THE CYBERSECURITY STUDENT PERSPECTIVE WITH SAM BODINE

Kip Boyle:
Hey everybody. Hi. Welcome to Your Cyber Path. I’m Kip Boyle. Today I’m here with Jason Dion and a guest which we’ll introduce our guest here in just a moment. Last time, we started talking about something called security design principles. We introduced what those were, why we feel that they’re important for you to know no matter where you are in your cybersecurity career, whether you’re in the beginning, in the middle, or if you’re a senior leader, you really need to know what these security design principles are. They’re going to help you bring a whole other level of job performance into your situation, and that’s what we want for you. We want you to absolutely kill it, and security design principles are going to help you.

Now, this episode is called Life as a Cybersecurity Student, and our guest is a Sam Bodine. If you can see this, he’s sitting right next to Jason in their office in Orlando. Now listen, this security design principles is going to be a series of episodes, but we’re not going to just plow right through them one to 10. We’re going to actually go through them and then alternate with other subjects and other topics, keep it fresh. So we’ll start unpacking the first principle on our next show, and so hang on for that. But before we get going, before we really introduce Sam, I just have to take a moment and say, Jason, how are you doing?

Jason Dion:
I’m doing great. Overtly busy, for sure. That’s for sure. We’re currently finishing up four different courses right now. Beginning of the year is just a rack stack tall list of tasks for us over here at Dion Training, and so that’s been good. That’s our traditional production work as we’re working on new certifications like Cloud Essentials+, Project+, we’re working on a LPIC one course. We’re working on a part one and part two for that, and working on a course with you that’s coming out called the Linux LPI Security Essentials, which is going to be basically this nice entry level to security for people who are like, “Hey, am I even interested in this cybersecurity thing before I go out and spend $500 on a Security+ or a thousand dollars on a CISSP or something like that, or going to college and getting a 30, $40,000 master’s degree?” You should figure up before you do that, “Do I like security.”

And so that’s what Security Essentials is all about. It’s the kindergarten version of Security+, and I don’t mean to call it kindergarten version because it’s like drawing with crayons. It’s not that low, but I just mean there’s a distinct difference. If we talk about all of Security+ being let’s say a hundred percent, then we might be talking about this being 50%. Much easier, much more attainable things.

Kip Boyle:
Kinder, gentler Security+.

Jason Dion:
Kinder, right? [inaudible] kinder from it’s kind. It’s a kinder, gentler Security+. The questions are much more straightforward than the way Security+ write them, and the cost is much, much less. So instead of going in and spending $392 to take Security+, which is what it costs in 2023, you could take this for about a hundred to $120, still show people you’re serious about security and working your way up in your career. So I’m really excited about it. Kip and I are filming that course together, so it’ll be a mixture of me and him. So if you like listening to us for hours on end, great.

Kip Boyle:
And even if you don’t, this still may be your fast fact.

Jason Dion:
So that should be coming out in the next few weeks and when it is, we’ll definitely let all of our podcast listeners know about it. And if you want Kip’s mentor notes, which you can get@35.167.158.44, it’s completely free email list, we will announce it there as well when this course is launched, and it will be at the lowest rate the day we launch it, and then from there you’re going to be start to moving prices up and down. So we’re trying to get you the first copies and get you the cheapest price on those copies. So that’s what I’ve been working on, this has really been taking a lot of my time. And at the same time, I know you’ve been working on something for Akylade, which is a new certification exam provider. So you want to talk a little bit about that yet?

Kip Boyle:
Yeah, absolutely. And I think the springboard for that in part is something you said a moment ago when you were describing the difference between LPI Security Essentials and Security+ you were mentioning the price points were very different. And on that basis, Jason came to me recently and he said, “I’m looking at all these certification providers and I think they’re getting a little bit too greedy maybe, and I think that there’s a whole other approach that can be taken.” And so he shared that with me, and part of it was based on keeping things affordable, but also part of it was on addressing areas that people have been asking for certifications and that just aren’t being provided on the open market right now.

So putting those two things together along with a bunch of other stuff about how we want to deliver training, how we want to make sure people are set up for success. All of that is coming together in this new company that Jason and I formed. It’s called Akylade. And we’ve got a whole roadmap right now of cybersecurity certifications that we’re going to be launching and we’re going to open it up. So there’s going to be lots of training providers. We’re not going to be the only training providers. We are going to be the certification body, but we’re going to open it up so that anybody who wants to get people ready to take the certification exam, they’ll be able to do that.

Now, the first certification is called the Certified Cyber Resilience Fundamentals, and that’s a knowledge-based certification, and it’s mostly about the NIST Cybersecurity Framework and how you can use it in order to increase the cyber resilience of your organization. The next certification we’re going to do after that is going to be called the Certified Cyber Resilience Practitioner, which is really cool because we believe very strongly in skills-based certifications, and that’s exactly what that one’s going to be. It’s going to be a very practical, how do you apply what you learned in the fundamental certification, now, how do you go to work? How do you benefit your organization, how do you actually apply it to your organization and move the needle and get your organization to be more cyber resilient?

