Landing Your First Cyber Security Job | The Experience Dilemma

Welcome to the Security Cocktail Hour. I'm Joe Patti. I'm Adam Roth.

Adam? I'm Jerry Snoop.

That's right. Jerry is our guest. He is joining us today. He's going to be telling us about the very interesting path he took into cybersecurity. You know, we've talked about that before. We'd like to hear the stories of people and how they got into it, because the question we always get asked is, how do I get into security? How do I get in? So we're going to get into that with Jerry. Everyone is always asking us, how do I get into security? How do I get into cyber? How do I do this? And there's like all these different paths. We had Natalie Cano on earlier. What a great story. And your path, as far as I know, is kind of unique. And you haven't been in it that long. So actually, tell us a little bit about where you started, what you did beforehand.

Beforehand sure. Um, yeah, so like I think we alluded to born and raised Brooklyn, New York South side of Brooklyn Sheepson Bay Gravesend area and you know, I I went to college kind of not thinking too hard about it Just figured I'd major in something like STEM in college I went to college in upstate New York and Albany and I was kind of on the pre-med track So I had the intentions of becoming a doctor So I graduated college, took some time to study for the MCAT and start kind of working in the healthcare industry, so I would get some experience, knew what I was getting myself into. And I was going through all the motions, getting into medical school, applying, all that stuff. But at the same time, yeah.

But you took the whole pre-med curriculum, you had all the prerequisites, you did all the bio and the chemistry, and oh wow, okay.

Yeah, yeah, yeah, or everything, everything. I took the MCAT, I went all the way up, I actually got into medical school. So yeah, so I got like an acceptance But the thing is so this was most of the application process happened after college So I did all the pre-med in college started applying afterwards. And at the same time I was working at a medical office and you know, I don't want to throw anybody under the bus or anything like that, but let's just say like the things that I've seen and by some measure was complicit in in this medical office. I mean, it left a really bad taste in my mouth about the healthcare industry as a whole. And it's not so much the specifics of what was going on in this medical office, but the fact that this could even go on, that there was even room for this in the industry.

So yeah, What do you mean on the care side or on like the business or like the administrative side?

Both. Because they feed into each other. They feed into each other. You can't really separate the two because the way that the business happens on the back end, especially with all these insurance authorizations, it's going to heavily incentivize what it looks like on the front end. It's even to the point where like, you know, you could be the most virtuous doctor, you could run the most like straight edge clinic, but right next door, there could be someone who's cutting corners. And because of the way the industry is set up, they might get rewarded for cutting those corners. And now you're competing with somebody who might not be, you know, the most, you know, doing things the most kosher way. And it's just the incentive structure that I saw, you know, I was doing insurance authorizations and things like that. And just the way everything is so I mean, yeah, I could talk for hours about it. I don't want to too much. But let's just say it's a very ossified, very bloated system. And it left a very bad taste in my mouth. You know, maybe off camera, I could tell you some really wild stories, but I don't want to, you know, say too much.

I'm going to jump in there and say two things. One, I had a double hernia, and I spoke to the doctor. The doctor was really professional, really respectful, and he was really out there, and he said, look, let me be honest with you. You have a double hernia. It was in two different places in my body. He goes, I don't repair both hernias at the same time. To be very transparent, I don't get paid for both. Once I'm inside, I only get paid for one. And he goes, I'm being very transparent with you, but let's see how bad the hernias are. He gives me an examination, he goes, I gotta do both at the same time. He goes. Oh, the horror, you know? No, but I don't blame him, and I'll tell you why. I get what Jerry's saying. I had another friend of mine who was in the medical business, and he said to me, he got in trouble, because he was doing additional billing, because he had to give equipment away below cost for under insurance. So I'm not saying everybody does things wrong for the right reasons. A lot of people do things wrong for the wrong reasons. It's known, and Jerry will tell you probably this, it is known in Brooklyn, especially around the Russian community, you can go to a medical center, walk in the door, they will bill for something that never happened, and when the person walks out, they get paperwork to fill out, but that paperwork is not real. In there is about $100 in cash in 20s. And a lot of those places, a lot of those places got shut down because they knew this was happening. So I know Jerry doesn't want to talk about that specifically, but I can because I know it does happen.

Well, I'll tell you, you know, I mean, the healthcare system is, I can't even start to get into it. I've had my own stuff with it. But, you know, just the fact that you have someone who's, who's been motivated, who's gotten the education, ready to go to medical school, and you got a slice of what the real world of it is, and you said, no way, that's terrible.

I got one better. That's just awful. I got one better than that, Joe. When I was working as an EMT, and I know we probably need to move on from this, I showed up to accidents where I would go to the police officer, where's the patient? He's in handcuffs. What happened? He crashed into another car, but he was wearing knee pads and a helmet when he crashed. They used to get paid to get into accidents. Oh, God. I'm not making this up. I believe it.

I worked at a PI law office way back when I was like 15 or 16, something like that. I worked front desk and I saw a whole lot of that. People organizing accidents, let's just say. Yeah.

I've seen the videos. I know they do it in Jersey. I don't know if they've had it elsewhere. But like, you know, a bus gets into an accident and all of a sudden everyone from the neighborhood runs on the bus so they can say they got hurt. Yeah. Yeah. All right. So. All right. So you decide that is not for me. So you've got to look at something else to do, right?

