CISSP Cyber Training Podcast - CISSP Training Program

CCT 332: A Winning CISO/CSO and AI Changing Cyber Forever (Career Planning)

Shon Gerber, vCISO, CISSP, Cybersecurity Consultant and Entrepreneur Season 3 Episode 332

Share episode

Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.

0:00 | 34:18

Send us Fan Mail

AI is not a future cybersecurity problem. It is a right now career problem, and it is also a massive opportunity if you prepare the right way. I walk through how AI is changing cybersecurity forever, from AI-generated phishing and malware to brand new attack surfaces like prompt injection and LLM attacks. At the same time, I explain why modern defense stacks are getting smarter fast, with AI baked into SIEM, EDR, XDR, threat intelligence, and cloud security posture tools.

We also zoom out to what senior leaders are expected to do today. CSOs and CISOs are hired to protect more than systems. They protect revenue, brand trust, and business continuity, and they have to communicate risk in language the board can act on. If you want to grow into leadership, I share the mindset shift away from being the “job of no” and toward enabling the business with clear trade-offs, metrics, and outcomes.

Whether you are new to cyber or you have 5 to 20 years in, you will leave with a practical plan: which certifications build momentum, which roles AI is disrupting, what skills AI cannot replace, and how to run a 12-month upskill roadmap that keeps you relevant in the AI era. If this helps you, subscribe, share it with one person in cyber, and please leave a review so more CISSP and cybersecurity professionals can find the show.

Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox!  Don’t miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success.

Join now and start your journey toward CISSP mastery today!

Welcome And CISSP Mission

SPEAKER_00

Welcome to the CISSP Cyber Training Podcast. Where we provide you the training and tools you need to pass the CISP exam first time. Hi, my name is Sean Griber. I'm your host of the Action Act Informative Podcast. Join me each week as I provide the information you need to pass the CISSP exam and grow your cyber sector in knowledge. Alright.