So I think you can tell, I am really excited by these certifications. I think they’re going to really help people great work, and it’s going to help. Dare I say it in my Boy Scout sort of frame of mind, it’s going to strengthen our online community and it’s going to make us more cyber attack resistant. And when we do get attacked, we’re going to do a much better job of resisting utter catastrophe because we’re going to be more resilient. And I don’t know, I just think in terms of having impact on the world, I love that. I think it’s a great way to spend our time at work. Okay. So having said all that, Jason, did you want to add anything else to about Akyladeor did I just talk the hell out of that one?

Jason Dion:
No, I think you did a great introduction. The one thing I will say is, Akylade is being started from the ground up. So definitely getting back to CompTIA in the early nineties. That’s where we are. And we have a lot of benefits over some of the bigger providers. By being small, we are very nimble and we can work into different areas of coverage that some of the bigger providers don’t. So I’ll give you a great example of that. The first one we’re doing is the NIST Cybersecurity Framework. That thing’s been out since 2015. And yeah, there’s an objective here in CYSA+, and there may be a little discussion in CAS+, but there’s not really a course or a certification exam that says, “Hey, I am certified to be a part of a NIST [inaudible] for us to be able to do these assessments and be a consultant.” Or, “Hey, I am the consultant. I can come in and fix your company.” And that’s the work that does on a daily basis with cyber risk opportunities.

So as we started looking around the marketplace, we started trying to say, “Where are the areas that we can go after?”And as Kip said, our goal is to keep these things very affordable. We’re talking a hundred to $150 at the foundation level, maybe 150 to $200 at the practitioner level. Our whole goal in building this is to do it… I don’t want to say we’re trying to do it cheap because we’re not. We’re doing it world-class, but right, we are keeping our costs down and we are really bootstrapping this to make sure that we can pass the savings on to our students. I work with a lot of companies, as people know, I work with CompTIA, I work with LPI I work with PeopleCert, and most of these organizations have a thousand, 2000, 5,000, 10,000 employees trying to do this work. And because of that, they have 1000, 2,005,000 or 10,000 salaries to pay. And I could tell you some of who has a team of less than 25, labor’s expensive. For my team of 25 people, it’s a million dollars a year.

And so we start looking at some of these certifications and going, “Why are they charging a thousand dollars for this one certification?” Well, because it costs them a ton to build, and the higher up that certification is, the less students need it. So we expect to see a hundred percent of our fundamental people, maybe only 50% or 20% are going to go to the practitioner level. And that’s pretty typical. And the more you go higher, the more people drop off. And so when we build these, we have to build them so that they are affordable to make, affordable to take and are something that are valuable to you.

The last thing I would say about this is, you are going to hear from us when it’s ready to go into the beta. We’re going to be looking for beta testers to go through it. Right now, we are in the job task analysis process. For the first one. We’ve got our SME together, they’re working on that this week and next week. Then we go into the question writing, and then about a month later, we’ll be ready to start doing betas to figure out what the cut score is, what’s going to be a pass, what’s going to be a fail, have people go through the first initial exams and get all the psychometrically valid data because we’ve got learning and design folks helping us with this. It’s not just Jason decide, “I want to make a make a cert. I made a practice exam. Take the practice exam and you’re going to be certified.” We’re going through the full rigor so that this is a industry-wide recognized certification, all the ones from Akylade are. So you’re going to see that after you go forward.

And our goal is basically in the next five years, as you start looking on people’s resumes or you look at people’s jobs postings, they’re going to be saying, just recommended Security Plus, I want to start seeing people say, recommended Akylade, certified Cyber Resilience Fundamentals or CCRF, whatever those things are for that role. And right now, we’ve already planned out the first six certifications. There are three different paths. The first one we’re working with is the NIST Cybersecurity Framework, and if you’re not familiar with the NIST Cybersecurity Framework, go back. We had an episode on it where we went in and we talked all about it, or Kip and I do have a Udemy course on that that covers all of the outline of the NIST Cybersecurity Framework. And lots of that is going to be in this certification as well as some additional information that we’re working on.

There will be a textbook associated with this as well at release. And that’s the other project I’m working on right now. So as I said earlier, big stack of projects and I’m trying to get through them as quickly as possible to give everybody their attention. But I think that that’s good for us to stop talking about Akylade and start talking about here to talk about.

Kip Boyle:
Yeah, thanks everybody for bearing with us, but Jason’s organization is just like this knowledge factory, and it’s fantastic. Just all the stuff that’s going on over there. Okay, Sam, hi. Thanks for being so patient. You’re our guest. We totally monopolized the first bit here, but Sam, if I understand, you’re a sophomore at Liberty University, which is in Lynchburg, Virginia. Thank you so much for being our guest. Welcome to the show.

