Red Team Summit CFP now open! Register Here
Shopping Cart

No products in the cart.

Get an Epic Cyber Education for Free! (Almost!)

This webcast was originally published on June 26, 2024.

In this video, Carrie and Zach discuss the Cyber Ninja training plan. They delve into Carrie’s personal journey, effective learning resources, and practical tips for entering the cybersecurity field. The video also covers strategies for obtaining certifications, integrating hands-on skills, and advancing one’s career through continuous learning and mentorship.

  • The importance of hands-on experience and continuous learning in the field of cybersecurity.
  • The value of certifications and practical training platforms like TryHackMe for building a career in cybersecurity.
  • The benefits of structured, self-paced learning and mentorship in achieving cybersecurity expertise.

Highlights

Full Video

Full Video

Zach Hill

I think we are ready to go. Kerry, thank you so much for joining us today. Appreciate it. we’re going to be talking about, the cyber ninja training plan, which is. It’s a topic that I’m, we’ve talked, I think, kind of about this before a little bit, but this is an area that I am very, very passionate about.

And from having conversations with you, I know you’re extremely passionate about it as well, because you have, a few teenage daughters who are going through a journey right now to learn more about it and cybersecurity, and you’ve kind of developed a roadmap to assist them along the way.

And I think after going over the blog that you’ve done, even the slides that you have provided and talking with you previously, I know all the information that you put together is really on point to help students from a very practical perspective and really get them kind of that hands on knowledge to help them get started in their journey.

So, we, with that, I’m gonna let you kind of do an introduction here, tell people about who you are, and then we’ll go ahead and get started and talk about this topic. Cause I know you’re very excited about it as well.

Carrie Roberts

Yeah. Well, I’m dying to jump into the actual. Here’s what you can learn. But first, I should, say a little bit about myself and why I get so excited about helping people get into this.

So, I started out, really, I started out as a mechanical engineer working for Hewlett Packard. But then there were some job security things going on at the time where it made sense for me to diversify my skillset.

And I became a, PC, mobile and web app developer. And actually, after several years as a web app developer, failed my first pen test, which I didn’t even know what that was or what any of the findings were that they found, which were a lot.

And I had to learn that. And it didn’t feel good at first to have failed for reasons, that I didn’t understand, but it was what inspired me on this whole journey.

So, looking back, it was the best thing that happened to me after the. After I learned more about penetration testing, that I could get, paid to break people’s apps instead of make one work like I was at the time.

I figured it’d be more fun to break everything than to make them work. So I set my sights on being a pen tester, and I was able to do that for the first time. My first job as pen tester with Black Hills and it was amazing.

Since then, I moved on to red teaming at, walmart and blue teaming. I spent a couple years on the red team, five years on the blue team, and just in the last couple of months, went back to focus on AI with the red team.

I got a little caveat there, that these views and opinions are my own and not representative of walmart. let’s see. I changed around my bullet points because.

And kind of in priority order here that I’m a cyber career lover. So this career has been a vastly rewarding and enjoyable career, for me, after experiencing a couple other careers, which I actually love those careers as well.

But this has, one thing I really love about cyber is the vastness of it. I’ll never learn or even come close to learning everything about it, so I’m never going to get bored.

I get bored when I’m not learning, so I love it for that. But I also love it because it’s, in high demand and it pays well and has flexible work arrangements that work well for families, and work life balance.

So I love that. I also mentor a lot, so a lot of people reach out to me about how they could get started into cyber, and even more specifically with my own family mentoring my family, who, I have five daughters, a son, and a husband all interested in cyber, who got interested in cyber and tech after I got into it.

And so I’ve been mentoring them, which we’ll talk more about that. I’m also an anti siphon instruction instructor. and, we talked a little bit about that in the pre show, but I teach a couple two day classes with anti siphon training, one of black hills, companies.

And I do this blogging and conference speaking stuff, even though it’s scary, but it’s. It’s good for me. It’s kind of like diet and exercise, and, I’ve got a lot of certs.

but honestly, I wish that I could have. If I could go back, what I would do different is I would start out with the learning that I talk about in this webcast before I go out and try to learn those deeper topics.

And, the certs, that would have been a lot easier for me if I went that route. So we’ll talk about that. I do have. Well, there’s some links in the slides.

I’m sure the slide link will be put somewhere where you guys can get it and also on the YouTube posting. But if you want to learn more about me, I have a fun treadmill desk that I talk about.

I have a really major issue with needing a lot of screen space. So I have hacks to get lots of screen space for cheap. So there’s more information there.

And, here’s my family. We live in Idaho. We like to go on, four wheeler rides in the mountains of Idaho. And the structure behind me is a big marble maze, which is really cool.

And it was fun to build. but you can check that out one restructure.com. so that’s my intro that’s holding me back from talking about the really exciting stuff.

We can’t hear you, Jack.

Zach Hill

That’s my fault. Sorry about that. So, yeah, I was saying let’s get, started talking about the really exciting stuff. And I like how you kind of did the intro here. You were talking about the certs and everything like that and how you wish you would have taken a different path, essentially, of learning.

So, let’s like, I want you to dive into that. Let’s talk about what somebody should, from your perspective, what you’ve learned and what you’re, teaching your daughters currently, what’s the best way to get started nowadays?

Carrie Roberts

Yeah. So just a little clarification on that. So I took a lot of Sam’s training, which was my original training, which is really amazing, but it’s just so much information.

you take 8 hours a day, six days in a row of amazing in depth information, and it’s really overload for your brain.

So, you pick, you pick out, you remember as much as you can from all of that. But you just don’t have the time in that short period to really play with it and get it all to sink in and meld together.

So I had to, I had to see things through multiple classes like that before they would start to stick. So this route is of learning that we talk about today is a lot, more smaller chunks spread over as much time as you need with lots of hands on exercises.

So I recently released this blog on Black hail website. This is from high school, the cyber ninja. And of course, what I’m implying by from high school is not that you need to be, just out of high school, but really that you don’t have any particular prior knowledge of tech.

You’re basically just potentially your typical high school graduate who’s looking to learn more, and try and become an expert in cybersecurity.

So I really had, I’ve had a lot of people that I mentor asked me about how to get into cyber. And actually, m my husband, after I was a pen tester, he got interested in being pen tester because I was showing him how much fun I was having.

And he was a high school math teacher at the time, and so he was probably my first subject that I really mentored through into becoming a pen tester.

And he sent to become pen, tester through the plan that I had come up for him at the time. But I’ve since adjusted that. So now I have, multiple daughters interested in learning cyber into our college age.

So it really hits home with this from high school to cyber topic. And so when they started considering, how to become sort of the cyber ninja, that’s just kind of a fun word.

Like I said, you’re never really an expert in all things cybersecurity because there’s too many things. But to feel pretty confident in some specialized area, I wanted to give them a path to do that.

And so I started going through all the free stuff. There’s so much free stuff on the Internet that it’s debilitating. It’s just because it’s like, oh, my gosh, I could spend a lifetime reviewing all this free content.

But what’s really the best or a good path through this? I don’t want to say the best because, I haven’t reviewed everything. but I did find a great path through all the free stuff, and that’s what I want to share.

And just because something isn’t on this list doesn’t mean that it’s not as good or great. But this is a path through that will give you great technical skills, and it is biased towards a technical individual contributor.

There’s a wide range of roles in cybersecurity, from management to individual contributor and everything in between. And just because my experience and interest has been, as a technical individual contributor, I don’t have things in here about learning management or, risk analysis or things.

So there is a bias here to, the technical engineering type stuff. But I I started reviewing free stuff and all the topics I wanted my girls to learn about and also to be able to pass things like comptia certifications, which have a nice, broad coverage of topics and also are nice resume builders if you can afford to take the certifications.

Zach Hill

Kerry, you mentioned that there’s basically an endless amount of resources nowadays for content and to learn to, Do you think thats a good problem to have nowadays compared to when you were coming up in this field?

