Speaker 1: Welcome to The Cyber Risk Management Podcast. Our mission is to help executives thrive as cyber risk managers. Your hosts are Kip Boyle, virtual Chief Information Security Officer at Cyber Risk Opportunities and Jake Bernstein, partner at the law firm of K&L Gates. Visit them at cr-map.com and klgates.com.

Kip Boyle: Hey everybody, it's Kip. Look, Jake's not available today to help me make episode 129 of the Cyber Risk Management Podcast, so it's just you and me this time. And since I get to pick the topic all by myself, which I don't always get to do, today, I'm going to tell you about some other things that I've made for you. And so I want to start off first by thanking you for listening to the Cyber Risk Management Podcast. We really appreciate having you in the audience and listening, and we really appreciate your feedback. So when you reach out to us and let us know that you liked an episode or that we said something you didn't quite agree with, we like to hear that as well. So I just want to start by saying thank you.

Now, I also am going to share with you a lot of videos and written materials, all kinds of different things that I think will help you, whether you are focused on managing cyber risk or whether you're focused on your career, those are kind of the two big areas. But before I introduce this stuff to you, I want to start with a question, which is, why do I make this podcast with Jake? I think this is an important thing for you to understand because it's going to give you some understanding about why I've made all this other stuff. And what I've learned recently is that if you listen to this podcast, you may not know that I have a lot of other resources available, and so that was kind of the idea for this.

Now, why do I make this podcast? All right, let me tell you a little bit about myself so that you can better appreciate all the other stuff that I'm about to share. Okay, so first of all, I think of myself as an infinite learner. Now, I first heard that term, I didn't make it up, I heard it from Reid Hoffman on his podcast. It's called Masters of Scale. I listened to his podcast because I'm a small business owner and we're growing and I'm trying to figure out how to grow without causing the service that we want to deliver to our customers to become awful. I mean I've seen that happen, I don't want that to happen to us and so I'm infinitely learning, and Reid talked about that.

Now, I don't know if you know who Reid Hoffman is, but he's one of the co-founders of LinkedIn and he has an extremely impressive set of achievements that he's been able to accomplish and I would suggest that you go over and check out his Wikipedia page because he does all kinds of things. He was actually part of PayPal at one point. He's a board member for a lot of innovative companies. So anyway, I really enjoyed his podcast. And when he mentioned this idea of an infinite learner, I just said, "My God, that's how I feel about myself."

Now, that's one of the reasons why I love cybersecurity is because there's just no shortage of things to learn. It seems like every time I turn around there's something new that I can learn about and that just, I don't know, I just feel exhilarated when I learn something really cool. Now, the other thing about me is that I am a practitioner who teaches, and to just sort of boil it out into plain language, I earn money when I serve our customers, when they're pleased with how we've served them and I almost always learn something from every customer that we work with. And we share everything we know with them. We try to be very generous and we just tell them everything that we know about a particular topic and we're happy to just share what we know. Some people want to become better cyber risk managers and they want to become better at all kinds of different things, and so we like to share when that happens.

But here's the thing, when I learn something from working with customers, I share that with you. And if you've been listening to this podcast for any length of time, that should resonate with you because I am constantly doing exactly that, bringing you the things that I learn. And Jake does that too, and that's one of the reasons why Jake and I team up on that.

So that's the second thing that you need to know about me, which is I enjoy teaching people who want to learn. I don't know that I'm very good at teaching people who don't want to learn, to be honest with you, and I really admire the people who can do that. I think about public school teachers in sixth grade, seventh grade, that's a very difficult time of life for anybody, and learning is often the last thing that's on their mind. And to be such a powerful teacher that you can get people who don't want to learn to tune in and pay attention, I think is a marvelous gift. I don't know that I have that, but I certainly do love to teach people who are interested in learning.

Okay so, now because I'm an infinite learner and I'm a practitioner who teaches, I'm constantly creating content and it's being fueled by my studies, and that's what I want to share with you today is the top things that I've made for you. Now, the next thing that you need to know about me is that I work in two problem spaces and so I'm going to organize this list of resources into those two problem spaces.