Sam Bodine:
Of course. Thanks for having me. I’m very excited.

Kip Boyle:
We are too. We haven’t had anybody on the show bringing the perspective of what does it mean to be a student these days? And you’re an undergraduate student, so you’re kind of early in your cyber path. But it seems like from the conversations we’ve had before we started making the episode today, that you’ve got a very clear vision for yourself and that you’re already doing a lot of things to help make your vision as a cybersecurity professional materialize for you. What’s something that you’re doing right now outside of the classroom that you feel is really helping you get ready?

Sam Bodine:
Well, first thanks for mentioning that I have a goal, and it’s clear, I really love the book Seven Habits for Highly Effective People. And he talks about beginning with the end in mind. I think especially for anyone coming into the cybersecurity realm, you have to think what your end goal is, and their episodes, great episodes on job descriptions and what you might want to do. And I’d recommend going back and listening to those, but thinking of that first of what’s the direction and then how can I get there. Like Jason was saying, looking at the descriptions and saying, “Oh, they want the Security+.” This other job that I also want, they also want the Security+. Then you start noticing a pattern of what to work on. But outside of class, that’s where most actual productive learning happens.

Kip Boyle:
Don’t let your professors listen to this episode.

Sam Bodine:
There’s a lot of value for sure in a degree, and we can talk about that later perhaps, but it’s that outside stuff that you do.

Kip Boyle:
So you told us several different things you’re doing. The thing that caught my eye was said, you told us that you’re the captain of one of the top 10 collegiate cyber defense teams in the nation. And I got to tell you, when I went through college, there was no such thing. This wasn’t happening.

Jason Dion:
[inaudible] college, were there computers though?

Kip Boyle:
Barely. There were barely computers.

Jason Dion:
I’m sorry, I couldn’t resist. I had to [inaudible].

Kip Boyle:
I got to tell you a quick story. So way back in the dark recesses of my university, there was an old computer, really old, fully depreciated computer, and I knew a guy who programmed it, and I’m not kidding, he used punch cards. Believe it or not, he actually had punch cards and he showed me how it worked. And this practically steam powered computer, I’ve never seen one since, but it was just like, “Wow.” Okay, anyway, so tell us about what does it mean to be on a cyber defense team as a student?

Sam Bodine:
Sure. So we’ve advanced a little bit since punch cards and now there are competitions that a lot of colleges will do that simulate a business environment. The competition is super fun. It’s several hours long and you have a set of computers, maybe 20, 30 systems that you’re defending, and they hire some of the best industry hackers to hack you actively. And you have defend against that. So it gives you a lot of what would be possibly drawn out security, just packs it all in one very intense day.

Kip Boyle:
Okay. So that reminds me of when I went to Defcon, they have a big capture the flag competition at Defcon. It kind of sounds like that, but it sounds like it maybe smells a little bit better and maybe a little bit more well lit, so that’s good.

Sam Bodine:
More realistic perhaps too.

Jason Dion:
The other thing, I’ve done both, I’ve gone to Defcon and I’ve watched the Liberty Team play when they came out to Maryland when I was living out there. And it is really interesting because usually they’re hosted at some large university. In this case it was at John Hopkins University, and there was about 15 or 20 teams there, basically almost like football tournament trying to get down to the last one who’s going to be winning. And they’re all at different tables and they’re all hacking and defending, and depending on how done, it’s either everybody’s defending against a series of hackers or they start breaking up teams say, “Okay, you guys are the hackers and you guys are the defenders.” And then they have them go against each other and see who comes out on top.

Kip Boyle:
But it’s kind of a weird spectator sport because you can’t actually see the bits flying around in the network. So it’s kind of like you’re watching the scoreboard or maybe, you peek over somebody’s shoulder. But it is kind of a detached experience as a spectator, but it is-

Jason Dion:
It really isn’t a big spectator sport. I think there was about 10 of us there that were rooting on the teams, and most of those were people who were associated with college or friends and family and things like that. I don’t think Kip’s going to get on a plane and fly across the country to go watch a cut to the flag.

Kip Boyle:
But it’s interesting because we have eSports these days, we have Twitch, we have people streaming video game play all the time. Anyway, so I just wanted to point out that it’s not quite the same watching a capture the flag versus like an eSports or something like that. But in any event, I really love it. And I wish that I had had that available to me, absolutely would’ve joined in and worked. Because as you said, Sam, it really approximates the real world blue team experience as much as it can be in artificial circumstances. So I would encourage anybody to do that, to work on capture the flag, cyber defense teams, especially if you’re in college. What a great opportunity that is.

Okay, so let’s unpack a little bit about what does it mean to be a cybersecurity student these days beyond the extracurricular activities, but tell us a little bit about what’s it like in class. What kinds of things are you studying and what really stands out to you?