Because I can remember back in my day, and I wish that we had some of these resources available to us that we have nowadays to help us learn.

It’s so different back in the early two thousands of trying to figure this out because most things were still in a book.

Carrie Roberts

Yeah, books were the main thing early on. And I probably at that time, I, I started well, I failed that pen test the moment I learned about what a pen test was and what SQL injection was in cross site scripting, that was in 2010.

So, the Internet had been around a while at that point and, and people were using it, but there wasn’t nearly as much of this amazing stuff, that’s freely available, which we’ll talk about here.

But honestly, at that point, I wouldn’t really have known what to look for either. So there was the kind of a combination of problems.

So I was able to go the sand route and my company sponsored that, making that possible for me when it, maybe wouldn’t have been otherwise.

But that allowed me to learn somebody, somebody who already knew what you needed to know, had already organized these, classes in a way this foundational, like, learn this and then learn this and then learn this and then put this all together to do this thing.

So I was able to rely on that expertise. So that’s really what I want to provide here is like, yeah, you may want to get into cyber, but you don’t even really know what to search the Internet for because, how are you supposed to know?

You should know, how to use git and some programming and some important topics about Powershell.

It’s kind of like you don’t know what you don’t know and you don’t even know what to ask. So you need somebody who’s been down that path and knows what’s really helpful, to learn to lay that out for you, which is what I was able to do through the sans training, although it was really intense and so much information at once where this is self paced and also free.

Zach Hill

So, with this excel sheet that you provided here, in your slides, you have quite a few different resources here.

Where would you say this kind of would line somebody up in their career? What is this going to prepare them for? by going over, the 207 hours of content you, you have laid out here.

You walk us through that.

Carrie Roberts

Yeah, this is just the beginning. You’re not getting away with only 207 hours. But no, this is, this is all the completely free stuff. But, this, this is going to prepare you for a technical contributor role.

So that that could be a pen tester, a red Teamer, a SoC analyst, just a network defender, incident response. All these things will help with the data loss prevention, engineering, network engineer, even a programmer.

All these fields are really interrelated and very technical and knowing some about all of them really enhances whatever you do, whether it’s even a developer, developer with focus on security, somebody in security who can do some development.

All of these things are great. So that’s the type of job preparing you for. So in this blog post, what I have here is just a snapshot of a link I give to a spreadsheet.

So when I first started this out, I had this kind of vision that I would dig through a bunch of the free online content, find good stuff, make sure it covered a bunch of important topics for getting into the cyber related field, and that it did it in an order that made sense.

So you learned about something you needed to know, prerequisite for another. So you did that first. And I also wanted it all to be free. So originally I wanted everything to be free, which everything on this list is free.

but then I do venture into some not totally free stuff because it’s so good. But let’s see. So that’s what I have laid out here.

And I went and I watched all of this stuff myself because I said I had to personally know this stuff is good. And I favored things that were like a series you could find on YouTube.

So instead of a random person’s video on GitHub and then a random person’s video about how to use python, I tried to find something that was like in a playlist, so that the learning was a little more contiguous.

So it wasn’t just a bunch of 1 hour different presenters kind of covering half of the same things as the other guy did as a prereq or something.

So what I have here is it starts out at the beginning. We’ve got some code.org stuff and we’re covering some really basic stuff like how computers work and what is the Internet?

And what’s really fun about this is my daughter watched these after she got done with what is the Internet, she came into my office and says, mom, my mind was just blown.

I mean, I kind of understood what the Internet was, but I just kind of, without really thinking about it, assumed that every computer was connected like directly to every other computer.

Like there was a wire going from my computer to Zach’s computer and from Zach’s computer to mom’s computer and stuff without really thinking about how that’s not really feasible. But, I just learned how everything’s just a big mesh, interconnected things and you bounce between these interconnected things, so.

And also the fact that there’s literally a cable running under the ocean between the continents was just mind blowing to her.

So anyways, that was fun to see that. And, and my other daughter, she also said, oh, my gosh, I had no idea that IP stands for something.

It’s Internet protocol. I, I’ve been seeing IP all this time and I never knew it stood for something. So that’s been really fun. And, and the funniest thing is that, my m daughter learned the who am I?

Command. It’s typed out altogether as one word, whoami. And she was having trouble getting to work, so she comes in my office, says, mom, I’m running this whammy command and it’s not working.

So we’re going to be laughing about that. I’ll call it whammy here. I’ll probably be in a, in a conference talk sometime and I’ll say, run the whammy command because that’s just what, call it here.

Zach Hill

Makes me a game show back in the day. No whammy. No whammy. Stop.

Carrie Roberts

Yeah. Yeah. So it starts out, at this high level, just like, here’s the world of computers in the Internet. And that lets you, like, let’s say you haven’t decided that cyber is a career for you.

That lets you kind of just see if you get excited about this stuff. I mean, if you watch this stuff, does it intrigue you? Do you feel like your mind was blown? Is it fascinating? If not, maybe you don’t want to go through this because this gets really technical and really deep.

And if that doesn’t excite you, it might not be the right path. So those are good beginner stuff.

Zach Hill

So I just want to stress that even more. I think that’s really important, for people to kind of remember as they’re figuring out their path through it to really find something that you enjoy.

Because as you’re going through this journey here, to work in it, no matter what kind of subset of it, you find interest in having, some type of maybe mild passion for it, or just like that enthusiasm or interest will really help you along your journey because you’re always going to be learning.

So if you don’t enjoy learning, going back to kind of like Kerry said, might not be a great career path for you, because throughout your journey in it, you’re always learning something new because technology evolves constantly.

So I just. Sorry. I wanted to kind of highlight that with you.

Carrie Roberts

Yeah. Thank you. No, that’s really good. Okay, so, then I found this series of videos by Professor Messer, and he’s popular, and he does free training courses on several of the comptia certifications, which is the a, which is a broad it type.

what’s. What’s the difference between a laptop and a desktop? And what components are in it? And where’s the CPU? And how does the CPU talk to something? And what does a solid state drive and a hard disk drive look like?

And, just tons of it related topics in the a. So he does, approximately 10 hours on each of these topics.

So you see him listed there four times before. The A has two sections, core one and core two. And he’s got approximately 10 hours of video on both of those core one and core two concepts.

And then there’s also, the comptia network plus and security plus, specific to cybersecurity and networking. 10 hours each of those.

Zach Hill

Yeah. Sorry. I just want to give a pro tip for a lot of people out there. I love Professor Messer. He provides amazing material. The only advice or pro tip I have for you is to, like, one and a half times speed, maybe even, like, two times speed, some of that stuff, because he’s.

He’s very slow. So some of you out there will, really appreciate that pro tip right there. Some of you will enjoy the slower, the slowness of it. But, like, for me, and I know I’ve talked to a lot of people, speeding that up some really makes it so much better.

Carrie Roberts

I did watch it on two times speed as well, but. But I I wasn’t sure how applicable that was because a lot of the majority of that was review for me.

And I think. I think my daughters are watching it at either one and a quarter or one and a half. So they’ve sped it up a little, but they actually have to let it sink in a little more.

So. Yeah. Yeah, it’s really great that he does that for those four and that they’re free. I mean, that’s 40 hours of training right now there.

That’s really excellent. Then I’ve got some other resources on here specific, to, pen testing and coding and Linux.

And that’s from w three schools. Portswigger, which is the maker of the burp suite tool. It’s, a proxy for doing web app pen tests. And, I would argue that the majority of pentests are web apps, just because there’s so many of them in comparison.

so that’s a really important and popular tool. And so the makers of that burp suite, Portswigger, they have a lot of great free training, hands on lab type training.

Like, here’s a website, hack the issue, it has to, pass this, and it keeps track of whether you successfully passed it or not. So lots of great stuff there.