Yeah, so at the same time that I was doing this in the medical office, you know, I'd always been kind of a very tech, I would say tech savvy, I was very, you know, into technology into computers, that sort of thing. And so at the same time that all this was going on in my life, You know, I was also getting like, you know, I'd always play around, you know, just mess around with my router settings as kind of boring as that sounds, and just like constantly reading about all sorts of like tech articles, following tech people on Twitter. And I was very like up to date onto the state of technology. And also, I was, you know, back then this was like kind of at the peak of the blockchain hype, let's say. So everyone was going crazy about blockchain and Bitcoin. And I had actually gotten into that much earlier, around 2017. And I've kind of been like into it all this time. But then when the industry exploded in 2021, there was a much bigger incentive as well, especially by not being a beginner. And having had some experience with it, it's like, all right, like, I can, I kind of see where this is going. So that also catalyzed my kind of learning in this area. And what really struck me was that the polar opposite from the healthcare industry was that in healthcare, it's extremely systematized the training, where you have to do four years here, then four years here, then four years there, and only then maybe one day you can actually start having an impact and actually start doing cool stuff. Whereas in tech and in cybersecurity and just in general in like the tech programming IT world, it's the exact opposite. If you have a computer and you have an internet connection, you can start learning and you can run far and wide all on your own sheer will and willingness to learn. And I mean, this was nothing could be more different than the healthcare industry. You don't need no credentials, though they do help, but they're not licenses. They're more so certifications. So the barrier to entry is much lower, you can self-teach, you can do it from anywhere, and it was just very refreshing.

What's interesting is that, you know, it's like you're saying it's so unstructured, now it's more structured than it was. 20 years ago or plus. Now there are more certifications, but there are also degree programs, bachelors, masters, and everything. There was none of that before for security. Everybody who was in the business at one point learned it the way you're talking about it. Learned as they were going.

I would say this is actually the best of both worlds because now, at the end of the day, someone who's hiring you or if you're going to go on to build something, all those things help, but they're not required. You can still go the self-learning way and you can mix and match. You can do a hybrid pattern. At the end of the day, all that matters in this industry are your skills. But in healthcare, this is not the case. No matter how good you are, no one's gonna hire you. You're not gonna be able to do anything unless you've gone through all this formal training. So I feel like in the tech industry, now we kind of have the best of both worlds, where it's still very meritocratic, but there's also a lot of support along the way.

So what you're saying is exactly true, right? I'm a little bit older than you, maybe by a year or two, Jerry. And when I started doing stuff, You know, like, Amazon wasn't even Amazon yet, but I would go on Amazon, and I would get a book, and I would read the book, and then I would go take the cert, and then I would fail the cert, and then I would go read a book, and then I would take the cert, and then I would pass. And many, many, many certs later on, you know, I've gotten stuff. Look, I never went to medical school, never claimed to be really a medical professional, per se, but even as EMS, I had to do practical hours, I had to do CPR, I had to do a lot of stuff. And you sound like you're going to say, hold on, okay, I'm doing CPR, all right, I'm going to send you the certificate, I did it online with the space bar. That's frowned upon, right? You have to do AHA, American Heart Association, you have to do Red Cross, you have to do practicals. You can't sell practical, but in tech. for the right reasons, you can do self-practicals. Back then, they didn't even have labs. I had to buy $4,000, $5,000 worth of Cisco equipment. Now, everything's virtualized, so you can do a lot of self-taught. And then, even now, there's all these websites where you can learn from so many different people, paid, unpaid, YouTube itself. It's great, right? There's a lot of independent study now.

I'll tell you another thing that's been huge, I think, is really Linux. When I got into it, I really didn't learn any Unix at the time or any real operating system stuff until I got a job and had access to the equipment that you couldn't afford. a Unix machine, you could afford a DOS machine and that was it and there was nothing else. But since Linux and the whole open source thing, everything's available to you.

It's a huge, huge difference. You make me laugh because back in 2003, I bought an S, I bought, what's it called? I mean, I had CPM. I had Xenix, I had Unix, I had SCO Vines, but what's it called? The Spark Workstation, I bought a Spark Workstation back then.

You bought a Spark, well that's it, that was an old Sun machine, and they were expensive.

Yeah, and you couldn't buy a laptop, there's only one laptop ever made, I think it never made it anywhere, but you had to buy, if you wanted to learn some of the more Windows X and utilize certain things, you had to buy equipment. But now, you don't have to. Everything is virtualized.

Yeah, that's cool. So look at how easy you got it, young man.

In 2003, I had a Game Boy playing Pokemon. That was the extent of my computing experience, just throwing it out there. Wild.

Okay, so you obviously were into tech and were like into it. Now, as I understand, as much as there's the go your own route, I know that lately, and it might be because the job market is tightened up, even for entry-level people getting in, there is a little bit of a bar now where they want to see some kind of experience a lot of places. And it's the old chicken and the egg thing. It's like, how do you get a job if you need experience? How do you get experience that they want without a job? So you're in that bind, I guess, to a certain extent.

Yeah, I actually, I think that's especially true in cybersecurity. So for example, if you go on Indeed, and you type in like, you know, just cybersecurity as a search, and you filter for entry level positions, let's say, the vast majority of positions that you'll see, they call themselves entry level. But when you read about the requirements, they're actually not entry level requirements.

And I think that's- Five years experience, yeah.

You know, it's not even, in my eye, it's not even five years because that stuff I feel like they just say, but they don't really care about, but it's literally like what they're looking for. These are just inherently, and I think the reason for that, by the way, is because cybersecurity is inherently not an entry-level discipline. It requires you to know a little bit about IT, a little bit about, you know, operating systems, a little bit about, so it's just inherently not something that, you know, you can go about with just a little bit of experience.

