Launch your cybersecurity career by finding a mentor

Learn how mentors in the cybersecurity community can help launch your career on today’s episode featuring Mike Gentile, the Founder and CEO of CISOSHARE. Mike discusses the CyberForward program, which creates a mentorship and support system for new students of cybersecurity — often those with diverse cultural or economic backgrounds! CyberForward addresses not just skills training, but the quality of life issues that might prevent entrance to the security field. If you’re feeling blocked and unsure how to enter the industry, you’ll really want to hear this episode!

– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast

  • 0:00​ - Intro
  • 2:24 - Starting a career in cybersecurity
  • 5:39​ - Creating CISOHandbook.com
  • 7:35 - What is CISOSHARE?
  • 9:38​ - What is CyberForward?
  • 11:15​ - Thoughts on the cybersecurity skills gap
  • 17:40​ - Mentoring students through CyberForward
  • 25:13​ - The training value system is broken
  • 29:33 - Creating a network of support
  • 32:44 - Helping the “beaten down” breakthrough
  • 36:52 - What’s next for CyberForward?
  • 39:15 - Advice for getting started in cybersecurity
  • 43:28​ - Outro

[00:00:00] CS: Today on Cyber Work I speak to Mike Gentile of CISOSHARE about his CyberForward Program. It's a program that creates a mentorship and support system to new students of cybersecurity often with those of different cultural economic backgrounds. So if you're feeling blocked and unsure of how to enter the industry, you're really going to want to hear this episode. That's all today on Cyber Work. And also let's talk about our new hands-on training series titled Cyber Work Applied. Tune in as expert InfoSec instructors and industry practitioners teach you a new cybersecurity skill then show you how that skill applies to real-world scenarios. You'll learn how to carry out different cyber attacks, practice using common cybersecurity tools, follow along with walkthroughs of how major breaches occurred and more. Best of all, it is 100% free.

So go to infosecinstitute.com/learn or check out the link in the description and get started with hands-on training in a fun environment. It's a new way to learn crucial cybersecurity skills and keep the skills you have relevant. That's infosecinstitute.com/learn. And now let's begin the show.

[00:01:10] CS: Welcome to this week's episode of the Cyber Work with Infosec podcast. Each week we talk with a different industry thought leader about cybersecurity trends, the way those trends affect the work of infosec professionals and offer tips for breaking in or moving up the ladder in the cybersecurity industry. Mike Gentile is the founder, president and CEO of CISOSHARE headquartered in San Clemente, California and has led the company since its inception to become a global leader in security program services and solutions. Initially an experiment, the CISOSHARE culture centers around learning and teaching to make the confusing security discipline understandable.

In 2019, Mike founded CyberForward Academy by CISOSHARE using this learning and teaching culture to address both the cyber security resource shortage and the livable wage gap issues felt in many communities. This partner-enabled professional development program identifies and then rapidly develops effective job-ready cybersecurity professionals. So this is something we talk in the show a lot about is about the skills gap and about getting people started in an industry that is desperate for people, but often still has a lot of barriers to entry. So we're going to talk to Mike about CISOSHARE and its work in bringing new eager students and professionals into cybersecurity through the CyberForward Program. Mike, welcome to Cyber Work.

[00:02:23] MG: Thanks so much for having me, Chris.

[00:02:25] CS: So we always like to start off with the inevitable origin story. How did you first get interested in cybersecurity? You graduated with BS in finance and then you moved pretty quickly in the manager of security and IP routing job with CLORE Inc. So what was the initial attraction from there?

[00:02:41] MG: Yeah, sure. Well, when I was working on finance back in college, I took up an internship at a finance organization and the first thing was doing cold calling to try it. And I realized really quickly that finance wasn't really for me. And so from there, I was playing soccer at the time up in Northern California and was kind of stuck because I'm from down here in Southern California. And so I ended up working at an internet service provider back in the day and found that I kind of really liked technology. And so I kind of started to gear that way and I’ve never looked back since.

