What are the different career roles in cybersecurity?

Roles include information security engineer, network engineer, security analyst, risk analyst, and more.

Is cybersecurity a booming field?

Yes, cybersecurity is in high demand and is expected to grow despite advancements in AI.

What is the typical salary range for cybersecurity engineers?

Entry-level salaries typically range from $90,000 to $140,000, depending on experience and location.

What skills should aspiring cybersecurity engineers develop?

They should focus on software fundamentals, learn programming languages like Python, and understand networking concepts.

What is the difference between red team and blue team?

Red team focuses on offensive security (hacking), while blue team focuses on defensive security (protecting systems).

Reality of US Job Market for Indian Students | MS in USA | Cybersecurity in USA

00:46:54

https://www.youtube.com/watch?v=-1Bj6FboUow

Sintesi

TLDRIn this podcast, Bala Pranit shares his journey as a cybersecurity engineer, discussing his education at UNCC Charlotte and the various career roles in cybersecurity. He emphasizes the importance of strong software engineering skills and networking for job hunting. Bala outlines his job application strategy, which included attending cybersecurity conferences and customizing resumes for specific roles. He addresses concerns about job security in the field due to AI, asserting that demand for cybersecurity professionals will continue to grow. Bala also provides practical advice for aspiring cybersecurity engineers, including essential skills and certifications to pursue.

Punti di forza

🎓 Bala graduated from UNCC Charlotte, emphasizing its strong cybersecurity curriculum.
💼 Networking is crucial; attending conferences can lead to job opportunities.
📄 Customizing resumes for specific roles increases chances of landing interviews.
🔍 Understanding both offensive and defensive security is important in cybersecurity.
💡 Strong fundamentals in software engineering are essential for cybersecurity roles.

Linea temporale

00:00:00 - 00:05:00
The discussion begins with a focus on the importance of cybersecurity education and career opportunities. The speaker emphasizes the need for strong software engineering skills as a foundation for becoming a successful cybersecurity engineer. They also touch on the job market's current state, particularly in 2023, and the challenges faced during job hunting, including the impact of AI on job availability.
00:05:00 - 00:10:00
The speaker elaborates on the vastness of cybersecurity, explaining their role as an information security engineer and the various domains within the field, such as red teaming, blue teaming, and software development security. They stress the importance of understanding both hardware and software aspects of cybersecurity for a well-rounded skill set.
00:10:00 - 00:15:00
The conversation shifts to the differences between red and blue teams, with red teams focusing on offensive security (hacking) and blue teams on defensive security (protecting systems). The speaker mentions their current role in a purple team, which combines elements of both red and blue teams, and discusses the importance of cloud security and compliance roles in the industry.
00:15:00 - 00:20:00
The speaker addresses the booming demand for cybersecurity professionals, reassuring listeners that AI will not eliminate jobs in the field. They emphasize the importance of passion and continuous skill development in ensuring job security and success in cybersecurity careers.
00:20:00 - 00:25:00
The speaker shares their personal job hunting journey, detailing their timeline and strategies for applying to internships and full-time positions. They highlight the importance of networking, customizing resumes, and the sheer volume of applications submitted to secure interviews.
00:25:00 - 00:30:00
The discussion includes insights into the interview process for cybersecurity roles, including online assessments and technical interviews that test candidates' knowledge of vulnerabilities and problem-solving skills. The speaker shares their experiences with different interview rounds and the types of questions asked.
00:30:00 - 00:35:00
The speaker provides a breakdown of typical salary ranges for cybersecurity internships and full-time positions, noting that salaries can vary based on experience, location, and company. They emphasize the potential for high earnings in the field, especially in fintech companies.
00:35:00 - 00:40:00
The conversation concludes with advice for aspiring cybersecurity engineers, including the importance of mastering fundamentals, gaining practical experience through platforms like Hack The Box, and pursuing relevant certifications. The speaker encourages continuous learning and building a strong professional network.
00:40:00 - 00:46:54
Finally, the speaker reflects on their journey, expressing gratitude for the support received and the importance of enjoying the learning process while navigating the challenges of building a career in cybersecurity.

Mostra di più

Mappa mentale

Video Domande e Risposte

What are the different career roles in cybersecurity?
Roles include information security engineer, network engineer, security analyst, risk analyst, and more.
Is cybersecurity a booming field?
Yes, cybersecurity is in high demand and is expected to grow despite advancements in AI.
What is the typical salary range for cybersecurity engineers?
Entry-level salaries typically range from $90,000 to $140,000, depending on experience and location.
What skills should aspiring cybersecurity engineers develop?
They should focus on software fundamentals, learn programming languages like Python, and understand networking concepts.
What is the difference between red team and blue team?
Red team focuses on offensive security (hacking), while blue team focuses on defensive security (protecting systems).

Visualizza altre sintesi video

Ottenete l'accesso immediato ai riassunti gratuiti dei video di YouTube grazie all'intelligenza artificiale!

Sottotitoli

Scorrimento automatico:

00:00:00
first of all why do you say least famous
00:00:03
university and what are these different
00:00:05
career roles that people can get into if
00:00:08
they do SEC cyber security if you want
00:00:10
to become a good cyber security engineer
00:00:12
I think you would have to be a very good
00:00:15
software engineer first is cyber
00:00:17
security booming does it have job is it
00:00:21
going to have job with this Ai and all
00:00:23
of I don't know for some reason I was so
00:00:24
happy to look at that rejection mail cuz
00:00:28
I knew I was on the right track if I'm
00:00:30
at least getting some responses the IBM
00:00:32
did not convert into fulltime and that's
00:00:34
because obviously 2023 worse Market they
00:00:37
were not hiring hiring frees and all of
00:00:39
that so now comes the full-time hunt
00:00:43
when did you start what was the strategy
00:00:45
that you applied so what is the typical
00:00:48
salary range for cyber security
00:00:50
Engineers wait I help you save 30k
00:00:54
how before we dive into all the
00:00:56
strategies and stories that we're going
00:00:57
to discuss in this podcast let me ask
00:00:59
you this do you have a clear job hunting
00:01:02
strategy to get an internship or
00:01:04
full-time job most people don't and it's
00:01:06
costing them opportunities I've helped
00:01:08
over 1100 students with their strategies
00:01:11
through my ultimate job hunting course
00:01:14
and trust me I'm not even kidding I
00:01:16
could see so many recruiters viewing my
00:01:19
profile and it's been the best
00:01:20
investment I've ever made the content is
00:01:23
incredibly practical filled with tips
00:01:25
and strategies that make you stand out
00:01:27
to recruiters uh it was one of the best
00:01:29
courses that I had have done till this
00:01:31
this course covers everything that you
00:01:33
need to stand out you will get ultimate
00:01:35
resume course you will get ultimate
00:01:36
LinkedIn course networking strategy
00:01:39
access to 1100 plus job Seekers for
00:01:42
support and personal support from me
00:01:44
through WhatsApp group I will walk you
00:01:46
through every single step that you need
00:01:48
with real examples and the tools that
00:01:50
will give you an edge I don't want you
00:01:52
to miss any other opportunity to land
00:01:54
your next job or an internship so check
00:01:57
the link in the description and now I
00:01:59
will let you enjoy the podcast thank you
00:02:01
Bala for doing this I am excited to talk
00:02:05
about first there's not many security
00:02:08
engineering content on my channel so
00:02:11
thank you for saying yes to me and I'm
00:02:13
excited to share your journey with
00:02:15
everybody on your unique job hunting
00:02:18
tips and how you got the job as well but
00:02:21
before we get to that let's do like a
00:02:23
quick intro starting off with myself uh
00:02:25
my name is Bala pranit and I came to the
00:02:28
US in the year 21 especially during the
00:02:32
fall semester I've studied uh Masters in
00:02:36
cyber security from one of the least
00:02:39
famous I would say universities called
00:02:41
UNCC Charlotte it's in North Carolina
00:02:45
okay and uh during my Ms U I've been U
00:02:50
exposed to a lot of different cyber
00:02:51
security topics and domains so I think
00:02:54
that uh helped me further in my career
00:02:58
to learn a lot of skills also one more
00:03:00
thing well so two questions first of all
00:03:02
why do you say least famous
00:03:05
university and the second one did you
00:03:08
have any experience in
00:03:10
India uh yeah sure so alansa with the
00:03:13
first one uh I mention it as least
00:03:16
famous because uh I think it's the
00:03:20
curriculum itself for cyber security
00:03:22
over there in the UNCC is absolutely
00:03:27
topnotch if you want to learn really
00:03:29
good skills get your fundamentals right
00:03:32
I think that is where the place you
00:03:34
would have to look into especially in in
00:03:36
that University and I personally wanted
00:03:39
to bring this up just to make people
00:03:42
aware that if you are interested in
00:03:44
cyber security then you got to check it
00:03:47
out UNC Charlotte the work experience
00:03:50
part I would say a little bit on and off
00:03:53
because I was doing a bit of freelancing
00:03:56
and also I was working on a real time
00:03:59
project so I work for like a corporate
00:04:03
company as called but I do have some
00:04:06
kind of experience while uh being in
00:04:09
India espe during the year of like 2020
00:04:12
so okay got it so some Prof you do have
00:04:17
like a overall profile and a port
00:04:19
portfolio about security stuff but you
00:04:22
don't like have a a internship like a
00:04:25
legal not legal but like a corporate
00:04:28
full-time job that uh you had as a
00:04:31
security engineer so that'll be
00:04:33
interesting to kind of dissect further
00:04:35
but before we dive into your job hunting
00:04:39
I am noob in in security engineering
00:04:42
like I I know I keep hearing so many
00:04:45
terms network engineer security analyst
00:04:48
risk analyst cyber security engineer
00:04:51
what what is your role and what are
00:04:54
these different career roles that people
00:04:56
can get into if they do secure cyber
00:04:59
security
00:05:00
so yeah uh one of the important aspects
00:05:04
in cyber security is it's very vast okay
00:05:08
and my current role is I work as an
00:05:11
information security engineer for a
00:05:13
financial
00:05:15
institution and then generally speaking
00:05:18
of cyber security people assume red
00:05:20
teaming and then blue teaming only two
00:05:22
sides of it but then I would say there
00:05:26
is a lot of domains especially looking
00:05:29
onto be supply chain security or might
00:05:32
be a software development security right
00:05:34
Che your code you have to know have the
00:05:37
knowledge of writing secure code right
00:05:40
and
00:05:41
then if any of the vulnerabilities are
00:05:44
there in your code right you would also
00:05:46
have to know what kind of
00:05:49
packages or other different software
00:05:52
Frameworks have vulnerabilities so I
00:05:55
would say not diving into depth but if
00:05:59
you you want to become a good cyber
00:06:01
security engineer I think you would have
00:06:03
to be a very good software engineer
00:06:06
first
00:06:07
CU understand how systems
00:06:12
work it's going to be a painful job for
00:06:15