Sam Bodine:
Sure. Well, of course, it depends a lot on your curriculum and where you’re at in college. But the classes are good, of course, they’re very valuable. You have the benefit of having a professor there in person, which is nice that you can ask questions with and develop a relationship with. So it’s really just classes, extracurriculars, stuff like that. One beautiful benefit of a university that I don’t think was talked about in the value of university degree episode, great episode, episode 75, I think, if I remember correctly. Good listen, but I think there’s something y’all missed and it’s the benefit of networking in college is something that you can’t get from self-study at all.

Kip Boyle:
Wait a minute, I can spin up a virtual network in AWS anytime I want. What are you talking about?

Sam Bodine:
Social networking.

Kip Boyle:
Oh, well that’s just Facebook. Come on, Sam, you’re [inaudible].

Jason Dion:
I don’t, it’s okay.

Sam Bodine:
No, yeah, no, the in-person connection is just, you can’t beat it, of course.

Kip Boyle:
Ah, okay. I get it.

Sam Bodine:
I like to say, in high school, if you’re friends with your teacher, then you’re a teacher’s pet. But in college, if you’re friends with your professor, then you become employed. So there’s a lot of benefit to being in that environment. So if you can, of course, cost matters if you can go to college or not, but if you can, it’s super helpful in that aspect.

Jason Dion:
I think that’s a great point. And just going into that point for a moment, I don’t think we talked about it in the episode, but we did talk about it in our Hired course, which is coming out soon on getting new course that Kip, our developing called Irresistible, How to Make Yourself Irresistible to Hiring Managers. And one of the things we talk about later on in the course is this concept of where can you find connections that are going to carry you through in life? And one of the things I tell people is, yes, college is one of those and college is a great place for that. And most of the time what you learn in college isn’t the actual book material because anyone can want YouTube, Khan Academy, get a book from the library, get your Kindle out and you can learn this information. You don’t need to hear it from a professor standing at the front of the room telling you exactly what to do. And I’ve been that professor, so I get it.

And one of the ways that we are connected between Sam and I is used to be a professor at Liberty, he goes to Liberty now, we didn’t know each other at the time because I’ve left Liberty since then and now he’s there, but I left a couple years before he got there. But the point in all that is that there are multiple ways to do this. And Sam had mentioned you may not be able to afford to go to college because college has gotten stupid expensive. Kip, I know you had a child who just recently finished college, and I’m sure that set you back 50 or a hundred thousand dollars for that university degree that she has. So I think that’s an issue. And my kids are about to go off to college. I’m facing down the barrel of that gun as well.

But there’s another option, and it’s the option I took, and Kip, I believe you took the same option, which is you can go to the military. If you go to the military, they’re going to pay for your education. And you’re also going to get a lot of that human in-person networking, because you never know who is going to be where later on. These people you meet in this four year time in college or four years in the military, they go off and do a lot of other things the next 5, 10, 15 years. For example, one of the folks I used to work with in the military, he’s actually the CISO over here in Orlando of the Adventist Healthcare System, is a huge hospital chain across I think 40 plus states that he’s responsible for all of their cybersecurity.

And he and I worked together doing essentially the same job 10 years ago, and I stayed in the military for a little longer and he went off and retired and did this, and that’s where he is now. And so when I was coming out of the military, it would’ve been really easy for me to call him up and go, “Hey buddy, yeah, you remember me? I need a job. I assume you’re hiring.” And I would go right to the top pile because he knows me, likes me, trusts me, worked with me previously. So those things happen a lot. And I know we talk about that a lot in the Irresistible course too.

And then the third area, if you don’t want to go military because either not your thing or you’re medically not able to because there are people who are not medically able to or you can’t afford to go to college, the third thing you can do is a lot of these what I call extracurricular activities. And it’s things like CyberPatriot, it’s volunteering with high schools and colleges to be a part of their programs and being in and around that because that will also get this networking and you’ll meet [inaudible]. If Kip and I both decided to mentor one of the cyber patriot teams, we’re going to meet each other that way. And now we can talk about something in common, cyber patriot and cyber defense and cyber attack, and then maybe that builds into a friendship or a job offer or something else.

Kip Boyle:
Absolutely. When I left the military, every job I got after the military was not because I was a master of resume writing or because I was great at applying for jobs online or whatever, it was all because I knew somebody who needed help and I could help them, and so they invited me to come on board. And I only submitted job applications and resumes after I had been offered the job. It’s just sort of like, “Hey, let’s clean up the paperwork trail and make sure this whole thing legit.”

Jason Dion:
Make sure you’re hired on board.

Kip Boyle:
Right. Let’s get those paychecks running. But I really look back and it’s just so powerful because almost every job I had was just amazing. And I never really got exploited. I never really felt like I was being taken advantage of because I just had these relationships and people honored those relationships. And I’ve done the same thing. There was a college roommate had, and he and I have been working together for years. Sometimes he’s my boss, sometimes I’m his boss. We kind of go back and forth, but it’s just fantastic.

