Kameron Kennemer (05:56.234):
I completely agree, Ahmed. Having worked with you in the past, I greatly appreciate the real-world perspective you bring to the classroom. Your wealth of experience is invaluable when it comes to cybersecurity awareness training. It’s not just about understanding the theory; it’s also about applying that knowledge.
Kameron Kennemer (06:50.454):
We provide free cybersecurity awareness training through the ITcurio podcast. You can check it out on our website, itcurio.com. Our belief is that practical hands-on training can better equip individuals to tackle the cybersecurity challenges of today and tomorrow. While we both aim to provide cybersecurity education, we cater to different audiences.
Kameron Kennemer (07:29.206):
Ahmed, could you provide more details about the course you’re developing to help people secure jobs in cybersecurity? You mentioned the possibility of building a course on Udemy. What can students expect to learn from it, and who would benefit the most?
Ahmed Ragab (08:02.144):
I am incredibly passionate about this endeavor, and I’d like to share the backstory that led to its conception. I have been teaching as an adjunct professor in cybersecurity at San Diego State University and California State University Long Beach for many years. I thoroughly enjoy it. Over the past three years, I have taught over 1,500 students. Unfortunately, not all of them have the financial means to pursue formal education or specialized programs in cybersecurity, which often becomes a barrier for them to continue their cybersecurity journey.
During my courses, I became acutely aware of the significant cybersecurity skills gap. Currently, there are approximately 750,000 unfilled cybersecurity jobs in the US alone, with a total of 3.5 million globally. These numbers fluctuate, but they reflect a considerable demand for skilled professionals in this field. It troubles me that not everyone can afford formal education or easily navigate the overwhelming array of free resources and certifications available. Many individuals seeking guidance reach out to me through calls, emails, and even LinkedIn messages. They express their struggles, financial constraints, and the need for direction.
In response, I offer advice and suggest free training options, such as pursuing an AWS cloud practitioner certification or other accessible certifications that can provide quick wins. Some students have successfully leveraged my guidance and shared their progress. In my classes, I showcase my LinkedIn profile, featuring a previous student who secured a job interview by following my advice and utilizing the sample resume I provided. When they encounter job descriptions that require knowledge of firewalls, intrusion detection systems, ransomware, DDoS, and related topics, I guide them on crafting appropriate answers based on their learning.
While some stumble during their initial interviews, eventually, they secure entry-level positions. I can even share success stories of individuals who recently received job offers for $90,000 salaries, highlighting the impact of following the guidance I provide. This has motivated me to develop a Udemy course consisting of a two-hour introductory video, followed by a more comprehensive 20-hour course. The two-hour video will help individuals assess their suitability for a cybersecurity career, providing an overview of different attack types, job descriptions, interview question answers, and insights into entry-level positions. I plan to offer the initial video for free or charge a nominal fee of $299, accompanied by an invitation for feedback and engagement. I’m currently working on this video and will share it when it’s ready.
It’s worth noting that some of the people who followed my advice and successfully obtained jobs previously worked in unrelated fields, such as a warehouse. Witnessing the positive impact I can have on changing lives fuels my passion for this endeavor. Initially, my goal was simply to support my son’s college education, but now I find joy in helping others and witnessing empirical evidence of individuals securing jobs. That’s the ultimate purpose. I apologize for the lengthy response; I tend to get carried away when discussing this topic.
Kameron Kennemer (11:59.602):
No worries at all, Ahmed. Your detailed insights make for engaging discussions. It’s evident that your vast experience and passion will greatly benefit those who enroll in your course. For our listeners, if you’re interested in learning more about Professor Ragab’s courses and want to be notified when they become available, please visit our website at itcurio.com and send us your information via email. We’ll ensure you receive updates regarding the course.
In the realm of cybersecurity, it’s projected that there will be an additional three and a half million unfilled cybersecurity jobs in the coming year. This statistic emphasizes the growing demand for skilled professionals and the potential for a lucrative career path. Ahmed is an exceptional teacher, known for his captivating style, and I can assure you that you’ll be in good hands if you choose to pursue his courses.
At ITcurio, we also offer free cybersecurity awareness training, tailored more towards business owners aiming to educate their employees about the various threats and tactics used by cybercriminals. You can find more information about this training on our website. Ahmed, in your opinion, what are the most critical skills individuals should focus on when starting a career in cybersecurity in 2023?