Yeah, I want to add to that, because I've had this conversation so many times with people, and I tell everybody, if you want to get into cybersecurity, absolutely do it. But what people don't realize, like, Jerry, again, you're younger than me, and Joe can attest to this. When you were younger and you wanted to get into routing and switching, there was a rite of passage. You probably worked on Windows 95 machines. Yes, Windows 98. NT4 or something like that and you did all of that and then you moved into routing and switching a Cisco 2950 switch or any of that stuff. But now everybody wants to get, I want to get into cyber security. I want to get into cyber security. Do you know what an IP address is? Do you know the difference between a private address and a public address? Do you know what an infrastructure is? Do you know what, you know, people don't know a lot of stuff and don't get me wrong. I am not a Linux expert, but a lot of what needs to be done today, I'm not saying specifically for sock stuff, but you need to start getting an understanding of Python and other things. You can become a doctor, but you can't just go into becoming a brain surgeon. And it's the same thing I think with cyber security. You can become into cyber security, you can learn. There's no doubt about that. Everything is out there, the material's there. But don't expect to be an incident response person day one when you get out of college, unless you really put the time in. And there's plenty of people that know their crap because they're doing like try to hack me boxes and they're putting in the time. They're doing the OSCP, the offensive security search. If you do that and you put the time in, you could definitely learn this stuff and people will take you. But you can't just say, I'm done with school or I want to get into cyber security. You got to get the foundations in order to be, yeah.

Yeah, and I would add to that, I think anyone who's ever, I'm actually currently studying for the OSCP, I should be taking it next month in November. I'm so jealous.

How many times did you fail that, Adam?

I haven't taken it yet.

No, no, no, he's asking me, but I never failed it because I never took it. But I did the online, I did the OSCP 200, I started learning the stuff, but the people that do that, That is the most practical knowledge. Even people from like the old 8200 people, they're telling me, if you wanna be good, do the OSCP. It sounds like I'm being a salesperson for offensive security. But that's one of the most practical ways to learn it because you are literally compromising boxes in a production environment that's non-production. Meaning no one's gonna get hurt, but those boxes will get reset when they get screwed up.

I'm not a big fan of Yeah, I'm not a big fan of certifications, but that one if someone gets it, you know, they you gotta know your stuff for you Yeah, and I think I think anyone who's ever studied for it or taking it can attest that that is not entry-level There is some prerequisite knowledge that you have to go into it.

So that's the thing is like There there's very few truly entry-level cybersecurity positions and I think that explains in large part this kind of gap in the market and

Yeah, well, you're right, and there's another thing going on, and this is a little pet peeve of mine. You know, we say, oh, there's not, you know, we can't find entry-level people, we can't find talent, we can't find talent. The truth is, there's a lot of talent out there. There are a lot of smart people who want to get into it, and we even have a bit of education in it. One of the very unfortunate things, I think, right now is that, especially in a bit of a down time when things are tight, companies don't want to train people. They don't want to train people because they don't want the expense and they also, and this is a security thing, they also know that you train someone to be a tier one analyst. A real security entry level thing. If they last a year and they're halfway decent, they're going to get a better job. They're going to get more money. Whenever you train someone, you're susceptible to just having them poached and go somewhere else. And while people love it and say, yeah, I can move, I can get a new job and everything, there's also a big downside to it, especially for the newcomers, which is unfortunate because we need new people and young people in the industry.

And that's exactly the point, right, Joe? A lot of organizations, they want to hire you and they want to They want to negotiate with you to start an organization, but once you're there, they're not aggressive anymore. You can come in with a certain level of knowledge. And three years by then, later, even if they didn't invest in you, you've invested a lot of time, and you've got some decent practical certs. I mean, there's a lot of non-practical certs. I don't want to start disparaging certain certifications.

I do.

I don't. I don't want to do it. But the point I'm making is you can sit there. I know people. that sit in front of TriHackMe and all these different box stuff and they put all this time in there, they should get rewarded for the amount of time they put in there. If they're putting in five, six, seven hours a week, That's hardcore time to compromise a box and move laterally and learn the tools. They could be incredible IR people, incident response. They could be incredible digital forensics people. They could be incredible at everything they do, so they should get rewarded, but a lot of employers, unfortunately, Don't see the need to say, wait, all right, let me, I know that you did all this. Let me give you 10%, 15% more. It never works like that. So we all know when you work at a place, your own lifetime at most organizations are between three and five years the most. And then when you leave, you get bumped up a lot more. That's how it is.

That's a lot for security these days, especially at the entry level of people As soon as they get that little bit of experience, and they do learn, you can go somewhere else. So how did you break into it? You kind of went the very old school route of learning a lot of stuff on your own.

Yeah, I think this is an excellent point to build off of, you know, what Adam was saying, is that exactly, there's not much incentive to learn in this industry outside of this formal four-year academic setting or your typical boot camp. And that kind of brings me to how I broke into the industry, which is with the company I'm currently at, Nakuru. And again, you know, not to be a crazy salesperson or anything like that, but it's truly a very unique opportunity. So Nukudu is a talent accelerator program. And I don't like to use the word bootcamp for it because its business model is very different than your typical bootcamp, right? So, you know, we talked about incentives a little bit earlier when we were talking about healthcare, and I just want to lay out the incentives a little bit. So your typical bootcamp will be somewhere between three to six months, and most of them will want some kind of money up front. And they take this money up front and then they educate you and then they send you out the door. The best you could hope for is that a company will educate you for free and then they'll take some portion of your future income. But even in that case, and especially in the former case,

You know, there's that, and I know it can work for a lot of people that they don't have the money up front, but you know, there's just something about it that worries me, that just seems wrong. You know, you're owing some of your stuff back. that's gone badly in some societies.