[00:03:20] CS: Okay. So what were some of the major career skill or project milestones you had that got you from there to where you are now? Are there certain points where you're like, “Oh, I learned a certain thing and then my skills or my abilities just took a quantum leap forward.”

[00:03:35] MG: Sure. I think the biggest thing really had to do situationally with the .com era believe it or not. So when I got into – I started working in ISP and then I went into technology and then I wound up at CORE, which you mentioned, which was an organization that had an application shop and an IT component. And basically what we did is we worked on really, really big projects that were funded by venture funds back in the .com era. And back then it used to be, “I have this idea. This is great.” “Here's $50 million dollars. Go build that company.” And it was build everything, the data centers, the ERP operations, everything, from beginning to end. And because of that, when you can get in from that point of view and really work on a team to build everything, it allows you to see completely across all the different components and how they work together. And from there, it makes it really easy to then cross over into cybersecurity, which touches everything of course. And I tell people um a lot of times that I was really lucky to have that because it's not like that anymore.

After the .com boom, even now there's still a lot of venture funds coming in and blowing stuff up. Very rarely do you just start from scratching really everything and they give it to a hit team to just kind of nail everything out. But I think that that experience was really paramount to transitioning into cyber.

[00:05:15] CS: Yeah. Yeah. Yeah. I got to imagine, you hear about like film directors that started out. And I was moving wardrobe or I was doing this thing or that thing. So you touch a lot of different things that way. So it's interesting that that was so beneficial. And one of the things that we lost after that whole thing went kablooey. So I noticed one thing from your profile that I wanted to move over to in addition to your many other jobs and positions. You are the co-founder of a site that I think is still going, cisohandbook.com, right? Which is a resource site for CISOs, CSOs and security professionals and a place for C-suite tech people who can share ideas and collaborate. So tell me about the creation of that project and how it's changed and developed over the past 17 years. Is it still like – I think of that as sort of like being of a certain era where people were like, “I got to go check in on this site or that site. Is it still like flourishing now? What's it like these days?”

[00:06:08] MG: Yeah. So essentially we built that way back in the day, as you said 17 years ago, and it was associated with one of the books that I wrote, CISO Handbook, which had to do with building out a program. And so back then – Man, 17 years ago. It goes by quick. But back then there wasn't a lot of blogs and things out on the site, out on the Internet. So we basically, the other co-authors and myself, we created cisohanbook.com as a way for people to reach out to us, because what ended up happening is – And we never really thought about this, is people did start reaching out to us. Schools started using the curriculum and then all of a sudden we’d get emails from people saying, ”Yeah, I'm working on my practicum to come up with a security program. And what are your thoughts on this and that?” And in the beginning I didn't know what was going on and then they'd be like, “Oh, yeah. This university is using it or that.” And we started to get more and more questions. We put that together.

Over time, that site has – We've always just kept it up because it's associated with the book right, but really we've transitioned more over to what we're doing now, what I'm doing now over at CISOSHARE with our team and it's kind of just a placeholder for the book at that point. However, since it's been around for so long, it still gets a lot of traffic because it was one of the first puppies out there. So yeah.

[00:07:31] CS: Yeah. It’s its own ecosystem. Okay. Well, let's jump into that. Then I want to talk to you first about – The big focus is the CyberForward Program, but I want to first hear a little bit about what CISOSHARE does and then how CyberForward fits into that agenda.

[00:07:48] MG: Sure. CISOSHARE, what we do is we help organizations to build and develop security programs. So we define a security program as the ability to define security, which is policies the team and that, the ability to measure against that benchmark on a repeatable basis. That's risk management programs and those types of things. The ability to then take the information from those measurement activities against that definition and give it to stakeholders so they can make informed decisions, and then finally to execute.

Those four capabilities every organization needs to have from a security program perspective. So we offer professional services to build those things out and we offer managed services to repeatedly perform many of those processes for our teams. And then we have an automation application that helps as well, all that is the kind of quick stuff. The niche to us and what makes us special is that we're based on learning and teaching in everything we do. So more than 70% of the people that work at CISOSHARE, this is their first cybersecurity job when they work here.