the security Engineers so but what about
00:06:18
like I also hear about the network uh
00:06:21
Engineers network security Engineers do
00:06:24
they have to really understand how the
00:06:27
coding works because I don't think they'
00:06:28
really care right like it's all about
00:06:30
firewall and again I don't know this I'm
00:06:33
asking you this question so again yud
00:06:36
here the concept comes like if you are
00:06:39
interested in the hardware side of
00:06:41
things or the software side of things
00:06:43
right you look at a network engineer you
00:06:45
can look at it in two perspectives one
00:06:48
in a very Hardware perspective and
00:06:50
another in a very above Hardware that's
00:06:53
software like right so if you trying to
00:06:58
become a network engineer for an example
00:07:00
correct you would have to know the
00:07:02
fundamentals of networking like what are
00:07:05
ports what protocols are there right
00:07:08
what is HTTP what is htps these are very
00:07:11
fundamental things right once people
00:07:15
have grip on these fundamentals they can
00:07:19
easily pivot into another domain what
00:07:21
you're going to watch is an amazing
00:07:23
story but before you watch that I just
00:07:24
want to quickly say that all of these
00:07:26
story I compile the key insights from
00:07:29
the these stories and all the podcast
00:07:30
that I do and I put this in my free
00:07:33
exclusive newsletter Community every
00:07:34
week more than 16,000 people receive my
00:07:37
newsletter and they love it and here are
00:07:40
some of the examples you can see this
00:07:41
was a podcast on George Mason
00:07:43
universities and you can see how to
00:07:45
network and 10% cold emailing powerful
00:07:49
LinkedIn techniques and so and so forth
00:07:51
so if you interested in becoming part of
00:07:53
this exclusive newsletter Community
00:07:55
absolutely free link is in the
00:07:57
description or you can go to YouTube
00:07:59
dj.com
00:08:01
newsletter uh you also mentioned red
00:08:03
team blue team what's the
00:08:05
difference so to Simply tell you red
00:08:09
consider red team as hackers who
00:08:14
actively hack into systems right and
00:08:19
then these are good hackers
00:08:22
again so yeah I mean they're
00:08:24
intentionally trying to hack so it can
00:08:26
show that hey look your system is
00:08:29
hackable
00:08:30
correct yeah right and this helps uh the
00:08:34
red team hackers to solve and find out
00:08:37
vulnerabilities before the bad guys
00:08:39
actually hack into the
00:08:41
network yeah that is simple way of
00:08:45
explaining red teaming but then if you
00:08:47
consider blue teaming it's like you're
00:08:50
Defending Your Castle right you are
00:08:53
defending your network
00:08:55
and if the red team is attacking you
00:08:58
have to know how to defend your network
00:09:00
so that's like oh so if the virus has
00:09:04
been come to your system now you have to
00:09:06
figure out like how to get out of it
00:09:08
exactly right got it got it so what is
00:09:11
which team are you in uh I am in again
00:09:15
currently a team called Purple team so
00:09:18
what purple team does is basically a bit
00:09:22
of red teaming and as well as blue
00:09:24
teaming so you have to have an idea of
00:09:28
the red team fundament
00:09:30
the you know tactics and
00:09:33
methodologies at the same time it's
00:09:35
important to have that blue team mindset
00:09:38
wherein you know how to manage your
00:09:41
assets defend your assets at the same
00:09:44
time so yeah there's a it's a special U
00:09:48
domain that's called Dev seop cud for
00:09:51
this one so okay and and then there is
00:09:55
cloud security as well uh which I'm
00:09:58
assuming falls under the network
00:10:00
software side of things because it's
00:10:02
it's in the cloud but then there's whole
00:10:05
another Deo and KPMG these people also
00:10:08
hire from cyber security to write
00:10:10
compliance uh policies and sock to
00:10:13
compliance and sock compliance so what
00:10:15
are what are these areas sure so mostly
00:10:19
these are defined these are defined as
00:10:22
GRC roles right so what these roles do
00:10:27
in real time is let's say they give you
00:10:30
best practices guide to follow to
00:10:34
implement a certain technology stack
00:10:37
right think of it as it as a safe guard
00:10:41
rails for your technology technology
00:10:44
stack before you actually architect the
00:10:46
entire solution
00:10:48
like to put it up in a simple way
00:10:50
consider a house right you always have
00:10:53
to lock your house lock your doors right
00:10:55
make sure everything is like clean and
00:10:58
neat so these are all compliances like
00:11:00
it's mandatory that you have to do it
00:11:03
yeah and and the companies like Deo KPMG
00:11:07
and all these people uh they obviously
00:11:10
they are getting hired by the clients to
00:11:13
make sure they are sock compliant love
00:11:15
it one last question before we dive into
00:11:18
the job hunting is is cyber security
00:11:21
booming does it have job is it going to
00:11:24
have job with this Ai and all of this a
00:11:26
lot of people are scared that AI is
00:11:28
going to take away cber security
00:11:29
Engineers job so is this true or is is
00:11:34
there a demand of this field yeah uh
00:11:38
this is actually a very huge question
00:11:41
for me to answer UD I'm just a small
00:11:43
small part of this entire puzzle but
00:11:47
uh I think if you're really passionate
00:11:50
and interested in cyber security or in
00:11:52
any kind of domain you will find your
00:11:55
way
00:11:56
out all it requires is to have a bit of
00:11:59
of craziness like yes do you like it or
00:12:01
not yes if you you'll find your way out
00:12:05
so yeah I and so I the reason I was
00:12:08
asking was I did a podcast last week
00:12:11
with
00:12:12
someone they work in apple as a security
00:12:16
network engineer and uh so they
00:12:19
mentioned that this field is never going
00:12:23
to die and no matter of AI is not going
00:12:26
to take away the jobs uh as long as like
00:12:28
you said you have the skills and he also
00:12:32
said something interesting he said the
00:12:34
thing with the security is like you just
00:12:36
have to know the basic concepts and
00:12:38
fundamentals if your core is strong you
00:12:41
will be fine and the bar is like that
00:12:44
low I'm like wow that is interesting is
00:12:47
that true would you agree uh I would