So Sam, you’re absolutely correct, for your own benefit, you really need to make friends with people. And why not start early in your life when you’re in college and just keep building? And by the way, these are loose connections. We’re not saying you got to have 50 BFFs here. We’re just talking about loose connections, people who recognize you, who know you like you and trust you. They don’t have to know your deep dark secrets and you don’t have to hold each other’s hair while you throw up after you’ve had some beers. It doesn’t have to be that deep.

So Sam, point, point, well taken, let’s talk about internships. Can we do that?

Jason Dion:
Before you do that-

Kip Boyle:
Sure, go ahead Sam.

Sam Bodine:
I have a quick story telling about connections that, there are probably some people, because I’ve felt this way before, “But Jason, but Kip, I don’t have many connections. I’m not in this industry yet. What am I supposed to do?” And I would say just go try, go be creative with the way that you be intentional about making connections. I was really hoping to get an internship with Lockheed Martin specifically this summer. And I have zero connections with anyone at Lockheed Martin pretty much. But last over winter break, I put on a suit, got my resume, and I walked into Lockheed Martin and said hi to security guard and then made connections through there. And then I was just offered the job last week. And so you can really just be creative, think outside the box a little bit and be intentional about it. You can make your own connections with someone.

Kip Boyle:
Okay, wait a minute. Wait, wait, wait. Now Sam, you’re probably like a Gen Z, right?

Sam Bodine:
I would say that.

Kip Boyle:
Would you put yourself in that cohort? Okay, that’s not a very Gen Z thing to do that you just recommended. So I don’t know how realistic that is, really. But you know what? Congratulations and good for you for doing that. Now that we’re post quarantine, post pandemic and we can actually go places again, why not do that? Why not do that? People who scattershot applications, like, “I filled out 500 applications and I didn’t get a word back.” Well, okay, because you’re targeting, you’re not trying to build relationships with people, you’re just trying to have a transaction and that’s just not going to get you where you want to go. So I love the fact that you actually went there and you tried to act like a human being talking to other human beings. Wow.

Jason Dion:
And Kip, it doesn’t surprise me that Sam did that. I had not heard that story yet because we actually just met in person about 20 minutes ago when he showed up in my office. But the first interaction I had with Sam was actually a couple weeks ago, he emailed me and said, “Hey Jason, I really like what you guys have been doing with the Year Cyber Path podcast. In episode 54. Jason, you said this, ‘I’m a big fan of trying new things and seeing what resonates with the audience and with our students. We want to about tuck things that are relevant to our listeners. What does an average day look like for a CISO or an analyst and things like that.'” That was our episode 54 when I joined the show with you, Kip, and got started our season two of the Kip and Jason Show, instead of just being the Kip and Wes Show.

Kip Boyle:
Which was a great season, by the way.

Jason Dion:
Which was a great season and worth listening to. And then his email continued with, “Hey, how about a student? You have a lot of great insight for entry level professionals, but I haven’t really heard from a student yet.” And he went on to pitch himself. And there’s a couple of things I thought were really well done here. One is he found our email and then emailed us in. And that went directly to my email. So it wasn’t even just the Ask Kit page on Your Cyber Path. He found my personal email and reached out to me. So he did a little cyber sleuthing there and that was good because it got into my inbox.

Sam Bodine:
I learned that from one of Jason’s Udemy courses.

Jason Dion:
There you go. It’s [inaudible] email. And so he did that, and then his email wasn’t just a big wall of text. He paragraphed it, he bolded certain things, he italicized certain things. So Kip, I know you’re a CEO like I am. I get hundreds of emails a day and this one came at the top, this one’s different. Let me actually look and see what’s being asked. And it got me to do a double take. And so very young guy, but he already knows how to grab people’s attention even by email without any direct connection already. And so it really doesn’t surprise me that you put on a suit, went to Lockheed Martin, was like, “Hey, I’m here. I’m ready to start. Give me a job.” But sometimes being bold is what gets you the job.

Kip Boyle:
Yeah, absolutely. Okay. So you said you wanted an internship, Sam, at Lockheed Martin, and you said you got hired. Is that what you’re saying? Is that you did in fact score an internship?

Sam Bodine:
Yeah.

Kip Boyle:
That’s wonderful. Congratulations.

Sam Bodine:
I [inaudible] before and didn’t hear anything, so I went in person to talk about it.

Kip Boyle:
Now how did you know where to go? Lockheed is an enormous company.

Sam Bodine:
I applied to a certain city in Alabama and went to that. That place, was lucky it didn’t have a gate and they didn’t lock me out.

Kip Boyle:
Okay, cool. That’s amazing. But why did you want an internship? That seems like a hassle to be honest with you. It gets in the way of playing games and having fun. Why do an internship?

Sam Bodine:
I don’t know. If you have an internship, you party less, I guess. No, it’s super helpful, especially for… A lot of the episodes you can see that it’s difficult to get an entry level job in cyber security. Obviously, I’m glad that you guys have this whole podcast because it’s very helpful, but it’s still tough. And internships, they greatly increase your chances of getting hired full-time. Hundred percent.

