Maril Vernon: 0:15

Welcome back to another episode of The Cyber Queens Podcast. We are of course, your hosts and Cyber Queens. I am Maril Vernon, Resident Offensive and Ethical Hacking Expert.

Erika Eakins: 0:25

And I am Erika Eakins, a very Technical Sales Rep in the cyber field.

Nathalie Baker: 0:31

And I'm Nathalie Baker, Blue Team Extraordinaire.

Maril Vernon: 0:34

We did it. We finally got her to say it. Wonderful. In this episode we are discussing alternate bachelor programs into cyber, which means getting a four year degree in computer science or something affiliated with tech is not the only way to get yourself an accolade to break into this field. There are a number of different avenues out there available to you nowadays. There are bootcamp programs. There are open source learning programs, pace at yourself programs, GIAC ordained programs. So we are here to tell you all about those and how we leveraged any, all, or none of them in our own journeys, and answer any questions you may have about them in the comments after. So what did you guys bring to the table when you entered cyber? What did you have under your belt?

Nathalie Baker: 1:22

I had an associate's degree. That's it. I still only have an associate's degree and a couple certifications. That's it.

Maril Vernon: 1:30

What was your degree in? Your associate's degree...

Nathalie Baker: 1:32

It was computer technology and network security. So it had a bit of security relation to it. I specifically looked for having that security pull into my degree title, but that's literally all I had gotten. Went and took a couple certifications after that, and that's it. That's all I had, and I came in without even any security certifications. That's the most mind blowing portion is I went and got my A+ and my Net+ and that was all I had.. Maril Vernon: Yeah. See everyone's like, "what do you need to get into cyber?" I'm like, "I don't know. You had a Net+ and an A+ and you did it. I had nothing but a Sec+ and I did it. Some people have none of that or all of that, or more of that." It doesn't matter, there's no one path in. What about you, Erika?

Erika Eakins: 2:16

Since I came in on the sales side I was already working on my MBA when I came into the field. Initially I wanted to go into human resources and then I realized that I wasn't going to make any money in that field. I got my bachelor's in Business Management, my MBA, and then I went and got my Master's in Human Resources Management. But I have learned everything. Over the years, everything that I know today is what I learned from my customers, colleagues, whatever. Being a salesperson, I became technical. Now, I will tell you that I am going to go and get some CompTIA certifications, which we'll talk about. But you know that if I want to cross over to the technical side, I don't think I'd need it. Because I already have the experience.

Nathalie Baker: 3:01

Yeah, and a lot of it's just being able to relate the business. I always forget that relating the business to the technical is a skillset in itself and it's a highly sought after skillset because you're the one that's going to be able to talk an executive into doing what's necessary.

Maril Vernon: 3:16

That was literally how I got in. I got an on no tech certifications at all. I got in on throwing the fact that I had been awarded a position, in the cyber unit in the Nevada National Guard on LinkedIn. And that's how I got scouted for the first position I had. But when I got that position, I brought no technical certifications, no technical degrees. I actually got a degree in French and Russian which don't serve me at all now. And I was like, listen. I have a high academic aptitude and I'm really good at taking highly technical things cause I'm used to living and growing up with my dad and explaining them to normal people and making them understand. So you already know that if you let me learn I will be able to learn it and you know that I can speak about it and be that go between. They were like, "Perfect, you're the face person for the department because we all hate talking about our work. You do it." And I'm like, "Okay, great, I'll do it!" Even now as an offensive person, a lot of operators just want to like pwn things really good and mess'em up really good and hack 'em and then they're like, "Here's all the findings and how we did it, have fun." And it's like you need to relate that to the business stakeholders, to the layman, and make them understand the impact of what you've done. Or they're not going to give you any buy-in to expand your budget and scale your operations. So a lot of operators don't even know how to do that very well.

Erika Eakins: 4:30

And what I was going to add to that was, as I said, I'm a salesperson. I was reading the Firewall for Dummies books, the Malware for Dummies books, and then obviously I worked with network security, that was the beginning of my career in cyber. And I learned from my SEs being a salesperson, I said, "Show me this product and explain it to me like I am nine years old." And that's how I learned. Then I got gear in my house because I worked for firewall vendors and I played with this stuff and I'm like,"Oh my gosh, this is amazingly fun."