And the reason that we really try to find people that can learn quickly and the people that can teach quickly is because security is confusing and it's nebulous. So your definition is different than mine than everyone else is. So we found early on when I started this company, it’s my third cyber company, I really wanted to try that and see if we could build that in from day one when it was even just me and start as we added people see if that could work. And the experiments worked. So we were the second fastest growing company on E5000 in security two years ago and the seventh fastest last year and we're still on par to really grow again this year. So it's been a great ride.

[00:09:37] CS: Nice. Okay. So how does CyberForward fit within that?

[00:09:41] MG: Sure. So when we first started, it was like I go on a surf trip and see somebody and, “Hey, yeah. That person, it's interesting how they're organizing their surf bag. You know what? I think they might have [inaudible 00:09:55] security and bring them on.” Then we started working with veterans and we started just bringing people in. And we started this learning and teaching culture of bringing people, bringing folks into the business. So we were doing that and we were growing and we happened to sponsor a soccer tournament with United Way here in Orange County. And while we were listening to an event that was going to go over – Talking about soccer events. They said, “Hey, we started this other program um called Upskills and it's all about trying to get people to a livable wage that had at least a high school diploma and were over 18.”

And so I was listening to this and as they were talking about it as we were waiting to talk about the soccer stuff, and I looked at my team and I was like, “This is like what we're doing at CISOSHARE.” And they had been offering it initially. Cybersecurity wasn't in some of the roles that they were rolling this out with and it was a new program. And so we went we talked to the CEO over at United Way and she was awesome to give us a shot and see if we could put the program together, which now has grown substantially and it’s CyberForward.

[00:11:11] CS: Wow! Okay. That's amazing. So I want to talk about this in relation to one of the big things we talk about on our show here, which is the cybersecurity skills gap. You hear all the time that there're all these cybersecurity job positions open and not enough people to fill them. And what's the reason? It could be this and that and HR is doing too much gatekeeping or there's just not enough people interested or we're looking in the wrong place or whatever. So can you give me your take on this concept of the cybersecurity skills and resource gap? Like how big the number is between open positions and people available to fill them? Like what do you think is causing this?

[00:11:47] MG: I think one thing before you even get into it is exactly what you said in the beginning. Everyone always just wants to talk about this problem and their opinions on it and all the different things. And sometimes I think, especially when you're looking at things like professional development and education systems and trying to really also help people and then cybersecurity industry. People just – Sometimes I think you just need to pick a course and take some steps forward, because you can get lost in just talking about this stuff.

So I think that that's really one thing that's caused the problem to get worse. But I also just think building on the fact that security is confusing and its definition is in the eye of the beholder. So it's caused on the hiring side in organizations. The job descriptions are reflective of the definition of the people that need the help. And oftentimes what happens is it's actually the definitions of multiple people, which is why the job descriptions are cuckoo for Cocoa Puffs a lot of times in our industry, right?

[00:13:03] CS: Yeah. Right.

[00:13:04] MG: Then if you look at the um at the talent, we call them talent participants in our program. But when you look at the talent out there, they are in a position where they think that cybersecurity, most of the time their definition is it's a person in a hoodie hacking all day long, right? It's anonymous. So they don't think that they can do it. And in our opinion, the majority of cybersecurity, it's a people discipline. Even though there is technical, a lot of technology integrated into it. So those two things all centered around the concept of the nebulous nature of security I think is the biggest thing that proliferates this shortage or whatever in terms of supply meeting demand.

[00:13:56] CS: Yeah. One of the things that we talk about on here a lot is just how many jobs there are in the sort of umbrella term cybersecurity for people who don't have any tech background, things like threat modeling, or risk assessment, or digital forensics. So many of our guests will say, “We'll teach you the tech you need to know. We just need to have people who are inquisitive and want to work and want to do this sort of thing.” In CyberForward, like is there a sort of a spectrum of the types of training and cyber positions that you work with? Are you sort of working mostly in the tech specific stuff?