And of course, over on the right are the links to all of this training, so it makes it really easy for you. And of course, the spreadsheet is linked to from that blog post.

and then it gets down here into Jeremy’s it lab training for CCNA. This is really the ninja part of this list. This is really in depth technical, knowledge of network protocols and configurations, which is really important for those type, of roles, the technical contributor type of roles we’re talking about in cybersecurity.

it’s really a long playlist, but I’ve broken it out into a bunch of different items because there’s more there than you need to know for this cyber ninja journey.

And so I’ve cut out parts of it and also, cut out the end of some videos where it talks specifically about how to configure, Cisco devices that you don’t need to know the specifics of unless you’re going to be a network engineer.

So those are broken out down there. So that ends up being 207 hours of free training. And if you get through that and you thought it was super cool, then, then keep going.

So I was on my journey through watching all of this when I bumped into try hack me. And, there, there’s about 10% of try hack me’s content is free.

And you can do that for free, which is what I started with. But it was so good and so affordable, it’s in my opinion, for what it is, $15 a month, that I had to break from my original, vision of having completely free training and include this, because instead of having a video here and a video here on all these different topics, we could have one contiguous thing with built in, hands on labs.

that I just had to include it in the chain. So forgive me for it not being completely free. so track tryhack me is at, tryhackme.com dot.

They’re bite sized gamified lessons. So, the games are fun. And I know for my daughters it really helps when they don’t, don’t just have to read a bunch of stuff.

Like I keep thinking, technically I could just hand somebody like ten textbooks and say here, read all this stuff and you’ll be a cyber ninja.

And if you read it and you understood it, that would be true. But that’s really hard, right? I mean it’s just so dry. It is a way to do it, but it’s also much harder than doing something interactive and fun.

So what I have here is a picture of the trihack me platform. So in trihack me you can click a button that starts up your hands on lab environment.

So on the left you have a lesson from tryhack me. And on the right you have access to a computer where you do the things they say. So here’s a lesson on active directory.

And so it explains what active directory is and then it says use the active directory users and computers program on the right. And tell me the last time Sophie changed her password.

So you have to be able to get in here and look at the proper properties within active directory users and computers and find that setting. Or maybe they tell you go force a password reset on Thomas and then they keep track of you having done that.

So you have that lab just that easily available. You don’t have to create your own virtual machine, you don’t have to install Windows or Linux or the ATT and CK tools.

Everything’s right there as you’re learning in these small bite sized lessons. So, and then every task has multiple m questions where they test your hands on knowledge.

So here it says which group normally administers all computers and resources in a domain? So that’s something they just taught you up above. So you put your answer in there and hit submit and you don’t get any penalties for getting it wrong, you just keep trying.

And then here it wants you to look up the machine account for Tom’s PC. So you could go over here and look that up.

And oftentimes they have hints, or if they don’t have hints, actually there’s already walkthroughs that people have published for all the trihack me rooms.

So you could go get a walkthrough and get a hint from the walkthrough. Of course you could completely cheat. So if you wanted to go download all the walkthroughs and just go through and paste in all the answers, but that would defeat the purpose of learning.

So, but that help is there. So if you get stuck. Those walkthroughs are available for you. Oh, yeah.

Zach Hill

I can’t stress enough like how important and how excited I am, I guess, more so, like to see active directory being featured there because, over the last few years, I would say kind of like being involved within the community and seeing a lot of different training that’s out there.

There have not been enough training, providers showing, you what active directory is, how to use it, why you should understand that. And I’m really looking at Comptia mostly because comptia, they, they make these entry level certifications like the a, but they don’t really highlight active directory too much there with at all and kind of walk you through that.

And active directory is one of those tools that when you are working within entry level it, and even throughout your entire like journey throughout, through it, active directory is used probably 90, 95% of the time and organizations, and that’s something that everybody, especially like just starting out, should have a good familiarity with.

So seeing hack the box or try hack me feature that I think is very, very important because again, that’s just a tool that you’re going to run across in many different, environments out there and you should just be familiar with it.

Carrie Roberts

Yeah. So you kind of slipped there and said hack the box, and then changed to try hack me, which made me remember that I should clarify between the two, that they are similar and different.

So they’re they’re similar in that they’re both cyber training platforms. hackthebox has an academy that’s essentially the same product as trihack me.

So Hackthebox has multiple kind of products, and their academy version is really these lessons and hands on labs just like try hack me. I’ve played with both, and the try hack me is, is better for early learning.

So there’s much more guided and handholding, with the try hack me content. The hack, the box is more advanced and less guided and can be more frustrating.

So between the two, I recommend starting with try hack me and then potentially moving to hack the box academy after that. That is my recommendation.

so within try hack me, they have learning paths, which a learning path might be, the pen tester. Learning path. I want to be a pen tester, and then they say if you, if you want to be, learn pen testing, you should take this module and this module and this module, and a module is a collection of rooms and rooms being like the individual lessons.

So we’ll look at what some of the rooms are available. I put together a list of 285 rooms in order that I recommend you take to go from this high school to cyber ninja training.

And it includes the amount of time each room is expected to take, whether its difficulty level and whether it’s included in the free triacme subscription or not.

So all that information is on a spreadsheet from the blog. And the learning paths within tryhackme are small, in terms of, maybe there are three or four or five modules that make a learning path for Pentest or Soc analyst or incident responder.

There’s no like giant learning path like I want to be, I want to be a cyber ninja. There wasn’t a giant like, if you just want to learn everything, go through it in this order.

so the learning paths they had, each of them had some overlaps with the other. So if you’re like, I’m going to do a bunch of stuff, what order should I do it? And I’ve ordered that so that if one room says, assumes, that, wireshark and says use wireshark to look at the traffic, then I make sure that you’ve already done a wireshark room and learned how to use wireshark.

So which, they don’t have a learning path that lays out a bunch of rooms together. So I’ve laid out 285 rooms together, or about 380 hours of hands on training for you to do.

So let’s look at some of the learning paths. So they have a complete beginner learning path, free security, cyber defense, web fundamentals, socket SoC analyst, junior pen tester, red team or even preparing for comptia pen tests.

So these are the kind of modular learning paths, but I kind of mix and match all their rooms into this.

We’ll call it the mega learning path. But you can see some of the great content they have in here. so if you look at one of their learning paths, say SoC level one, it includes these modules, cyber defense frameworks, threat intelligence security and traffic analysis, endpoint security monitoring, phishing, digital forensics and incident response.

And then within each of those modules there’s rooms, multiple rooms. here’s an example of the pre security learning path. They give you the intro to cybersecurity network fundamentals, how the web works, Linux fundamentals.

You really do need to learn Linux if you’re going into this field as a technical contributor. And Windows fundamentals, where you do get into active directory, which is just four to everything windows in a business environment.

SoC level two goes on to doing log analysis with splunk and elk and detection, engineering, threat hunting, threat emulation, incident response, malware analysis as some examples.

So if we go into like. So SoC level two is a, learning path threat emulation. In this module, inside the threat emulation module, we’re going to click on that threat emulation.

There’s 123456 rooms inside threat emulation. So we got modules and rooms. The rooms we have intro to threat emulation, threat modeling, atomic, red team, Caldera, and then these are just two hands on labs activities to do with that.

So that’s pretty cool that you can get in there and learn all this stuff. And this, we can’t read all this, but this is just highlighting some of the modules that are available within.

Try hackmeet. Wouldn’t it be great to know all this stuff and to be able to play with it hands on immediately? And this is a little word cloud of all the rooms.

So you’re going to learn about SQL injection and mitre and atomic, red team, Yaras or miss, if you’re new, you probably don’t even know what these are, that you should even learn them.

But these are the things you’ll figure out when you go through the learning path. And this is just a small snippet of that spreadsheet available from the blog that takes you through. You see on the left, we start out with easy trainings and you see whether it’s free or not.