Ahmed Ragab (14:50.75):
To answer that, let me share my screen and show you a job description for an entry-level position. It’s quite straightforward. Let me see if I can share my screen. I was trying to do that earlier.
Ahmed Ragab (15:19.99):
But before that, I want to quickly mention a website called CyberSeek, which is available publicly.
Kameron Kennemer (15:41.344):
For our listeners who aren’t watching, that’s cyberseek.org.
Ahmed Ragab (15:48.69):
Exactly. It provides information on all available cybersecurity positions in the United States. It used to state that there were 750,000 unfilled cybersecurity jobs. Let me find it here. It seems I’m on the wrong section. I can edit this part out. Let me reset.
Kameron Kennemer (16:11.242):
No problem at all.
Ahmed Ragab (16:20.49):
This website is incredibly helpful as it shows the different positions and their associated salaries. It’s a great resource for understanding the pathway and progression in the field. However, let’s focus on entry-level positions and their skill requirements. If you search for “junior SOC analyst” or “security operations center,” you’ll find the job requirements. It’s important to analyze these jobs when considering a career in cybersecurity. They typically require a basic understanding of cybersecurity concepts and knowledge of topics such as firewalls, intrusion detection systems, intrusion prevention systems, security information management, data loss prevention, and defensive techniques. These are the topics I cover in my classes and will also address in the two-hour video I’m developing. Additionally, familiarity with various attack methods and proficiency in Windows and Linux operating systems are often sought after.
In response to these skill requirements, my approach is to update resumes with the new knowledge and information I teach. I have permission from one of my previous students to share his resume, where he incorporated the skills and certifications I recommended. While he didn’t have prior experience in the field, he gained relevant experience through the program. I can also guide individuals towards other free and valuable resources. The goal is to showcase relevant skills on the resume, opening up opportunities for job interviews. And yes, it is possible. Let me show you an example of someone who followed my advice. Let me access my LinkedIn messages.
Please feel free to edit this part as I locate the individual. One moment, please.
Kameron Kennemer (19:25.77):
One of many success stories.
Ahmed Ragab (19:28.202):
Ah, here we go. This is an individual who was a previous student of mine. He recently secured a job, and he reached out to share the good news. He obtained a position as an internal IT support professional after completing my class. He expressed his gratitude, and then he asked if he could use me as a professional reference. I gladly agreed. I jokingly mentioned buying him lobster, but that’s a long story. He then asked if I wanted a copy of his resume.
Ahmed Ragab (20:53.366):
He included professional projects and computer infrastructure, aligning them with the job description. It’s impressive that he came from a warehouse background. And here’s another example. I received a text today from someone who received a job offer with a starting salary of 90K. He thanked me for the advice. So, consider me your rich uncle who can help you land a job. It’s possible.
Kameron Kennemer (21:05.838):
That’s great to hear.
Ahmed Ragab (21:21.93):
Consider me your rich uncle who’s going to help you find a job. That’s what can happen.
Kameron Kennemer (21:30.414):
That’s fantastic. You’ve been a great mentor to many, and it’s evident through the feedback you receive. It must be a rewarding feeling for you.
Ahmed Ragab (22:06.526):
I’m incredibly passionate about this field. I advise my nephews, nieces, and anyone interested to get into cybersecurity. I even have a video of Robert Herjavec stating that cybersecurity offers guaranteed job opportunities. I mention this in interviews and tell my students that Uncle Sam wants them to protect the country. The threat actors are targeting critical infrastructures, from gas and meat distributors to financial institutions and healthcare. It’s absurd. In my classes, I teach how to protect against different types of attacks and educate about the criminals behind them. We need a defensive depth countermeasures tiered approach to safeguard our infrastructure. It’s not about eradicating cybercrime completely; it’s about making it harder for them. I have a vested interest in teaching people how to protect our essential systems.
Kameron Kennemer (23:57.122):
Absolutely, Ahmed. You’re emphasizing that individuals don’t necessarily need 30 years of experience, a degree, or multiple certificates to enter this field. What matters is having a basic understanding and being willing to put in the time and effort. Correct me if I’m wrong.