Maril Vernon: 4:58

That is an initiative that not a lot of sales people have. A lot of people don't even know like what their SE stands for. They're like, "I know he's my SE," they don't even know what that means.

Erika Eakins: 5:07

Yeah. I

Nathalie Baker: 5:08

Some of them don't even have SEs.

Erika Eakins: 5:10

No. I could technically be the salesperson and the SE working in the cloud space. Now it's a little bit different cause I'm still learning that. But I was a network security sales specialist for a very long time and my products were firewall, CASB, SD WAN, and DLP. I was the specialist aka overlay, for the field reps and I covered a huge territory, so people looked at me, they're like, "You're a salesperson." I'm like just listen.

Maril Vernon: 5:38

Just wait. See, that's what Nathalie and I are trying to tell you. That's what we're trying to tell you. You're highly technical. You're a very technical lady.

Erika Eakins: 5:45

Yeah, I guess

Maril Vernon: 5:46

That's true . So anyway the certification debate is one that is very hot in our industry right now. Everyone's like, "Why do I need all these certifications?" Or someone has certifications that don't even relate to the job that they're hired for, and everyone's like, "So you went through a certain program, but you can't even do certain skills. So what is the value they serve? What is the value of the skills and experience that you have bring? And what kind of magical combination of the two do you need to demonstrate you can handle a job in cyber?" And sadly, the crappy answer is there is none. There is no magical formula, there's no gold standard. It is so unique to every person that is why I advocate using your own platform to demonstrate your skills, ability, and knowledge, and making those opportunities come to you as you're a good fit for somebody. Like you could have two completely differently trained perfect fits for the same position. It is how it is.

Nathalie Baker: 6:38

Yeah, and everybody brings a different perspective to the table. That's really like when I'm hiring, that's what I'm looking for is what is your thought process? How do you think? Because I can easily teach you the technical. That's not a hard thing to learn or to teach to somebody if you know what you're talking about. If you don't know what you're talking about, it's going to become a lot harder. I've hired a lot of people in from just like regular boot camp, cyber boot camps out there that they've went through the boot camp, they're acquiring the knowledge and they know more than I do about certain topics and I'm like, "Yes, that's awesome." I had all these years of experience as a Sys Admin, but I literally don't know half of the things. So teach me some things and like I learned from them.

Maril Vernon: 7:22

Yeah. All right, so let's really quickly do a round table, refresh everybody on what exactly you had, when you got in and how you used it, and then we can do a little wrap up with what we have now. Nathalie, you go first.

Nathalie Baker: 7:36

Oh, okay. So I came in as a paralegal. I moved into the cybersecurity field after getting my degree. I got an associate's degree. I went and got my A+, my Net+ my CCNA as I was coming into the field. I was a sys admin, I specialized in automation. That was really all I had. I knew how to code, I knew how to write code and knew how to script, and I knew how to think technically. And I always, whenever I was in a position, I would always tie it to the security aspect.

Maril Vernon: 8:09

Brilliant. Brilliant. And now what are all the things you have on top of that?

Nathalie Baker: 8:13

Not much more. Like I got my CCNA. Before I joined my company, I didn't quite have my CCNA yet. I was working on the CCENT, so then I finished out my CCNA, I got an Alien Vault certification because that was required for our SIEM, but that was about it.