I mean, especially here in America, we're a little bit averse to this idea of indentured servitude or something like that. We did fight a whole civil war over it, so it makes sense. Not the case in other countries, by the way. In other countries, they do have notions of indentured servitude, so that's just something to, you know, we have it very nice here. But anyway, so as I was saying, so with those types of boot camps, um, their bottom line, the bottom line of the bootcamp is not directly correlated or tied with your real world usefulness to the workforce, right? So they just want to collect their money. They want to give you an education and then they want to send you out the door. And then what happens to you after the, you know, you go out the door, doesn't really impact them as much. It might impact those that kind of give you the, uh, income sharing and it might impact the reputation, but that,

Yeah, that's it. I mean, it's kind of a yes and no, there's nothing formal, there's no guarantees and everything. But, you know, certainly some are much more recognized and respected than others. And, you know, it's like, if you, if you, you know, one of the big things to look at when you're looking at, you know, any school and any kind of technical training and stuff, people even do it with colleges, it's like, where do the graduates go? Do they go to good places? Do they have good careers? So yeah, it's not quite but it's not completely absent. And you did say the reputation of them is very important.

Sure, sure, sure. I don't want to downplay that. I just want to say like, especially is the case when we're talking about people who have talent, but they might be entry level and they haven't quite broken in. For a lot of them, they might not be able to afford the bootcamp. They don't want to take out a loan. And even the ones that are free, they take a portion of their future income. You know, we're talking at least six months to get you up to speed to be able to have that kind of role. And a lot of people, they just can't, you know, they can't, they don't have that kind of time. They don't have the money, you know, that maybe they have a family. So they need the support right away. And as you said, companies are not training people. So.

Yeah, we should let everyone know that, you know, the audience that want to talk about these boot camps are basically, you know, professional training. But as you said, it can go for months, for six months or something. You got to find the time and your spare time if you're working. And they're expensive. They're a big commitment.

Let me add this, right, Joe? When I was working for you, we did certain certs. And those cert classes, even on your own, were $8,000 to $9,000 a cert. I could never, ever afford that on my own. I shouldn't say that because I am paying for a doctorate right now, but the point I'm making is I had to take a loan for that. I'm not taking a loan for a cert. And the average cert for this is like $8,000 to $10,000 a cert. And they're one of the most reputable names, what? For one. And they're one of the most reputable names in the industry, however, Corporations need to pay for it, not you, because a regular person is not going to be able to stack these up, and you need some of these for certain jobs, unfortunately.

So that brings me to the company that I was at, Nekuru. So as I was saying about that...

And Jerry, let me just also tell everyone, this is not a sponsored video or anything. Oh yeah, I'm not getting paid for this. Yeah, we don't have any connection to them. We just actually found out about them, met Jerry, and thought it was kind of interesting, the path he was going on. We wanted to talk about it a little bit. So that's, gotta be the good host and say that stuff.

Yeah, so full disclosure, no conflicts of interest or anything, but yeah, so, So what's unique here is that, you know, I just like everyone else, you know, I would imagine I'm looking at ways to break in. I'm looking at all these boot camps. I'm browsing Indeed and all that stuff. And I see an Indeed, you know, no experience required, you know, training program. And it was on Indeed. So it seems like an actual, you know, job. And in fact, it was a job. So what's really unique about Nefutu?

There are plenty of scams on Indeed, too, at LinkedIn. Oh, yes, absolutely. That's why I got a smile when you say it.

Yes, yes. And by the way, I spoke with the rest of my cohort. We've known each other for the last six months and everyone shares the same stories. When they see this, it's like we all did the same research. Is this company legit? Is this a scam? Too good to be true. Yeah, exactly. Too good to be true. And, you know, at face value, it really does seem too good to be true, right? So there's a long kind of aptitude assessment. So there's like three to once you apply and this is indeed it marking itself as like an entry level kind of apprenticeship slash training kind of thing, similar to a boot camp, but they say that they'll pay us and we'll be full employees from day one. I'm like, wow. Okay, so there's a very long aptitude assessment. You don't necessarily need to know much about cybersecurity or IT because it is truly entry level, but there's several kind of online tests that you have to take that they curate themselves, just general aptitude tests. And in addition to a technical interview and like a personal interview, so there's a pretty long pipeline. But once you get through, You get offered a full-time position from day one as a full-time employee of Nukudu, along with excellent health insurance benefits, 401k match, a salary, you know, everything that an employee would expect. And for six months of kind of intensive training in cybersecurity, along with certifications that the company pays for, one of which, by the way, is Adam, the $9,000 certification that, you know, you mentioned, we just got the GCI-H. which the company paid for and helped us train for, which, as you said, that's a very expensive cert. These are just some of the benefits. Yeah, it's a good one. In exchange for those six months of training, the company will then basically contract you out to other employers. You get a consummate raise when that happens. They obviously will make some of the difference.

Oh wait, they train you and then you're basically a consultant for them, I guess, more or less. And then when they send you out, they give you a raise?