Ahmed Ragab (24:21.414):
You’re right. I don’t want to sugarcoat it and make it seem super easy, but with some dedication and commitment, you can make progress. What I aim to do through this show, my courses, and everything else is to help individuals determine if cybersecurity is the right path for them. Everyone has their reasons, but it’s important to consider the increasing number of cyberattacks and the abundance of high-paying jobs in this field, including remote opportunities.
Ahmed Ragab (24:27.014):
I want to emphasize that this course is just the beginning. I want to teach the basic fundamentals because when you learn something new, you need to understand the foundational elements, such as how the internet connects. I’ll show videos and presentations that provide a cybersecurity perspective on the basics you need to know. It’s about getting people curious and helping them determine their own level of interest. You don’t need to know everything initially, but I will train you to learn.
Kameron Kennemer (25:24.002):
That’s great. In 2023, cyber awareness requires a broad skill set, including technical knowledge, critical thinking, problem-solving skills, and the right mindset. Cybersecurity is not just a technical issue; it’s also a human issue.
Ahmed Ragab (25:25.738):
Yes, it’s a very interesting and important topic. And I think it’s a great opportunity to talk about the importance of cybersecurity and the protection of our country.
Kameron Kennemer (25:53.218):
With the shortage of cybersecurity professionals, your course provides an opportunity for individuals to learn about cybersecurity and determine if it’s the right path for them.
Ahmed Ragab (26:12.656):
Absolutely. I’d love to tell you it’s fun and fantastic for everyone, but it’s not for everyone. However, there are people who enjoy it. I’m here to show you empirical evidence that it can change lives. I showed you an example of someone who worked in a warehouse and is now pursuing a cybersecurity career. Another individual received a job offer with a starting salary of 90K after previously making minimum wage. It’s about showcasing the possibilities and the high demand in this field.
Kameron Kennemer (28:58.478):
Thank you for sharing your insights.
Ahmed Ragab (29:07.326):
You’re welcome. I want to provide a basic understanding of the vocabulary and terms in cybersecurity. Hackers are targeting companies to extort money by stealing sensitive information or conducting ransomware attacks. You need to understand the nature of these exploits and vulnerabilities. Phishing emails and denial-of-service attacks are common methods hackers use. But there are frameworks and guidelines, such as those from the National Institute of Standards and Technology, that can help protect against these threats. It’s essential to learn about firewalls, data loss prevention software, and more. I apologize for going on for a while, but I want to provide this important information.
Kameron Kennemer (30:16.03)
Thank you for the information. I appreciate you sharing your insights. It will be valuable for our listeners and anyone interested in cybersecurity. Let me ask you another question. As an educator, how do you stay updated with all the changes? You’ve mentioned how different things used to be back in the day, and they’ve changed significantly. How do you keep up with the rapidly evolving landscape of cybersecurity? And how do you incorporate these updates into your courses? Will you be making updates and adjustments as things continue to change?
Ahmed Ragab (31:10.921):
That’s a great question. Keeping up with the rapidly changing landscape of cybersecurity is crucial for educators like me. My co-instructors and I understand that we can’t just rely on outdated information and teachings. We stay connected through platforms like LinkedIn and social media, where we follow cybersecurity experts, join cybersecurity advisory groups, and stay updated on the latest threats and vulnerabilities.
I also have access to various sources of threat intelligence, both open-source and commercial, that provide me with the latest information on security threats. I incorporate this knowledge into my courses to ensure that students are learning about the most recent and relevant cybersecurity issues.
My clients, who are chief information security officers and security analysts of Fortune 1500 companies, also push me to update the curriculum based on the current cybersecurity landscape. Their concerns and the challenges they face inform the content and focus of my courses.
I want to emphasize that staying up-to-date with the latest threats and vulnerabilities is essential in the field of cybersecurity. It’s not just about downloading the latest security patches or using firewalls and other security measures. It’s about understanding and addressing zero-day threats, raising awareness among employees, and constantly adapting to new challenges.
I utilize resources like NIST frameworks, MITRE ATT&CK framework, and others to ensure that my teaching materials align with industry standards and best practices. Additionally, I make use of websites like cvedetails.com, which provide information on common vulnerabilities and exposures (CVEs), to showcase real-world examples and demonstrate the importance of staying informed.