Maril Vernon: 8:36

Awesome. Yeah, so when I came in I had two degrees. I had an associates and a bachelor's, and they were both in foreign language, French and Russian. And I got in on absolutely nothing, but within three months I had a Sec+. I used that Sec+ to propel myself into pen testing, not pen testing certifications, the Sec+. And I didn't get my first pen testing certification until this year back in April or May as part of my curriculum at WGU. So a year into this field enrolled into a Masters of Cybersecurity and Information Assurance program through WGU. I did that because it was a way to get two industry certs federally funded. You walk away from that program with two certifications an Incident Handler certification, which is incident response, and then Certified Ethical Hacker, which I obviously need. And you get a master's out of it on top of that. I found a way to federally FASFA fund two cyber certs. At the time, I was broke, I was a single mom. I was only making $70,000 a year, so I couldn't afford anything. That propelled me. My Sec+ propelled me all the way up until just this year. I'm now in my third year in cyber. And it was a nuance now, like no one doubts that I can pen test, but I have the certification now. I'm one of those examples that you don't necessarily need the certifications to demonstrate your skills. You can still move up. I moved out of pen testing into higher echelons of proper red teaming and like in that trade craft. And I did all that without a pen testing certification. So it's kinda like you've been a project manager for 20 years and you went and got a PMP because someone basically made you do it. That was what I did. But the Masters is helpful. The Masters is one of the things that tells a lot of HR recruiters that I went through a curriculum that very well prepared me for the regulatory and compliance and also the high level management overview side of this industry. But I blew through it in six months. So I don't even think it was that value added. Again, that was a box that I checked to look better on my resume. I really floated most of my career on nothing but a Sec+. Very unique. There are a lot of GPENs and GSECs out there who can't get a job pen testing and my heart goes out to you. It's just goes back and speaks to hack the process. Hack the hiring and application and interview process and you can get here on literally nothing. Your turn. Erika Eakins: So coming into the working on my MBA when I came into the industry way back when in 2011. In the beginning. It was just my MBA and as a salesperson I wanted to learn. So I would go with my sales engineers, with pre-sales engineers and my technical people and sit with them and have them teach me things. Like I said, teach me like I'm a child, like I'm a nine year old. I was reading books and I played with hardware and all that stuff. Five years into my sales career I work at a vendor. I was already on the vendor side because I worked on what is called the reseller side, which is who sells to the end user. I was already on the vendor side and a company found me and they said,"We really like your background. We think we, that you could be a network security sales specialist." And I'm like, "What is that?" So basically what that is, it's an overlay, but they're a subject matter expert, but you're a technical salesperson. So in our world it could, you could technically be considered a pre-sales engineer. So the field sales would bring me in and they would, identify the products that I sold, which was DLP, CASB, SD WAN, and Firewalls. They would start the deal. I would come in and be that technical closer, but there was still always an SE. We really didn't need them, and I learned that just from being in the industry. So now fast forward to 2022, I am actually going to go and get like my Net+, my Sec+ just because I want to have those and I'm going to do the ethical hacking and pen testing because that just is amazing to me. And I actually probably don't even need to do it, but if I ever decided to go that route, I know they're going to want to see it. Yeah.

Erika Eakins: 12:29

So business degrees. That's it.

Maril Vernon: 12:31

Yeah. Business degrees.

Nathalie Baker: 12:33

You'd be surprised how many times I've been asked for any kind of certification proof in my interviews, which has been never like, and I've gotten some pretty good jobs, just not having certifications, because here's the thing, why should I have to go take a test, prove my skills to you when I prove them every day at work.

Erika Eakins: 12:50

Well, and here's what's funny. One of my previous companies, we were at one of the SE director's houses because he had a really big house. I was a network security sales specialist. He was making fun of me. Hes like, "Oh, you're just sales." And I said, "Okay, watch this." I hacked into his wifi easy. And he's like, "What? What?" And this is the director of the presales engineers, very technical. I said, "You want to say that to me again? Okay." I learned all that. It just didn't come to me. I just play with stuff because I'm interested. Some people are not like that, but for me, I learn as I do and I just hacked into his wifi.

Maril Vernon: 13:23

Love that for you. Excellent. Absolutely.

Nathalie Baker: 13:27

I'd be like, I need agreements in place first let me do this legally.

Maril Vernon: 13:31

I need you to email me a letter giving me authorization to hack your home. No. Okay.

Erika Eakins: 13:36

Yes, he was challenging me. He did say that I couldn't hack into it, and I said, "Watch this." So I should just add that in. I didn't illegally hack him, so he challenged me.