Kip Boyle:
Have we done an episode on internships yet, Jason? I’m not sure we’ve done a focused episode on it.

Jason Dion:
I was going to say, I know we’ve mentioned them many, many times, but I don’t think we’ve done one just on here’s what internships are, here’s how you can get one. Here’s some places.

Kip Boyle:
Okay, maybe we should.

Jason Dion:
I’ll put it on the list.

Kip Boyle:
I think we should. But Sam, you said something that I think you need to unpack a little bit, which is you said, “Getting an internship can help you get into a full-time cybersecurity job.” But why do you believe that?

Sam Bodine:
Well, I’ve seen it. I’ve been offered in my last internship, a full-time job. I see it very commonly. It’s actually, I would say fairly rare if you do a good job at your internship to not be asked to be full-time. It offers a chance for you to try the company out and for the company and try you out. It’s super useful.

Jason Dion:
So I’ll speak to that for a minute. So internships are super, super valuable. In fact, the DOD, the department defense has realized this. And as of 2020, there’s a new program called the DOD Skill Bridge Program, which is essentially an internship. And the way it works is, for the last three to six months of that person’s military service, instead of going in their uniform and going to base every day they put on a suit and tie and they go work for some third party company. We’ve actually had several Skill Bridge interns in our company. And part of that program is, the government wants to a, make sure these people have skills that are employable and we can kind of sand down some of the rough edges of being a sailor soldier, airman, or Marine and make them a business person that can survive in the business world. Because there are some things we talk about in the military world that we wouldn’t talk about in the civilian. People have potty mouths and curse like a sailor and all that. So there’s that part of it.

And for the employer side, what’s in it for us is that we basically get somebody for three to six months of “free labor”. And during that time, it’s really a six-month job interview. If anybody who’s watching has seen my Linux+ course, where it’s me and Jamario Kelly or my Data Plus course, which is me and Reed Bidgood, both of those folks came to us through the Skill Bridge program. They came to us back in early 2021. We picked them up under the Skill Bridge program, which meant that while they worked for me for six months, I, as the company, actually wasn’t paying them. In fact, I wasn’t allowed to pay them. They weren’t allowed to get bonuses, profit share, nothing during that six months, and then as soon as they were done, we were able to offer them a job and bring them on board full-time, which is what we did.

So these guys, one of them was an Air Force officer, one was an Air Force enlisted, and both of them are now on my team, full-time W2 employees, doing great work. Been with me for over a year, almost a year and a half, two years at this point. And it’s a great program when it works. The biggest problem with internships is some internships are designed to be very short period in length with no expectation of hiring. And some are designed to be a shorter or mid-duration length with a guarantee or possible job at the end. And we’ve participated in both of them.

Last summer, we had three different internships going. We had the DOD Skill Bridge where we had three folks Jamario, Reed and the third one was Enrique, who was a full stack developer. And we took him from being a Navy police officer, which we call MPs, master of arms or military police and we trained him up how to be a full stack developer. And he’s still here today and he’s one of our junior devs on the team. And he’s loving his life. So these things can help you get from one sector to another.

The second group we were doing was a bunch of high school students in a, there’s a tech high school here in Orlando called Crooms, C-R-O-O-M-S, and Crooms does these internship programs every year. And we went in there and said, “Hey, here’s the jobs we have. We’re looking for video editors, we’re looking for office assistants, we’re looking for people who can do captioning and script writing and things like that.” And we had five of them come and join our team as well. And they work side by side with the rest of my team.

And then the third one we had was one that’s actually put on by the city of Orange County, which is where our office is, and they have what’s a called a paid internship program. In that one, we gave them job descriptions, they found us high school candidates, they paid their salary, we got free labor. And the students got a five-week hands-on lesson of what is it like to work in video production, in education, in e-marketing and e-sales. And so it was valuable for everybody. And each one is set up a little bit differently. The Skill Bridge, they really want you to hopefully hire the guy at the end of the job, the person at the end of the interview. With the internships from the high school, they really are focused on, “You’re here for three to eight weeks during the summer, we want them to get skills.”

And next summer they may come back to you, they may go somewhere else. But most of these people are sophomores, juniors, or seniors in high school. So we’re talking about 15, 16, 17, maybe 18 year olds. They’re not looking for full-time employment, they’re just trying to get skills. And all three of these are beneficial because it now starts that clock on your resume of saying, “Look, at 16 to 17 over the summer, instead of going to the beach every day or going to Universal, because we do live in Orlando, I’m not riding roller coasters every day. I’m actually going to this office and I’m doing valuable work that matters.” And they’re able to put that on the resume that helps them get into the real job later on that they’re looking for.