Overall, I strive to bring the most up-to-date knowledge and insights into my courses, empowering students with the latest cybersecurity skills and understanding of the evolving threat landscape.
Ahmed Ragab (37:55.212)
Yes, that’s our mission: to bridge the gap and provide security awareness to business owners, employees, and individuals who want to enter the cybersecurity field. It’s crucial to have a comprehensive understanding of the different types of cyber attacks, the motivations behind them, and the common techniques and tactics employed by hackers. By staying informed about the evolving cybersecurity landscape, we can effectively protect our systems and sensitive information.
Cyber attacks are often driven by financial motives, with around 86% of attacks being money-motivated according to the Verizon Threat Report. Threat actors can range from individual criminals to organized crime groups, state-sponsored actors, hacktivists, and espionage agents. Each attacker has different objectives, whether it’s financial gain, political activism, or information theft.
In our courses and awareness programs, we aim to cover the fundamental knowledge needed to protect against various types of attacks. We delve into topics such as phishing, which involves tricking individuals into revealing sensitive information through deceptive emails or messages. Other common attack techniques include ransomware, distributed denial-of-service (DDoS) attacks, and brute force attacks.
While it’s impossible to achieve absolute security, we can take proactive measures to reduce the risk and minimize the impact of cyber attacks. This involves implementing security best practices, staying updated on the latest threats and vulnerabilities, and leveraging frameworks and guidelines such as those provided by organizations like NIST (National Institute of Standards and Technology).
It’s essential to understand that cybersecurity is not solely a technical issue but also a human one. We emphasize the importance of security awareness and training for employees, as they are often the first line of defense against potential attacks. By fostering a cybersecurity-conscious culture within organizations, we can collectively strengthen our defense against cyber threats.
Ultimately, our goal is to protect organizations and individuals from the damaging consequences of data breaches, ensuring the security of critical infrastructure and sensitive information. Through education, awareness, and continuous learning, we can make significant strides in safeguarding our digital world.
Kameron Kennemer (39:56.514)
Absolutely. I think that’s great advice. And there’s a lot of, one thing that I didn’t realize before I first got started in this is that there’s so many different pathways people can take in cybersecurity. There’s a lot of different careers out there. And there’s some things that, there’s probably, I would say something for everybody, regardless of what your personality type is. And what-
What advice would you give someone who’s interested in getting into cybersecurity, but maybe doesn’t know where to start or what path they would want to take? I know one of the things that’s very popular that, people, a lot of who are just getting in, they always want to do is they want to be the pen testers, right? They want to do that because, it sounds like fun. And but there’s a lot of other jobs in cybersecurity besides that. What advice do you give somebody who’s getting in there? They just want to get started.
Ahmed Ragab (40:25.58)
And I think that’s a great way to start.
Kameron Kennemer (40:55.514)
which path should they take or with, are there some that are better than others?
Ahmed Ragab (41:00.033)
So, I think that’s a great question. There’s different pathways.
The best advice I can give is to give me a call. My phone number is 858-366-8507. I’ll give you my email address. Bing me on LinkedIn. Please post this. I’m happy to help you point in the right direction. That’s how this whole thing started anyways. I met with 1,500 students in the last two years. Some of them were able to afford and go on to the program. Some of them didn’t. I’m seeing evidence of people getting jobs and stuff like that. Following the advice that I’m giving them, I’m going to create a video because
Instead of me calling in, people calling me, email me, ad hoc, I’m unable to respond to all of them. That’s why I’m going to create this two-hour video. Somebody calls me, emails me. It’s going to be in this two-hour video that I’m going to do condensing this podcast here. what I mean? So basically, if you want to be an accountant, if you want to be whatever, I can reverse engineer. The advice is to, you want to be inside of security, look at the job descriptions for entry level. Go to LinkedIn, go whatever.
and find the jobs. I showed you some sample of people. Look at what it says in the job description. Look at whatever education, whether it’s a traditional school or whatever, or whatever, it’s free. And I condense the different sources. There’s a lot of free stuff out there, but it’s too much. I focus your attention on that diagram that I showed you. And then, so let me share one more thing. And I call this the Louis Vuitton and Gucci of cybersecurity.
