GRC?

@boyd Clewis How can I get in to cybersecurity career as a beginner pls I need your help sir

Build the knowledge thru experience. If your job/ company are willing to invest in your growth, certs and all...go for the certs that apply to your current role then focus on the next if you want it

Love love love this message. God bless you !

Thank you Boyd! Great info, advice, and wisdom! Keep the videos coming. God bless you!

Thank's bro you have made me see cyber security in a new way with, Your help I visioning chasing an occupation in cyber sec

Bull shi* i looked it up on linked in and indeed and the only hits i got are places that want a bachelors in i.t. And years of experience along with several other certs

Appreciate all the information provided in such a simple way. Really grateful! I hope all of this is still valid, going to start this training this week

Separate yourself from the rest. Don’t have experience? Get experience, be resourceful. I am not stopping at the google cert, I am going for my Security+ cert. How can you show employers you have the skills? Set up a portfolio, and start diving into HTB, really learn the tools so you can be confident during an interview. You can do this, be persistent and stay focused.

Thanks 🙏 for this information

Being able to articulate your value is the difference between applying for a job and getting an offer…the assignment is all the way understood Boyd 🫵🏾‼️

Does this same stuff apply in 2024?

I can't even get my 1st helpdesk job. 😑

What do you suggest to someone in my position? I have the Google cert. Over the past 2 1/2-3 years I have at least 20 certs in various cyber security topics from Udemy, Coursea, Qualys, and Cybrary. I would specifically like to get into Cyberthreat. I have applied to over 100 entry level positions, but I haven’t received not one response. I’m trying to transition into this career after working in banking compliance. Cyberthreat seems similar to what I did as an AML Compliance Officer(Yes I have applied for GRC positions, but no responses). Any suggestions would be much appreciated.

IT guys and gals 😉

Absolutely show me how to optimize Linked in❤

Liar!! Do not join his program or take any of his advice. He’s a scammer.

Warning!!!! Do Not take his courses or believe his lies. He scammed over 1000 students out of money and has taught us nothing! Please please do not believe him or the puppets that follow him!!!!

Didn’t he do this with McAfee as well a few years back?

States need to take it seriously and dump out massive amounts of grant money.

No I was not aware. Thanks for the info

Thank you

Crowdstrike is affiliated with black rock….hmmm🧐🤨

This is a basic understanding of IT. You should always test in the non-prod environment.

Does this mean Crowdstrike is the MSP/MSSP for those affected?

I cant create my account Dont know why its not working

Needed this

I will not estimate it to only $1 million but in billions of dollars instead

the question is as a cyber security company how can they even botched this? to me that was just pure incompetence. Does Crowd strike hire cowboys?

I am with on on this. What are their controls? How did this patch pass testing stage to production stage ? So many questions

That, I see, as half the problem. Sure, I'll blame CrowdStrike to a degree. But I blame all companies relying on crowdstrike for ALSO not doing staggered rollouts themselves. Let the patches roll over to dev, qual and staging or low-priority computers before you slam this potential brickmaker onto everyone in your company. Have a six hour/eight hour window between those levels. Don't even do the installs when it's first presented, that's what other companies are for -- wait til their other customers did their installs and see if they survived. Weigh the risk of crashing, bricking your systems with the benefit of a patch that clearly was not flagged as hypercritical.

GRC may be the future of cybersecurity but definitely information security roles. Wish I knew this before I got several certifications but I learned and adapted to become a compliance specialist. The interview prep has to be on point and I agree wholeheartedly that soft skills is more important in GRC so I read more books and listening to Ted talks.

Boyd is one of the best mentors out here. Even though I didn’t get in any of his program I watched hours of his content. I switched my career path and started off in cyber. Everyone told me I can’t bypass help desk. Well I did! Do I have a firm understanding of AD users account computer devices and a little networking concept? Of course I do. But I didn’t need to go down that road. System engineers and sys admins taught me a lot while focusing on security from the business aspect. I tell you this. When you are representing the enterprise from the business aspects you’d be surprised how much you can be compensated. I’m not telling a developer he can’t do this because of what I say. It’s by policies, regulations that the business has to abide by. Therefore this job we all work together and we all MUST work together

That’s exactly what I’m saying. I’m a newly ISSO and I speculate from beginning something or someone bypass QA. How did they not analyze this BI then where’s their recovery plan. It’s just a weird excuse. Large companies are failing but there goes millions

This software update patch had an impact on our MIS services in england. Your right, they obviously never tested this software patch properly. They definitely ignored the risk management protocol. Lawsuit's are now coming.

It is shocking how one company has so much influence in society.

I was waiting for your video about this.

Hi Boyd, im Chris from Africa i wrote you on your instagram page asking to help me learn after watching some of your videos please how can your help me out to learn the skills? am not growing younger anymore am 52 at the moment i want to upgrade my skill. thank you

Boss: Ok, who Crippled the World?

Everyone, start updating your resumè. I'm sure there will be a few spots opening up at Microsoft after this issue. Great video btw.

Could they have rolled the patch by region instead of globally to minimize the impact?

Common sense 101: should have been done in a phases to mitigate potential problems like this.

As software engineer , I am sure it was tested before deploying to the production environment but I asked myself what if it was already vulnerabilities on the system? That testing coverage they have defined could meet whatever percentage that was already set on the system to pass. In my humble opinion , They were already issues. I appreciate your opinion because it is very logical thinking , however , let’s wait for explanations of the officials issues.

Mic Drop moment for Boyd, moment of silence for the people and companies around the world who are affected and fail to hire the not just college educated but level headed intellectually inclined people who question the security of things and not just show up for a paycheck and happy hour TGIF Though!!

They always blame patches and updates when our enemies strike. They don't want people to panic or start attacking said people of those nationalities

This is why you always test deployment in a sandbox environment, is rule #1 is to never test large scale deployment in PROD EVER! I find it ridiculous that for a company with high cyber security caliber like crowdstrike would make this kind of mistake.

You've said it all but still working smart enroll myself in your GRC program. $2,000 is alot of money here in Nigeria. I pray to meet up insha'Allah. Can't wait to participate in the programme.

There may be exceptions to testing if there are critical vulnerabilities that have been already exploited in the wild. Some patches warrant immediate implementation. I think this is a risk based decision, which are you willing to accept, delaying a patch to a critical vuln or implementing the patch without validating the potential damage? Additionally, testing the patches is just one of the problems. The other is sole reliance on one vendor. I think companies should consider a multi-vendor approach to avoid SPOF and vendor lock-in. What if CrowdStrike was down due to a cyber-attack? Similar outcomes would have ensued, the testing of your patches wouldn't be of any value. Lastly, they could have tested the patch in a testing environment but from experience, if those environments aren't mirrored there is a chance that a bug could have been missed... who knows? There's a lot here to consider - good stuff

Its crazy how these 10 + yrs all the certification having professional skipped the basics of testing the patch in a sandbox before rolling them out

I totally agree. Lesson 101, always test patches on a small scale before sending it out to the entire network. Hopefully it was not someone rushing to go on holiday and pressed the update button