Nathalie Baker: 13:45

Good.

Maril Vernon: 13:46

So it just goes to show you whether or not you have the degrees, whether or not you have the certs, whether or not you've been through the boot camps. There are ways to demonstrate your job. Now, I would say we were each given a chance to demonstrate our ability to handle the job, like to learn the job. And then we get to, like Nathalie said, we get to demonstrate our ability to stick around in this industry and maintain our level of expertise because we do it every day. At this point, I'm going to have to go get an OSCP for someone to know I'm good at hacking. I don't think that serves me anyway, because I know that an OSCP is largely network pivot and C2 styles of hacking when I'm really good at web app and cloud hacking. So to me, like that might be a reinforcer for my industry. It's the gold standard of hacking, but I don't need it. That wouldn't serve me and advance my career at all. So like do your research on your certs. Pick and choose the ones that are going to gain you the skills to further the knowledge you need to actually achieve the positions you want. Right now I work for a company where we're building a Kubernetes based platform, and I have to learn how to red team a Kubernetes container. I didn't know any. I was like, "Listen, I have no Kubernetes. I have a lot of trade craft and a lot of purple team, but no Kubernetes. They're like, That's fine." So I start researching like, how do you become up to speed in this thing? I want to be able to hang out with my principal engineer and not feel like the stupid one. And I started like, "Ooh, like certified Kubernetes admin. That looks great." And I started reading into it and I'm like okay, this is all Linux. I don't need any of this at all really. And I started looking into other things and found I was going to get more Kubernetes and more foundational and offensive knowledge from other certs, from the curriculum than I was from the one with the title. So it's not always based on title. Look at the curriculum, look at the skills you'll gain, look at how they're going to teach it to you and make sure you're really picking the ones to give you the most bang for your buck. Because these things are expensive and my company's covering mine, but when I was starting out, I got a Sec+ because that's what I could afford. I was like, that's going to propel me the farthest fine. Let's do it. So with that in mind, what are some of the pros and cons to doing a four year degree track? Or doing the certification boot camp track?

Nathalie Baker: 15:47

I think that four year degrees, they don't teach you a lot of what it's going to be like to work in the industry. So they don't give you a lot of those industrial skills. You don't have a lot of labs that you're working in, and whereas a boot camp or an associate's degree, especially if you're getting an associate's degree from a technical school, you're going to have more of those labs. You're going to have more of a support from advisors telling you, here's my advice to you on how to pivot your way into the field. All that. You're kind of just helped a little bit more. I think they gave you a leg up. They do a better job of giving you a leg up and giving you the labs and giving you the hands on experience. Every company wants to know what is your experience with this and this. And those types of schools are going to give you that experience. Some four year degree programs they're really trying to, with having in-house SOCs where it's student ran and all that, and that's great.

Maril Vernon: 16:44

Great!

Nathalie Baker: 16:44

But SOC is not the only way to get into cybersecurity either. A lot of people don't want to do SOC and making sure that you're going to the right school for you and picking the right program for you. What is your learning style? And really understanding your learning style. Because I have ADHD for me, going to four years of school, that just sounds like torture.

Maril Vernon: 17:05

I agree, the programs are bigger, so the resources are bigger, but the people pool is bigger. At an associate level program, the classes will be smaller and you will get more individualized attention. Someone might recognize your deficits a bit better than if there's 150 of you in a seminar. That's just true. What about you, Erika?

Erika Eakins: 17:24

I am totally for degrees. I hold two Master's, a Bachelor's and an Associate. But I do think that if you want to break into cyber security or IT in general, you don't need to go to a four year college, do two years to get some certifications. You can actually become a member of IS SA or IASAC