Yeah, they give us, because instead of being a trainee, now we're actually doing real work. So, you know, it's kind of like an apprenticeship, right? You get, I mean, I would imagine for apprenticeships, you get paid, but then when you actually start doing work, you get paid more.

So Jerry, I would personally put in for this job, but I know I would never pass the aptitude, so.

You never know, it's free to take, it's free to take, you know, so who knows. Um, yeah, but so, you know, it's a, it was a fantastic opportunity. Um, and, uh, I'm coming up now on like the end of month six. So I actually have some interviews coming up with, um, companies that I would be consulted out to. Um, so, you know, it's not like, uh, you know, they, they kind of guarantee, but you still have to, you know, interview, you still have to actually, you know, the, the, the employers, the potential employers, the clients, they still have to want to hire you.

Of course. That's normal. I mean, hiring a consultant, regardless, they want to talk to you.

Yeah. Um, yeah, so, um, and it's, again, it's very unlike, that's why I hesitate to use the word bootcamp because their incentive structure is very different than the typical bootcamp, right? My company, Nakuru, they will only get paid if I am actually useful to other companies and I actually get hired. And until then, they're in the hole with all this money that they put into training me and, and, you know, doing all these certifications and stuff like that. So they're truly investing in us. as, you know, trainees and entrants into the industry. And that separates it from your typical boot camp.

I would imagine that they find a way to legally discourage you from getting trained and walking away. I would have to believe that. I would hope they have to protect. And there's nothing wrong with what they're asking for because, you know, you don't want to be a victim of a scam yourself. You don't want somebody coming in there, getting trained, and then, bye-bye, you know.

Of course, of course. But I will say, obviously, there are certain legal provisions that I'm not necessarily going to get into. But even besides that, let's just say you have six months of training, and maybe you have one sort of vacation. Even with all that, without experience, if you're truly entry level, it's still very difficult to get a job. So even once you have training, there's not much incentive for you to leave and go off on your own, because good luck.

Yeah, we know plenty of seasoned people looking for opportunities and they can't find opportunities who have 10 years experience. And it's funny, right? I'll tell you this, Jerry, right? We joke around, Joe and I, and people have actually sent us LinkedIn profiles. Entry-level position must have 10 years experience with Python. You know, things like that. You know, entry-level position must have done incident response for four years. You know, there's literally job descriptions like that and it says entry-level but it's not.

It's literally contradictory. My favorite is like must have 10 years experience with Rust and it's like Rust hasn't even existed for 10 years. Oh yeah. I've seen those like what is this? Yeah.

But I've got to think too that with something like this, and I don't know the company well, I don't know how they work out the business and the economics of it, but you don't want someone to take the training and cut and run, but it seems that if you took the training and then left, unless you've already got something and you're going to it, you're going right to it, Why would you leave? They're gonna look for something for you and pay you in the meantime.

Let's look at it this way, Joe, right? Let's look at it this way. You go to work for this company. Your heart is in it, everything else. Then you find out your grandfather passed away and you have to move to take care, or maybe your sister passed away and now you have to take care of the kids. You have to move across the country. These things do happen, unfortunately. And I'm sure there's provisions to work things out and pay things back and do what you got to do. But yes, these things do happen. Let's hope that people are not nefarious and looking to pull one over on that company. But these things do happen, right?

Yeah, I mean, the advantage we have still being kind of like a small nimble company is that like, they really work with us on an individual basis. So if there's something, you know, not all the jobs have to be here in San Antonio, where we're based, you know, they'll look for opportunities for us either be remote or, you know, in other cities and stuff like that. And of course, like you said, you know, we have really good health insurance, we have great benefits, like, you know, it's not like there's this huge incentive for us to cut and run. they take care of us, you know, so it's, yeah, it's a great opportunity.

What was, the people that created this company, is there like, like a philosophical reason for developing it? Absolutely. Why not?

Absolutely.

That's what I think we want to know. Obviously, when they created this company, they said, you know, sometimes people create companies, you know, when I was trying to get a job in cybersecurity, people would never look at me. Now, I want to turn around and help others get into the business and make some money while doing it and making the world a better place and world peace. I mean, I'm kind of being funny. I'm kind of being funny, but maybe that's what it is. Maybe it's all philosophical.

So you're absolutely right. And the philosophy is this. So what is the only organization, institution in the world that recruits you, trains you, employs you, and puts all this money into you for you to do the job? Military. The only organization like this is the military.

Military, yeah.

It's the military and that's exactly what this is based off of, is the military. Specifically, I mean, the founders of this company, they're Israeli, they're from the IDF, and that's where they had their training. But the same is true in the US military and most other militaries. I have a friend who did cyber in the Air Force.

That's so funny, man, because didn't Team 8 move to Singapore, Joe? They were bought by a company in Singapore. I wonder if it's connected to this. So Team 8 was an 8200 IDF company. A lot of the people from the IDF, from the 8200 unit, worked for Teammate, was developed by Teammate, and then a company in Singapore bought it. So...

Wait, we've got to be really clear, too. Yeah. We worked with... Teammate is like a VC kind of thing. They have a bunch of companies. Yes. We worked with a consulting arm that became Signia, and that part was bought by the concern.

Oh, sorry. Yeah, thank you. Yeah, yeah. Correct. It wasn't the whole thing, so...

Yes. Although that could have gotten us some good hate mail from the Israelis. Maybe that would start things off.

Yeah, but I would assume it might be maybe, maybe more like malware.

Anyway, sorry.