Now the first one is no surprise, because you listen to this podcast and this podcast is meant to help people who are in the first problem space that I work in, which is the chasm, the communications chasm as I call it, between senior decision makers who work in IT and the rest of the C-suite. Now, I've worked in this space almost all my life, going back to one of my first duty assignments when I was in the Air Force. And most of the time that I've been working in this space, I've really focused on the topic of cybersecurity. So to the extent that I think that I've built a bridge across this chasm, most of the material in the bridge is related to cybersecurity. Of course, this podcast is one of the things that I create in order to help build that bridge, all right?

Now the second problem space that I work in is another communications chasm, go figure. And this one's between cybersecurity job hunters and the hiring managers who are desperately seeking talented team members. Now, I think the biggest reason why I work on this second problem space, building a bridge across this communications chasm, is because over the years I've had a lot of people come up to me, often they just grab me by the elbow, it's very impromptu, and they say, "How can I get into cybersecurity?" Or they say, "Hey, my nephew or my son or my daughter, or somebody I know, a good friend is graduating, or they want to change careers and everybody's hearing about cybersecurity and they're really curious. So what advice would you have for them?"

So because I kept getting asked about that, I finally decided, all right, I'm going to do something more than just give them a 30 to 60 second impromptu answer. I actually went out on the internet looking for somebody who already had a wonderful either website or course or something that I could send people to, but I didn't find anybody out there that was talking about hiring or getting a cybersecurity job from the hiring manager's perspective, I just couldn't find anybody. I found lots of people who were sincerely trying to help, but just not from the perspective that I had. So I wanted to share what I've learned after interviewing hundreds and then hiring dozens of people for my cybersecurity teams over the years. So that's the second space that I work in.

And let me just unpack a little bit about how I got into this space, because the first problem space, my origin story goes back, like I said, into the early 1990s when I graduated from college and went on active duty. But the second problem space I've only been very active in since about February of 2020, so right before COVID-19 showed up and changed all of our lives, I published the first episode of the Your Cyber Path podcasts, and then I actually built and released a companion course. It was an online course, and we helped a lot of people.

And if you've been following me over the last three years, you probably have heard about some of the people that came to my course and took what I shared with them and just went and did some amazing things for themselves. And I give them all the credit because I can share something, but really I'm not the person that has to go out there and do it. Doing it is much harder than sharing an idea. You have to actually take an idea and do something with it, and that's where the real magic is, okay?

But anyway, so I had this course that I did, a companion to the podcast, and if you go back and listen to early episodes of the podcast, you'll hear me talk about it. But that course morphed into a couple of times and ultimately morphed into something that I'm going to tell you a little bit about later, which I think is going to be really, really helpful for people.

But my goal in this second problem space is to make you an irresistible candidate to cybersecurity hiring managers. And it doesn't matter if you're trying to get into cybersecurity for the first time or you're already in it and you're trying to accelerate your career, it doesn't matter. I'm happy to help you look irresistible to hiring managers. And even if you're just trying to get a job as an internal transfer, it's still applicable, whether you're internal or external, it doesn't matter. So that's something that I do there.

Now, interestingly enough, as I spoke to cybersecurity job hunters in both of these two camps, people new, people trying to level up, what I realized was that cybersecurity hiring managers were often their own biggest enemy. They were actually creating difficulties, obstacles and barriers for these job hunters who were trying to do their very, very best. And so I said, "Well, all right, let me go see if I can figure out how to help them. Is there a resource around, something?" I didn't find anything. I found lots of books and different things, but nothing that really brought it all together. All right, so what did I do? Well, once again, I said, "I guess I better make them something, because I just don't see anything out there. And I really want to help these job hunters, but without helping the hiring managers, this is just going to be a long slog."

All right, so then in early 2021, what I did is I released a survey to a lot of cybersecurity hiring managers because I wanted to know what they thought their top pain points were. And I got I think over a hundred of them to respond to the survey that I released. And I discovered what their top five cyber hiring pain points were, and then that led me to create and deliver a few presentations, and ultimately it caused me to bring together over 50 experienced cybersecurity hiring managers and we created an open source project, and it's called the Cybersecurity Hiring Manager's Handbook. I'm the most bland person when it comes to naming things, but one of the reasons I do that is because I'm actually trying to get keywords into the names of things that I make because I want them to be easy to find. Okay, now, so there you go. So I've just summarized for you the two problem spaces that I work in and a little bit about the origin story of how did I get to work in these two problem spaces?

