protect and defend information and information systems by ensuring their availability, integrity, authentication, confidentiality and non-repudiation. These measures include providing for restoration of information systems by incorporating protection, detection and reaction capabilities. Look here, two new parameters beside the CIA triad. So the information assurance ensures five things. Two new things like authentication, which means checking identity before allowing access and non-repudiation means knowing who sent or received the information. Information assurance is the bigger picture or the big umbrella. While information security, it comes under it. In general, information security and cybersecurity, they both ensures the CIA triad, this one. Whereas, the information assurance makes sure as if I just draw that this is the entire umbrella. All right, over there like this. And everything comes inside the information assurance. Whereas, if I say this, all right. So the information security is considered the CIA triad only while information assurance considered all five triads, both of them the CIA and this authentication and non-repudiation. On YouTube and blogs, you see all the content creators mainly talk about cybersecurity and a specific domain of cybersecurity that is ethical hacking. The cybersecurity can be further divided into network security. All right, and website, application, cloud and others. So it's application, you can say cloud and others or etc. However, ethical hacking is the process, procedure or technique to promise the cybersecurity or promise these securities. Ethical hacking utilizes offensive techniques, often called red teaming to check the vulnerabilities and the loop holes. While the defenders or blue team monitors the incident and responds accordingly. Apart from ethical hacking, there are other people and job roles that make sure to achieve the cybersecurity goal such as network engineers, developers to develop secure programs and etc. I will discuss the job roles, certification and responsibilities of cybersecurity professionals in the next video. So the objective of this video is crystal and clear. The information assurance, which is IA and then information security or you can say infosec IS and then it can be divided into information protection IP and then the cybersecurity. Whereas ethical hacking is the procedure of cybersecurity that ensure the cybersecurity. So ethical hacking adopt the hackers technique to find out the loop and vulnerability. So this is the structure, the entire structure. Cyber security is a parent domain, or we say it as a top of the hierarchy. It can be divided into various types and similarly based on multiple techniques. Broadly speaking, cybersecurity can be further divided into six different domains. Each domain require specialized skills and hence provide a unique career path. Now you must be thinking about ethical hacking, incident response, forensics and others. Let me tell you that the pentesting or ethical hacking is the process that ensures all these things. During the ethical hacking process, a pentester finds vulnerabilities to secure the network, cloud, IoT, application or the critical infrastructure. So ethical hacking is not the type of cybersecurity. Ethical hacking ensures the security. It is a process or the procedure that ensure or make all these things secure. Let's discuss each types in detail. So I will discuss the ICS and critical infrastructure security both in this slide. ICS or Industrial Control Systems Security is the specialized domain of critical infrastructure security. Critical infrastructure security deals with all the vital infrastructures that a government or a nation relies on. It consists of the cyber physical systems that are crucial for modern societies. For example, hospitals, traffic control, transportation, electricity and nuclear plant and everything. Whereas the ICS or Industrial Control System, OT, operation technology and SCADA systems are the components of critical infrastructure security. Whereas when we say ICS, we refer to the complex industrial processes that deliver power, water, transport, manufacturing and other essential services to the nation. Now apart from this, we have the next one. Let's move application and network security. So I'm discussing the application security and network security both in this slide. Application security refers to the steps businesses take to identify, repair and protect applications against security vulnerabilities. In short, application security is a process of making apps, no matter it's a cloud based app or the desktop app. The objective is to secure the app by finding, fixing and enhancing the bugs or the enhancing the security of the app. Much of this happens during the development phase but it includes tools and methods to protect apps once they are deployed in the wild. On the other hand, network security utilizes various tools and techniques to protect the network from cyber attacks. Network security ensures that internal networks are secure by protecting the infrastructure and inhibiting access to it. For example, network security engineers use access controls like firewalls, monitoring and detection systems like IDS and IPS to safeguard the network. In short, the application security deals with finding the software level bugs in a particular app or software or maybe a website. Whereas in network security, consider implementing the network security components, firewall, monitoring systems to safeguard the network from unauthorized access externally or internally. And then we have the cloud security and internet of things or internet of everything security. Cloud is everywhere, thus the protection of all the data in the cloud also essential. Cloud security deals with policies, techniques and procedure to keep the cloud environment secure. It secures cloud stored data and other digital assets against data breach, malware, DDoS attack, hacking and other cybersecurity threats. Similarly, the IoT security safeguards, the internet of things devices and the network they are connected to devices such as the sensors, printers, security cameras or IP cameras and all these things. Even now we have the smart bulb and all these smart refrigerator, smart microwave, smart TV and all these things. So in order to secure all these smart devices, you need to make sure the IoT security. Alright, so these are the domains. Now let's discuss these things. These are the penetration testing, incident response and forensics, dev ops and psychops and then the endpoint detection and response. Pen testing