So any of the ones that say yes are free. You can do without subscribing. but you’ll be limited to an hour a day of the hands on labs.

So you’ll run out of time and you have to come back the next day. But for the $15 a month, you can have unlimited access, unlimited time and access to all the content.

And so you can just click right here on the room. And that’s, what exactly like this. What we’re doing in our family, which we’ve been doing for about three months now, is every night at 07:00 at night, the whole family gets on.

Well, let’s see how many, four of my kids, my husband and I get on at 07:00 at night for an hour, and we work on try hack me together through a zoom meeting. And if somebody has a question, they bring it up.

And so we just go, we, we made added a column for each of us to the side and we put a little x when we have that room done and we just click down through this, and we’re working through it.

And, we’re going to get all 285 of these done. I have about 45 of them done, and I’m still learning things, even though, I’ve done a lot of training.

And I constantly, go through something like, let’s see, what’s a good example?

just maybe how to use NMaP. I just like, oh, man, I wish I could have played with this before. I kind of thrown into the fire, needing to put, it all together with other things and completely hack a computer or something, like in sans, net wars or something.

I would have liked this really in depth training on it.

Zach Hill

So, I, love that y’all do that together. I think that is. That is probably, like the. I don’t know, just like a cool, coolest experience to kind of go through. And I hope that one day I can do that with, like, my kids.

Cause that. That’s just, like, I don’t know, that makes. It makes me, like, jealous in a way, but just also just fills me with, like, so much excitement, too, just to see somebody who’s kind of doing that and putting all this together.

I just want to tell you how much I appreciate that. And I just want to thank you for putting all this together because you going through this and me seeing this is just phenomenal because I think that really, this really will help somebody kind of lay out their path and kind of be able to walk through it, and I.

In a digestible way. but, like, the question I want to ask you is, like, you’ve. You’ve laid all of this out, right? And you’ve put this amazing spreadsheet together and the blogs.

How. How much of this should somebody really kind of, like, focus on, to, like, complete as they’re going through, because, I think some people might look at this and be like, oh, my gosh, this is a lot.

is everything on here, like, do they really need to complete everything that you’ve laid out for them or as they’re going through, these different challenges and things, will they kind of start to develop maybe more of an interest in what they.

They enjoyed? And can they kind of. Will they be able to skip around and focus more on those areas?

Carrie Roberts

Yeah, I think that this is a good idea for, some generic education, but if you find a specific topic, like, you get into this and you’re like, oh, my gosh, reverse engineering malware is amazing.

You might just veer off at that point and just Google as much reverse engineering malware as you can find and just get lost in that, and that’s great. Then you become a malware reverse engineering expert and that would be a successful outcome of this without even finishing it.

So this is just a way to get to expose you to a lot of great stuff that will set you up to take any of those paths. But if you start taking that path in the middle, I think that that’s great too.

Zach Hill

There was a question, I don’t know if you had highlighted it earlier, but people are asking about taking notes. What do you use to take notes?

And do you suggest having these good suggestions for people as they’re going through all of this, that documentation process?

Carrie Roberts

Yes, notes are super helpful because it gets so frustrating to have to go back and try to find things again.

Like you’ll go into a training room and it’ll say, use go buster to find directories. And you’re like, huh, what is the command line for that again?

Is it go buster? U l r? Where do I put the. So what I like to use? And I feel like it kind of gets ridiculed amongst the cyber community, but is Microsoft Onenote?

I just love how you can put anything, anywhere you want to go. And you can have notebooks, and sections and it’s all searchable. You can even have different notebooks. Like you could have your offensive security notebook and your defensive security notebook, but then you can search through it.

It all syncs with the cloud. You can access it from any computer. I’ve also used Obsidian and a lot of coworkers that I know like Obsidian, they take their notes in Obsidian.

It’s a cross platform, works well on Linux, kind of markdown note taking tool.

But I really do like one note better still, even though I’ve, I’ve given, given obsidian.

Zach Hill

yeah, I would say it doesn’t, doesn’t matter. Fighting chance, it doesn’t matter too much. I would say the program or how you do it, just take notes at the end of the day.

So whether that’s what note, obsidian notion, whatever, it just take notes. That, that is the most crucial piece of it all. So find the program that works for you or the, the pen and the paper that works for you.

Just take notes. that is I think above, above all else. That is what you need to take away from this is just take notes and find, find whatever way.

Carrie Roberts

Another thing I’ve done is just put it in a blog post, because I figure if I’m going back and looking up my note every time I, other people will be too. And I especially found that when my husband Darren was, getting into pen testing, he’d asked me a bunch of stuff that I had in my notes.

And I’m like, well, if he’s just getting into pen testing and he has these questions, and a lot of people have these questions. I had this question originally. I’m going to put this in a blog post, and I look up my own blog posts a lot of times because, that’s the fastest, easiest way to find it.

I can search my name and like how to test for an open mail relay and bring up my blog post where I took really good, detailed notes. Because when you have to put it in front of people, you go all out to understand the caveats.

And then I use that as a own reference so, you could start up your own little blog. That is your notes, and then that’s also a sample that you can give to hiring manager.

Like, here’s the kind of things I’ve been playing with, working on. Here’s my notes, here’s how I organize things, here’s how I write. That can be a great resume builder as well.

Zach Hill

I just have to agree with that 100%. And, just to add another thing to that, one thing that I did a lot through my learning journey was I would record videos.

And really just for me initially, but I would just record the screen and, just talk about some of what I was going through. but I put some of these available on YouTube.

And I cannot tell you the amount of times that I still go back to those videos just to reference how I set something up because I don’t remember, but I know in whatever video it was, I can go back to that, that exact video and pick up and figure out, what exactly what I need to do just from doing that.

So, if notes don’t work and you want a little bit more visual for you, record your screen, record yourself going through something, and, make that available for you to access later on.

And that could be a great resource for you too.

Carrie Roberts

Yeah. So about a month into this, effort with my daughters, after I had this list of trihack me rooms, my daughter called me over and goes, mom, I need help.

I’m trying to get a meterpreter reverse shell on this box, and I’m supposed to exploit eternal blue to get it. And she went on for a little bit.

And I just stood there like, wide eyed, and she got done asking me, and she’s like, what? And I go, I can’t believe that you have already learned enough to even be knowing what you’re saying right now.

And she thought about it and she goes, wow. I did say a lot of, like, reversal. I never knew what that was a month ago. Interpreter exploit, get the flag, all this stuff.

And we both just realized right then that she’s already come so far. It’s really cool.

Zach Hill

It was awesome. I love doing that.

Carrie Roberts

Okay, so. So now we have these great resources that are free or fairly cheap. This try hack me just was so amazing, I couldn’t not include it even though it wasn’t completely free.

Okay, so, yeah, got 286 rooms laid out in order, and, it’s approximately 380 hours worth of baptism.

So you’re going to learn a lot of great things, but on top of that, you might want to back this up with a degree, because the degree really helps with getting your first job to differentiate you from other people.

If you have some connections with people, you may. I mean, people do get into this field without degrees. I’m not saying it’s 100% required, but for.

I. I recommend it if you can. If you can do it to get that degree and just have that, credential available on your resume going forward. There are a decent amount of jobs that require a degree.

So if you’re not going to get it, then you’re stuck, with that subset that don’t require, which is still pretty large, honestly. But still, there’s, you’re immediately maybe let’s just throw out a number, cutting out half your job opportunities.

but then again, you only need one job. So, I learned these ways to get through college, really, in the cheapest way possible, but also a good way.

So there’s a company called Sophia learning that charges only $100 a month for access to their content. And you can take two classes at a time, and they’re self paced, so you can do them as fast as you want, which presumably you would want to be doing.

I’m always trying to get things done faster than you would normally do it in, non online, self paced college.

So. Or this Sophia learning, is if you buy a year at a time, it’s only $600. So that ends up being dollar 50 a month in a year.