[00:14:31] MG: That's a great question. I mean, I think that's even another portion that also contributes to the issue is the definition of training providers in terms of what they think security is as well, which most of the programs that are out there are almost all technical, right? They're hacker camps and different types of things. Also, at least as from an educational perspective, they start with stem or CTE pathways almost always.

And what we think and what we've done is we've created this model. We call them job role architectures. But really what we found is that out of all the cybersecurity job roles and the common security program, and depending on where you look there're 50 to 70 of them when you really break them down. They all break into two archetypes in our model. One archetype is the security engineer archetype. That is the technical-based position. You like working with technology and different types of attacks associated with technology. And that rolls into hackers, forensics, security architects, security engineers, downline, any of those technical positions, working on a specific technology, whatever.

Then you have the security analyst position and we look at that as the analytical archetype. And that's all about strong writing skills, strong analytical skills, strong presentation, verbal communication skills and the like. So that one is where – We focus on both in CyberForward. But that one is where we're really spending a ton of energy, because what we found is the technical ones, they do take a little bit longer to get people working in order to learn some of the technical discipline elements. So in our methodology, it could take three months to six months to really be able to perform a junior role task to get you on the pathway. Whereas the analyst stuff, we think you can get there much quicker. You can start doing junior level tasks at three months, which actually makes it appealing.

In addition to that, those engineering roles – Security engineer is the most popular security job description I believe out there was recently. You probably even know more than me, but I think that was the most popular. And the second one was security analyst. That second one was a little skewed because one of the other things that's crazy in our discipline and cause a lot of confusion is most of the time when people say security analyst in like 80% of the job descriptions out there, they're actually the security engineer archetype. They just call them security analyst. And so those are some of the things that we focus on and how we break it down from a technology versus analytical perspective.

[00:17:40] CS: Got it. Now, just walk me through this like I'm a six-year-old. What is the sort of pipeline of CyberForward? Like are you seeking out the people? Are they contacting you saying I want to do this? Something about you were working with like local schools and things like that and it’s like a mentor program or is it education? Like I can't quite get it in my head here. So sort of give it to me – Give me the six-year-old's child version.

[00:18:10] MG: You've got it. So in CyberForward, it's a five phase program in our over 18 program. We recently have added high school programming as well as college programming as well. But in our core CyberForward program, there's five phases. Phase one is all about identifying talent to move into the program. We work with our network of partners out there, community partners, and they can be non-profits, they can be schools, they can be military organizations, they can be whatever. We work with them to help within their pools of people to identify talent and come into the program.

We spend as much time during that phase working with our community partners to also tell them, “Hey, security is not just someone hacking all day,” and what it is and then helping them to identify. From that they come into a four-week class. And at that time we also work with them on identifying any roadblocks they may have. And that's another difference in our program. Roadblocks are things like housing insecure, access to technology, access to the Internet, transportation, access to health care. At this point we've seen everything, access to legal services so you can get a visa, whatever's out there.

We also wrap around these folks with a support system of mentors as well as the community partners that we work with that support them all the way through all the other phases I'm going to talk about. In the class, the initial class is focused on – it's one day a week for four weeks, and we're helping them to kind of connect the dots on just what is this security name and where do I fit in it, as well as we teach them how to do three specific job security roles at a junior level. And so we get going. They are forced ranked against each other, and those that make it all the way through the program then move into phase three. Phase three is an internship at CISOSHARE where we are further working with them on how do you perform those junior level roles, and even it's still mock work, but it's much more real.

From there, we then work with hiring partners that are willing to give these folks three to six months projects working on those junior level roles that we engage them, which is a third party analyst, a policy analyst and a vulnerability engineer. And so at that point that's what we really view as the gold, which is real-world work experience that they can get on their resumes. They can then be re-engaged by that same hiring organization for another contract in phase five. They can be hired by the organization as well and they can stay in the CyberForward Program up to a year. So yeah, so that's how the whole program works. We've had I think about 195 people come through the program. Our metrics are pretty crazy. I mean, we usually get people through and get them – Actually getting that real-world work experience. About 50% of them actually get to where they get all the way through the program, get that real-world work experience and then move on. And we have really high diversity and inclusion metrics and all that.