Kip Boyle:
As a hiring manager, I will just simply say, ditto. I really enjoy having interns. I love the try it before you buy it. And quite frankly, even if they don’t convert into being a member of our team, I really get a lot of satisfaction in investing in somebody who is wanting to do well, wanting to contribute, wanting to make a positive impact. It’s good for our community, our online community. It’s good for our in information security community, and it feels good to contribute. I love it. Okay, now-

Jason Dion:
And another thing I’d say on that is, for any of our business owners out there, anybody who’s in leadership, because I know we do have several, look into your community because your community may have these paid internship programs that you can use and leverage with the high schools and the other people in the area. Look at the DOD Skill Bridge program. If you’re looking for older folks. And when I say older, I’m talking, most of the Skill Bridge people I’ve had are, I don’t know, 28 to 38. It’s not like I’m talking 90 year old people here. They’re just ready for their second career because they’ve done four to eight years in the military and they’re ready to get out. Or they might have done 20 years in the military and they’re ready to get out. At that point, they’re still only 40 years old because most people who join came 19 years old.

So they’re not old people. But it is something you want to look at. With Skill Bridge, it’s a fully paid program, the DOD pays their salary for the six months. With some of the other internships you do, you’ll either pay them or the county will pay their salary for you. In our case, with our high school two programs, one is we are actually paying them and the other one, the county is paying them. And so it’s just a difference there in the way they set it up.

Kip Boyle:
So internships, we are definitely bullish on internships. We’re going to do a dedicated episode on internships in the future. So as we wrap up our episode here, Sam, you were talking about the last thing I think we should focus on is the trifecta of cybersecurity education. What is that?

Sam Bodine:
Sure. So that’s a copy righted by Sam Bodine. I’d say there’s a lot of different ways to learn cyber security, of course. There’s certifications, there’s CPS, there’s jobs, there’s different ways to do it. And if you only focus on one or two of them, I think your education will be incomplete. Certifications, I love certifications, probably some of the best, you have really good structured learning that you can have a piece of paper that says, okay, I actually know this topic. And so it’s not just bits and pieces, but you really know something. But then sometimes that can lack the hands-on, I’m actually doing this now. I hadn’t heard about it until at the beginning of the episode, but the Akylade, the way it’s fundamental is more theory based I assume and knowledge. And then you move into practitioner role. That’s awesome. Having that balance is critical, I think.

The trifecta, I would say is, one, certifications to get a theory, knowledge base understanding, and then two, also hands-on training. This can be like tryhackme.com or Hack the Box. Both of these are ways to actually get hands-on to where you actually learn and you apply what you’re learning. And then third I would say is job or competition experience. I wouldn’t count a CTF in this because a CTF is too maybe spotty. It’s a little too spotty with what you’re learning. But real job experience then takes the knowledge, the theory, it takes what you’ve applied and what you’ve learned hands on, and then you apply it to what does this actually look like in the business world? And if you have all three of those together, I think that can give you a really holistic understanding and of cybersecurity.

Jason Dion:
Definitely. It reminds me a lot of our three-legged stool that we talk about in the Hired and Irresistible course. And we talk about the three-legged stool. We always talk about certifications, which is his first number one as well. We talk about degrees, which he didn’t put in there, but that’s our second leg. And then the third one we have is experience. And his other two legs are really talked about gaining experience, hands on training in a lab environment or getting a job or doing competitions to gain experience. And I agree with what you’re saying with the CTFs. There are some CTFs that are really big ones and they’re really focused on red team versus blue team. So I want to be a pen tester, go play on the red side if you want to be a cybersecurity security analyst player on the blue side.

Then there’s other CTFs where it’s like, “Okay, here’s a VM, it’s vulnerable. Go in, find a flag.” Yes, you’re going to learn the skills, but it’s not lifelike experience. It would be if you’re doing a full long [inaudible].

Kip Boyle:
Well, we can’t complain about either way you want to say it, you want to do it, the three-legged stool, the trifecta. I think the big takeaway for me is just this idea that don’t just think, “Well, if I get the right certifications that’s going to do it, or if I have the right degree that’s going to do it, or if I just tinker around with my home lab, that’s going to do it.” What we’re really saying here is that you’ve got to have more than one pillar to how you prepare yourself. And here on your Cyber Path Podcast, we’re absolutely trying to bring as much of that to you as we possibly can and trying to get you pointed in the right direction so you can actually create your own three-legged stool, whatever makes sense for you based on where you want to go. So that’s fantastic. Thank you, Sam, very much.

Look, and as I said, as we wrap up this episode here, let’s not unpack anything new, but I want to thank Sam for offering to be on this show to tell us about what does it mean these days to be a student learning cybersecurity at the undergraduate level. I found it eye-opening and restored my faith in a whole generation of people who are afraid of the telephone. It’s fantastic.