At, Sophia, learning is a good amount of time because at Sophia learning, you can complete your prerequisites. So, your things like biology, algebra, writing, speech, health, those kind of things.

Intro to it, maybe intro to Python. You can get all those done at Sophia learning. Sophia learning partners with maybe 30 to 50 different schools.

And what that means is those schools that they partner with have already agreed that we’ll accept these credits from Sophia learning to count towards these credits at our school.

If they don’t partner with your school, you have to ask the advisor, say, if I take this from Sophia learning, will you count it? Like, if I take intro to it here, will you count that towards it?

Fundamentals at yours? And so you just have to work that out with your mentor. It doesn’t mean they won’t, but it’s just not pre, like, pre approved. So field learning is also more of a community college.

It’s not a, four year college, but it’s more of a community college bill, where they’re really working with the student to, knowing that they’re just kind of new to college and helping work with them.

So with Sophia, yeah, everything’s self paced, and you go through it. You could get, Sophia partners with West Governors University, which is also an online school that offers cyber degrees.

They’re listed there. Cyber security and information assurance, cloud computing, information technology, network engineering and security, software engineering and computer science are their technical degrees.

They offer at WGU. Sofia partners with them. So if we take, for example, the first one, cybersecurity, and, information assurance, there’s a webpage from WDU that says, if you take these 44 credits for these specific classes from Sophia learning, we’ll count them for these 44 credits in our program, meaning you finish for $600, you get your 44 credits done in a year.

Then you join WDU, and you’ve already got 44 of your 122 credits for your degree done at a crazy cheap price. dollar 50 a month.

And then for WGU, it’s also self paced. So you pay around $4,000. For cybersecurity, it’s 4200 for every six months.

And again, you’re working at whatever pace. So if you work fast, that’s really cheap college. So, you get with WGU, you take one class at a time, and for the most part, there’s no homework, with a few exceptions, but there’s just a final exam.

So they give you the content to learn and you learn it. But let’s say you’ve already learned it because you did this cyber ninja training, and, you already went through w three schools, python training, and you already know Python.

So then you get to WGU. They want you to take Python, and you tell your advisor, I already know Python. Let me take the pretest, and you take the pretest.

If you pass it, they’ll let you take the final test. So, literally, in, in a day, if you already know the material, you could join Wegu, say, I’m ready to take the final test for Python, and you take it, and you’re done with that class in a day, assuming you already knew this stuff.

If you don’t, there’s. There are lessons there that you can take. But like I said, this learning path, you’re learning a bunch of stuff before you get to WDU, before you get to the most expensive thing.

And then at WDU, you’re, just proving that stuff by taking those final exams. Occasionally there’s a final project. Actually, I think Python is a final project instead of a final exam.

But, Wegu is a pass fail, university. So there is no GPA. there are.

If you. If you failed the final, there’s things you could go back and study and they’ll let you retake that. So, the fact that there’s no homework in terms of busy work where you need to turn in a bunch of stuff that takes a bunch of time, and you can just say, well, I already know this stuff, let me take the test is pretty amazing, which means you can get through your remaining credits pretty fast.

And this tuition that you pay the 4200 every six months also covers the, In this case, for cybersecurity and information assurance.

I think there’s 15 certs here. So you see Comptia, a network plus, security plus. But of course, you’ve already studied for that with Professor Messer before. you got, Oh, Comptia, pentest plus, security analytics.

Bunch of Comptia. There’s Linux essentials, certified cloud security, professional system security, certified practitioners. So that tuition covers those, certificate fees, the fee to take that certification, and those certifications are the class.

So, like, there’s a three credit class for a plus, and you get the a certificate and you pass the class.

I mean, that is the final test. The certified certification test is the final for the class. So. Right, there is 15 of the classes, which is just get the CerT study for, they give you the study materials, and they pay for your certification attempt, study for, and get this certification.

So when you get out for your $4,000 every six months, you. When you get done with, you’ll have a bachelor’s, in this case, cybersecurity and information assurance and 15 industry certifications to put on your resume, which puts you hugely ahead of all the other graduates who just have their bachelor’s on their resume.

So, and all included in the price of that college. So I think. And, and it’s a remote online college, so it can work from wherever you are.

Although WGU is us, only Sophia is anyone in the world. You only have to, you don’t even have to be a high school graduate to do Sophia learning.

And you just have to be at least 13 years old. So you can even put your high school, your daughters who are in high school, they can enroll in Sophia and for $50 a month be passing off college credits.

So it’s kind of another dual enrollment type option. They can be in high school and doing their prereqs from Sophia learning, for really cheap. But anyways, how are we doing on time?

We got a few minutes left.

Zach Hill

About five minutes left. Yep. And do you have a, time after for some questions?

Carrie Roberts

Yeah.

Zach Hill

Awesome. So, instead of doing a breakout room today, we’re just going to keep things right here in the in our main chat and we’ll just do like an ama, when Kerry is finished and you guys can ask all the questions you have, we’ll try to go through.

Carrie Roberts

Yeah, I guess just to close out. I did, I didn’t talk about anti siphon training here. It’s like I said, it’s another great option for learning. I had narrowed it down to some smaller subset for this blog post and for my girls.

But definitely I’ll be recommending anti siphon going beyond that. But I do teach two classes for anti siphon training, which is ATT and CK emulation tools course where we talk about Mitre, ATT and CK framework, atomic red team vector purple team reporting tool and Mitre Caldera, which is an ATT and CK emulation tool that’s free to use for Mitre.

I also teach Powershell for infosec, what you need to know. And we talk about not really the basics of how to use Powershell in terms of this is how you read a file, this is how you make a network connection.

But we talk about the topics as they all interrelate to cybersecurity. So we talk about ATT and CK tools, amp, malware by detection bypasses, and how attackers are using Powershell and how logging can help assess defenders.

So I did want to mention that.

Zach Hill

Awesome. Thank you. Kerry, appreciate it. as always, the information that you provide is so valuable. I was watching the chat the whole time and everybody just said how much they appreciate what you’re putting together and it’s going to be helpful for them in their journey.

so I’m very excited for everybody who was able to join and found value in that as well. we put all the links for everything that Kerry talked about in the chat a few times. But you guys can also go to the anti cast resources, channel and discord just so you can get those slides again.

And I will put the link again in the main chat. But one thing I want to highlight with the link that I provided for the cyber ninja training plan, the excel sheet there. If you all click on the links in the right hand column, in the far right column, those are also going to take you to additional excel sheets, I believe from time to time.

I know you clicked on the try hack me one and that took me to another Excel sheet that laid out that path, for the try hack me. I know that there was some confusion in the chat on how they could find some of that.

If you guys are having problems, seeing some of the different excel sheets that Kerry was featuring, make, sure you click on the links that are in that far right column because that’ll take you to some of that information as well.

so yeah, thank you again, Kerry, I’m going to go through here, look through some of the questions that we have. I know we had a lot come through on Zoom, which is phenomenal to see.

So I don’t know that we’ll get to all of the questions, but if you have questions, you can throw them in Zoom, you can throw them in discord and we’ll try to answer, as many as we can.

Carrie Roberts

I saw, I saw something yesterday, on LinkedIn, the anti siphon training post. It’s my blog post or something and somebody commented on it and said this is like a love letter to people interested in getting into cybersecurity.

And I really appreciated how he phrased that because I really do feel like I might put a lot of love into this. Like for all the people that I’ve mentored and for all my own family and everybody who’s been interested, I really kind of poured my soul into this one in terms of making an effort to find good stuff and to review it and to share it.

So I thought that was really cool.

Zach Hill

You did a phenomenal job. And again, I really genuinely appreciate it. For many years, I’ve had, I’ve done this YouTube channel, called it career questions, where I’ve helped people throughout their journey and I’ve answered so many questions, and tried to put together information just like you have done there, but you just went above and beyond anything that I have ever done.