or penetration testing utilizes tools, techniques and strategies to discover the known vulnerabilities in the network, cloud, application and other systems. Whereas dev ops is a set of practices that combines software development, which is the dev development and IT operation ops operation. It aims to shorten the systems development life cycle and provide continuous delivery with high software quality. Error or vulnerability free. Whereas the security operation or SecOps, I mean this is an amazing concept and it's growing. SecOps is a highly skilled team focused on monitoring and assessing risk and protecting corporate assets after operating from a security operations center or SOC or SOC. Anyway, so this was the concept of cybersecurity types and technologies. I have tried to explain that the pen testing, incident response, these are the process to ensure the security. Whereas hacking is not the only threat to the cybersecurity. There are other threats as well. For example, the disruption, which is the DOS attack, the malicious insider and all these things. Anyway, I'll see you in the following video. The statistics revealed that the cybersecurity industry is currently flooding with jobs. It has been reported that there are fewer people than required to fill all the roles in cybersecurity. The prominent positions that companies are advertising for are covered in the following slides. Let's discuss. Okay, there we go. So you must be thinking that pen testers earn more, but it's incorrect. Obviously management makes more and after the manager's position, the security architecture or the people responsible to design the secure infrastructure considered more valuable. So this is the top 10 cybersecurity job roles from top to bottom. The salary information taken from the pay scale.com and it's the annual average salary in the United States. Now let's discuss the job responsibilities of each role along with required education and certifications. Just to keep an eye, there you can see the CSO and the CSO information security architect, security assessor, information security manager, malware analyst, pen tester, incident manager. However, whenever you search on the internet, you see a lot of content on the pen testing process. But people hardly discuss these things. But to be very honest, they are more important job roles and the people working on these position earn more than the pen tester or incident manager. Anyway, let's discuss CSO take care or take over the overall responsibilities of the security of the organization. They are in charge of directing operation and getting funds allocated for cybersecurity functions. This is a executive level position and the people working on this position ensure the compliance of security policies from top to down. CSO job are often filled by highly learned individuals that possess both technical and management skills. Other tasks include developing budgets, collaborating with audits and making sure that the company complies with the relevant laws and regulations. Generally speaking, a CSO needs a solid technical business and management foundation. Undergraduate degree in computer preferably masters with 7 to 12 years of managerial position experience along with certifications such as CISA, CISSP, CISM, etc. The CSO does not only need to understand the technicalities but they are expected to understand the compliance as well such as the PCI, HIPAA, NIST, etc. And then we have the Chief Security Officers or CSO. CSO and CSO are sometimes used interchangeably and in some organizations they are the same people performing similar tasks. It is clear that the CSO and CSO are both executive positions and they have both technical and management skills. However, the CSO in many organizations a high ranking position that provides the security functions to the executives. CSO ensure that organizations have advocate business continuity plans to prevent a cyber attack scenario that brings all business to a standstill. They also ensure that enough security tools and techniques have been implemented to avoid data, monetary and reputation losses that may arise from a cyber attack. The Chief Security Officer should have bachelor's and a master's degree with the previously mentioned certs like CISSP and CISA. Security Architect is a very interesting and exciting position or job role. Cyber Security Architect is a senior level position responsible for planning, designing, testing, implementing and maintaining an organization's computer and network security infrastructure. Security Architects oversee any changes that are to be made to the network so that they do not put the organization at risk. Security Architects need at least a bachelor's degree in computer science or IT and relevant professional experience. Many enter the field with hacking or pentesting expertise. Suggested certifications are the information system security architecture professional which is the part of the CISSP and defensible security architecture. And apart from this few certifications beginner level that the EC Council offer one is the network defender certification. I will share the link down in the description. Anyway, so let's move to the other part of the job role. And then we have the Cyber Security Manager. It is not expected that the existing system and network admins will oversee the burden of cyber security. They might lack the expertise or be left behind by trends in cyber security or cyber crime. This is why organizations are creating cyber security manager position to overseas all cyber security programs on network and systems. These managers performs the task such as monitoring compliance with policies ensuring IT security audits are required keeping tabs on the patching or threat mitigation efforts. And also managing any cyber security incidences. Cyber security managers serves as a backbone of the organization's cyber security efforts and are expected to have a wide scope of knowledge in this particular domain. Some certifications are mentioned here. So this is the another extension of the CISSP with the management point of view and then the security leadership certificate. Obviously the master degree and master are preferably required. Most of the organizations are required. These educational background people with this educational background. Anyway, now let's discuss the security control assessors. This role conducts independent comprehensive assessments of the management operational and technical security controls and control enhancement employed within or inherited by an IT system to determine overall effectiveness of