00:12:50
agree and disagree at the same time
00:12:52
because one thing what you said right is
00:12:54
U the fundamentals are core pillars
00:12:57
right you have to make sure that
00:12:59
fundamentals are right but at the same
00:13:01
time if you build your skills on the
00:13:04
fundamentals right I think it will take
00:13:06
you a long way ahead don't just for like
00:13:09
one two years of time look at a long
00:13:12
journey where you want to sustain in
00:13:13
this
00:13:15
field so I would say keep building up
00:13:18
your skills and then you're in a very
00:13:20
good place to go nice okay great let's
00:13:23
dive into the job hunting journey of
00:13:26
yours um you came in fall when did you
00:13:29
graduate so I graduated in
00:13:34
2023
00:13:35
May which is the worst job market ever
00:13:39
uh there were no one no one was hiring
00:13:42
uh but something interesting you also
00:13:44
told me that you had IBM Co-op as well
00:13:50
for which was like a pretty big like
00:13:53
almost 12 months Co-op right so is that
00:13:56
so sorry I know we are going to talk
00:13:58
about job but because I have the
00:14:00
question so onee Co-op uh does UNCC
00:14:03
allow you to do one-ear
00:14:05
co-op so uh there is a very tricky way
00:14:09
of putting this out Yi uh to simply
00:14:12
answer yes it does right and then Co-op
00:14:16
doesn't necessarily have to be 40 hours
00:14:19
it can also be 20 hours of time okay so
00:14:22
I have done is uh I did get an
00:14:25
internship during the summer for my
00:14:28
first year
00:14:29
right I've worked really hard on this
00:14:32
one and then I've learned a lot of new
00:14:35
skills so the manager had seen something
00:14:39
in me and he then extended that offer to
00:14:43
the next December that's the next fall
00:14:46
semester okay so what happened here is I
00:14:49
was working only 20 hours with
00:14:52
IBM consider it as like a part-time job
00:14:55
while being a student right yeah yeah
00:14:57
yeah I did the same thing yes
00:14:59
yeah yeah but then instead of working on
00:15:01
campus I was working for
00:15:04
IBM that's how I continued the next 6
00:15:08
months or whatever the time period is
00:15:11
and then that got extended into another
00:15:14
20 hours in the next
00:15:17
semester this was again done by
00:15:20
replacing a subject what I done is we
00:15:23
have to complete 10 subjects in order to
00:15:27
get a degree right so I did only nine
00:15:30
subjects and then the last subject had
00:15:33
switched it with that internship and
00:15:35
then did a one full year of that
00:15:39
internship yeah yeah interesting yeah I
00:15:42
did the same I got my project management
00:15:45
internship in summer and then uh they
00:15:48
extended it they wanted me to continue
00:15:51
um they wanted me to work more but they
00:15:55
said like 20 hours is fine too so then I
00:15:57
did not end up doing on campus job I
00:16:00
started doing this but I had to take one
00:16:03
CPT credit to do that like it's not like
00:16:07
I you can do off-campus job you still
00:16:09
have to enroll into a credit to show
00:16:12
that that is helping you with your
00:16:14
education so I'm guessing it's a similar
00:16:17
concept yeah it's exactly the same yeah
00:16:19
yeah got it okay cool so how did you get
00:16:22
it um what was the timeline when did you
00:16:25
apply when did you start your job
00:16:27
hunting Journey was the first thing you
00:16:29
did okay so most of my friends started
00:16:33
applying in the month of uh right when
00:16:35
they landed in the US but I was just
00:16:38
trying to enjoy you know actually taking
00:16:41
that happens in the US right and then I
00:16:43
started off my
00:16:45
applications exactly in the month of
00:16:49
January so you skipped the first
00:16:51
semester completely yep and then uh you
00:16:54
started applying in January but what did
00:16:57
you work on your resume LinkedIn and all
00:17:00
of that in the first semester or no so I
00:17:04
had worked on all of these things while
00:17:06
I was in India okay gave me advantage of
00:17:09
that you know first semester try to
00:17:12
enjoy you know meet new people
00:17:14
experience yeah okay so started applying
00:17:18
uh in January and then I was doing just
00:17:22
two three applications per day and I
00:17:25
started noticing a pattern wherein
00:17:29
if let's say I applied today for a
00:17:31
particular job role I would get a
00:17:34
response which is obviously rejected in
00:17:38
minimum time span of like let's say 20
00:17:40
days so I started reling this pattern
00:17:44
and then what I've done is actually
00:17:48
applied properly I would say in the
00:17:50
month of February okay applying in
00:17:53
February again I did 30 applications per
00:17:56
day w from 3 to 30 okay right uh the way
00:18:02
I've uh again thought about this
00:18:05
isud I've consider this as my part-time
00:18:08
job so I used to sit down four hours 3
00:18:11
hours straight try to apply as many
00:18:14
applications as possible among that 30
00:18:18
20 quality applications and 10 random so
00:18:23
that that's my strategy of applying it
00:18:26
so I kept on applying it uh I used to
00:18:28
get a lot of rejection males and I don't
00:18:32
know for some reason I was so happy to
00:18:34
look at that rejection maale cuz I knew
00:18:37
I was on the right track if I'm at least
00:18:39
getting some responses yeah yeah yeah
00:18:42
complete ghosting is like a feeling like
00:18:44
I don't even know if if if like what's
00:18:46
going on so yeah 100% agree getting a
00:18:50
reject is is at least a good sign that
00:18:52
okay you can change the direction but
00:18:55
not getting anything is
00:18:57
frustrating exactly L right so and I've
00:19:01
started applying like this long story
00:19:04
short I've applied around 800 to 900
00:19:08
applications wow yeah and then I've got
00:19:13
calls from at least I think around 20
00:19:15
companies among all of these and then
00:19:18
out of these 20 companies I remember
00:19:22
clearing four interviews which had four
00:19:26
rounds for
00:19:27
internships and among that I had landed
00:19:30
one from
00:19:33
IBM
00:19:35
wow all the students who are watching
00:19:37
this they should do the math in their
00:19:39
head that rough like I know some there
00:19:43
are obviously exceptional cases where
00:19:45
people apply to 10 and they get it and
00:19:48
some apply to thousands and then they