Yeah, I mean, so that military model, that's exactly what we're based on, you know. And it kind of speaks, I don't want to give like a whole treatise on like American education, but I think it speaks deeper into the state of education as a whole, where it's like the The way the military does things and the way we try to model things at our company in a similar vein, we try to align the incentives of the trainer and the trainee in a similar vein like the military does. That is very good benefits, they really take care of us, and they invest in us. And then their kind of success, in the case of the military, they directly employ you for their purposes. And in the case of this company, they contract us out. But the point is that in both cases, the bottom line is tied with, is directly tied with your usefulness, your immediate usefulness.

And the irony there is, is that's exactly what happens with the 8,200 people. They get trained, now I'm not saying every 8,200 person is a cyber warrior, but they train the people in 8,200, They leave the military service. They turn around and not everyone. they turn around, they start a company, it usually becomes very successful, they sell it, so it might be similar to this, right? Their philosophy is we homegrown the people, they learn from us, we don't have to fix what they're doing, we help them grow a certain way, and then we invest in them, and then in a kind of sort of way, we sell them, right? I'm not saying that's exactly what happens, but now we're getting money back for them by developing them.

You know what that makes me think of? This just occurred to me hearing a teammate and what you're saying. It's like, yeah, you know, with 8200, the Israelis, they generate, you know, they create a lot of really top level, you know, cyber people. We know a bunch of them. And then they go out and they, and they don't just start companies on a lark. You know, they, they have like a lot of, a lot of, you know, support. They have a whole legal system. They got the VC people who help them. And then they start this thing. out of Singapore, or they're moving into the States and stuff. Makes me wonder, are they running out of people? Like, they need to be more people, you know what I mean? That's wild. Okay, but so Jerry, so you've been interested for a long time. You've been doing it for six months. You talked about the OSCP, which is the offensive stuff, right? Actually, we always say that security is not just hacking and attacking, but OSCP actually is that.

Yeah, the OSCP, one of the main things about OSCP is not only do you have to train, and then take 24 hours to compromise an infrastructure, you spend another 24 hours writing the report and being able to give a really good report to the client. So, for 48 hours, you're basically up, almost like real life, compromising and then writing the report that should be deliverable and acceptable to the client. Is that right?

It is technically a 48 hour test. Right. That's right. The first 24 hours is the actual you're in the environment and the next 24 you have to write the report. Yeah.

OK, so you're doing that and you're at this point, you know, very early in your cyber career. I mean. How do you like it? I mean, what are you interested in? What kind of directions do you think you want to move in? Because it's like we just said, like we're always saying, it's a big field. There's a lot of stuff you can do, a lot of directions.

For sure. For sure. I mean, from the outside looking in, people might be thinking like, oh, cybersecurity, hacking, you know, whatever. But once you get in, you realize just how broad it is. And yeah, you're right. There's a lot. So, you know, me personally, I, first of all, as I mentioned, I'm, you know, what catalyzed my interest in this in general was my obsession with like blockchain technology. So I definitely still have a huge passion for that. And whatever I do, I want it to be in some form or another kind of associated with that. And to be honest, I mean, this is just my bias, but I think moving forward, like, just kind of like how AI is kind of creeping into everything and everywhere nowadays, I think the same will be true of blockchain. I think it's just kind of the next, frontier of the internet let's say.

Please don't tell me you have your life savings in NFTs or anything crazy like that.

I'm very opinionated on this topic. So I'll just very quickly say that, you know, NFTs is one of the most like misused, like, like when most people think of NFTs, they think of like the 2021, like peak debauchery of like pictures of rocks and bananas and stuff like that. And that's totally ridiculous. But NFT itself, you know, it's such a misuse. It's kind of like, like, you guys remember those like graphing calculators in high school? Imagine having one of those graphing calculators. Yeah. And like, you know, like in sixth grade or whatever, at least I used to do this, people, like the kids would type in like boobs into the calculator. That's what, that's what these pictures of rocks are. Like it's a complete perversion and misuse of the technology. The technology of NFTs are actually very generic and very widely applicable. But if you're going to use it to have a picture of a banana or something, that's totally, it's just stupid. So no, I don't have my life savings in NFTs, but as a technology, NFTs are very useful.

Well, you know, it's to step back a little bit from the NFTs more into the blockchain. My son, he had me build, well, he shouldn't say he had me build, he had me finance a $3,500 rig. And back then, we were trying to do Ethereum. So the proof of stake versus the proof of work, and how everything changed the way that people can do mining. In order to do mining successfully for certain electronic funds or whatever you want to call them, you really have to have solar on your house. So we moved my rig from my house where we were paying for electricity to the, my son's rig is now at my father's house as solar. So now it's costing him nothing to mine, but you're not really making a lot that much money anymore. Those we bought at the height during COVID, we bought like a 30, 90 card an end of the year. And I think I paid $2,200 for, I think you can get for half price now.

I gotta tell you, I gotta tell you this is funny because I remember when Adam did this and he used to tell us for weeks, he's like, oh, we had to get this video card, we got this stuff, this big production, I spent all this money. And he tells me he's gonna be like, you know, mining Bitcoin or whatever. And I go, Adam, I'm not an expert, but I think you're paying like the highest electrical rates. Oh no, it was good. I don't think this is gonna work.

No, it worked out well. First of all, it wasn't my thing, it's my son's thing. It worked out well until they moved from what was proof of stake to proof of work.

Is that how it worked? The other way around, proof of work to proof of stake.