And this is publicly available. I can give you the website for this. Let me show you the entire screen. So I call this the Louis Vuitton and Gucci. So there’s different specializations. This is called the Cyber Escape. It’s a publicly-facing document. So I kind of break the security in this kind of way. There’s a network security. I became,
involved in this in 1993, you need to connect it in. You need a firewall. Well, there’s more than just a firewall. It’s now universal net management. It’s a next generation firewall.
Kameron Kennemer (45:17.294)
Fantastic. Yeah, definitely. There’s a lot of different ways to go. And there’s a lot of success stories. You talked about some of the success stories. I’ve been fortunate to witness many success stories from individuals who’ve completed cybersecurity training programs. I can recall one particular individual who came from a non-technical background but had a strong passion for cybersecurity. Through training programs like this, he was able to gain the necessary skills to kickstart his career. Today, many of the individuals you’ve trained have secured jobs as security analysts at reputable organizations.
Ahmed Ragab (46:05.16)
I’m going to go ahead and start the presentation. So I’m going to start with the presentation.
Kameron Kennemer (46:15.586)
That are applying the real-world skills that you taught them. Now they’re helping to protect sensitive information at various companies and thwarting cyber threats. I used to tell the students that you guys teaching this are the unsung heroes because with all the people you’ve trained…
Ahmed Ragab (46:38.024)
I think that’s a good question.
Kameron Kennemer (46:45.25)
…throughout your career, if you were to add up all the cyber threats that those students were able to stop because of your training, it’s kind of exponential. I wish I could calculate the amount of money that you have saved businesses because it’s probably a lot.
Kameron Kennemer (47:12.942)
The cost of a cyber threat to a business is like $3 million or something like that. It’s some crazy amount. And if you think about all the students that you’ve produced over the years and all of the cyber attacks that they’ve thwarted, and then you were to add up all the money that those companies would have spent if it wasn’t for those students that you trained, I’ll bet you’ve saved companies in this country a billion dollars. I mean, there’s no way of knowing, of course, but…
Ahmed Ragab (47:23.319)
I’m going to give you a little bit of a…
Kameron Kennemer (47:42.07)
Whatever that number is, it’s very high. So…
Ahmed Ragab (47:44.398)
You’re very kind. I’d love to take credit. I hope so. The program I teach is a 10-month program at a variety of universities. They end up with 20 instructors, but I’ll take full credit. But speaking of which, please gray this out because people call me, ping me on LinkedIn, asking for advice. There was a guy who was offered a job as a Network Operation Center (NOC) engineer. Any advice? Yeah, I mean, this guy’s working in the field. I found a job and sent it to him. Please gray all this out. He asked if there are any good cloud engineers, and I asked him how much it pays. He said $240. I told him to call me, but he didn’t. I don’t know what’s going on. This guy got some certification. I asked him how he passed the test.
Let’s see, these guys have jobs like Cloud security team positions, but not everyone gets the same results. I try to do what I can. Let’s see what else was I going to share with you here…
Kameron Kennemer (49:13.39)
That’s fantastic. That’s great. I mean, you should be proud of yourself because you’ve done a lot of good. You’ve done a lot of good.
Ahmed Ragab (49:16.45)
Thank you.
This you’ll have to gray out man, and I kind of hesitate showing this please gray this out Okay, so let me see here because I will get in trouble let me see here. Let me show you This is just a half. I’m doing this ad hoc. This is not rehearsed anything. I can actually I don’t know Let’s talk about . This is some of the feedback that I get for my students
Kameron Kennemer (49:31.831)
I’m graying out everything.
I would- I would-
Ahmed Ragab (49:52.526)
We’re definitely going to have to gray a lot of this out. I don’t know. If you take a look, and some of this maybe not good. Let me see. Instructure was great, very helpful. I enjoyed the class. I would enjoy more in the class if everyone could do together better understanding. I’m looking forward to learning. Literally perfect, the amount of support resource. Honestly, I learned a lot. I feel confident, full of information, which is helpful. I’m really excited to begin the path when you’re filling career.
happy, there’s a ton more. Instructor was great, very helpful. I’m excited to begin. So this is, the feedback has been overwhelming. , I can’t even keep track of it. I mean, look, good, these things, let me see what it is somebody say. I don’t, there’s so many, I get a lot of feedback, that I try to keep.