00:19:50
ultimately get one offer so just don't
00:19:54
give up keep added is ultimately what
00:19:56
I'm trying to get at that uh you never
00:19:59
know like the thousandth application you
00:20:02
did and that was going to turn into an
00:20:04
offer yeah totally agree on yeah uh
00:20:09
so I want to Deep dive into something
00:20:13
you said uh quality application what
00:20:16
I've done is made up around s to eight
00:20:19
resumes one for redeeming as again since
00:20:22
I'm in cyber security one for blue
00:20:24
teaming one for purple teaming one for
00:20:26
network engineer all of these fields
00:20:29
right I did make certain resumes keep on
00:20:33
applying and changing every resume for a
00:20:36
particular role for exactly these 10
00:20:39
roles okay right and for the remaining
00:20:42
20 of them I used the best resume which
00:20:46
I think fits for that particular role
00:20:48
kept on applying
00:20:50
it all it so you customize the quality
00:20:55
application in your opinion is
00:20:56
customizing your resume for that role
00:20:59
that you are applying and even spending
00:21:01
extra time in answering those
00:21:03
application questions correct
00:21:06
100% uh so is that so you mentioned that
00:21:09
you did 800 to 900 application and you
00:21:12
got 20 interview calls and you know
00:21:15
ultimately four final rounds and one
00:21:17
offer uh was that the only way you ended
00:21:21
up getting calls did you try networking
00:21:24
referal route at all or does that did
00:21:26
not work at all for you yeah I mean I
00:21:29
was a bit naive on this one uh so for
00:21:33
internships I didn't want to use that
00:21:35
referral because I wanted to keep it for
00:21:38
a full-time job okay interesting okay
00:21:41
right and my actual strategy of job
00:21:44
hunting starts when it comes to
00:21:47
full-time and then that's how I'm going
00:21:49
to share that in a while though so but
00:21:51
yeah intership side kept it simple you
00:21:54
know rather go the traditional way keep
00:21:57
applying give it track it yeah the
00:22:00
managers hiring managers and the
00:22:01
managers would test you on your
00:22:04
fundamentals and if you deep dive into
00:22:07
technical skills I think it's important
00:22:10
to understand the top web
00:22:14
vulnerabilities for example right and
00:22:17
then going a bit further understand what
00:22:20
is active directory and what attacks you
00:22:24
can do in Windows environment especially
00:22:27
for teaming side of it but if you're on
00:22:30
Blue teaming side of it I would say
00:22:33
understand how you can resolve a
00:22:36
particular bug ticket right and then
00:22:40
have different methodologies of solving
00:22:44
one
00:22:45
problem and then once you have this kind
00:22:47
of technical skills and that mindset to
00:22:51
solve it I think you'll be in a pretty
00:22:53
good shape to get and learn those skills
00:22:57
as you progress
00:22:59
got it and so is there like an online
00:23:02
assessment so you know how software
00:23:04
Engineers have an OA or online
00:23:07
assessments before even they get to the
00:23:09
interview round is that true for uh
00:23:13
security internships or no yes that is
00:23:16
uh correct some companies do use this
00:23:19
kind of uh approach so the the way it
00:23:22
works is they give you a web application
00:23:25
okay and they are going to tell you hey
00:23:29
look try to find out as many as
00:23:31
vulnerabilities you can prepare a very
00:23:35
well documented approach of how You'
00:23:37
actually found those vulnerabilities and
00:23:40
submit that document to
00:23:42
us once the hiring manager or the panel
00:23:46
looks at the documents reviews it then
00:23:50
they will decide if the candidate is you
00:23:53
know well vered for that role or not but
00:23:56
yes assessments do exist is for the
00:23:58
security Engineers got it okay sweet so
00:24:02
you got the IBM stuff what's the typical
00:24:05
salary range for security
00:24:08
internships so uh typical salary range
00:24:12
would be around uh 38 to
00:24:16
$65 nice yeah talking about this uh got
00:24:20
it okay but if in general if you had a
00:24:23
loan which was pretty high percentage
00:24:26
15% interest rate
00:24:28
you would have been able to pay off with
00:24:30
with your Co-op that's correct I would
00:24:32
have easily paid off with that Co-op for
00:24:35
got it okay nice um that is crazy right
00:24:39
that is so crazy but did your IBM
00:24:43
internship you said you have a full-time
00:24:45
strategy and that was separate which
00:24:47
tells me that the IBM did not convert
00:24:49
into full-time is that correct
00:24:52
absolutely and that's because obviously
00:24:54
2023 worst Market they were not hiring
00:24:57
hiring free and all of that so now comes
00:25:00
the full-time hunt when did you start
00:25:03
what was the strategy that you applied
00:25:06
so for the full-time uh job strategy uh
00:25:10
I started applying in the month of
00:25:14
December okay so you are graduating in
00:25:16
May 2023 you started in December 2022 so
00:25:20
roughly six months uh before you started
00:25:23
working on it Go and this was while I
00:25:27
while I had the cop offer in my hand
00:25:29
because I knew since it's the worst
00:25:32
Market we cannot take any kind of
00:25:35
risks yeah yeah going to that one
00:25:37
company so what I've done and my
00:25:40
strategy was to attend lot of security
00:25:43
meetups in the US so security Community
00:25:48
has a very vast conferences in the USA
00:25:52
right one of it is called
00:25:55
bsides which is very active all over
00:25:58
even in India even in the US every state
00:26:02
and city has it almost like that b s i d
00:26:06
s b and sides okay yes I see it uh go so
00:26:13
there are a lot of places like uh
00:26:16
besides rale besides Charlotte and then
00:26:19
besides even San Antonio and places like
00:26:24
that so what I have done is uh I used to
00:26:28
find some time during the especially
00:26:30
most of these conferences are during the
00:26:32
weekends so what I used to do was attend
00:26:35
a lot of conferences I think the EXT and
00:26:38
me had come out attend these conferences
00:26:42
so upon attending these conferences I
00:26:45
noticed that it's a two-day conference
00:26:47
right my simple thing is I love to make
00:26:50
friends so I love to learn from people
00:26:53
on the first day I I would interact with