What CSOs And CISOs Must Prove

Why AI Is Reshaping Cybersecurity

Roadmap For New Security Pros

What AI Cannot Replace In You

Roles Cert Strategy And Your Brand

Resources Action Steps And Closing

SPEAKER_01

Good morning, everybody. It's Sean Griber with CISSP Cyber Training and hope you all are having a beautifully blessed day today. Today is Monday, and we are going to be getting into areas related to the CISSP that are topic specific, and we're pretty excited about today. Today I'm going to be getting into how AI is changing cybersecurity forever and why you should be aware of it and what you should need to be concerned about as it relates to the CISSP and as it relates to AI in general. But before we do, I had an article I wanted to pull up for you. As many of you listen to this podcast, you are more senior folks that are working to get your CISSP. And so you probably have your eyes or are a chief information security officer, or you want to be a chief security officer of some kind with an organization. And so I kind of try to grab topics that I feel are helpful in relationship to what you want to do because most people who are wanting to get the CISSP want to move into some form of leadership within an organization. And so this is a topic that I feel is pretty appropriate to that area. So this is in CSO magazine. In CSO magazine, they say, Babe, what does it take to win that CSO role? Now, if you've listened to CISP cyber training, you understand that the chief security officer and the chief information security officer can be a bit synonymous. The chief security officer technically deals a lot with the physical security of an organization, but in many cases, the CSO pulls in of the information security pieces into their basically their tenant, what they're supposed to do, their responsibilities. And vice versa, the chief information security officer does pull in a lot of the responsibilities of the chief security officer. So depending on the organization you might be with, they might be one and the same. So we're going to talk about this article, and it kind of goes into that piece a little bit, that they both are in that space, that space specific vein, that they are very similar. So the content is that it talks about the chief security officer and the chief information security officer are among the hardest roles to fill within IT. And like it says, it should be good news for security professionals. And it is, but there's also some of the highest risk involved with being one of these folks. So modern CSOs and CISOs, they do operate, as we've mentioned, at the C-suite or the board level. And they are responsible for not only protecting systems, but also protecting revenue, brand trust, and the overall business continuity of the organization. So they're a big factor in what you do. And so what you want to kind of consider is that their knowledge has to be pretty solid in what they're trying to accomplish. So successful candidates usually have a deep expertise in one of two or two security domains, plus broad knowledge across the cybersecurity ecosystem. This is hence why the CISSP is usually the go-to certification for folks that want to have those senior level positions because they have a broad level of understanding in many of those different domains. Now, the high value areas include identity and access management. We talked about cloud and multi-cloud, AI and emerging technologies, and then security automation and compliance monitoring. We've mentioned the fact that having a good understanding about GRC related to AI, and I'll have a future podcast and some videos on that on YouTube, are going to be very positive for you in your future. So again, security leaders must blend deep expertise in broad knowledge as well in all of these areas. Now, business acumen is now considered a mandatory understanding. And I will say this from myself working in the as a CISO for a very large multinational, that business acumen took a little time for me to understand because I didn't really understand getting into it, what was needed. And I will tell you if you can start now reading some really good books and then maybe find a good CIO that's gonna help bring you along, would be very valuable in understanding the overall business vernacular that's for your organization. EBITDA, you're gonna need to understand how your business is profitable, you're gonna need to understand the various uh profit margins in your area, you're gonna need to send the profit centers in your area, and you're gonna need to really try to understand all of those big terms that are brought out as a big factor for you to become successful as a CISO or as a security leader within your company. Boards expect leaders to discuss security in terms of enterprise value and risk exposure, not just technical controls. And we've brought we've tried to hit this home as it relates to CISSP cyber training. In a lot of the podcasts that we've done and a lot of the trainings we've done, you need to understand the overall risk exposure and not just the technical aspects of it. I hope I've been driving that home because it's easy to deal with the technical aspects, but it's much harder to deal with the overall risk exposure and understanding that acumen. Leadership and communications are critical. You know, you must communicate effectively with technical teams, executives, and non-technical stakeholders. Much of your job will require around negotiation, influence, and organizational leadership. Uh, so again, you're gonna have to know how to handle these folks and how to handle your job and your role. Now, you need to go from the mindset shift of not know to how. And I will say that this is a big factor that many security people struggle with is the job of no. Uh, we never I work really hard to not provide no, is to provide, okay, what can we do to make that happen? And what are the trade-offs for doing that? So, as