Changing Employers? When, why and how.

now having our great friend paul guido meet with us um he is a security professional based at a san antonio financial institution where he works as a security janitor so uh paul if you would go into that i'm sure all of us in the space understand what that is but for all of us newbies uh please elaborate thanks again yeah uh so i guess i'm up and running now uh you got it recording and all that stuff yes i work at a san antonio financial institution and uh if you check my linkedin it doesn't say where i work because um any security professional that works at a financial institution or for that matter just about anywhere

you're a target the more information you put out there on linkedin and everywhere else about where you are and where you work the easier it is for someone to do something to get into well you um they can find out about you your hobbies your habits and uh find that exact lure that's going to catch you in a fish so um because of that i put security janitor um i uh i work with a security team uh and it's they're great people but it's i haven't been there that long so changing employers for over 20 and a half years i did work at broadway national bank um so and around february i changed and i went

to another financial institution here in town and uh it was a very good move for me and i get so many questions why why would you leave broadway after over two decades of work and it there are a lot of answers to that right and it really depends on point of view and what's going on did did i leave broadway bank or did i go to this new place that i was working at and for the most part i was going to the new place that i'm working at there were some things that were going on that at the office like most any office uh if you've been there two decades or even two years

that is happening that would make you want to maybe i should find another job but maybe i'm not going to go and actively go do that but the opportunity that i was provided it was beyond par so that's kind of why was the primary reason that i that i left and we're going to kind of go over uh those kind of decision makings and stuff first let's go ahead and oh i get there we go i'm a security team professional at a security financial institution here uh if you want to follow me on twitter i'm not that exciting but uh mainly security related stuff radioteacher is my handle on twitter i do have a poll

out there which i'm going to discuss so uh it's did did you leave your last job or did you go to your new job and and no right answer it's just how you ended up doing it if you would go out and look for that twitter poll i also have that in discord right now with track three breakout so if you want to do any communication back to me the best way to do it is with track three um in track three breakout inside discord for b-side san antonio so please uh you know you have any questions comments or anything else i'm going to be asking some questions it would be great to get some feedback on some of these different

items because interactive is really the way i like to run a talk and stuff i always ask lots of uh lots of questions i mean really why would i leave why would i leave after two decades of service at an institution like that um well i didn't have this problem but a lot of people do that sunday night dread is this like you know i really don't want to wake up in the morning or drag myself to that job those are common common problems and if you're having a lot of that and it might be time to to move on yeah you can't be yourself you have to be somebody else you can't uh interact

the way you want to interact with people um that could also be a problem um i recently um saw a wonderful um three speaker event in february before all events were really shut down all three of the speaker were prominent uh uh in their field and all of them had uh had different types of harassment uh against them over the years um primarily because they were female you know it's sad to think that that uh they couldn't uh you know be themselves and they had to you know take terrible conversations with these people that she would they were working with um and almost all of them had a story like that so if you can't be yourself at your

position for whatever reason whether it's harassment or whatever so that might be another good reason to go out no advancement um and this is a real big deal for a lot of people um i like doing interesting things as long i'm doing interesting things generally advancement is not one of my big goals i'm not ever looking to become a cio i'm not ever looking to become a cso really or anything like that i'm i like doing you know the day in day out work of security blue team type type stuff that's that's my bread and butter and that's what i really enjoy so for me you know that i'm not going to be a you know a cso someday or cio or

whatever that that's never really been a big impetus for for me personally but there are many people out there those are the goals that they have and and they're very achievable by the way as well yeah no more joy so it's almost like the saturday sunday night dread right no more joy in in in in your work you just everything is just drudgery it's you know office space times 10. so you get to that point yeah you really need to uh to consider uh finding another position unstable workplace you know management's changed three times in five years and everybody started new initiatives and nobody's completed anything and or you have other things going on maybe some people are you know buyouts

or going public or not going public or there's all kinds of different stability issues in in the workplace um maybe they are you know having issues with their own finances internally to an organization uh especially right now with covet 19 there's going to be so many sadly so many different companies that are going to be going out of business and when that happens it's going to leave a lot of people looking for more work so what about the possibility on the new job you really want to check out who you're going to be working for and i'm talking like before you even think about walking into an interview even before even you apply to a position at that company you really