And I’m going to be utilizing your resources, to give to everybody from now on, because, you structured it together so well. And I think it’s a great, an easy way for people to kind of pick up on, learn, digest, and just follow through.

So I genuinely appreciate you doing that and taking your time, to put that together. And I know everybody else here does, too, because I watched them in the comments today.

Carrie Roberts

so, yeah, even if you’re not new to cybersecurity, there’s still a lot of great stuff there. I mean, I’ve learned a lot going through it myself.

So even if you kind of on that path already, there’s great things to learn. And honestly, I’m super tempted to go back to WGU and try to get, like, a cloud computing degree and see if I can do it in six months just for the challenge and just for the heck of it.

Just because it’s so cheap. I feel like it’s so cheap, I have to do it.

Zach Hill

I hope you, like, blog that journey or something. That would be really cool.

Carrie Roberts

well, I’m kind of prepping for it because if you have the certs before you join WGU, then they count. So those are other prerequisites you can have done.

Let’s say you do your 44 Sofia learning credits and you come in, let’s say your company or whatever your company will pay for Comptia. For comptia certifications.

Go have your company pay for that and get those before you start paying the $4,000 every six months, bring those in as Prereq. So you join WGU and say, I’ve done these 44 prereqs from Sophia Learning, and I already have these four compti certs, which passes off another four classes and plus saves you the time of trying to get them to get you signed up to take it.

And. And you can have, technically, you can have 75% of the degree done before you join WGU. So if you only have 25% left when you join, you could probably get it done in that six months, which is kind of what I want to try to do.

Zach Hill

Yeah. Good luck. I hope. I hope you do it. I can’t wait to hear about it. Honestly, this sounds of a challenge, but I think if anybody can do it, I’m sure it’s you for sure, honestly.

so we have this question from Aaron here. He says, is it really worth it to bother with the a plus, when you have an it degree already? How do you feel about that?

Carrie Roberts

I would think probably not. I mean, I watched all that a plus training, and it seems like a lot of review for what an it degree would give you, but it’s still something that is one bullet point more than your competitor going for the job, So, I mean, I really do like having things on the resume, even if it, even if you could argue, well, it’s just, a repeat stuff, that I learned in my degree, so, I mean, I can see it either way.

Zach Hill

Yeah, I would say if you’re trying to get into entry level help desk, some type of role like that, there’s, you are going to run across some job descriptions that will ask for the a or even require the a.

So you just have to keep that in mind that sometimes there are going to be those requirements for certifications and especially, like at the entry level, the, the a might be one of those. but oftentimes having a degree will, will trump that in some, some ways, but still, you might have those requirements that you have to look at.

So it’s, it’s very, it depends,

Carrie Roberts

the certifications are, the most important when your entry level, when you don’t have years of experience to show. And, but even beyond that, after you do have experience, there are some companies that say a certain cert is required, but, a lot will just say or equivalent experience.

So, you got to kind of just play that one by earthen.

Zach Hill

have you, do you have any experience with the let’s defend platform?

Carrie Roberts

No. What is that?

Zach Hill

they do some training as well, more on the defensive side. I’ve heard of them. I haven’t used them. I’m very familiar with them, but I’ve never actually used their product, so I can’t comment on that one as well.

But if there’s anybody here in the chat, in discord, if you’ve used let’s defend and you have thoughts on that, please throw it in the chat. It was a question that we got.

I’m still, I’m just going through the zoom questions, or there’s, there’s a lot there. have you used, the cyber mentor, TCM security at all?

You familiar with their resources and certifications.

Carrie Roberts

I looked through what they have and when impressed with the catalog, I haven’t taken any classes, and I’ve also heard a lot of great feedback on it.

So from that perspective, I think that’s a great way to go as well.

Zach Hill

I can provide some, some insight there because I used to work there and, the question was, do they hold any weight with employers, their, certifications? And I can tell you that they do.

so the TCM security certifications are growing in, popularity and they are showing up more and more on job descriptions. So it is, they are, they are gaining some traction there, which is exciting to see because they.

I’m glad that you’ve heard good things about them. I always hear really good things about them. So definitely a great platform to check out.

Do, of any good, cybersecurity mentorship programs out there? Discord?

Carrie Roberts

I haven’t specifically looked into that. I’ve had tons of people reach out to me just directly on the LinkedIn and discord, and slack.

So that’s been my experience. And I love to mentor people. I love to watch them succeed. The thing is that anybody who’s willing to work at it can succeed.

So that’s what’s really exciting about it is it’s like, well, I need to find somebody who’s like magically gifted who, somehow knows everything already.

And in order to see them succeed, anybody who’s a worker will succeed. And it’s so fun to watch them, do that.

That’s very rewarding. But no, I don’t know about official mentor groups.

Zach Hill

I would suggest, checking out as many of the different discord servers that are out there from anti siphon black hill. Simply cyber. You have TCM security as well.

you have like the Taggart institute. I mean, I could probably just keep going and going. There are a lot of really great communities out there where you can start, putting, getting yourself into, and you can start finding mentorships that way.

great way to find mentorships is just through networking and building those relationships with people and might happen, over time, but building your network out with like the discord servers with LinkedIn, those, those are going to be probably some of the best ways or resources that you can utilize, to find mentorship.

And then of course there’s things like meetup.com where you can, search your area for like, different events that are happening. I know, like in the Chicagoland area, they have, I think that’s like monthly meetups for different like cybersecurity, like like niches if you will.

where, just people from all over Chicago kind of get together at some location and they just hang out. that could be a great opportunity for you as well. And you can meetup.com, you can search your area for anything that’s coming up.

stuff like that can lead to mentorship as well. And I’m still going through questions, y’all.

which programming language resources? What’s that?

Carrie Roberts

You’re a great resource for all these questions.

Zach Hill

which programming language do you think is essential for cybersecurity? Entry level positions? Do you think there is one?

Carrie Roberts

I think you’re going to get the most mileage out of python for security. it’s just not, it’s just the fad I guess, right now.

Not that somehow it’s way more amazing than everything else, but I think certain communities latch on to certain languages and of course Python works well, but it’s just kind of the thing that people adopted in because the researchers are writing their tools in Python, then the people who use them want to know Python and then they do their things in Python.

So it’s just a very python ish community. So when you start looking at even on the defensive side, when I was on the defensive side, there’d be a lot of plugins to let you run Python and various defensive tools.

And that was always Python. Everything was always Python, when it came. So that seems to be the most advantageous. of course I teach the Powershell class, which Powershell is on windows by default, super helpful for administering windows, super helpful for attackers, super helpful for defenders to know how to use Powershell from, from that standpoint.

But in terms of attacker tools and extensions to existing defensive tools, Python is most popular right now.

Zach Hill

Yeah, it works very well across platforms. So whether you’re on Windows, Linux or Mac, you’re going to be able to run Python and it’ll work fine.

and it’s from an entry level cybersecurity standpoint, I think you highlighted that it’ll be one of the most frequently used, probably programming languages that would be used within security, especially that I see nowadays.

But I don’t want people to also think that you have to know programming and you have to be an expert in programming or have to be an expert in Python. as you’re just starting off just looking at the code and understanding what it does is going to be the most beneficial for you.

And over time, as you’re going through your it journey, you might find where you start picking up more python skills and things like that just based off of your career trajectory.

but I wouldn’t necessarily say you have to know it and you have to be an expert in it, but knowing how to read, the code and just have a fundamental understanding of what it’s doing, that’s going to be the most helpful for you.

and I found throughout my career, just being able to read it and understand that that’s really what’s made the biggest impact for me because I can’t write a python script to save my life, but I could read a python script and I can understand what it’s doing.

In order to either troubleshoot or even if I had to add onto it, at least I have that fundamental understanding where I could go and look up and do different resources that would help me add onto that script or modify that script in a way.

I think that’s very helpful.

Carrie Roberts

Yeah, for sure.