a modern CISO, you must enable the business rather than block it. It's imperative that you do that because one, that's what they're looking for. They're paying you to do that. And they're paying you to understand the risk exposure so that you can give them good advice and good action actionable steps in which they can be successful. The security should help the company move forward safely, big term, supporting product launches and customer trust rather than acting as a barrier. And then your track record and measurable outcomes do matter. Okay, so hiring committees evaluate candidates based on scope of past responsibilities. So we've talked about this, that you it's all about your experience is an important part. Authority and budget that you managed. So this is a key factor as well as you go into into with your resume, make sure that you highlight what was your authority, what was your overall budget, and then security outcomes and incident management results. What are some situations that occurred, and how many uh situations did you resolve? This could you don't have to go into the details, obviously, because you probably have NDAs in place with your organization you're with, but you want to give them metrics that they can use. I helped triage X amount of incidents. Our company did that. I had X amount of employees that helped triage that, and we span across 15 different countries, X, Y, and Z. All of those pieces are an important part in your overall plan and how you're going to show the results for your organization. Simply having the title without real leadership experience will not hold up during the hiring scrutiny, and it's it's not going to. So it's imperative that though that you can tailor your resume so that it meets your expectations. It also meets what your requirements are that you've had. So you reach me out to me at CISSP Cyber Training. I'm happy to do some mentorship with you and help you with this. I've done a lot of resumes and I can help you get your setup for what you may need in the future, specifically related to the job that you're trying to accomplish. Again, tailor the resume specifically for the role you're trying to gather. Do not just make one resume and blanket everybody. You need to be very specific in what you're trying to go after. Okay. Again, great article. This is from CSO magazine. What it takes to win at the CSO level or the CSO role. Again, chief security officer, chief information security officer, they are different, but they're also very similar. So depending on what who you're talking to and what organization you're going to be applying for, know the differences, but also know what are the responsibilities for the CSO role or the CISO role. Okay, let's get into what we're going to talk about today. Okay, so how AI is changing cybersecurity forever. And here's what it means for your career. This information is designed whether you are a setting out as a seasoned pro or you are just getting started in your cybersecurity career. So the goal is to kind of plan around how you how should you, as a security professional, prepare yourself for this AI world. The reality of it is the threat is real, right? Is AI coming for your role? And that is possible depending upon where you're at in security. But there's also a great opportunity for you. You have an incredible opportunity for you to if you grab a hold of it and be successful in this space, specifically if you are a security professional. So there's three and a half million jobs that are going to go unfilled in 2025 related to security. And they're out there, they are there. You just have to decide if they something you want to go after or not. There's a 300% increase in AI-powered cyber attacks just since 2022. So we know that this is increasing at a voluminous level. And as far as the market goes for cybersecurity, well, it's about 175 billion. So there's plenty of market share there for people. Now, is that going to change? Yes. Is it going to get more? I feel it will, but it's going to pivot from the things that we've thought in the past. Things are going to change a bit from what we're expecting in the future. So this is what the market's going to be by 2028, is what they're kind of anticipating. So AI is not replacing the professionals, maybe some roles and maybe some activities, but it's creating a skills gap that you specifically can fill. Now you're going to have to take the opportunity and you're going to have to grasp it and you're going to have to change. The big part on all of this is change. And it is a hard thing for most people to do. Honestly, it's hard for almost everybody, but it depends on how fast are you willing to grab it and how fast are you willing to embrace it for it to make a change in your overall life. So the landscape is changing, it's shifting. And this is happening on a permanent basis. This isn't a small change. And it is happening overnight almost. I mean, it truly is. I've seen just in the past few years, the amount of change that's occurred has been substantial. It's been incredible. So AI-powered attacks, these are their phishing malware and social engineering attacks are now AI generated and are happening faster, smarter, and they're extremely hard to detect. There's so many different ways that these folks are using it from utilizing current AI within your organization to act as a botnet to the ability for them to use malware inside your organization to farm all the information that's within your company. So there's lots of different ways. They're no longer need individuals to do these roles. They have a robot can do this. Now there's AI-driven defenses. You're at your SIM, your EDR, your threat intelligence platforms now use some level of ML to detect anomalies in real time. I just turned on a sim for a company and I noticed that you know what? I don't even deal with anybody unless there is a specific situation where we got to work