Jason Dion:
I would say the one thing that just really shocked me when I met Sam virtually, and then again today for the first time at the office, is just his willingness to go someplace and be there in person. So many people who are under 25 would rather get on a Zoom, make a phone call, send a letter, an email, not a letter, but an email, right?Message or something like that. And yes, Sam still does all those things too, but what I think really made him different is, just the story with Lockheed Martin. He got in his suit, he drove down there and tried to get in the building and it wasn’t a close drive either. He said the one he applied to was in Alabama. His school is up in Lynchburg, Tennessee. And I know that because I’ve been there several times and even from DC where I lived, it was a six to eight hour drive.

Right now I’m in Florida and he had asked me, “Hey, if we’re going to do this episode…” I was like, “Yeah, we’ll just do it over Zoom, no problem.” He’s like, “No, no, no. I’d like to come to your office and do it live.” And I’m like, “If you want to, you can I guess, but you’re a 16-hour drive from here.” He’s like, “No, no, it’s cool. I’ll get a plane ticket, I’ll get a hotel, stay overnight. I want to come down and do it live with you. I think I’ll get better experience out of it. And then I can pick your brain a little bit more through the day.” I’m like, “You know what, if you’re willing to fly down here, you can have my brain for the rest of the day. It’s not a problem.”

As soon we’re done with this, I’ve got another live stream I got to jump on to, and then Sam and I are going to go to lunch locally at some great restaurants and he’ll get to pick my brain offline a little bit more. But don’t be afraid to ask and don’t be afraid to show up because how many other people are there knocking on Lockheed Martin’s door going, “Hey, will you give me an internship?” Probably very, very few. And so I think that takes you from this stack of a thousand people who may have been considered to like, “Oh, this guy really wants it.” And they’re either going to go, “This guy really wants it and we want him.” Or, “This guy’s crazy, throw him out of the building.” I’m not sure which, but one of these two is going to happen. And sometimes it’s both, but I think it just really increases your chances because you’re doing something that is so unusual. So I think that is a really good point.

So with that said, I want to again thank Sam for being here locally here in person with me here in Orlando. Hopefully he gets to go visit Mickey while he is in town too, before he flies back. Kip, I want to thank you for staying at home and Zooming because apparently you’re not as dedicated as young Sam here.

Sam Bodine:
Oh man.

Jason Dion:
And you decided to do Zoom in from over in Seattle. I get it.

Kip Boyle:
Yep, yep.

Jason Dion:
But it is kind of a strange thing, because you and I have been working together for two, three years now, Kip, right? And we’ve been in the same room, I think, less than five times. But we do most of our work remotely because you’re on the West Coast, I’m on the East Coast and that just makes that happen, right?

Kip Boyle:
Yup.

Jason Dion:
And so you can’t have these long distance business relationships, you can have remote work, you can have remote internships, all those things work, but sometimes being there just puts you on a different level. Kip, do you have anything to add that up before I close out the episode?

Kip Boyle:
Listen, I just want to reaffirm the value of human relationships, whether they’re in person or whether they are distant like we’re doing right now. Just put your focus on people. I think that’s going to give you a much better return on your investment.

Jason Dion:
And just to tease you all for the next episode, the next episode, we are going to go back to our design principles and we’re going to start with the first design principle, which is least privilege. And then after that, we’ve got an awesome episode coming up on artificial intelligence technologies and why these matter to you as somebody who’s looking for, job building your resume, doing interview questions and all that kind of stuff. So we’ll be talking about ChatJPT, we’ll be talking about Google’s Bard. We’ll be talking about the AI powered Bing. We’ll be talking about other AI tools that I think you should know about. And then what are the dangers with this and how it’s affecting the hiring process. So it’s going to be an episode you don’t want to miss. That will be episode 97, which comes right after in 96, which will be our secure design principle of lease privilege.

So that being said, I want to once again thank Kip for being here with me. Thanks, Sam, for flying all the way down here to Orlando to hang out with me and Mickey and nobody ever come to Orlando without seeing Mickey. It’s the way it is. And thank you the audience for joining us for yet another episode of Your Cyber Path. Let us know what you guys think about the episode. You can always go to yourcyberpath.com/ask and leave us a message. I did notice I have three or four of those messages, so we will probably grab those and get some audio responses done sometime this week and pop those into the feed as just mini episodes that are unmarked episodes, kind of bonuses. So if you want your question answered, please post it at yourcyberpath.com/ask.

And if you want to follow us and get more information about the new Akylade certification, about our new courses that are coming out, about just great tips and tricks and wonderful things you can use in your daily life, you definitely want to be subscribed to Kip’s mentor notes, and you do at yourcyberpath.com, right on the front page. Just give us your first name and your email. We will then make sure you’re added to the list. We don’t spam you, we send out messages about once every two weeks. So if you sign up, the frequency is going to be about twice a month, sometimes three times a month. But generally it’s twice a month. We’re not going to overflow your inbox, we’re not going to sell your information to everybody else. Only Kip and I will be using that information to communicate to you. So I do hope you join us and if you have any other questions, we’ll be online at yourcyberpath.com. Thanks and see you next time.

Kip Boyle:
Thanks everybody.