Maril Vernon: 17:48

Oh, ISC2 or yea IASAC

Erika Eakins: 17:51

They have like local chapters. For example, I'm in Colorado. The ISSA, I believe it is the Colorado Springs chapter. They are doing free classes to prepare you for the Sec+ ,the CompTIA Sec+. You have to pay to take the test, but they're doing like two Saturdays in September this year and helping you work through that and study for it and guiding you. But you do have to be a member and the membership is not that expensive. It's a yearly membership and you could take this class for free. I was going to take it through a facility that I found on LinkedIn or just go directly to CompTIA, but I can just go to these classes because I'm technical. Take my Saturday and then go take the test because it helps me prepare for it. I do 100% think that somebody who's brand new should go for like their, certifications. If they're trying to break in, get a certification, get your foot in the door. CompTIA, that's where you could get your Net+ or Sec+ and do those and then later on go back and have your company pay to send you, like Maril said. I see all the posts on LinkedIn about you have to have five years of experience, but it's an entry-level and you have to have all these certifications. There's a huge argument going on back and forth if you find the right company that's not true. Because these job descriptions are not right.

Nathalie Baker: 19:06

And those companies that have those requirements, guess what? Those jobs stay posted for forever because even people who are in the industry don't have those requirements. Like there are plenty of us out here that don't have those requirements, so we're just like, whatever. I'm not even bother because that's such a cop out.

Erika Eakins: 19:24

They say that for what I do for cyber security sales, you have to have a bachelor's degree. I disagree. If you have field sales experience or some sort of sales experience, you could actually become a salesperson in cyber. I have the degrees cause I chose that and I needed that. Because I'm a single mom and I needed to get ahead, I didn't want to struggle my whole life. So that helped me get to this side of sales because it helped me understand the business. But if you're interested in sales, marketing or something like that, you don't necessarily have to have a degree for those either.

Maril Vernon: 19:54

Yeah. So for me I have mixed feels on the degree certification things like, I think you can do it without either, but like I said, there's a GPEN who will kick my butt because he's like,"I paid 10K for this and I can't get a job pen testing anything." I'm unique, but I also do have a degree, like I did go out and get one. I got an MS, like a master's degree in cyber so that people would stop telling me I was unqualified to work in cyber. And I did that as a very calculated move, but I did do it after having already achieved like my five year plan position. So I feel like I can prove I got there without those things. Honestly I don't feel like they helped me. Because it guts me, it absolutely guts me when I see, "Oh, we need an ISSO." That's an information systems security officer. So basically someone who's in charge of the the security of the system, not maintaining or patching or whatever the system, just the security aspect of it. For those of you who are new if I see them fly in ISSO position that says "You can have CISSP or an OSCP or a Masters or six equivalent years of experience." I'm like, "You just told me that your program's in freaking trouble. You just told me you have no idea what this person does like on a day to day basis. And you have just nullified, you have just nullified six different things." You took a four year masters and boiled it down to six years of experience, by the way, I blew through mine in six months. So if I show up with my masters, you're like, "Cool, you obviously have six years of experience." No, I don't. I have had one and a half. You have just taken all these fancy things that all these people put time and resources and effort into and boiled them down to canceling each other out. I don't even qualify for CISSP and I won't for two more years. It's silly. So if that's you at a company, don't freaking do that. And if you need help on your job descriptions, you DM one, any one of The Cyber Queens, and we will write job descriptions that make sense for you.

Nathalie Baker: 21:38

And here's the thing is ask the hiring manager what they actually need of the person for the position that they're hiring. I guarantee you any hiring manager, they're going to look at those job descriptions and it's going to make them sick because they know for a fact they don't need those things. And the thing I've always seen, I've seen so many people do this and it just, it makes me so mad at the whole system because it's a whole broken system, is people go out and they get an eight year degree or whatnot, or a six year degree or whatnot, and I literally will not hire them entry-level because you don't have the experience to match what you've learned and you've not actually put it into work.

Erika Eakins: 22:23

Or, what I've seen is somebody who's the hiring manager. The company is asking for all these certs and education and the hiring manager that's interviewing me or the candidate, doesn't even have any of those themselves.

Nathalie Baker: 22:35

itxactly. So that always cracks me up. You want seven years of experience, it's entry level, you have to have your Sec+, blah, blah, blah, but I don't even hold that myself. Because I got promoted. But for Gen Z and Gen Alpha, the next generations, STEM is where it's at.