the system or controls. To be very honest, this job role is not very common. However, the governing bodies need assessors to perform the security control assessment. As a rule of thumb, a minimum bachelor degree and master's preferable. As far as the certification are concerned, there is not much explicitly designed for this job role. However, technical and management skills are required. Alright, we have discussed the top five positions. However, there are others as I have mentioned them before in the second slide if I'm not mistaken of this particular topic. Kindly read the blog post that I published discussing all the all these roles and their required certifications. The link in the description you will get details of everything. See you in the following video. Take care. In this lecture, the skills that we will discuss are connected with the job roles discussed earlier or in the previous video. Let's see some highly desirable skills that a cybersecurity professional should possess. Cybersecurity is one of the most dynamic careers in the job market. Simultaneously, it offers many career options. The skills you need to remain relevant in the market keep changing. This is because cybersecurity is reactive to changes in the cybercrime space. Therefore, when cybercriminals change their tactics, cybersecurity professionals are also expected to change. For instance, a decade ago, malware removal would be a sought after skill in the market. However, due to automation, security tools become capable of performing this task so that skill lost relevance. So keep yourself up to date in the rapidly changing cybersecurity world. Although technical skills are backbone to you. The soft skills also play a vital role in excelling in a cybersecurity career. There you can see some top skills that you should have. Let's briefly discuss each. First, the risk management. Risks are the driving force behind cybersecurity. Therefore, cybersecurity professionals should be acquainted with information about risk management. As they take on some of the typical cybersecurity rules, they will be responding to some form of risk. Some positions will also require the professionals to demonstrate the risk present in systems and networks to business executives. And the demonstration should be in a language they understand. The executives really don't understand the technicalities or technical terms. It is highly unlikely that they understand the cybersecurity jargons or the industry terms. That is why being a professional, you should translate the concepts into a layman term to be presented in front of the top level executives. Hence, the soft skills are also necessary. Additionally, I would like to mention risk identification. If you cannot identify the risk, you cannot mitigate it. Let's move further and discuss the technical expertise that you should have. Alright, you should possess diverse technical expertise. If you are working in the cloud, it doesn't mean that you should ignore other platforms or expertise. You should understand various programming and scripting languages, network administration, threat hunting, logging, monitoring, forensic skills, intelligence gatherings, or OSINT, etc. It does not mean that you have to be expert in all these things. However, you should have foundational skills and information of all these technical domains. In the end, you should master your particular field, but do not ignore the other abilities. Alright, let's move further. And then we have social skills. Very interesting. So this one is really, really important and most people don't consider it. I mean, why? I don't know. Where there are wrong soft skills, soft, social or interpersonal skills are critical, no matter in which domain you are working in. If you cannot communicate your idea or you cannot properly communicate with your supervisor or to your supervisor, you will be less likely to perform well. Additionally, to grow in this industry, you need to converse with people both return and oral communication. Significantly, the C source communicate technicalities to business executives in the layman term. You are wrong to consider the business executives to understand the sequel injection. You need to adopt different ways to communicate this particular risk and the other risk. Apart from this, you need to tell or you need to sell yourself in job interviews. You need to establish relationship with relevant people on social media, on Twitter, on LinkedIn. And you have to go to the conferences as well. So the soft skill or interpersonal skills are necessary. Anyway, now let's move further. Ambition to Learn. As I mentioned before, cybersecurity is an ever-growing field. If you don't have the curiosity to learn new skills, you will be obsolete in no time. The attackers utilize the latest tools and techniques to breach the network. Similarly, a defender should also learn new techniques to secure the network. You should not stop reading blog posts, tips and tutorials online. Apart from this, do not forget to learn new techniques. Do not forget to attend new certifications, new courses. Keep yourself up to date. Have the ambition to learn everything. All the new things, all the new technologies and techniques and everything. And then we have the security architecture, architecture skills. Cybersecurity is not just focused on threats, vulnerabilities and attacks. It includes building solid systems that can prevent attacks from happening. The end goal of cybersecurity should be the sustainable solutions that can offer services to legitimate users at all times. The security architecture in many systems is focused on solid security controls that can prevent or add burden to hackers. Thus reducing their effectiveness in carrying out these attacks. Skills such as identity and access management, network configuration and system hardening are crucial. Automation, I mean this is fun. I really admire the automation skills and it is the future. Here automation means machine learning and scripting. The scripting to automate various job functions that you should not perform daily, such as performing a redundant task. Instead write a script to do this. In order to write the script, you should have the scripting abilities. Whereas the attackers are now getting smart. I mean they are adopting AI or artificial intelligence techniques to bypass security systems. And being a defender you should also rely on machine learning. This skill will surely help you to outperform in the coming years. Now we need people, now we need the system based on AI to protect the organization's infrastructure