I think because many of the pools that we're working with are often folks that are not getting opportunities to move in. And we kind of help partner with them early on as well as with our community partners to get them through the program. So does that make sense on how CyberForward works?

[00:22:10] CS: No. That's great. And yeah, I was just going to ask, from there, so what is your scope in terms of like your location? Is it mostly sort of in your state, in your city, in your neighborhood? And is this something that you have either plans to scale nationally or some idea about how you would scale a program like this nationally?

[00:22:32] MG: Sure so when we started, we started here in Orange County, California. And we really tried to – We had originally really tried to build this ecosystem out in terms of connecting the community partners here in Orange County, with the hiring organizations here in Orange County, with the education areas in Orange County and build that system of working it all the way through always with the intention to scale it out.

Right before the pandemic hit, previously we had always done our training live. Right before the pandemic hit, we were actually looking to start performing and doing the sessions in Boston and in other areas and spill it out. Many of our community partners are global and they're chapter-based. So you just hop around. Then the pandemic hit and we immediately switched over to virtual, which we didn't know how it would work, because based on learning and teaching, were big with nonverbal cues and things that you get only in an in-person session, right? But we switched it over and it worked. We've done three sessions from that point.

And for me, the most surreal moment was right when the pandemic hit in March. We did – We call them cycles. Many people call them cohorts. I’m not from the education world, but I'm starting to learn all these –

[00:24:03] CS: Get the lingo. Yeah. Right.

[00:24:04] MG: Yeah. Yeah. Yeah. So we were doing a cycle first in the pandemic, and we had people from Orange County in the program still just in virtual and then we had some people around. And we had people on lockdown in Manhattan. And it was like – and we didn't know what was going to happen or whatever. And I just remember going into that class and, yeah, it was a pretty good moment. So that was a while ago. But at this point I do think we will start going back to a combination of in-person as well as virtual, but we've run all five phases at this point completely virtually.

[00:24:43] CS: Okay. Hasn't affected things too badly?

[00:24:46] MG: No. It's actually allowed us to I think do even more. I mean, if you look at it on our business side here at CISOSHARE, I mean, we're doing global projects completely virtually and projects that we would have a ton of travel in previously. And I really don't see that coming back with the mode that we've moved to. I mean, might as well train people in that model early.

[00:25:13] CS: Yeah. So I’m excited to talk, I'm excited to hear that, like you said, you have high metrics and that you're working really hard with diversity inclusion and sort of drawing from maybe harder hit communities and things like that. Can you talk about the livable wage gap issues that you're addressing and the way that your outreach is sort of angling towards getting people sort of up to speed that way?

[00:25:38] MG: Sure. I mean, also too, we don't even close to have all the answers in this game.

[00:25:45] CS: Of course. No. Yeah. But you're asking the right questions though it sounds like, yeah.

[00:25:49] MG: Yeah. I mean, and I think it kind of talks to what we try to do and what is the spirit of CISOSHARE and CyberForward from the first class we did or the one we did just during the pandemic and everything, is our hearts are in the right spot and we just try to do it. And that's been successful.

As it works, as it – In my opinion, the whole value system around professional development is completely broken. Just take out even the diversity and inclusion and all that, but right now students have to pay for a ton of stuff and they get some value out of their training. However, the businesses that hire them or the security technology companies, there's some great ones out there that people get trained up on those technologies and then move those up. All of those people around the actual student get a lot more value than the student in this equation. However, there's never any – The students are always having to put all of the bill in this stuff. And I think that that is – And I am not political in any way, but we've seen it time and time again, and that roadblock of being able to come up with the funds and the time or being able to move things out of the way so that I can take the training, that is always put squarely on the student. And when I have to do that in isolation by myself, it's hard. If I put a support system around somebody like we try to do at CyberForward, even the hardest problems become more manageable.