Maril Vernon: 22:48

Yeah.

Erika Eakins: 22:49

This is where you can be introduced to the technical field. It's not broad enough yet. It's very, siloed right now.

Maril Vernon: 22:56

They're working on it.

Erika Eakins: 22:58

They're working on it. And part of the reason The Cyber Queens exist is because we want to get this data out there and get people interested. I do want to mention that one of my very good friends, if you have children that are interested in understanding a little bit of cyber, The Little Cyber Engineer by Amber DeVilbiss, I will put the link in the notes, so you could get the link. Buy this book. It is a child's book that breaks it down, very easily, very entry-level. Maril could read it to her daughter. I read this, and I loved it. If you DM me and you have a child that's interested, I will send this book to you because I have two copies. I bought this one and then I got a free one because I got an autograph because Amber's my girl. But if you DM me and you say, I want this book, the first person that DMs me, I will send it to you. So again, I'll put this in the show notes, but stuff like this

is how people are going to learn: 23:50

internships, the STEM programs. This little lady sitting on camera with us, she's probably going to be an engineer because her mom's an engineer. So I just wanted to mention that Amber DeVilbiss, she is on all the socials, check her out on TikTok.

Maril Vernon: 24:06

She's awesome. I love her. And what I gotta say, back before that book existed, I would read them like Electromagnetism for Babies and Biology for Babies, where it breaks things down into like very simple concepts. I'm like, I wish someone would do this for Cyber, and Amber did it. I'm like, "Thank God," that's going to make it so easy for me to peak their interest.

Erika Eakins: 24:24

And there is a good DevOps book that it's not The Unicorn Project. It's the first one of the two books. I will put it in the chat. It is about DevOps, which is development operations, so DevSecOps, it talks about life in DevOps and how things exist. The name of the book is actually escaping me right now, so I'll go back and actually put it in the notes, but that's another one as a entry-level into cloud and understanding how those business operations work. Kubernetes, container security. Yeah, The Unicorn Project is the second book. I can't remember the first one.

Maril Vernon: 24:59

Oh, it's like The Phoenix Project, The Unicorn Project.

Erika Eakins: 25:01

The Phoenix Project, Yes.

Maril Vernon: 25:02

I 'm reading those right now and they're fantastic. So we are coming up on our half hour, so I do just want to ask. If you guys are evaluating, now that we are midpoint in our careers and you guys are like Erika is exploring, getting into technical certifications to further her career. Nathalie's probably going to get to a point where she's going to want the next echelon of thing to increase her skills. When you are evaluating a new program or undertaking something new, what do you look for? What is reinforcing to you? What, as people who know how people need to prove themselves in this industry and knowing how you needed to do it, what tells you that a program is good? That it's going to be a good bang for your buck, that it's trustworthy and that people will respect it?

Erika Eakins: 25:48

Talk to people in the industry and they can help you as well.

Nathalie Baker: 25:52

Yeah, I would be looking at how many labs are going to be included in this project? How many projects can I say that I've worked on that are going to actually give me relevance to a hiring manager? For me, mid career, I look at what's recognized out in the industry and what kind of jobs do I want to secure in the future because I can go get a CCNA all I want, but if I don't want to do network security anymore and I want to like pivot to something that CCNA CyberOps is not going to do me any good.

Erika Eakins: 26:21

Yeah, and you don't even have to go into cyber. We're passionate about getting more people into cyber, but you could decide you want to be a data center engineer, like work on storage and servers all day. So there's lots for you to do. Come to this industry, we need you.