through. Otherwise, the AI robot is doing all of it. So it's in it's incredible how things have changed, specifically just in the past year and a half to two years. Prompt injections and LLM attacks, there's brand new attack surface adversaries are targeting AI systems themselves specifically to get information. So it's it everything has changed. These words did not really truly exist in our vernacular up just a couple years ago. So you're gonna have to be prepared, understand it, grow it, and learn it, and it will help you in the future. So as we're looking to help folks understand what are the big areas around AI, we're gonna kind of get into what do you need to do if you're just getting started and you have very little experience in cyber. One, you need to get certified quickly, right? Get Comp T Security Plus, Google's Security Certificate, or ISC Squared CC, which is free. Get those to understand the vernacular and understand security. Learn AI security fundamentals. Learn how the ML is being used in firewalls, EDR, in CrowdStrike, Sentinel One, all of these pieces that are an important part. You need to try to understand how AAI and ML is being utilized in that. There's plenty of free tools out there. There's also plenty of information that's available for you to get this information in a way that will help you. Build a home lab, try Hack Me, Hack in the Box, Blue Team Labs Online, any of these to help you grow your knowledge around cybersecurity. And document everything on possibly GitHub or LinkedIn. Now, if you're going to be doing some level of doing this activity within your company, probably don't document that on GitHub, right? Or LinkedIn. But if you're doing it for yourself, go ahead and explain it out there. The point of it is that you're trying to get information out to people, especially on LinkedIn, that you are serious. Get entry-level exposure, like try to become a SOC analyst, uh, get in a help desk or internships. Again, don't skip the basics. They build your intuition and understanding. If you can get a SOC tier one spot, do it. I would highly recommend that if you aren't working for an IT help desk, that's a great place to start. It's also a great way to get your foot in the door. Specialize early. Pick a lane in the next 12 months. Cloud security, application security, threat hunting, GRC, any of those. And don't wait for what someone to teach you. You need to go and lean into it. You need to embrace it and you need to learn it on your own. So high demand roles to target in your first three years. SOC analysts, tier one and tier two, again, these are there. They're going away because AI and ML, but they're still there. Cloud Security Associates, these can make from 70 to 105,000. Again, those are areas that have cloud native security with AI threat detection built in. You can become an auditor, IT auditor, or GRC analyst. This is an area I feel that if you don't have a lot of knowledge in from a technical standpoint, it's a great place for you to move into. Threat intelligence analysts, this is another area that if you get some knowledge in there that can help grow, especially as you're trying to search for different types of threats. Penetration tester, and starting off as a junior role, those are a little bit harder to find, and you may take a little bit of creativity to get one, but those are out there and available. And then security awareness trainer. This is an area that I feel that if you really don't have a background at all, this is a good place for you to really cut basically cut your teeth, get started in this space. So again, high-demand roles to target within your first three years. Now, if you're in your 30s and 40s and you've built something, you've got to this point, don't let AI erase it. And this is probably one of the biggest concerns most people in that field have. If you've got five to 20 years, you're going, hey, I've got something here, but AI may take over my job. And so this is something for you to not be concerned about that so much, but now to embrace AI and figure out how you can use it along with your experience to basically create a career, to enhance your career to a level that you can expand and grow from this point forward. So again, this is the tier two piece of this. Now, the roles that AI is disrupting right now, manual log analysts. Anybody that's looking at just logs specifically, those are going away. Tier one analysts, I feel are gonna be getting impacted by this, is depends upon how many individuals are out there and what's actually being occurred. So if you're looking at that, yeah, you might want to start looking at something different and trying to pivot. Basic vulnerability scanning. If you were a person that did scanning for somebody, this is gonna be going away as well. So I would highly look to pivot in this case. Uh, this is automated scanning such as Tenable and Qualis, they they do it all with AI at this point. So if you are the person that is the responsible individual, maybe you're the person that's doing that for the organization. That's great, but just know that it's that capability is gonna become less and less over time. We talked about a level one SOC analyst. This is an area that you really, if it's out there and available, you need to try to grab a hold of them, but know that that shelf life is limited, that will be changing very quickly. And then compliance checks, checklist auditors, auditors that just basically are trying to go through the boxes checking to see if individuals have the evidence they need for an audit, and they have just interpreting some of the basic risks, those are gonna be going away as well. So, again, anything that's entry-level type activities, I'll be truly blunt. They're gonna be changing. So you have to change with them. Now, what AI can't replace and what you specifically have. The attacker mindset. If you've been doing this for any period of time, you understand