Zach Hill

Yeah. Still. Still going through how many questions. I’m not talking. I’m sorry, because I got. I have to read and I can’t read and talk at the same time. But if Kerry see a question that.

Carrie Roberts

I didn’t even read during the presentation because I can’t present and read at the same time.

Zach Hill

But, yeah, if you see any questions that show up, you can answer them. What was that?

Carrie Roberts

I did recently get, like a month ago, I did go and get my comptia security plus.

And, I wasn’t trying to build my resume at that point by putting that on there, but I did want to be able to give better advice to the people I mentor about how to prepare for that and, and to see if Professor Messer’s, training was helpful, which it was.

so that’s mainly what I did to prepare for that test. And it was interesting to see how that went. I actually had a hard time.

I mean, I barely passed it. And I feel like it’s because I overthought everything. So there’s questions on there, like, which of these would be the best answer? And I’d be like, well, it depends if this or that, and then if that or this.

And so I feel like I was almost, at a disadvantage taking it, this late in my career versus early on because I was just throwing too many variables into probably a simple question.

Zach Hill

But, no, honestly, I think what the security plus is one of the trickier ones, especially from comptia. And I’ve heard from people, oh, gosh, a lot of people who have been working in it for a long time who have taken, the security and failed it the first time.

And I can even say from experience, like, the security plus was the very first it certification that I ever got and I had already been working in it at that point for 19 years, I think, and I decided, oh, I’m just going to get the cert and see what happens.

First time I took it, I failed it. And I’m not ashamed to admit that at all because it was a great learning journey for me. but, I went back, Professor Messer, and, like, actually, kind of took more notes and really listened to what he was saying and went back and passed it.

Carrie Roberts

Did you go, did you bump it down to 1.8 at that point speed?

Zach Hill

No, no, I just took more notes.

Carrie Roberts

What? I don’t know your story. I had no idea you worked in it for 19 years first.

Zach Hill

Yeah, oh, yeah, a long time. I mean, I started off doing like web development back in like 1999, and then the really early two thousands.

I was helping people build websites. And then back in that time, everybody was like, oh, how to do websites, so everything about computers, and I really just like helping people.

So, my career kind of eventually transitioned from like web development to more it support. And that was like 2000, I don’t know, seven, eight or so.

I worked for like school, did it support for school districts, hospitals, engineering firm. And then, yeah, and then my career kind of like circled back to doing more like web marketing stuff.

Here I am, Yeah, yeah. A fun journey.

Carrie Roberts

Well, well, actually that’s it. That’s a really good point that you bring up about the shifting of your career. So, some people I mentor, they get really worried about picking the right perfect, job to go after.

Like, oh, do I want to be a pen tester, incident responder or go maybe more into marketing or risk analysis? Just pick one that you currently find fascinating.

And don’t worry about whether you’re going to be there the rest of your life because many people move around and it’s easy to move around and it’s not a mistake if you end up doing one thing and then moving to the other.

Like I did red team and then moved to blue team. And those experiences complemented, each other and worked great together. And I loved it and it didn’t preclude me from moving back to red at some point.

And, yeah, so it’s not that, like, I’m just undecisive about what I want to do. I want to do a bunch of different things. And you don’t have to have your final, ultimate answer at the beginning.

Just do something that you find cool and see where it takes you.

Zach Hill

Yeah, you make an excellent point, too, because, I think a lot of people, as they’re starting off in this field and just learning, trying to learn all the things, and they might get fixated on, oh, okay, I want to be a network engineer.

And they start to go down that path, but as they’re going down that path, they discover, oh, I really don’t enjoy this as much as I thought I did. I think the, what, what people, again, maybe fail to understand or see is that you are never siloed in it.

Once you get your foot in the door, once you get, that that experience, your career has just, like, endless possibilities where you can transition and weave through the different roles and even, like, subset areas of it, like the different niches, if you will, so there’s.

There is networking, there’s programming, there’s cloud, there’s cybersecurity. Of course, these are all very different subsets or niches within it, itself.

And you can, like, weave through all of these to find the, what you’re most interested in. Find the journey that works best for you. that’s completely okay and acceptable and just, having that.

Having experience initially will help you, to make those transitions easier later on throughout your life. So, don’t feel like you’re ever going to be stuck doing the same thing throughout your entire career.

You have endless possibilities in front of you once you start figuring your journey out here. And I think that’s something that’s. That’s one of the most exciting things I think about it, because, a lot of people might, like, do get bored and just kind of burnt out on things, but, they still have a joy for technology or joy for helping people.

And you could just kind of take that, that joyous, to a different area within it. And that’s okay.

Carrie Roberts

Yeah, super awesome.

Zach Hill

Still going through some questions. I think I made it close to the end here now. so I was just going through all the questions on Zoom. I didn’t even get to any of the questions on discord. So I don’t know if anybody has some questions that they want to ask Kerry on discord.

How much time more time do you have, Kerry? I got until about 1230 here.

Carrie Roberts

I’m free. So yeah. If you asked a question in discord and you want to just post it again so we can see it, yeah, you’re still here and wanted to know. Let’s see.

Advice, polishing our notes to impress a future employer. Keep them just. Yeah. there’s a question about whether just to take notes for yourself or make them polish so you could share them with an employer.

So I recommend the polish. So turn your notes into a blog, even if it’s not like some popular blog that gets a lot of hits.

Just something you can put on your resume so that your employer could read a what you’ve been up to, what you’re interested in and what your writing skills are like.

And that’ll be a big benefit for you. And also your notes are going to be better than if you just did them for yourself because you can get away with making them sloppy and leaving areas of the topic, less, understood just because you don’t have that extra motivation to go dig into the details.

And so you really get, motivated to learn more when other people will be looking at it.

Zach Hill

I can’t, I can’t stress that enough because, when you’re taking notes for yourself, while sometimes that can be great. and even if you do want to take notes for yourself, I would encourage you to kind of do what Kerry said and make those available on a blog.

you’ll obviously want to rework those, reword them a little bit so that they’re appropriate for a blog. But when you start taking notes for yourself, you start to get lazy with it. And that’s the last thing that you want to do when you’re documenting and note taking is get lazy with things because providing that detail, or a good level of detail and information is going to be extremely helpful for not only future you, but other people out there as well.

So can’t highlight that enough.

Carrie Roberts

So somebody said to put your notes on git or something, you could put them on git. But there’s probably more friendly free blogging services that makes it easier to put your notes more in a web format with links between, but it’s up to you.

But just anywhere where you could share a public link would be good and where you can easily find and search through it again, I got this question.

Zach Hill

From, I’m not going to try to say their name because I’m terrible with names, but they said how can we integrate our try hack me practical knowledge in order to land our first job?

Any thoughts on that?

Carrie Roberts

Well I, I think that, well I.

Zach Hill

Think it goes back to landing your.

Carrie Roberts

I mean you’re gonna one you’re gonna have to get an interview which means your resume has to stand out among others which putting try hack me on there.

If you, if you say I’m in the top 10% of triacme users for number of completed rooms or points or something because actually from what I’ve done so far the 45 rooms I’m already top 7%.

So it isn’t too terribly hard to get an impressive percentage to put on your resume and then, so that, that just helps you get to the interview but then with that hands on skill you really know what you’re talking about.

And when you come to that technical interview and they start asking you what is the OSI model, what’s the three way handshake, what’s DNS do and how is it different from ARP? You’re going to have the answers to all those in that way in both those ways it’s going to help you pass that interview and get that job for sure.

Zach Hill

I agree.

Carrie Roberts

It also shows initiative. If you’re competing with somebody else let’s say just graduated, got a degree and then you can say I graduated and I also work on learning in the evenings doing triac me, that’s showing a lot more initiative and standing out amongst the crowd.

Zach Hill

I agree I can’t ask about the.