And so I think that moving to training systems that really consider that more are going to enable the opportunities for people. And I think, like I mentioned, we didn't set out to solve inclusion and diversity issues. We didn't try not to either, but we were just trying to give people, find the people with the best advocacies and get them into security. It was actually I think like four or five cycles in where we like actually ran the demographics on in the metrics and things on our stuff and it was like almost 50% women, which is really high in –

[00:28:16] CS: You don’t need to tell me. Yeah.

[00:28:18] MG: Yeah. Yeah. And across the board, across everything, all races, all backgrounds, um all ages was another thing. We have a pretty even spectrum across ages. So I think that that's really the key, is to look at reinventing how we do talent development. And that is the key. We do a ton of things that are different. And I think that until it's not taboo to kind of surround someone and help them work through some roadblocks they may have while they're doing training, like while that has to be done in silence or any of the other things, connecting the business into the learning process earlier like we do. There's always just a wall in between the professional development. And those are some of the things where we don't have all the answers. However, we think that we are at least – Like you said, we're asking some of the right questions and we're at least trying and then learning and then iterating. Yeah. And I think the more that we do that, the more that we are going to be able to solve this problem.

[00:29:34] CS: Yeah. Can you talk a little bit about the support networks that you have in place for these students especially as regards some of the more abstract things? Like you said sort of like community support systems and legal assistance or sorts of things. I mean, obviously there're the educators. But like give me a sense of like the sort of like the whole program in that regard.

[00:29:54] MG: Sure. Yeah. So the biggest thing that we do is we connect our – We create a network, like you said, and we connect our community partners with the folks that are doing the education with the mentors and professionals in the community, with the hiring partners. So in our class we have some core principles, and one principle is that like it's your job to identify any roadblocks you may have and to manage them. However, we're here to help support you to do that.

The biggest way that we do it is the community partner also is still in your court through the program. So a lot of times you'll have someone, for example, that maybe they experience domestic violence. Maybe they experience – I mean, they might have experienced a lot of different things. Maybe they're housing insecure. Whatever the case – Or maybe both. That happens often. And the community partner that will identify that talent participant for us, they don't go away during the process. There's still that support within our framework of how we work together. So that's the biggest way that we do it.

In addition, we keep that phased model. So it tells the talent participant where they are in the process, but it also tells our partner network and mentors where to engage at a point. So mentors, they generally come in. They donate their time and they come into the program. And one of our other values and principles is we'll teach you anything you want to know, but we ask that you give back. So when people come through the program then they donate their time back, and we have a very high percentage of people do that that also are supporting and being mentors. So they engage and support.

As they move through the program and they start getting ready for hiring, we have some amazing cybersecurity job recruiters that come in and help and do mock interviews and prepare them. We've been working now with bringing in financial folks who are helping and going over best practice. Like we try to bring in people depending where they are in the stage, and then we also are always working with all these amazing community partners out there that do so much great work. So that's how it works. And that doesn't stop when they work in phase four and phase five.

So when they're working at a hiring organization, they are actually still part of the cyber, they still have access to all that support system when they're working, which is also a little different. A lot of times you finish school and then you're done, you're on your own, and now you're in that working world.

[00:32:45] CS: Do you have any particularly uh interesting or inspiring stories of people who've gone through your program and where they are now?

[00:32:53] MG: We have had – I think the biggest thing that I see with folks is that a lot of times when people come into the program they may have a roadblock and they're maybe in a tough spot, right? Some tough things have happened. And in some ways, I don't know any other way to say it, but they're a little beaten down. Like life has been not fair to them. And when you actually – As they're moving through the class, and I only know this because I teach class. We have multiple teachers now, but it's been pretty life-changing for me. But I actually go in there and teach. You can see the moment in their eyes literally especially when the support system wraps around them where they're like, “Wow! You know what? Maybe life is thrown. This can work.” And you can also see that they're starting to like believe in themselves to move forward.