Kameron Kennemer (50:48.902)
That’s great feedback. It must feel really good to read that stuff after you’ve worked so hard in your classes. Looking ahead, Ahmed, looking into the future of cybersecurity, what do you think the biggest challenges and opportunities are going to be?
Ahmed Ragab (51:07.882)
Are you still there? I’m sorry, I lost you. What are some of the challenges?
Kameron Kennemer (51:12.414)
Yeah, looking in the future, what are we really going to need to work on and keep an eye on?
Ahmed Ragab (51:17.958)
Oh yeah, as I mentioned, things have changed quite a bit since 1993, since I connected my first firewall and take you to the journey and the story. The cybersecurity, instead of just a firewall, we used to go around telling people you need a firewall and you need antivirus and you’re good to go. And look at us now. what I mean? That’s why we’re in the mess we’re in. You talked about business owners, say, hey, talk to me about cybersecurity. He’s like, I have a firewall, I have antivirus.
I’m good. Don’t make me bring out that diagram again and bring out the Louis Vuitton and Gucci. You need defense in depth, a qualitative approach. You can download all the racist patches on your hardware or software. You need defense in depth. You need firewall. You need intrusion into your system, intrusion prevention.
You need web security, you need DDoS mitigation. You saw the Louis Vuitton Gucci, this open source. You need to do a plethora of things. A lot of my clients, some of my clients have 60 different tools. You really need to have a security operations center, a security information event management SIEM tool to collect all the logs and elements from all these 60 tools and prioritize, use artificial intelligence and machine learning and look at abnormalities and things like that and try to create some kind of context.
and be able to detect, block, eradicate, and countermeasure these different types of threats that are coming from different directions. And what I mean? So that’s great. And then you need to take a step, you need to automate it. what I mean? So this is kind of adding more of the real world, okay? This is not just certification, not a big worm, whatever. It’s your rich uncle telling you exactly what you need to do and what you need to learn from a real world practical scenarios. And…
be able to communicate that. So the different type, I’m being asked to secure things that I didn’t secure before, it wasn’t my job. what I mean? I didn’t even secure my own servers. what I mean? Secure them from, oh, I had to worry about the guy from the sales doesn’t get into the finance department, internally, but once you open up the file, once you open up the connected in app, once you have wireless access point, once you got people working from home, you got people with mobile devices, you’re getting text.
How do you protect your thousand employees that are getting text smishing, SMS, text phishing, and they click on it? That wasn’t something that you had to protect in corporate America. Now I’m having to protect the phones. What am I going to do? I’m going to go to Macy’s and buy the Louis Vuitton Gucci of cyber security. I’m going to get up. I’m going to get up over here. I need to protect from DDoS. I’m a financial assistant. Afraid to get DDoS. Hey, there’s Collier, an internet service provider. There’s DDoS mitigation devices.
Oh, you need to protect, I guess ransomware, 90% of the phishing emails are, 96% of ransomware is phishing emails. They click on it. Well, get email security. It will detect them, block these malicious attachments. Will it catch all? No, you need antivirus, and then malware. It’s called endpoint attention response. That goes beyond it. what I mean? You need identity. There’s so many things and we’re not going to catch it all here, but I point anybody that I see in the right direction.
So things to look out for in and of things, operational technology that’s becoming popular in mobile security. People are starting now to be more careful with their application security. There’s a lot of government regulations that says, hey, if you’re a financial institute or your healthcare provider, you have to have these security measures. There’s like 500 security measures that you have to take care of.
what I mean? And they all pretty much say the same thing, anti-virus, anti-malware, endpoint detection response, defense in depth, SIM, you need identity expert management, you need multi-factor authentication, on and on and on, based on the FBI, CISA, and all these guys, they’ve seen the different types of attacks. We’re tracking, we’re logging, we’re know the common techniques and tactical procedures. You need to be up on a clear day’s base. So those are the things. It’s kind of constantly evolved.