want to know what they're all about you want to know their culture you want to know something about their teams and everything else sort of like what i'm not doing on linkedin and some of the other places and facebook whatever saying where i work um the same thing uh a lot of people do so you can go out and find out a lot of things about the uh your co-workers and things that you're going to do do a little ocean if you don't know about ocean there's other tracks that talk about doing open source intelligence and uh so go check out the com people that are going to be working with um another way to check

out what's going on at different organizations is be involved in the community things like this right here with b b-sides things like texas cyber summit here in san antonio get involved with different organizations and what you'll do is you'll you'll over time create a network of people to work with there are two other groups that i can really come off the top of my head to network here in san antonio one of them is the alamo ise squared group all you have to have is an interest in cyber security and you can uh join up and go to their meetings uh their meetings are all virtual they had just had a wonderful meeting on on

thursday with a great talk and i think 65 people were in attendance for that that lunch uh meeting uh really really well done the other one of course is near and dear to me i'm on their board as the alamo issa they're going to be switching to monthly meetings instead of the big quarterly meetings that they're they were doing um just because it fits better into people's schedule um than the larger meetings do when you're talking virtually so uh those two organizations here in town are really good to uh get involved with also saha right the san antonio hackers association if you're here in san antonio if not wherever you may be which i might

be getting people watching this from all over find out what your local organizations are go to international issa or or ise squared's main website find something that's going on in security uh in your area and start attending most the organizations out there worldwide are very open for new members and are looking for new members so definitely network but once again when you're looking for that job networking helps also check out the people that you're going to be working with check out the people in the place right so depending uh how portable you are i mean when i was single i i could move i could do whatever it was no big deal married and have kids maybe it's harder

to venture around so let's say you work 40 miles from your room your employer you live 40 miles from your employer that could be quite a commute could you live and move closer would it save fuel would it save whatever time uh frustration right who wants to sit in 1604 traffic for um 45 minutes uh just trying to get from let's say bolverty to you know um i'm sorry uh what is it uh lotus area all the way around past usa uh utsa all the way over to let's say the forum over there on 35. so yeah that that can be quite a quite a problem so where the location is also how is it

right so what's the culture at the place are they very rigid in rules are they very lacks you know what's the dress code make sure everything kind of fits with the culture that you are looking to move into once again i talked about advancement before what is the possibility for advancement at these organizations that you're looking to go to work at is there slots and times and the scheduled way to help move your career along is the job change enough of a change to move your career along in the direction that you want it to go benefits is a huge huge piece of it i cannot stress enough to anybody out there if you're in your 20s

even 30s if you're not looking at benefits especially retirement benefits 401k pensions then you really need to start focusing on that that is the time to start starting if you're 35 or 40 even and now i'm gonna think about retirement for the next 20 years you're really losing out because of things called compound interest right without having a um an active way to uh can get to a point where you can retire that's a that's a big deal so i cannot stress enough uh to think about not just retirement benefits health benefits how is their insurance who's their insurance carrier do they have other things educational benefits what would they do if you wanted to get a certification

would they pay for a test would they not would they pay for a class would they not all of those types of things are big deals for jobs these days in some ways benefits even shine things like um pay in in many regards time off how is it accrued how is it built is it lump sum is it you know pieces how do you how do you get that there don't be afraid if you're talking to hr and you're starting to get into the process even before the interview you can ask questions like that how is this stuff done i truly recommend that they're usually very open with that kind of information because they want to make sure culturally

you're going to fit with their organization as well now why not leave why why why would you not leave an organization um and there are some really good good examples of that if you've been there 12 months or less that doesn't look very good on a resume um there there are times though that that that can be forgiven right uh in 2008 there was a quite a bit of a recession going on in economic hardship it hit especially the industry areas of the united states i looked at uh somebody's resume and it said they only had a job for nine months and then another job for nine months then it for four months and then

