Matt McCullough (a.k.a. Matty McFly on Slack) joined me in the studio to talk about his wild and crazy path to security. He started literally with no technical experience, but through a lot of hard work, aggressive networking and taking advantage of educational and career opportunities, Matt now rocks a SOC job. Matt and I sat down to talk about a lot of good stuff:

  • How to start an IT career as "the family IT guy"

  • Leveraging a higher education (at places like Lake Superior College to meet people of influence and start networking like a beast

  • Entry level sysadmin and helpdesk jobs are fun - great opportunities to make the most of the position, build your skills and stretch yourself outside your comfort zone

  • MSPs (Managed Service Providers) are another great way to see different clients/verticals/systems and the various requirements that go into supporting them. From there, look for opportunities to start securing those organizations, as many MSPs don't dabble heavily into the security realm.

  • If you're going to school for cybersecurity training, look for ways to leverage your status to get discounts on security training, such as with SANS

  • Competitions like CCDC are awesome. You're given a handful of servers that are full of vulnerabilities, and you essentially are tasked with defending a network against a professional group of pentesters/redteamers. You even have to deal with real-life "injections" (other random emergencies and mock customers to deal with) while you're in the thick of the battle!

  • Join local cyber clubs (or start your own)! Looking for a fun CTF to get started in a group setting? Try hacking the OWASP Juice Shop

  • Attend security conferences(or start your own)!

  • Looking for a sweet place to go to camp this summer? Try GenCyber and the LSC summer camps - it's cheap and awesome, plus for a limited registration fee you get a ton of training and sometimes free gear!

  • Not sure if you're hardcore to try CCDC right now, warm up your skills at the National Cyber League with some CTFs

  • Looking for a great cyber group to join that has chapters just about everywhere? Try ISSA!

  • BSides are another great place to connect with the security community without the heavier commitment/involvement of some of the larger conferences

  • Secure360 is a MN-based security conference that has a student-focused version called Student360

  • Getting a cybersecurity education is great. Getting some money off tuition is even better! Be sure to ask at school to see what grants and scholarships might be available to save you a few bucks. Some government scholarship opportunities like Scholarship for Service might even pay for you to go to school full time! Check out the NSF S-STEM scholarship as well.

  • Certifications tend to polarize the security community, but I think we can almost all agree that having some is better than none. If you're just getting started, Security+ is a great first notch on your belt, as is CySA. When you get a bit more experience, check out the CISSP as it's stapled to a lot of security job application requirements. If you want to get started in ethical hacking, we've heard the newest version of the CEH is a good place to start. When you're ready for a heftier challenge, try OSCP.

  • Build a home lab to play with security tools and techniques! I've covered this before in a podcast series: part 1, part 2 and part 3