All right now I want to then segue at this point into telling you about some of the other things that I've made for you. Now, some of these things are free, actually, most of them are free and some of them cost a little bit of money, and I'm talking less than 20 bucks. But there are two things that I've made for you that are in the $600 range, and that's a big investment for a lot of people, I recognize that, and I'm going to tell you a little bit more about what those two things are.

Now, I'm not going to read URLs to you in this episode. I'm going to summarize what's on this list for you just so you can have an idea of what's available. Now you can download the list anytime you want, you just go to cr-map.com, that's cr-map.com/thelist. And I'm going to put that URL in the show notes so you can just access it right away and you can go retrieve this list. It's about six pages long, and for everything that I have on the list, I've got the URL right in there so you can go and get it right away.

All right, so let's go ahead and skim through this list that you can download so you'll have a better idea of what's on it. And again, I'm going to organize this into the two problem spaces that I work on. So let's start with the free stuff for cyber risk managers, which everybody listening to this podcast I'm sure there's going to be something in here for you. So of course there's the podcast that you're listening to now, thank you again, but there's also an email companion to this podcast. I don't know if you're aware of that, but every other week I email out about a 500 word message and it's called Inflection Point, and I send it to the subscribers. What I do in there is I tell you something about the big events that have been happening in the world that affect your work as a cyber risk manager.

So this is big, big picture stuff typically and it kind of help explains why we're in this situation and what's happening to make our jobs easier and what's happening to make our jobs harder. And so this is just big picture perspective stuff. So if you're a big picture person, you might enjoy this. Now, if you sign up for this email that I send out called Inflection Point, I just want to tell you that I won't give your email address out to anyone else. I do my very best to protect it so nobody can steal it. And if you try it and you don't like it, it is super, super easy to unsubscribe. I do not make it difficult to have it stop being sent. So if you try it and you don't like it, please don't mark it as spam. That doesn't help. Just hit the unsubscribe link and I will let you go with no additional effort at all, all right?

Okay, so other resources for you. If you build cybersecurity teams, I know that can be very difficult because I've spent a lot of time doing that. So in addition to the handbook that I talked about, I've actually created several free videos to share what I've learned through all of my experience, and you're going to find four of what I think are the best videos that I've made on the list. Now, one of your jobs as a cyber risk manager is to help senior decision makers in your organization to understand the true nature of cyber risk and then how to manage it effectively. So the list has eight videos on that topic and I want to mention two of them in particular so you'll get an idea of how they could help you.

So the first one that I want to call your attention to, it's called What Financial Leaders Really Need To Know About Cyber Risk Management. Now, that could help you because if you ever have to talk to the CFO or the director of finance about your budget request, or why are we spending so much money on cybersecurity, listen to this video, watch this video because I'm going to tell you what works, or at least what's worked for me because I've had lots of those conversations.

Now, the second video of the eight that's on the list is called Smartly Meeting Your Customers Cybersecurity Demands. And this is a video about how to not be seen as the person who spends money to manage cyber risk, but rather as the person who enables the generation of revenue, which is a much more powerful place for you to be, whether you have a team or whether you are working as a single person in your organization. It's so much better to be seen as somebody who is helping the organization win, rather to be seen as somebody who is slowing things down.

Now, I've also got some other low cost resources for you. Now, there's my book, it's called, Fire Doesn't Innovate: The Executive's Practical Guide to Thriving in the Face of Evolving Cyber Risks. Now, I've got multiple formats, paperback, Kindle, and Audible, because I know everybody prefers a different way to consume material, so I've made all three. You can get the Kindle version for five bucks, you can get the Audible version for 18 bucks, and I think the paperback is about $15. So it's all right in that zone, and I would encourage you to grab my book and flip through it. It's an Amazon bestseller and I've got some really great feedback on it, and I would love to hear what you think about it and particularly what you think could be improved.