from the malware. The current system based on signature based detection are not working anymore. Anyway, so this is automation skills that you should possess. And apart from this, we have the business awareness. You need to understand the business you are working and if you don't understand the business, you will not be able to serve properly. Being a technical person, you should not ignore the organization's core business. For example, you are working in an organization that creates custom software for its clients. You should understand the business so that you can keep a balance between usability and the security. If you don't understand, you will likely compromise one of them. Sometimes what happens being a pentester, for example, a junior position, some people think that why the organization is not adopting this technique to ensure the security. It is due to the business nature. Sometimes it is not possible to adopt all the security controls. You have to keep a balance between the usability or the user experience and the security. If you tighten your security, then you might lose the usability. So keep a balance. In order to keep a balance, you need to understand the business. So have some business understanding as well. So these were the most essential skills that a cybersecurity professional should have. I will see you in the next lecture. So how to secure an entry-level cybersecurity job? As per the state of cybersecurity hiring report, most cybersecurity employers are not looking for newbies and they are not looking for those without a college degree either. Cybersecurity jobs require yields of training and relevant experience. So how to secure an entry-level job? How to position yourself? Let's discuss this thoroughly. This is the roadmap or strategy to secure your position. You need to understand the job market and then position yourself accordingly. Secondly, it is advisable to get a mentor. You can learn a lot from the experience of others. Lastly, but crucial, networking. Stay connected with relevant people online. Showcase your skills, promote and sell yourself. Now let's move further. There are several cybersecurity positions and the list of work roles and responsibilities varies depending on the role and the company. NIST or National Institute of Standards and Technology initiated a project called NIST or National Initiative for Cybersecurity Education. This document or this NIST framework discusses the cybersecurity skills shortages and it's a valuable resource for those looking for work in the security sector. I will share the link of this document. You should download it and understand it completely. However, let's just go to the main part of this document. I think it's on the page number 22 if I'm not mistaken. Alright, there you go. Yeah, here you go. NIST divides cybersecurity position into seven distinct work force groups. So there you can see that these are the seven work force group and then you have to find out, you have to see in which group you want to work in or what kind of expertise or skills that you already have or what you should learn to position yourself better in a particular group. Alright, so there you can see the seven categories. The security provision, operate and maintain, oversee and govern, collect and defend, analyze, collect and operate, investigate. And there you can see the description as well of each particular category. Similarly, if you get down, you will see the speciality areas and the description of each. For example, the security provision, you can see the risk management and then you can see the particular description. Similarly, software development system, architectures, technology, R&D and all these roles. Apart from this, you should check. Let me get down first. Okay. Okay, now there you can see the nice framework work roles or job roles. So there you can see this particular risk management and this particular risk management. What are the roles that you are expected to perform? So you should check the work role and description of each role. You should use this document to understand the infosec industry and position yourself to secure the relevant position. As we have already discussed, there are several job roles and certifications and education depend on the career path you want to follow. So first of all, decide what you want to become. Either you want to go to the policy side or technical side. You want to become a threat analyst or architecture. Everything will then revolves around this. One convenient tool that will help you to make a career decision is cyberseek.org. Let me show you. Now, this particular tool or website or app explores the cyber security job market and it also contains a very interactive career pathway. Let's analyze the market first using the heat map. Alright, so this heat map shows the job opening in all the states of the United States of America. You can use the filter here to see the public sector jobs or specific industry jobs as well. So there you can see in Texas alone there are more than 47,000 opening at the moment. Now let's just scroll down and when you scroll down you will see the national level data. And there you can see that total cyber security jobs opening at the moment, this one more than 500,000 and total employed cyber security workforce at the moment around or more than 900,000. Supply of cyber security worker is still very low. I mean, it's a good time to get into this industry and get your career active. There you can see the geographical concentration and apart from this you can see the job opening based on the nice framework. Security, provision 300,000, oversee and govern. This is the nice tool to determine your career path, what you should do. You can see that this particular both of this domain can have the most of the job opening and then you can have a career in this particular domain. Apart from this you can see the certifications. Certification holders, obviously a lot of people possess the security plus certifications. However, the organizations are not really requesting it. Only 50,000 openings are requesting this and more than 100,000 people possess this certificate. Similarly, you can see this certificate as well and there you can see that the CISSP is already in demand and apart from this the CISA, the CISM these three certifications are in demand and you can see the shortage as well. People don't have this certificate so there you can see the potential. If you open a particular state for example if I just click on this one, the Texas you will see the particular domain or particular information of this