Proof of stake, yeah. And that changed the amount of money he was making. And now it went from a larger amount of money to almost nothing.

But yeah, I mean, there are other blockchains that still use proof of work, especially like GPU based proof of work, like Nvidia, that are still I mean, they're definitely more profitable than Ethereum is currently with a GPU. But yeah, I mean, in I Especially like in the last like eight years or so, in the vast majority of cases, you would have made more money by taking that CapEx and instead of buying like the actual hardware, you just bought the actual cryptocurrency. That's like in most cases, you would have made more money that way. In order to be competitive in mining nowadays, you need like massive, massive, massive projects. Like they're real hyperscalers now.

A friend of mine is an electrician and he was telling me, he goes, I have these knuckleheads. He said knuckleheads. I still want to pay me, and he's going into warehouses with racks and racks and racks and racks and racks and racks of GPUs. Because for those who don't know... Around here? Between New Jersey and New York. And the only thing that's really bad about this, by the way, Joe, just in case you want to know, is if a law enforcement agency flies a helicopter looking for heat blooms, which they're looking for drugs, people growing marijuana. This shows up as if they're growing marijuana because the heat balloon is from the rigs.

That's funny.

You've heard that, right, Jerry?

I mean, it's data center level power consumption. It's crazy. Yeah.

So it's the same. So, you know, there's people that are doing, whatever they call it, they're growing wheat. But the point I'm making is, for those who don't know, The people that use these rigs, they don't look like a regular workstation or computer. They're basically, it's a rectangle, and you're popping a car down, and you have a couple power supplies, and you have GPUs that go into multiple slots to maximize, because it's not one GPU. It could be eight, it could be 16, it could be four, it could be two. It's not a computer. It is a computer, but it's not a computer.

Nowadays, in the case of Bitcoin specifically, they don't even use GPUs anymore. They use specially, they're called ASICs, application specific integrated circuits. They use like specific hardware that's just optimized for, you know, Bitcoin mining in this case, which again, like, I don't want to go too far down this rabbit hole, but like, I think a lot of this, like Bitcoin, like mining stuff, because at the end of the day, all these computers, they're really just like, they're spending all this power in the compute just to win a lottery. And they're not actually doing anything useful with all that compute power. They're literally just drawing billions and billions of lottery tickets every second. And I think a lot of the more interesting work happening in the blockchain industry now is a lot of research into how can we actually make this compute be doing useful things. Like looking for extraterrestrials? Useful computations, sorry.

Remember the days when people, and they still do it, right? Allow us to use your computer to search for extraterrestrials.

Oh, that's right.

Do you remember that, Joe?

Yeah, I do. You'd like get the screensaver or something. And it was like tied to SETI or something, right?

Yeah. And then there was a virus or an antivirus or malware people were getting on the computers that helped you mine for malware. And people didn't even know that. But anyway, the point I'm making is, and you're right about the ASICs, obviously, because you know more than I do. At one point, people started taking those GPUs and saying, no, we're not going to let you use them to mine. They're only good for gaming. Buy it for gaming, don't buy it for mining. And they put software on there to stop you from doing it.

That's right. That's right. Yeah, they tried to do that. Yeah.

Well, Jerry, all of a sudden we're talking about blockchain. You know, you're a double threat here. We're getting to last call, but we got to have you back to talk about the blockchain stuff. You're definitely more up to date than me. I don't know anything.

Yeah, I mean, I love it. I mean, I'm like super immersed into it.

I know what's good. People are going to ask us, like, oh, that's great. You know, too good to be true. But you know what? I'm willing to take an attempt. How would, I mean, again, we're not getting money for this, we're not being sponsored. Total Transparency, Joe and I went to CyberTech, which was, I think, in September, right? Adam, you just threw in another free plug.

Yeah, first week of September. What?

No, no, but we were- You just threw in another free plug.

You gotta stop doing this. Yeah, well, whatever.

And we were walking around and we came across your booth And we're like, this is really interesting. So let's say they wanted to get involved. Would you say, hey, go search for us online? Or how, I mean, is there other organizations? I know you don't want to compete with other, but is this something that they should look at? Because we're going to get people asking us about this.

Absolutely. N-U-K-U-D-O dot com. That's Nukudu dot com. Go there. Apply. Taking the aptitude test and applying is totally free. It doesn't take too long. So just see if you have the aptitude in the first place if you're interested. And then if you are, you can kind of think about making a decision. So currently, our training is strictly in person, not remote, in San Antonio, Texas. So I moved from New York to San Antonio to make that happen. And then afterwards, when it comes to actually consulting and being placed, it kind of opens up from there. It doesn't necessarily have to be in San Antonio, but the training is in San Antonio. And I would just say apply. I'm not aware of any other company or kind of talent accelerator that's doing things the way we are. So if you're interested, you know, apply. Why not?

I'm not bringing this up because I want to support this company. I'm doing this because there are a lot of people whose heart is that they want to get in this and if this is a result of the company end up flourishing, great. You know, that's great for them. But if others can get into this discipline by having this company support them and it works out, that's great too.

Yeah, Adam and I have been in this business for a long time, and over the years we constantly get asked, especially, how do I get in, how do I get in, and we're really trying to give back here and tell some stories of now how people are getting into the business and being successful, and this is kind of interesting. I don't know if there is something like it, but I haven't seen it.