Okay, now, other resources for you that are low cost. Now I've got two online video courses on Udemy, and I've done both of these courses with Jason Dion. Now I'm going to talk more about Jason in a moment, but you may have heard Jason's name before. He's the owner of Dion Training and he has helped about a million people at this point prepare for cybersecurity related certification exams. So maybe you've already taken a course from Jason, but I've got two courses on Udemy. One's called Implementing the NIST Cybersecurity Framework, and the other one is called Implementing the NIST Risk Management Framework. And typically the price that you'd pay to get to one of these courses is somewhere in the neighborhood of 10 to 20 bucks depending on sales and coupon codes and that sort of thing. And if your company is a Udemy for Business subscriber, there's actually no additional cost to watch either of those courses, so check to see if you're already a subscriber.

Now I'm also on LinkedIn Learning. I actually have many courses on there that I've started there first and then later on I did some courses on Udemy and there's going to be more courses on Udemy coming up. Now, online video at LinkedIn Learning is a little different than it is at Udemy where you can buy courses as you want them. On LinkedIn learning, you actually have to pay a subscription fee, but when you do that, you get access to the entire catalog of all LinkedIn Learning courses and there's some pretty amazing stuff up there. And if you want to test it out, you can actually get your first month for free and no, I don't have an affiliate link for that. I could set something like that up, it's constantly being offered to me, but I don't want to do that. So just go do a trial membership of LinkedIn Learning and then you can access all my courses for a month, check out all the other stuff. Like I said, there's good stuff in there. It's about $25 a month.

And let me tell you some of the courses that I have up there that you might find interesting. There's Cybersecurity for Executives, and another one is called IT and Cybersecurity Risk Management Essential Training. Based on the number of people who take my courses, I would say those are the top two. Those are the ones that I see people taking most often. I also have a course on cybersecurity outsourcing. I have one called Implementing an Information Security Program. Another one's called Implementing a Vulnerability Management Life Cycle.

And there's some other ones up there, but soon I'll be releasing a new course, and it's for cyber insurance and it's designed for people who work at IT who have suddenly found that they are involved in the purchasing process for cyber insurance. And many of us are being given a very lengthy, often complicated obtuse questionnaire from an insurance company and somebody saying, "Here, fill this out." And it's a weird experience, but the course that I'm about to release is going to demystify all of that for you because I've helped a lot of people navigate these cyber insurance applications and so I've got some practical tips and things that I want to share with you.

Now, here's the last thing I want to mention in this problem space of, you're a cyber risk manager and you're trying to talk to other senior decision makers and trying to build a team in a program. Now over at Antisyphon Training, and Antisyphon Training is owned by Black Hills Information Security and John Strand, I'm a trainer there. I've deliberately chosen to train with them because I really enjoy their practical focus on skills, and so I recommend them as a training organization. But over there I've got a course, it's called Hiring Handbook: How to Build an InfoSec Team that Gets Stuff Done.

Now, I do that course live a couple of times a year, but you can also get the on on-demand version, and I really like how that version of the course turned out. Now the cost is $575, which again, I know is a big chunk of change. Hopefully you can get your company to pay for that, and then you can come and actually spend time with me. So it's a highly interactive course. Even the on demand version is really just a recording of a live course that I actually gave, and so it's a very conversational course. There's lots of back and forth between me and the people who attend. And in this class, I not only show you how to build the team of your dreams, but I also show you how to become a powerful influencer on information security strategy with your senior decision makers and you don't even need to open up a Instagram account. So that's pretty cool, right?

Okay, so there's some of the things on the list to help you. Now, what if you're currently focused on your career? What if you're really thinking about this other problem space, you're a job hunter, or let's say you're a hiring manager and you're just trying to understand what people are going through, I would recommend that you tune into some of these other resources here. And by the way, if you are a job seeker and you want to know how hiring managers think, go flip through the Hiring Manager's Handbook, because it's free for you to access on the internet and you can get an idea about how hiring managers think. And it's not what you are guessing is I think what you're going to find out.