00:26:57
every person out there whom I think we
00:27:00
can replicate right it's just it goes
00:27:03
with the flow like what activities you
00:27:04
do and then how do you network it out
00:27:07
all these skills matter
00:27:08
again so the second day what I did is I
00:27:12
was just I don't know why I had this
00:27:15
idea I just printed out my resumes and
00:27:18
then on the second day it was a bit like
00:27:21
chilled out it's not that rush so I used
00:27:23
to go to these uh friends of mine and
00:27:27
these would be the people of like
00:27:29
managers directors and like hardcore
00:27:32
programmers and stuff like that I used
00:27:34
to go to these people hand out my
00:27:36
resumes and be like hey buddy uh you
00:27:39
know can you please review my resume and
00:27:41
they' be like yeah sure why not you know
00:27:44
people will agree for some and people
00:27:46
might not agree so be cool with that no
00:27:49
no offense on that respect people's time
00:27:52
and then if people say yes right sit
00:27:55
down I used to sit with them 10 minutes
00:27:58
give my resume and explain my story of
00:28:02
why I love cyber security and they would
00:28:05
actually review it and then tell me the
00:28:07
points and then I used to not out the
00:28:09
points then and
00:28:10
there that's how we already made a
00:28:12
connection professionally as well we've
00:28:16
a connection personally which is very
00:28:18
amazing we've also got to know each
00:28:20
other sharing our stories and talking
00:28:22
about Security in general and then once
00:28:25
this was
00:28:26
done I think if it's important to
00:28:30
validate the person's efforts and
00:28:33
appreciate them their time what I used
00:28:35
to do is drop them a LinkedIn message
00:28:39
right then and there thanking them for
00:28:41
their time so in this way what happens
00:28:45
is they actually remember you that oh
00:28:48
you know what I actually know this
00:28:50
person like we've interacted with them
00:28:53
and then I know him in person right so
00:28:57
that's how I did it and then as I kept
00:29:00
doing this it was a rough Journey but I
00:29:03
don't know for some reason I loved it as
00:29:05
I kept doing this uh one person noticed
00:29:09
something in me and he's like uh Hey
00:29:11
Bala I think uh I have a job role coming
00:29:14
up you want to interview for it I was
00:29:17
like yeah sure why not so I got the
00:29:21
interview and then attended that one
00:29:26
shot cleared it
00:29:28
landed a
00:29:30
job but this is the end of the story now
00:29:34
going
00:29:35
back while doing this strategy I had got
00:29:39
a lot of calls from the
00:29:42
companies because while doing the
00:29:45
strategy at the end of the day all it
00:29:47
takes is like one person to watch for
00:29:49
you yeah
00:29:52
yeah if one person believes in you you
00:29:54
are in the company M so I think as I was
00:29:58
doing the strategy I had received a lot
00:30:00
of calls but then unfortunately I wasn't
00:30:03
up to their Mark I had
00:30:07
uh I would say not that good skills
00:30:10
which the company
00:30:12
expected but I did eventually land a job
00:30:16
in this process of like networking you
00:30:19
know reviewing my resumes build legit
00:30:23
good connections don't build connections
00:30:26
for your job or for personal sake build
00:30:29
connections so that you can contribute
00:30:32
and as well as they can help you out so
00:30:34
it's a two-way
00:30:36
process look at my professional and
00:30:39
personal connections so yeah
00:30:42
yeah now that you know that this works
00:30:46
uh going back in time would you have now
00:30:50
started instead of December 2022 would
00:30:53
you have started when you landed because
00:30:56
by then you would have so much more
00:30:58
opportunities than starting 6 months
00:31:00
before you are graduating would you
00:31:02
agree or no uh I don't agree on the cud
00:31:05
uh because I personally wanted to enjoy
00:31:08
the exposure and the culture change you
00:31:10
know coming back from India so I
00:31:13
wouldn't like start right away once I
00:31:16
landed in the US I you enjoyed the
00:31:20
conferences and meeting
00:31:21
people yeah but what I'm trying to say
00:31:24
is I wouldn't want to do that right when
00:31:27
I landed into the
00:31:28
US right I would I would want to get
00:31:32
some time to settle down and actually
00:31:35
understand like the culture changes the
00:31:37
people over here and then you know how
00:31:38
to talk it's important to communicate
00:31:42
well right yeah so once I have all of
00:31:45
these things down then maybe yes yeah
00:31:48
yeah I mean if I I would 100% double
00:31:52
down on what you said the strategy which
00:31:55
you used um I didn't know there were so
00:31:57
many sec maity conferences but that's
00:31:59
good I'm assuming it's the same for
00:32:01
product as well and software engineer I
00:32:04
know there are many conferences out
00:32:06
there for software people there GHC as
00:32:09
well which is Grace Hooper
00:32:11
conference I yeah I would I agree like
00:32:15
land but not like the next day you go to
00:32:18
a conference but I wouldn't wait until
00:32:20
like two semesters gone uh I mean sure
00:32:23
and you can still enjoy because it
00:32:25
sounds like it just happened on weekend
00:32:27
so you can still go and it sounds like
00:32:29
it was more fun I would still go and
00:32:32
have fun while you are networking
00:32:35
because again the ultimate goal is not
00:32:37
to get a job is to build relationship so
00:32:39
it shouldn't feel like you're doing a
00:32:41
job and it shouldn't feel like stressful
00:32:43
it should just feel oh this is I'm going
00:32:46
to a fun conference I'm going to get to
00:32:48
learn I'm going to get to meet people
00:32:50
instead of eating attending a college
00:32:52
event I'm going to do this hopefully
00:32:54
it's free I mean lot of conferences are
00:32:56
not free so so that's different story
00:33:00
yeah and the only uh I'd agree on this
00:33:03
one because I personally hadn't had like
00:33:08
a very good U what do you say I wanted
00:33:11
to enjoy that first 6 months or whatever
00:33:14
time enjoy like what do you what do you
00:33:16
do when you say Enjoy I I tell you what
00:33:19
what happens you uh in UNCC
00:33:23
right uh especially our room is like a
00:33:26
party house
00:33:28
okay right so we' actually uh invite
00:33:33