Yeah, yeah, it's really cool, and I'll just add to that. When I was at CyberTech where we met, and I was kind of representing the company, there were so many young people, people that were doing bachelors, even master's degrees in some cases in cybersecurity coming up to us, and they were interested. And a lot of them shared the same story, that in these degree programs, they'll focus a lot on the theoretical aspects, and in the case of master's degrees, maybe more so also the business aspects. but they don't get a whole lot of hands-on experience. And 80% of what we do by time is hands-on. And so they were very interested in this because they're coming out of these four or six-year degree programs, and they've spent all this time, but they still don't have those kind of real-world hands-on skills. And even they were interested, let alone people who have no experience at all. So yeah, it's a really great opportunity.

And it's funny, because I told you I'm going for a doctorate. Going for a doctorate does not teach you anything about cyber security per se. Going for a doctorate teaches you how to write, do research, and learn. And from there, when you do your dissertation, your goal is to add more. You're the one that's bringing more to the discipline. They're not teaching you. They're asking you. You're paying to bring the world more of a opening or educational findings. So the people that go for the masters and their doctorates, it's all about learning and giving back than it really is you taking from them. And there's nothing wrong with what I'm doing. I did it for a reason. But unless you're going for a SANS masters, which is all practical, but you're spending I don't even want to say the number, but it's more than a normal master's degree. So what you're saying makes a lot of sense, and I'm sure there are going to be people that want to reach out, and I'm also sure there are going to be people who are disappointed if they do reach out and they don't pass the aptitude. That doesn't mean you should stop. That means you should keep on going, self-learn, and find the next step.

Absolutely, yeah, and you know, there's nothing, I mean, I'm pretty sure you could take the aptitude test more than once. There might be like a little bit of a staggering or something like that, but you know, if you fail the first time, you can always take it again a few months later. And yeah, so just apply, you know, if you, if anyone who's listening to this is like interested in kind of learning more of a firsthand account, you can feel free to reach out to me on LinkedIn.

Maybe you guys can- Leave us comments and we'll put you in touch. We need comments. We'll pass it on.

Yeah. So, you know, reach out, go to nukudu.com if you guys are interested. And, um, yeah, I mean, it's, it's fantastic opportunities, like I said, many times. And, uh, and the other thing I'll say is just like, be curious. You know, if there's one thing I would say to anyone who's like, uh, who's like entering the industry and like kind of wants to break in, I would say the number one thing that's kind of, uh, rode me through this whole journey and probably will continue to ride me through is curiosity. Um, you gotta have to. this, you got to have a desire to like know how something works and why it works and why it is the way it is. And if you don't have that just kind of innate curiosity for things, it's going to be very difficult because there's in every thing you learn, there's like this infinite branch of like more things to learn. And so you have to just have that drive and that curiosity.

And that's, that's the true meaning of hacking, the true meaning of hacking. Yeah. It doesn't always mean something nefarious. It means learning how something works, reverse engineering it. And there's nothing wrong with finding faults, finding things in something, as long as you responsibly report it and let people know what's going on. So that's the point I'm making, right? Hacking, learning, figuring out, knowing how something works, and then helping people understand that as well.

Yeah, so that brings us to the real last call. We're at the end here. Jerry, thank you for coming. It has been so interesting talking to you. And seriously, we do believe very much that we need good people coming into the industry and being developed. And just to hear you with your passion and how you're into these things and really working hard is great to see. And we definitely got to stay in touch.

Even though he's a Texan?

I think he'll... I kinda suspect he'll still always be a New Yorker, that's right.

I will always be a New Yorker at heart, that's right.

Hey Jerry, how's the pizza down there?

Don't even, I refuse, I haven't even tried it because I know, I'm under no illusion that I am where I am. I'm not even gonna, I'll stick to the barbecue. I know where I'm at. The barbecue is excellent. I'm not even gonna even try the pizza.

I know what it is. I know we're supposed to end this, but the best place I've ever had barbecue so far was Arkansas.

Arkansas, okay.

You've been to Arkansas?

Yeah.

There's anything wrong with that? Well, I told you, I was at the airport and the woman that worked at the airport said, where are you going? Can you use the kiosk? I said, I'm going to Arkansas. And she's like, is that a foreign destination?

Oh my God. Right, Dick? Wow. That's crazy. Yeah. Welcome to wherever in Austin, Terry Black's Barbecue, that's where it's at.

Okay, when we're in Austin, we're coming to find you. Right, San Antonio?

Yeah.

They're probably right next to each other, right? Two minutes? No.

Oh, it takes me less time to drive to Austin from San Antonio than it does to get from my house in Brooklyn to Manhattan.

Oh, is that right? I was joking. Oh, because I've been told everything in Texas is so far apart. It's like you've got to fly between cities.

But not San Antonio and Austin. It's an hour drive.

So Jerry, so we're going to end this with this. When you come back to New York City, we're going to go get some pizza. Joe and I will buy and we'll hang out and we'll talk.

We're extremely opinionated on this pizza, okay? Best New York pizza is DeFara's on Avenue J and East 15th in Brooklyn.

I know that place. We'll go there.

We'll go there.

We got to go and maybe I'll take you to Rasa in Jersey City. If you can get a reservation, it's impossible. Anyway. All right, Jerry, thanks again. Great talking to you. Adam, always fun.

Thank you, Jerry. Oh my God, Jerry. This is great. I'm hoping people see a path forward and I hope

At least a couple people can get into the industry based on this Yeah, and thanks to all of you watching and listening, you know, it's all for you. Take it easy everyone. Thank you