particular state. For example, the Texas you can see the job opening is still very low and you can see the particular job top cybersecurity job titles or job roles and then you can see the same thing and the certification as well. I don't want to force my opinion you should analyze the industry using the tools mentioned here. One more thing that I would like to mention is the career pathway. So if you open this one you will see a particular career pathway and then you will see what kind of certification or the average salary you might get if you follow the particular path. Being an entry level security expert you might get yourself into this particular job role. For example, you may become the cybersecurity specialist or technician. It does not require the software development skills there you can see that. It requires networking, system engineering some financial risk analysis and security intelligence and then from there you can become a security analyst or you can also become security consultant and you can then move to the pen testing or vulnerability tester. For example, once you become the security analyst you can then go to the advanced level so in order to become the security analyst you don't need the financial risk analysis and the security intelligence expertise. Similarly, if you go to the IT auditor you can click on any for example if I click on the security architect this one. So there you can see scroll down you see the average salary you can see the total job opening so now you have to you have to plan your career based on these information you can see the common job title alright so you either you may become the security architect cybersecurity architect senior security architect or IT security architect and education 70% says that a bachelor degree required some says that master's degree or graduate level work and some obviously don't require any and the certification you can see what kind of certification that you will be needing if you want to become a cybersecurity architect but obviously it's advanced level a career first you need to secure your entry level job and then you can move further for example you need to become a security specialist what you can do you can see that you can see the job opening I mean it's good number and then you can see that yeah 19% they can hire you without a bachelor degree as well you can see the top certification including the company security plus some science certification some CISA and similarly yeah all these information anyway so as I said that I really don't want to force your opinion you should analyze everything I have shared the technique to find out the industry practice of what's happening in the industry and we have already discussed the top 10 job roles and their certifications you have the data judge yourself and then pick a path or career and once you are done with this move to the next step let's discuss the next steps mentorship and networking mentorship is essential both in your career and education there is always the excitement of getting things done all by yourself to attribute all the success to yourself however the reality is quite different from expectations you might have the best ideas but not actually know how to execute them your plan for growing in your career might not exactly fall into places in real life your expectations of getting a job by merely spending hours on job boards applying for positions that you are qualified for might not go as you expected this is why you need a mentor to guide you and also to monitor the steps you take mentoring is a one-to-one relationship where you seek the continued support and advice of a more experienced professional to guide you through any stage of a career development few platforms can connect you to the mentor however instead of the platform I suggest you follow some credible profiles on twitter and get a mentor from there you should use cyber mentoring Monday hashtag on twitter and there you can see that a lot of people are giving opportunity to support you and apart from this for example this one she is good, she is amazing and I also share a lot of things on social media especially on twitter and LinkedIn so you should join this hashtag you see a lot of people are providing support or giving support there you can see DM's open you can just go ahead and talk to them learn from the experience of other people apart from the mentoring let me go back to the slide first there we go so as I said apart from mentoring networking is really essential to excel in cyber security connect with relevant people on LinkedIn and establish a strong profile on twitter hundreds of people come into the job market with bachelors degree and certifications but networking is the only way to stand amongst them showcase your skills on social media talk about let the world know who you are and what you can do you can see I regularly post and give people opportunity to connect with like minded people come on and join me on LinkedIn and you should also aim for one thousand relevant connection in the next three months but don't abuse this feature otherwise you will be banned play smartly post your progress here in this particular course and try to join with like minded people what you can do you can post your profile down as well and so that other people should open your profile and you the connection in white apart from this you should establish connection with the industry with the people the relevant people as well okay what I'm expecting you to do tag me on LinkedIn and show your progress my link my profile link is in the description so few but the core strategies have been discussed to get your first job in summary decide your career get the relevant skills certifications and education and then sell or promote yourself on social platforms get a mentor apply for the jobs get the job excel in the career and then come back and help the other people this is a cycle and let's do it I think that's it you will surely get a position in no time if you follow the discuss strategies I hope it helps you although this is the last part of the course yet it's a big thing you should follow the skills certifications and the career path discussed in the course and get a prominent cybersecurity position additionally I expect you to connect with fellow learners here so connect with me on Twitter and LinkedIn established a network I will publish the ethical hacking course for beginners very soon thus stay connected and get notified rather than saying best of luck I must say device your strategy I think that is it see you see you soon take care bye bye