how the attackers work. And so this is something that you can add a little nuance to it. Does AI have a good grasp of it? Yes. Does it have the full understanding? No. This is where your experience is going to come into play dramatically. Business context, you understand the obscurity is a business function, it's not just a piece of academia that you have to go do. You can translate risk into language that executives can act upon. You also have gained stakeholders' trust. So building relationships with your IT, your legal, and your executives are things you have done. This is political capital that takes years and AI can't fake it. And you know what? Security folks, as leaders are out there, they are not going to be jumping immediately on AI decisions unless they feel confident that the security leader understands it and the security leader is behind it. So your knowledge is going to be take you a long way. Incident intuition, you've got a the gut check alert. You understand how the tools flag things, you understand how what they're looking for. Utilize those skills. You understand systems, you know how they work and how they connect. Even in many of these places that you may work, have older, outdated systems that haven't been updated. AI can't help with all of that. So utilize the skills you have to help expand upon how AI can build into those areas, but also utilize those knowledge that you have so that you can be indispensable for your company. And then regulatory memory. You understand hip hop, PCI, DSS, SOC, all of those aspects you understand. You've lived through audits, you understand how audits work. This is where your experience is here, where your career is going to help the most. So, this type of activity, it's imperative that you understand and that you utilize these. You pull these forward. Bring this as the experience you have to help you become indispensable for your organization. So here's your 12-month AI upskill plan for experienced pros. Now, if you're not an experienced pro and you're just listening to this or watching this on video, you understand, guess what? Yeah, it's it's one of those aspects that you may not be there yet, but you will be in a very short period of time. Much shorter than you realize, actually. So Q1 is your foundation. You need to audit your current skills versus AI era gaps. Learn the basic ML concepts. Coursera has stuff out there. There's all kinds of different pieces to understand AI. Get your hands on with AI native security tools, obviously, Dark Trace, Sentinel One, Vector AI. Understand those pieces. So if you've got that within your organization, get smart on it. Just get up to it. Then you start to specialize. Choose your AI specialty. Okay, so this is kind of the next slide I'm going to get into. We'll kind of go into what are some AI specialties, but pursue your cloud certifications, such as security specialists or AZ500. Build or contribute to an AI security project, potentially on GitHub, if your company will allow you to do that, and understand how that all works together. Quarter three, validate it. Sit for a strategic search such as the CISSP, the CSISM, or the CCSP. Start speaking, writing, or talking about your niche on LinkedIn, blogs, or local conferences. Get your word out there about who you are and what you do. It's an important part. I can see you're listening to a podcast or you're seeing my YouTube channel, you understand that's as part of the reason why I do what I do. It's you got to get that information out to people. One, to show your expertise, but also two to get more experience and more knowledge around this topic. Begin mentoring junior team members and then build your leadership brand as much as you can. And then Q4, target your senior lead and architect level roles and look for a potential promotion. Explore consulting or fractional CISO opportunities if you aren't already a CISO, and then evaluate and translate to AI security products and companies or startups. Again, this is a step-by-step process. And as you can see here, no one has walked you through and held you by the hand to help become an AI expert. You did it yourself. And it's not that hard, okay? But it takes dedication, it takes a year to do so. And if you do that, you can be in a situation much different that you can be job secure and knowing the fact that you are better prepared for the AI world. Where Experience Pro should focus in the AI area. So there's about basically five uh ones I'm gonna talk about here in this slide slash area. Uh, it one is an AI security engineer. Now, this AI security engineer can make in the upwards of 140 to 220,000. This is in high demand, and these are the hottest emerging roles out there. It's going to take a coordinated effort for you to do this. So if you're not in this space, I would highly recommend you start getting into it soon. And it won't take long for you to kind of grab a hold and grasp this concept. Cloud security architects, these are designing. Zero trust architectures in AWS, Azure, GCP, and this is where AI is running. These also are in very high demand, and incomes can be in the upwards of 200,000 as well. CISO, VCSO, these we've talked about this from 150 up to 300,000 plus, depending on bonus packages and so forth. This is an important part. Again, there's a vCISO, and you're in consulting, which I do, this can become a boom for as small and medium businesses that can't afford a full-time CISO. So there's just lots of areas in here, and your AI experience is going to be extremely valuable. Threat intelligence leads, this is where you're 120 to 180,000. This is where you're looking through threat intel. Now, these are the folks that are going to be communicating with the executives. This is not just the AI piece of this, it's understanding threat intelligence from the ground up. One of my friends that I'm with next peak, this individual has great threat intelligence. Not