people over and then in that way we also
00:33:37
make good friends so we so that we don't
00:33:39
feel left out in the us when we first
00:33:42
land yeah we don't have anyone here in
00:33:45
the US right it's one for one so I was
00:33:49
just it took me personally took me a lot
00:33:52
of time to just accept that I'm in the
00:33:56
US cuz I'm the first person in my family
00:33:58
to land in the US and me took some time
00:34:01
to digest and accept like okay I'm here
00:34:05
let's see look around what is there
00:34:07
enjoy and then I
00:34:11
lle coming out of Co I think this was a
00:34:13
much needed break for me especially for
00:34:16
me yeah you wanted to celebrate and be
00:34:19
in the moment that you've made it I want
00:34:22
to live this moment and not be in the
00:34:25
rush of like I need to find a job kind
00:34:27
of thing correct because see it's simple
00:34:30
just take a moment cherish the little
00:34:33
wins that you are in the US enjoy the
00:34:36
little moments and then go
00:34:39
around job hunt coming back to the
00:34:41
fulltime is that the only strategy you
00:34:44
applied or did you also do the cold
00:34:46
application as well no that's the only
00:34:49
strategy have applied I have not return
00:34:52
any cold emails to any and is that the
00:34:55
only conferences strategy or like you
00:34:57
were also doing online events or online
00:35:01
uh networking through Linkedin Etc so I
00:35:04
was the networking on LinkedIn was going
00:35:07
parall UD it's not like that is the only
00:35:10
strategy I would say try to combine the
00:35:13
network in aspect through Linkedin and
00:35:17
as well as try to attend conferences
00:35:19
learn a lot of stuff I learn visually so
00:35:22
when I attend conferences you can learn
00:35:24
stuff you know meet people there and
00:35:27
learn from them so I would say combine
00:35:29
LinkedIn online applications as well at
00:35:32
the same time attend conferences get
00:35:35
that new exposure of like what happens
00:35:37
in a conference and learn a lot
00:35:41
so in security
00:35:43
conferences they teach you particularly
00:35:46
like there'll be Villages for example
00:35:50
these are called as Villages where you
00:35:51
can go to a particular Village and they
00:35:53
will teach you in person like how a
00:35:55
process is being done like in
00:35:58
was there any difference in the
00:36:00
interview process for full-time or was
00:36:02
it pretty much the same I think
00:36:05
full-time was uh a bit grilling to be
00:36:10
honest yeah uh generally people would
00:36:14
want to know that how you actually solve
00:36:18
a problem and then do you really have
00:36:21
the knowledge or are you just blabbering
00:36:24
around to be honest with you like
00:36:26
firstly as I mentioned the web
00:36:28
application stuff like companies hand
00:36:30
over an application to you you attack it
00:36:34
document it give that report to the
00:36:36
managers right the second round once
00:36:39
you've cleared that and uh the second
00:36:42
round would be
00:36:44
actually diving deep into every
00:36:47
vulnerability that you've attacked let's
00:36:49
say for example uh there is a
00:36:52
vulnerability called csrf right so it
00:36:55
stands for cross-side request forgery
00:36:57
the managers would want to know how how
00:37:00
much depth of knowledge you have in this
00:37:03
particular vulnerability so they would
00:37:06
dive dive deep into
00:37:09
it and once you keep
00:37:12
answering again and again and again it
00:37:16
goes a way a long way and they would
00:37:19
want to test how far you can break H
00:37:23
like that that's how you actually know
00:37:25
that you're knowledgeable right uh
00:37:28
look at how much depth you can go and
00:37:30
once they hit that melting point they're
00:37:32
like okay it's cool if you've cleared at
00:37:35
least like three to four levels of their
00:37:38
depthness and the questions I think you
00:37:40
are pretty good to go so that would be
00:37:42
the second round and the third would be
00:37:45
scenario based right let's say they
00:37:48
would they can ask you questions like u
00:37:51
in security ctfs are very common UD
00:37:54
these are capture the flag events oh
00:37:57
yeah yeah yeah yeah and I took uh sorry
00:38:00
the reason I remember I took a security
00:38:03
course in my masters because I did my
00:38:05
masters in computer science and we had
00:38:07
to participate in the competition which
00:38:10
was completely based on Capture the Flag
00:38:13
kind of thing and they would have
00:38:16
problems and I would have to solve like
00:38:18
once you solve it then you cap like you
00:38:20
basically capture the flag and they were
00:38:23
we were divided into multiple teams and
00:38:26
uh it was fun it was a fun course I I
00:38:28
would like recommend people to get that
00:38:30
course if they going to GCO state but
00:38:31
regardless sorry yes uh it just reminded
00:38:34
me about that that so CTF in the
00:38:37
interview process is it the same or is
00:38:39
it different so during this is a bit
00:38:42
different generally what security
00:38:44
Engineers do is play a CDF
00:38:48
but the interviews what I've given these
00:38:52
questions are like architecture design
00:38:53
and system designs they ask me in a
00:38:56
reverse way of how how do you actually
00:38:58
create a CTF for security
00:39:01
engineers and then this involves again
00:39:05
software development you would have to
00:39:06
know a bit of cloud where do you host
00:39:08
your services and how you actually
00:39:11
create that architecture itself so a
00:39:15
system design knowledge is also
00:39:16
important I would say that architectural
00:39:19
patterns and knowing studying these
00:39:22
would definitely help so these would
00:39:25
generally be the three rounds
00:39:28
of when you are interviewing for a
00:39:30
security engineer Ro nice and then you
00:39:33
get the offer which is million dollar
00:39:35
offer no sorry just
00:39:37
kidding
00:39:39
I uh but I've heard security people in
00:39:42
the fintech company which you are gets a
00:39:45
lot more money than the typical product
00:39:48
manager so what is the typical salary
00:39:50
range for cyber security
00:39:52
Engineers so yeah again this will vary
00:39:56
upon experience
00:39:57
uh so I would say let's say consider
00:40:01
start a person with like two and plus
00:40:03
years of experience or one plus year of
00:40:05