There’s a lot of things to look forward to secure, but zero-day threats is our biggest fear a lot of these security tools they rely on signatures and and they say hey you send me an email. It’s going to attach them and I have a signature I have a database that looks malicious. I’ll block it. Well, they mutated they change it and it gets passed the by-by, back past the antivirus anti-malware and put that response They shut off your endpoint detection and response a lot of things that I’m telling my students secure their company
two years ago, I was telling a student to use the triple DAS, decryption encryption standards, 256 bit, and it’s never been broken into two years ago. And a student stopped me and says, oh, there’s an FBI warning. what I mean? This video is already obsolete. No, join me in my LinkedIn, do these podcasts. There’s new threats where we’re made aware of them. And then there’s ways to add configuration changes on your.
security devices to detect and block these things. But it’s never going to end. There’s zero-day threats. Sorry, that was way more than you wanted to hear.
Kameron Kennemer (56:30.259)
No, no, it’s great. I think if there’s one thing folks can take away from this, it’s that the field of cybersecurity is constantly changing. And that comes with a lot of challenges, but also opportunities. It’s a fantastic career opportunity for people who are interested in it. One of the biggest challenges is the increasing sophistication of cyber threats. Hackers are continuously finding new ways to exploit vulnerabilities and breach security systems. However, on the flip side, this opens up opportunities for individuals to combat those threats.
Ahmed Ragab (57:23.662)
And I think that’s a great way to start a business.
Kameron Kennemer (57:24.146)
Companies are constantly seeking individuals who can proactively update their strategies and knowledge to stay ahead of these threats. Advanced technologies like AI, machine learning, and AI-powered threat detection and response systems are in high demand. Those with expertise in these areas will be highly sought after and well-compensated.
Ahmed Ragab (58:15.202)
But I’m not the only one who’s been affected by this. I’ve had to try to hide it from people, and I’ve had to try to never get back to the reality of the fact that I’m not the only one who’s been affected. But I’m not the only one who’s been affected by this. I’ve had to try to hide it from people, and I’ve had to try to hide it from people, and I’ve had to try to hide it from people.
Kameron Kennemer (58:22.07)
With the increasing threats faced by companies and the potential losses they could incur, cybersecurity professionals become integral to their success. This creates opportunities for innovation, growth, and career advancement. The demand for skilled cybersecurity professionals is on the rise, and organizations are prioritizing cybersecurity as a core value. This trend opens up avenues for career growth and the development of new cybersecurity solutions.
Ahmed Ragab (59:00.867)
And that’s what I’m talking about. And I’m going to be talking about the importance of…
Kameron Kennemer (59:19.018)
People who join the field now will be on the ground floor of this growth and have the opportunity to make a significant impact. Ahmed is offering a pathway for those interested in getting their foot in the door. It’s a great opportunity, and here at ITcurio We’re offering free cybersecurity awareness training for business owners, and I’m really excited to have Ahmed here as a guest. We’re both doing similar things, just two sides of the same coin. It’s important that more people understand the opportunities in cybersecurity because we need them.
Ahmed Ragab (59:55.933)
We’re going to be able to do that. And so, we’re going to be able to do that.
Kameron Kennemer (01:00:15.83)
In cybersecurity, it’s like the Wild West. We need to hire deputies, and Ahmed is offering a training program to become cybersecurity deputies, in a way.
Ahmed Ragab (01:00:39.235)
Yeah, I’ve been back and forth on it. I’m still developing it and I need encouragement. I work day and night, two jobs, to support my family and get my kids to college. My wife says I still have Friday, Saturday, and Sunday to work on it. I’m offering my services for free to my students. Some have taken me up on it, and now my mailbox is full. I’m receiving calls, emails, and LinkedIn messages. I try my best to keep up, but I realize that many would benefit from a condensed two-hour video where I share my advice repeatedly. I want to help those who want to enter the cybersecurity field. I show them job descriptions, teach them how to tailor their resumes, and provide them with custom-tailored, free resources. I can’t teach them everything, but I guide them in the most relevant areas. It’s like having a rich uncle guiding you on your journey. It’s about focusing on what the job descriptions require. If they include those details on their resumes, they’ll receive calls. They may stumble in their first interviews, but they’ll learn and reverse engineer the process. It’s fun to learn when it can also earn you money. This way, they can determine if cybersecurity is the right fit for them. There are various job options, such as SOC analysts who monitor security events or junior pen testers who engage in ethical hacking to identify vulnerabilities and flaws. These jobs exist because organizations need to ensure their security measures are robust. Compliance is crucial for companies, especially in industries like finance and healthcare. They undergo regular audits and need to demonstrate their adherence to regulations like PCI and HIPAA. Otherwise, they may face hefty fines or reputational damage. CEOs can end up in a crisis situation, explaining security breaches on national news. They have to make decisions: invest in tools and protection or pay the ransom. Not all businesses can afford comprehensive cybersecurity measures, but cost-effective solutions exist. It’s a constant battle, and organizations must evaluate their risk appetite and weigh the potential consequences of cyber threats.