background. I did threat intelligence growing up in the in the in our military world and intelligence world. This individual has high understanding about threat intelligence. And so there's a lot of different areas you can grow in this space. Red team leads or AI pen testers. This is where it can go from anywhere from 130 to 200,000, depending on your brand. And you can grow this as well. Now, I will tell you, this will take a few years to do. This doesn't happen overnight. It's something for you to plan for. But if you have the experience and the knowledge, you can grow this into an area within a year to two years, you are in a much different position. So again, you have to decide if your role is one of those that might be taken over by AI. You need to consider taking the pivot now. You have time. The best time to look for a job is when you already have one. So time to pivot is now. Stack your search strategically, not randomly. We've talked about this at CISSP Cyber Training. You need to understand what you're trying to accomplish. So your entry levels, obviously security plus, you've got CompTIA, is your mid-level. This is your CISA, your CYSA, plus your CompTIA C A SP, or your CISSP. These are all the different ones that you should be looking at specifically around growing your cybersecurity knowledge. But then as you go into an AI specialized area, you've got CCSP, you've got your security specialty within AWS or Azure, and then you've got GCIH, GCIA, GCFA. Those are all specifically SAN certifications. They can be expensive, but you they also can set you apart from other individuals. And then your CISM if you're looking for specific management folks. So as you can see, that the plan is there needs to be a structured organizational plan in what you're trying to accomplish. Do not just go out and do Alphabet suit for certifications for the sake of doing certifications. They're great, they're fine, but if I saw somebody that was applying to me on a resume and they had 3,000 certifications, I would just say, yeah, they're good at certifications and they're good at taking tests, but are they good at what they do? So what is the market actually paying for, right? We're talking to SOC analysts, it's found about$82,000 a year. And like we've mentioned, tier ones are probably going away. So you need to focus on changing that up to your CISOs of making about$240,000 a year. This is expected for growth, a 12% growth year over year for anybody with their CISSP. You can get actually all this information and more at CISSP Cyber Training that's available there. The goal is to help you with CISSP cyber training is to help you pass the exam, but also to put give you the skills you need so that you can help become better successful. One as a cybersecurity professional and practitioner, but also to help you and your family grow. There's about a 68% chance that are gonna of all jobs in 2025 that are gonna require some level of AI and ML. So if you have that skill, you can expect probably around a 25%, 23 to 25% increase in pay with that knowledge. So it behooves you to spend the time now to get that information you need to pass the exam and to be able to pass the overall understanding around AI. So do it. Get it done. Spend the time and the energy to get it done. In the in the AI area, being known matters more than ever. And I try to bring this up time and again. And most security professionals, I would say, I like myself, I would rather sit in a corner and uh eat pizza and go play Call of Duty and do whatever else I need to do. I am not a big fan of going out and talking to people. No, but you as a security professional need to do that more than ever. So as this slide's kind of busy, but it really talks more or less about the fact is that you need to get on LinkedIn and you need to post what you're doing. You need to reach out to people and understand and help people understand your cyber talent. Speak at conferences if you're accepted and get in there talking about what you're doing. Build the public brand. Get out there, put out blog posts, and potentially talk to folks within your company and also talk to people around your city and your area. Get involved with your local ISAC or ISA or ISSA chapter and let them understand that you know security as well. Position yourself as the AI bridge. Understand AI. You are the person that understands security. Help people that are risk or that are the influencers within your company to be able to understand how to bridge into AI. Again, talk about it. Get out there, promote it, be in that space, and it will start to open up for you. Create your known for statement. You know, can someone describe you in one sentence? So again, me, I know security. That's what I've been. I've been known for security for 20 plus years. I've got the CISSP and I've been doing lots of different areas within security from cyber physical systems to academia to being a professor. I mean, you it's there, right? You need to do that for your brand. Again, I'm not telling you about me. I want you to do that for you so that people know who you are. And by doing that, you will become successful. Get a mentor and become one. So mentors help accelerate careers, mentoring others, cement your expertise, and build your reputation as a leader. You can get set mentorship at CISSP Cyber Training. Reach out to me there. I have been a mentor for CISOs, down to working with SOC analysts on what should they do. I have people reaching out all the time on what are some of the areas that they need to do and focus on so they can become successful. Reach out and talk to me at CISSP Cyber Training. I'm happy to help you at any time. But also mentor people because there's a lot of people coming up in this space that need a mentor and understand what they should do in as it relates to security. AI native security tools and dominating the industry. So the although my point on this slide is just