experience right the entry level
00:40:07
person for them I would say typically it
00:40:11
ranges between 90 to
00:40:16
140k and you're talking about base pay
00:40:19
yeah just the base yeah you're like just
00:40:22
just the base okay uh keep going yeah
00:40:26
and then upon this you would have a
00:40:29
different kind of you know perks that
00:40:32
would from the company like relocation
00:40:35
bonus annual bonus and things like that
00:40:38
okay great and then uh most of it would
00:40:41
again also be on the location as well
00:40:44
with state in the US are you from and
00:40:48
where you work from do you work remote
00:40:49
do you travel so even all of these come
00:40:52
into picture but I would say if you're
00:40:55
skilled enough right you would
00:40:57
definitely make good Chun of money but
00:40:59
if you the same let's say if you take
00:41:02
the same security engineer in Netflix
00:41:04
that
00:41:06
goes that's that's the same thing uh
00:41:09
sorry the last guy I interviewed for
00:41:11
from Apple he's told me the same thing
00:41:13
that Netflix pay crazy to their Network
00:41:17
Engineers uh and I didn't know until
00:41:20
then he explained me why and all of that
00:41:22
was very interesting yeah uh if you were
00:41:26
to give like a quick crash course on
00:41:30
aspiring cyber security engineer uh who
00:41:32
wants to do what you are doing they
00:41:34
don't have any work experience um just
00:41:37
like you and they don't know how to
00:41:40
build a profile what are the things they
00:41:43
should be doing during Masters during
00:41:45
The Bachelors whenever they watching
00:41:46
this what are some of the skills they
00:41:49
should be doing to build so that their
00:41:51
profile is can stand
00:41:55
out okay I would say say talking about
00:41:59
the skills keep your F fundamentals
00:42:00
right the basic software fundamentals
00:42:03
right Learn Python I recomend I'm a very
00:42:08
huge fan of python so I'm just watching
00:42:10
for it but learn at least one
00:42:12
programming language right once you're
00:42:15
good with
00:42:16
these understand how the windows
00:42:19
environment work understand what is
00:42:21
active directory what are domains right
00:42:25
all those concepts of it and how you can
00:42:27
attack active territories once you're
00:42:30
good with that start off uh with web
00:42:33
hacking like there are a lot of
00:42:35
different platforms called as Buck
00:42:37
hacker one and just make a profile in
00:42:41
these they are called as there there's
00:42:43
some programs called as vdps where you
00:42:45
can just go and Hunt vulnerabilities for
00:42:48
free this you get a very practical
00:42:51
approach and experience you get hands on
00:42:54
actual real-time hacking so try these
00:42:57
try these Buck R
00:42:59
programs and I would say I would also
00:43:02
recommend to
00:43:03
upskill you as you're progressing this
00:43:06
journey the various platforms like try
00:43:08
hack me hack the Box let's defend. right
00:43:12
all of these cover red taming and blue
00:43:14
taming
00:43:15
aspects they have a special roles for
00:43:19
security engineer or a red team attacker
00:43:22
and blue teaming side of it going to
00:43:25
these
00:43:26
websites take one of their courses read
00:43:30
and then learn upon it right so track me
00:43:35
hack the Box let's defend. once you're
00:43:38
good with these if you want to level up
00:43:41
start pursuing offensive security
00:43:44
certifications and TCM security
00:43:47
certifications these are very good to
00:43:51
get you into the industry I would highly
00:43:53
recommend TCM security over offensive
00:43:56
security
00:43:57
because
00:43:59
uh I think the value what it brings
00:44:02
especially in terms of
00:44:04
learning it's really good offensive
00:44:07
security tests you a lot of resilience I
00:44:11
think even that's good but I am more
00:44:13
aligned towards TCM Security in general
00:44:17
so yeah what about um the Cisco's the
00:44:22
certifications
00:44:24
NWS right so one thing we have to
00:44:27
understand UD is that there are certain
00:44:30
vendor neutral certifications and there
00:44:33
are certain generalized certifications
00:44:35
yeah so as we talk about the Cisco and
00:44:38
AWS
00:44:39
certifications these CTS will tell you
00:44:42
that you have certain
00:44:43
knowledge that products right yeah if
00:44:48
you take Cisco CCNA that's a base it
00:44:51
only covers the base of the Cisco
00:44:53
products in the majority M but but if
00:44:57
you want to look at General Security I
00:45:00
think certifications like TCM security
00:45:03
offensive security these do add up a lot
00:45:06
of value in your
00:45:09
profile nice great I love it um is there
00:45:15
anything else would you like to say to
00:45:18
aspiring cyber security Engineers one
00:45:20
last words of wisdom before we wrap I
00:45:23
think the important part is embrace your
00:45:28
hurdles and enjoy your journey while
00:45:31
you're learning lot of
00:45:33
skills it simple don't over complicated
00:45:37
keep it simple and it goes up so yeah
00:45:41
and keep watching my videos too you
00:45:42
should say that
00:45:45
too without saying you youve helped me
00:45:48
save 30k and that I helped you save 30k
00:45:52
how right so this this is a very funny
00:45:55
story again I don't know if you're
00:45:57
remember it or not so what happened was
00:45:59
while I was back in India I was filling
00:46:01
up my ds160 form which is required to
00:46:04
come to views right I saw a video
00:46:07
wherein you posted the entire DS1 160
00:46:11
filling it up right and Lally used to
00:46:14
pause that video and look oh did he get
00:46:18
this did I get this right and then I
00:46:19
filled out the
00:46:21
ds160 and then I did not opt for a
00:46:24
consultant if I had I had opted for
00:46:26
consultant that
00:46:29
would thanks to you for making this
00:46:31
videos and nice so when when I come to
00:46:34
your place you can treat me for a dinner
00:46:36
now oh yeah it's it's on me nice cool uh
00:46:41
sweet I love it thank you so much for
00:46:44
doing this I can't wait to now Deep dive
00:46:46
into your UNCC Journey because I know
00:46:49
that's what we're going to be filming
00:46:50
next but until our next one keep smiling
00:46:52
and keep hustling

Tag

cybersecurity
job hunting
networking
software engineering
career roles
red team
blue team
salary
skills
certifications