So, for me, and then I'll get into some stories, like I swear, I can see the like exact moment when it happened during some point in the class. That has been unbelievable. Some of the stories that I really like though. I love people – We do a lot of verbal presentation, presenting. We do a lot of role play and things like that and a lot of written exercises. I love when someone – In the beginning, we ask people what are the roadblocks they go over. And sometimes they'll be like, “You know what? I'm really uncomfortable talking in front of people and communicating and speaking and the like.” And all of a sudden then we'll do an exercise five minutes later, “Okay,” and it's always volunteer in the beginning, “who's willing to stand up and do this exercise and talk?” And nine times out of ten it's that person that like it's just killing them, but they are like ready to take advantage of this opportunity and push it. So there's countless times where that's happened.

Another real thing is just moving through the program. So we've had a ton of people that have moved through the program and gotten all the way through and they're now working, and not only working in cybersecurity from having no cybersecurity experience at all, but they are actually even moving up in the job and are moving into supervisory positions or leadership positions. We also have people that came through the original cyber – Like before there was CyberForward, at CISOSHARE we were doing this. Like some of our original cohorts. And thank you to them because we were learning about this learning and teaching model that are now security officers. We have multiple ones. And that's just – For me, it's just unbelievable. And I could literally sit here all day long and talk as well as some of the things I've learned with the hardships. I mean, sometimes people are in shared housing and there's things you learn that me and you maybe take for granted if we weren't in those situations, like you can't often talk on your cellphone in a shared center. And that's hard in cybersecurity especially during our program where we're doing mock stuff. So just working through some of those things that you don't always think about is crazy.

We've had people that their schedules were in a way that they've driven out. This is when you could do that portion of the program and drive and do on-site. We’ve had people that really have driven out because of their schedules and having to drop someone off or something that would come to the office at like five in the morning and literally wait to get in. And those types of things, when you see some adversity that people are in but they're just giving their all and really trying to move forward and then give back once they've come through the program, it's pretty unbelievable.

[00:36:53] CS: I love that. So moving into the future, what are your next year or your five-year plan for CyberForward and its goals? Are there any ways you're planning to grow the project and its impact?

[00:37:04] MG: Yeah. We want to continue on really pushing the program out global. We are pushing more and more at getting the ecosystem in Orange County though, highly developed, right? Just because we're down the path a little bit here in Orange County. And so we're really just trying to get it even farther and more advanced with funding solutions and different ways to actually make the programming work.

We've started with a college here. We just signed a university here in California. We have just signed some programming that takes our initial CyberForward programming that gets you to a junior level capability. It gets you from a junior level capability to a mid-level capability in analysts and engineer tracks. And so we're really excited about that. And then also we’re working with the departments of education down here and some of the different educational groups and schools to create a high school pathway as well as even before that pathway. And so we are just going to be piloting CyberForward for high school seniors and we're pushing that out in this summer and organizing for that. And there's a ton of students here in Orange County, and the time is even more now for this type of programming. So that is a lot of what we're working on with the spirit of there're a lot of people that are doing a lot of things especially in the education system in many schools, advanced education and high school. What we're just trying to do is use some of the things we've learned as a cybersecurity company to just speed that up and get people to working quicker. And so that's also our focus. If we even help that a little bit and we get this program out throughout the United States or even more and we cover that, I'll be happy with what we've done, but there's a lot of work still to do.

[00:39:15] CS: Okay. So as we wrap up today, I want to – So obviously you're you primarily based in Orange County and people who are needing help there. But talk to some of our listeners who might feel uh a little overwhelmed or beaten down or who want to get into cybersecurity but are feeling kind of overwhelmed. Like what should they do if they don't have a CyberForward in their area? Like what are some of the first things you recommend to try and sort of clear roadblocks out of the way?

[00:39:45] MG: Sure. So one thing and the biggest thing is don't psych yourself out. There're been some surveys out there and people don't think they're qualified to go to the interview. They see these job descriptions that are ridiculous and they don't do it. So step number one is you can do it and you just got to get that mindset. Now you're not going to step into a $500,000 a year security leader position, but if you put in the time, you can move into a position. So I think that's the first thing.