Maril Vernon: 26:37

So many avenues and we'll start to cover those in later episodes. But the thing that I would say is don't just go for the most expensive certification. Don't just say like, "if I spent a ton of money on it, it's the Rolls Royce of info sec certs, then I'm going to get anything I want. Cause that's not how it works. Yep. When I see people with eight different GIAC certifications, and for those of you who are new listeners they're like the most expensive, top-of-the-line, biggest, fastest training you can get. A lot of the APT hackers are GIAC trained and they're very inaccessible to most people because of their cost. GIAC, let's work on that. But anyway, that's why I don't hold any, I don't have 10K sitting around that I just don't need anymore. So what I say is don't go for the biggest, most expensive one. Look at the curriculum, look at the chapter breakdowns. Look at who your instructor is and Google your instructor. Is this someone who got a cert, started teaching immediately and has never done this job a day like working in the ops a day in their life? Or are they someone who is publishing blogs, got an active Twitter, got GitHub repos with actual good projects in there, is contributing back to their students? Like I just say, look at the reinforcing markers of this program before you give them your money. If they say you're guaranteed to pass, we guarantee you'll pass, what that meansis, they'll just drill you on your gaps and let you retake it a thousand times. Or they've got something sketchy going on where they're going to guarantee you pass, so they can say,"we have a hundred percent pass rate." Those aren't necessarily good. Not everyone learns the same, and not everyone should be passing it the first time with one methodology, like for Sec+. Erika was like, "What worked for you?" And I said, "I read a book. I read a book in a week. I took the test the next week and I passed." Some people need to read a book, purchase a course on Udemy, hear three different people explain the same concept, three different ways for it to really cement for them. So figure out what works for you, understand how you like to learn and absorb knowledge and find a program that does that for you. That's mine.

Erika Eakins: 28:28

Yeah. And like I said, you could reach out to anybody in the industry. You could also DM any of us. We'll try to help you. I will throw a disclaimer. We cannot help with job placement or passing your test for you, but we'll point you in the direction to where you need to be. My final thought on this is: Don't be scared. It might seem overwhelming. And the biggest cyber crime groups in the world are teenagers, ages like 12 to 17. So it is possible for you to learn and come to this field.

Nathalie Baker: 29:00

Yeah. For me, my final thoughts would be that like you just have to be willing to learn and constantly be driven to learn. If you're driven to learn, there's no certification that can quantify that. There's no certification. If you're always just a forever learner, you're just going to continue to learn and there's no certification out there that can even amount to that. Just that skill alone will get you so much further than any certification I've seen.

Maril Vernon: 29:27

Additional disclaimer from me: Don't come to cyber if you're not a perpetual learner. If you're going to learn three things and kick back and say, I'm done now, I know enough." You don't belong here, you'll fall behind so quickly. Like I can't even tell people how to effectively break into this industry, because I did it three years ago and my experience is no longer relevant. That's how fast things change. So be a lifelong learner and if you don't love what you're doing, you don't want to learn it anyway. We're here because we love it. So my thing is just going to be to make sure that you're looking at those skills, make sure they're relevant to the job that you want. If you're unsure, we all have our favorite resources. We all have places where we can point you, just find someone in working in the job that you want, and ask them how they did it. Then ask them if they would do it the same or how you can do it faster and better. For me, I equate four year programs to like marathon drinking. It takes a very long time. It's very diluted and it takes forever. I prefer to take my shot of information, take my test, and move on, but some people don't truly absorb it if they do it in a week; I can. Define the methodology that, and just because "I'm not where Maril's at, I didn't accelerate my career in three years, I'm behind." No, you're not. You're exactly where you're meant to be, right at the time you're meant to be there. So don't freak yourself out and compare yourself to others. It will lead you down a dark path, especially in cyber. That is my parting shot. Anything else from The Queens?

Nathalie Baker: 30:47

I think that's it.

Erika Eakins: 30:49

I'm good.

Maril Vernon: 30:49

All right. Thank you so much for sticking around with us through this episode. We are so happy you came back to listen to more of what we have to say. We hope you're finding value. If not, we're not going to know if you don't tell us. Please drop something in the comment. Subscribe to our newsletter and hang out with us in our inbox. Only like three people do it so we'll know who you are. And one of us personally responds to every email, every comment, everything on every social channel. So we do this for you guys. If we're not giving you what you need, tell us. With that, keep in mind that we love you. We're here to support you. If you have any struggles you need help with, or wins you want to celebrate, no matter how small, we would love to do it with you. Please give them to us and we hope to see you next week. Bye bye.