Carrie Roberts

Treadmill desk and we are probably a little short on time but I have a whole blog on it its effectiveness. I used it for four years daily, walking at least 4 miles a day and I was awesome but also discovered that was what was making my back sore at night so im just about to try using it a little less each day at this point but hopefully that doesnt happen to everyone.

Zach Hill

I have a bike that goes under my desk so ill sit here and ride my bike all day and yeah by the end like at night when I’m ready for bed my back is killing me so I definitely need to get a new seat for mine.

but I encourage that so much. like I can’t again stress like some of these, these points enough because as an it professional we do sit in front of a computer the majority of the day and just being a little bit active can really be helpful.

so whether you’re going to take a break go for a walk or do you like Carrie or myself? Buy a treadmill, put under your desk. Or, a bike to go under your desk. I think that adds a lot of, I don’t want to say value.

I think it adds a lot. It does a lot for you. It really does. It makes me feel better. I was riding my bike this morning before we got on this call.

Carrie Roberts

So, yeah. there’s a question about will the link to recorded version of, where will the link be to the recorded version?

Zach Hill

Yeah, it’ll be on YouTube. I think somebody put the link in there. It looks like Ryan added the link for the YouTube. Anytime we do, these anti cast, you can always find a, recording out on YouTube.

How do you stay motivated all the time, Carrie?

Carrie Roberts

Lately I’ve been really up and down. Like, I’ll be super motivated and then I’ll get burned out, and I’m. But, like, that’s it. I’m not doing any more anything forever, it’s kind of like when you eat way too many ribs for dinner or something, you’re like, I’m never going to eat again until breakfast.

And then you want to eat again. But, what really keeps me motivated is, all the people that I mentor because, I’ll start thinking, like, maybe I teach my class, but I.

It’s a lot of work. And I’m like, why am I even doing this? But then at the end of the class, people will be like, this is great. I’ve got information I can take and use with me on Monday. This is making a really big difference to me.

And then I hear that and I’m like, oh, yeah, that’s why I’m doing this, because it’s mattering to people and helping people. And, so really it’s you guys who appreciate the work that keeps me motivated to do all this.

Zach Hill

I agree with that. It could be difficult at times. I know. But, I know, like, when I was working it and for school or hospitals, I think what always kept me motivated is the fact that part, like, part of what I did with it, support for school or hospital, is that.

But ultimately, the work that I was doing had an effect on either a student learning or a patient that was in the hospital. And, it might sound weird to some people, maybe, but if, you look at how the current landscape is, especially within schools, right, the technology is used all the time now.

They have iPads and they have chromebooks and projectors and all these cool things. that’s part of their learning journey nowadays. And when technology isn’t working, that will affect their learning journey.

It was always helpful for me to be like, oh, yeah, like, the work that I’m doing here affects the student learning and I want to make sure that I’m doing the best work that I can, to make sure that the students are having like the best experience that they can, and that, I don’t know, that always helped me.

And the same with the hospitals too. It’s like, yeah, even though I worked in it, like ultimately, the technology that’s being used, like in surgery, is tied to a computer a lot nowadays.

And I can remember one time where I got called into a surgery room in the middle of a surgery to fix a computer. And that made one of the biggest impacts, I think, in my life as far as career journey.

But that really kept me motivated as well because, oh, the work that I am doing has an impact here. It changes people’s lives in one way or another.

and that, that was, I don’t know, that was helpful for me. So I don’t know if that helps anybody else out there, but, the work that you do do, does help people. It does make an impact.

Carrie Roberts

There’s a question from easy does it about the modules and try hack me. Would you do the modules or just the rooms? So the modules have overlap.

So if you do one module, there’ll be some rooms from another module and they don’t necessarily make sure you have all the prereq. So something in the module, a room in the module might tell you to use wireshark, but you never used wireshark before.

So I recommend just going through the rooms in the order of, that I have on the spreadsheet for that reason.

Zach Hill

This is, probably one of my favorite questions right here. it’s from Jeffrey in Zoom. How important are soft skills in it?

What do you think?

Carrie Roberts

Yeah, well, unfortunately they’re super important. And I say unfortunately because I hate them.

I don’t want to have to communicate, but, it’s like the most important thing to be able to do because if you, if you learn some great things and the direction the company needs to go, but you can’t communicate that to them or to your partners, then it doesn’t help anything.

And also to learn communication is like just practice, practice, practice for the most part.

I mean, there’s some studying you can do on it, but it takes a lot of practice. So there, there is no easy way. Like, take these five courses and then you’ll be really great at communication.

So, it’s really a lifelong endeavor to improve your communication, learning from your own mistakes. But, that it is really important something to work on in prudent.

Zach Hill

Yeah, I think for a long time, there was this probably, like, misconception that if you work in it, you’re a total nerd, an introvert. You’re stuck in a dungeon all day.

And while I think that is is pretty true oftentimes, the fact of the matter is, soft skills are sometimes even more valuable than some of the technical skills that you’re starting out, because just being able to communicate effectively is going to take you very, very far in your career.

And I just want to emphasize even further, like, that’s something that you learn over time. It’s not something that you’re going to pick up a book on and be an expert on. It’s not something that you’re going to watch a couple videos on, and you’re just going to master soft skills right away.

It took me many, many years to be comfortable just being able to talk to people and talk to them, like, even confidently. And, when I say many years, I would probably say it took, like, a good ten years for me, honestly, of, like, actually working in the field and working with people on a day to day basis to finally feel comfortable, to have conversations with people.

And I’m not lying when I tell you ten years, like, I was the. I was a huge. I’m still a big introverted. I look back, like, 20 years ago, I could not talk to people to save my life.

I was terrible at it. So awkward. And some days I still am. But it really took years of just learning that skill and developing that to become comfortable with that.

And I want to reassure people that it’s okay to take your time with that, and it will be a little bit of a learning journey for you. mastering your soft skills will be extremely beneficial to you and, in your career.

Carrie Roberts

Yeah, I remember I’ve been introverted for a long time, and I was a teenager and probably, like, 16, and my mom and my. Her mom, my grandma are very extroverted.

And so they were trying to help me, and I’m like, I just can’t think of things to say, especially to strangers. How do you just talk to strangers? So they gave me specific examples.

Sorry. and they said, well, you can always ask about the weather, like, so it’s pretty sunny out today.

And I heard there’s a storm tomorrow and you can always, What was the other. Oh, you can ask them about their plans for the weekend. it doesn’t matter if you just ran into them, you can say, so what are your plans for the weekend?

So I mean, it starts with baby steps. So I literally use that for years. Like I’d be in an awkward situation which is around people.

It’s an awkward situation. And there’d be silence and I’d be like, what do I do? What do I do? And I go, the weather and the weekend. The weather and the weekend. So then I’m like, so what are your plans for the weekend?

And that helped me through so many things and get some things started. So we all, we all start out where we can.

Zach Hill

Yeah, for sure. all right, we’re at 1232 or 132 or whatever time zone you’re all in. so we’ve hit our quota for the day, if you will.

So I just want to thank you again Carrie, for being here, sharing your knowledge with us, answering questions. If people have more questions for you, is there a good place to get a hold of you or tag you on discord or anything like that?

Carrie Roberts

Yeah, you can connect with me through discord since that’s the main place. Anti seip and folks are already and or one equals one on there tribute to the vulnerability that introduced.

Zach Hill

Me to cyber security, which I’m very excited to share the interview that we did where you talked about that and I was hoping that we could talk about it in today’s anti chaos. But we didn’t have time.

But just so you all know, there is something coming where you can hear about that story and it is a really, really good story. but yeah, again, thank you all for being here with us. Appreciate you guys.

We don’t have a webcast next week because it’s a holiday here in the United States. So in two weeks you can tune back in with us, for our next anti cast.

So I hope to see you there. as always, I hope you hope you all have a good day and take it easy. Take care everybody. Kill it with fire. Ryan, thank you.