The second thing is that in the beginning of your learning, really talking back to what brought me into cybersecurity, it's all about being able to connect the dots. Like you can go online right now and type cybersecurity and you're going to see hacking boot camps and you're going to see all forensic stuff and you're going to see – And like you're going to see different training from vendors and it'll even be free. You're going to see LinkedIn now is offering everything. If you don't kind of understand like what is the security program and how those different things work together, just like when I was lucky at CORE and I got to build things from the beginning, that helped me to learn to connect the dots. That is where you start. And our program at CISOSHARE and CyberForward in the beginnings, in our foundation class, we spent a lot of time just helping people connect the dots so that then they can move on. So that is something important.

We are going to be updating our site and really taking our academy and having it off with a bunch of resources of where to start. There are some good stuff starting to push out on the internet of like what is security and kind of walking people in regular English, simple nomenclature, how to actually – Where to go. But that focus is to really understand how to connect the dots. There're very few training programs even ones that start by saying we start out with foundation stuff. Most foundation stuff is just domain knowledge. Domain knowledge is just telling you like the different categories of security. It doesn't tell you how to connect the dots or how that correlates to job rules. And if you don't have that, you're lost.

So we're going to be putting out some stuff that helps folks there. Also our program, though we have a pretty big presence here in Orange County, we're virtual, and that's not going away. We're going to be offering program that anyone can come to. You can also send a request to cf@cisoshare.com email and we'll pick that up and work with you on getting you into the class. But focus on those real things.

Also, um are here. I've been saying this for a while, but reach out to me. I do respond on those things. And I’m getting like a couple of those a day and I will work on it or I'll push it over to our team who will answer any questions you have, and I think that's a great starting place.

[00:42:56] CS: Yeah. Okay. So say that again. Give me the sort of the context for CyberForward and CISOSHARE. Where should they go online?

[00:43:03] MG: So right now, and this may change a little bit. But if you go to CISOSHARE, cisoshare.com/cyberforward, that is the site. We may be changing that to its own site, but if you go to CISOSHARE you're going to be able to find links to get there. If you have questions about the program you can go to cf@cisoshare.com and we'll respond to that or find me on LinkedIn and I'll point you in the right direction. Yeah.

[00:43:25] CS: Perfect. Mike Gentile, thank you for your time and insights today.

[00:43:28] MG: Thank you as well, Chris, for the opportunity.

[00:43:30] CS: Really appreciate it. And thank you as ever for listening and watching. New episodes of the Cyber Work podcast are available every Monday at 1pm central both on video at our YouTube page and on audio wherever find podcasts are downloaded. And don't forget to check out our hands-on training series titled Cyber Work Applied. Tune in as expert infosec instructors teach you a new cybersecurity skill and show you how that skill applies to real-world scenarios. It's all free. Go to infosecinfosecinstitute.com/learn to stay up to date with all things Cyber Work. Thank you once again to Mike Gentile and thank you all again for watching and listening. We will speak to you next week.

How does your salary stack up?

Ever wonder how much a career in cybersecurity pays? We crunched the numbers for the most popular roles and certifications. Download the 2024 Cybersecurity Salary Guide to learn more.

placeholder

Weekly career advice

Learn how to break into cybersecurity, build new skills and move up the career ladder. Each week on the Cyber Work Podcast, host Chris Sienko sits down with thought leaders from Booz Allen Hamilton, CompTIA, Google, IBM, Veracode and others to discuss the latest cybersecurity workforce trends.

placeholder

Q&As with industry pros

Have a question about your cybersecurity career? Join our special Cyber Work Live episodes for a Q&A with industry leaders. Get your career questions answered, connect with other industry professionals and take your career to the next level.

placeholder

Level up your skills

Hack your way to success with career tips from cybersecurity experts. Get concise, actionable advice in each episode — from acing your first certification exam to building a world-class enterprise cybersecurity culture.