basically to talk about AI powdered, EDR, and XDR systems. You got CrowdStrike, you got Sentinel One. These are the endpoint detection and the response type of activities. They have AI built into it. AI sims, you got Sentinel One, you've got Splunk, you've got Google Chronicle. These are all the SIMs that are specifically focused around AI. Cloud security posture, you got Wiz, Orca Security, and Prisma. These are all tied to cloud security. And if you understand this space, it's a great place for you to be focused on. Threat intelligence, recorded future, mandian advantage. Uh, there's many different other ones, centripetal is another one that's out there in that space. AI pen testing and red teaming, you've got Pintera, you've got Burp Suite, that's the AI enhance aspects of it. And then GRC, you've got Drata, Vanta, and OneTrust. I've used a lot, I've used OneTrust and Vanta. Uh, I really enjoy Vanta. It's a very good product. Uh, but again, all of these are out there that you can use to get knowledge around AI. So if you took just the Vanta piece of this, and just say, for example, and you got good at the AI aspects and understanding of it, you can out there and put out, promote Vanta, and you can make blog posts specifically in that area of what you learned and what you did to be successful in that. That's a great way for you to take this and run with it. So just something to consider as you're looking at what are the tools that you currently have in your toolbox. So stop thinking about what AI will take from you and start thinking about what AI can give you. Again, old thinking, fear of AI and automation. Okay, well, use AI as a force multiplier for you. One that's a old thinking, collect certs aimlessly, not focused on which ones should you do for your arc, for your goals, for your team. Stay in your lane forever. I don't want to change. I don't want to change anything. I want to stick with this. No, you need to build this T-shaped expertise intentionally that you can go wide and you can go deep. And then wait to be discovered. I'm sorry, but in the world of influencers, you can wait all you want. You're not gonna be discovered. So publish, speak, and be findable. Put everything out there on what you can do. Competing with junior talent, basically your peers, right? You're competing with your peers. No, lead, mentor, and command a premium. You need to be the person in the room that people look to. So again, stop thinking about what it will take. Think about what it will give you. You have great opportunities here. You just have to take advantage of them and use them. Now, curated resources that you can start this week. What can you do today? So, free learning platforms that are out there. You got hack the box, try hack me, sans cyber aces, all of these are free that you can go after. There's podcasts, there's darknet diaries, risky business, there's security now, great podcast. There's also CISSP Cyber Training. You can listen to that, which you probably are right now as we're going through this. But the thing is, there's lots of great podcasts out there that you can focus and get into. AI-specific securities things, there's OWASP top 10 for LLMs. You can go check that out. There's a free PDF on that. Google, there's prompt engineering and adversarial ML courses that are specifically there for you. And then Microsoft has security co-pilot training that you can pull up. Claude, go into Claude, pull it up and say, Hey, what can you teach me about security training? All of these things are AI specific that you can learn from it. Great opportunity. There's tons of videos out there on it as well. Certifications, here's some that you can start with. This is ISC Squared CC, again, it's free. Comp T Security Plus, Google Security Professional, and then your AWS Cloud Practitioner if you're gonna go be pivoting into the cloud. So these are things you can start this week to help prepare you for the next year. And again, plan on it for the next year. You do that, you're gonna your world will change completely. And then the last thing I'd like to say is just reach out to me at CISP Cyber Training, and I can help you in mentorship on what are your next steps and how you should do that. I'm here for you to help you grow your career in a way that's gonna be successful. So as we finalize all of this up, the best time to act was yesterday. The next best time is today. It's now, right? So five action things you can take this week. Identify one skill gap to close this month. Sign up for Try Hack Me or Hack the Box today if that's what you want to do, and maybe you're just getting started. Update your LinkedIn profile with AI security and how you plan on managing that. Register for your next certification exam and then connect with one person in Cyber this week. Now, I would highly recommend that you reach out to me at CISSP Cyber Training. I'm happy to connect with you. Reach out to me at LinkedIn. If you are listening to this podcast or you've seen my videos on YouTube, reach out to me there and connect. All right, that's all I've got. So check me out at CISSP Cyber Training or on YouTube. Hope this has been helpful and I hope you take these five action steps this week so that you can move on in your career and be extremely successful in everything that you're trying to accomplish. Thanks again. Have a great day, and we'll catch you on the flip side. See ya. Thanks so much for joining me today on my podcast. If you like what you heard, please leave a review on iTunes as I would greatly appreciate your feedback. Also, check out my videos that are on YouTube, and just head to my channel at CISSP Cyber Training, and you will find a plethora or a conocopia of content to help you pass the CISSP exam the first time. Lastly, head to CISSP Cyber Training and sign up for 360 free CISSP questions to help you in your CISSP journey. Thanks again for listening.

Contributor

Shon Gerber

Host