Okay, if you're focused on your career, the first thing I want to mention is that I do another podcast. My co-host is Jason Dion, and it's called Your Cyber Path. And I told you just a moment ago, Jason specializes in helping people get various cybersecurity certifications, but he's also a longtime person working in the cybersecurity career field. He has a lot of experience working for the DOD and with defense contractors. And so if you are somebody who would like to get a job in government or in the Department of Defense, Jason has some fantastic and extremely current knowledge that he can share with you. I'm really more in the private sector, although I was in the Air Force, but that was a long time ago, so I'm not nearly as current in that.

Now, there's a companion to the Your Cyber Path podcast and it's called Mentor Note, and I send that out every other week, and it's about 500 words. And can you guess what it's about? Yeah, it's just like Inflection Point, it's just this little thing that I send to you so I can share some of the latest things that I'm seeing in the world of hiring. Now, you can sign up for the Mentor Note at yourcyberpath.com, and just like with the Inflection Point, if you sign up for this, I'm not going to give your email address to anybody else. And if you try it and you don't like it, very easy to unsubscribe. So please, please, please don't mark this stuff as junk. It ruins our reputation as senders, and it makes it hard for people who want to get the Mentor Note or the Inflection Point, it makes them hard to actually get it because email services will actually proactively mark them as spam, and people then have to root around in their spam folder, their junk folder, and nobody wants to do that, and I don't like doing that either.

Now, I've also published a lot of other videos, and most of them are the result of me collaborating with Black Hills Information Security, either their Wild West Hackin' Fest conference or their Antisyphon Training. Let me just tell you a few titles as I wrap up the episode here. There's, Tailor Your Resume to Get Noticed, there's a part one and a part two. And in part two, I actually do a live resume review, which people said was helpful. There's another video called Play to Win: Getting Your Dream Cybersecurity Job, that's a little bit more oriented towards people who are trying to cross into cybersecurity for the first time. And there's another video called Crush Your Interviews and Negotiate Your Salary, and that's going to be applicable to anybody.

Now, I have another big resource, big as in it costs a lot. And by the way, my training courses at Antisyphon are 16 hours long. So I mean, I just go into the details, leaving no stone unturned. But if you want to get my Antisyphon Training, as somebody who is working in the get a job space, I've got a course over there, it's called, How to Be Irresistible to Hiring Managers. You can do it with me live. I teach it a couple times a year, or you can buy the on-demand version. And I really like how that version turned out as well. Cost is the same, $575. I don't think anyone else is going to pay for it for you, so you'll have to invest in yourself if you want to do this. But the goal of the class, as it says in the title, is to help you be irresistible to cybersecurity hiring managers.

And here's the thing, when you are irresistible, you end up in this wonderful place where you have multiple competing offers from hiring managers who deeply feel that they must have you on their team, and so you can often get the offers increased because a hiring manager is so in love with the idea of having you on their team that they just cannot let you go. So is there a better place for you to be? That's where I want you to be.

Now, here's something that I teased a little bit earlier in the episode, which is if you don't have $575 or you just don't want to spend 16 hours going through a thorough deep dive on every topic that I share, later this year, I'm going to be releasing an abbreviated version of the course on Udemy that is co-taught by Jason Dion. So if you want Jason's perspective or if you prefer the Udemy version of getting training on this, I will let you know when that's going to get released and the price will be much, much less than $575.

Okay, so that's an overview of the list. Thank you for being patient with me as I kind of skimmed through it and let you know what's on the list. And I hope you're excited. I hope that I said at least one thing that you would like to check out. So again, you can download the list anytime. Go to cr-map.com/thelist. You'll find that URL in the show notes.

And one final thing that I want to say is that if you want to be the first to know when we publish new content, you can always follow our cyber risk opportunities page that we have on LinkedIn, and you also have an opportunity to subscribe to a monthly newsletter that we put out through LinkedIn through their newsletter feature, and we stuff that thing full of the latest resources, whether it's a podcast episode or a video or whatever it is, that's how you can stay in the know. All right, well, that wraps up this episode of The Cyber Risk Management Podcast. Today I shared some things that I've made for you, sometimes with other people, but we'll see you next time. Thanks a lot.

Speaker 1: Thanks for joining us today on The Cyber Risk Management Podcast. If you need to overcome a cybersecurity hurdle that's keeping you from growing your business profitably, then please visit us at cr-map.com. Thanks for tuning in. See you next time.