Kameron Kennemer (01:00:46.966)
We need people, we need deputies. Ahmed said it’s the Wild West out there, and it’s true. We need to hire cybersecurity deputies to protect businesses and combat cyber threats. Ahmed’s training program offers a pathway for individuals interested in becoming those deputies.
Ahmed Ragab (01:01:13.662)
Absolutely. It’s an ongoing battle, and I’ll continue to work on it.
Kameron Kennemer (01:01:15.146)
Exactly. It’s an ongoing battle, and we need skilled professionals to fight on the frontlines. We appreciate Ahmed’s efforts to provide guidance and resources to those interested in cybersecurity.
Ahmed Ragab (01:00:39.235)
Yeah, I’ve been going back and forth on this. I’m still developing it, and I need some encouragement. If you could give me a thumbs up or provide feedback, it would really motivate me. I work day and night, sometimes two jobs, to provide for my kids and support their college education. My wife tells me that I still have Friday, Saturday, and Sunday to work on this. So, I offer my services for free. I encourage all my 1,500 students to call or email me. Some of them have taken me up on the offer, and now my mailbox is full. I receive emails and LinkedIn messages, and I try to keep up with them all. However, I’ve noticed over the past three years that many people would benefit from a condensed two-hour video where I can share the same advice repeatedly. So, I guide them on how to get into cybersecurity. I act as their rich uncle, providing them with job descriptions and the answers to those descriptions. They can update their resumes accordingly, and that will attract calls from employers. Even if they stumble in their first interviews, they will learn and reverse engineer the process. Learning becomes fun when it also brings in money. They can determine if cybersecurity is the right fit for them. There are different job options, such as becoming a SOC analyst who monitors security events or a junior pen tester who engages in ethical hacking to identify weaknesses and flaws. Some industries, like finance and healthcare, are heavily regulated and require quarterly assessments. They won’t just take your word for it. Non-compliance with regulations like PCI or HIPAA can lead to hefty fines. Imagine the CEO of a healthcare or financial organization explaining the payment of a four-million-dollar ransomware on national news. They might choose to invest in tools and protection or pay the ransom. Unfortunately, some businesses may not be able to afford the cost and need to focus on cost-effective solutions, considering people and processes. For instance, hiring someone to conduct penetration testing and evaluate security can be a more feasible option than having a dedicated team available 24/7. Cybersecurity is typically around 10% of the IT budget, so companies can determine if they can afford cybersecurity or if they can afford not to have it. It’s a constant battle, and organizations need to assess their risk appetite and the potential consequences of cyber threats.
Kameron Kennemer (01:05:09.582)
Exactly.
Ahmed Ragab (01:05:22.006)
Often, companies buy expensive tools without fully understanding them. As an IT guy, I would read the manual, configure it, and think it works fine. But expertise is necessary. It’s not just about having the tools.
Kameron Kennemer (01:05:25.314)
I understand.
Ahmed Ragab (01:05:48.396)
No, I can’t think of anything right now. I’m overwhelmed. I apologize.
Kameron Kennemer (01:06:08.322)
That’s alright, Ahmed. Thank you so much for being here today. We appreciate your expertise and the knowledge you shared. For those interested in learning from Professor Ahmed Ragab, he will be developing a course to help individuals enter the cybersecurity field. You can reach out to him on LinkedIn or send an email to the show at itcurio.com, and I’ll forward it to him. If you want to access our free cybersecurity awareness training resources for businesses, you can register at itcurio.com. The links will be in the show description. We are always here to support you on your cybersecurity journey. Thank you and see you next time.