they had another job for you know like 12 months all during that time period and it was in detroit and it was um so i'm like wow this person actually found work in detroit in 2008 2009. um they must be very very motivated and very much a go-getter if they're doing that and it was contract work they were taking contract after contract to to stay employed those kind of things are are easily explainable but for the most part you really want to stay at least 12 months on the job um there's another kind of caveat let's say um some benefit kicks in only after four years or five years let's say a pension or whatever that date should be marked

on your calendar there should be no ambiguity in your mind of when that date is um and uh there was a time a few years ago i was talking to somebody they were very excited they had a great opportunity they were going to be leaving broadway bank and going to that opportunity and uh i said you've been here almost five years right and they said yeah yeah it's really close but yeah and i said haslows and they were like oh well they were planning on leaving on a friday and their fifth year anniversary was the next monday that one day could cost them 20 of their um 401k matching money um fortunately the organization was kind

and let them withdraw their resignation and put it in for one more day and then they talked to the organization that they were going to they accepted that it was going to be a little bit different of a day and everything worked out very well for them most organizations are not so kind so once again know those dates put them on calendars don't don't you know uh forget the the goal of what you're trying to do uh by you know doing things like uh 401k matching money and keeping it so when you go uh and stuff um that doesn't mean i think you should leave at five years in one day i'm just saying that you know if the the

job is tenable keep it up but under 12 months does look a little little sketchy leadership change is on the way um this can go either way you know sometimes a leadership change things go from not so good to great and sometimes it goes from pretty good to not so great but sometimes when there's a leadership change you really want to get a handle on the new leaders and what they're what they're doing whether it's at the sea level the ceos and that kind of thing and that guidance and direction for your organization or if it's the cio or even cso if you're reporting on the security side um you know it makes a difference find

out how the leadership change is going to affect uh your work and how things are going so yeah that's that's why you'd probably want to stay you really want to check out what's happening down the way because some of those frustrations that you had they might just completely go away with leadership changes look for your a job while you're employed and this one's a big deal uh if you don't look for a job while you're employed you could um you know it it's harder all the way around it to find a job according to one statistic that i've read you have to search one month for every ten thousand dollars of pay so one month for every ten thousand

dollars of pay well depending on how long you've been in the industry and what your current pay is what you would accept for pay and what you could fit in with this these searches could take a long long time not only do you have to to to be able to land that job and once again you have to take all those other things into consideration like culture fit all the little pieces and parts that we're talking about finally um your inner voice could be just wrong right uh you hear it often impostor's endo syndrome i'm just as guilty about it as uh just about everybody else's in some regard um you know this kind of thing held me back

for many many years i probably could have changed jobs many times over over my tenure or two decades with broadway bank but i didn't and a lot of it was like yeah i mean i'm just not good enough to do that i just don't know that kind of thing or you know and stuff one of the problems for myself i never finished my college degree so that makes it a little bit interesting right uh at broadway bank i actually uh made it up to vice president and he had 25 years of i.t experience i worked for vars prior to working for broadway bank and there were still times it would be like i'm just not good enough for that

i'm not i'm not qualified enough for that so those kind of things held me back and i just want to make sure that they don't hold you back for that job change it's too late that job is already taken there's no place for me yeah that inner voice is wrong um i had that same thought in my head in 1993 that i've started too late no i don't have my novel certification i don't i'm not in the industry i'm a carpenter you know i do construction for a living um you know there's no way i could do that kind of thing and stuff and if there was there's the jobs are already taken there's already

you know 65 000 people out there that are certified to um work on novell systems got their cne and stuff so how could i possibly get in that field how could i possibly you know do anything to advance myself i was wrong in 1993 i guarantee you i was wrong and if you're in that boat today i guarantee you you're wrong there are plenty of jobs out there you just need to go fight for them you need to find them and keep searching and fight for them and you will find the job that you're looking for so it's not too late those jobs are not already taken um the other day i got a new washer and

dryer and one of the guys that was delivering the place kind of got around to so what do you do i said well i'm a cyber security uh guy at a local financial institution and he's like oh man i'd like to do that i was kind of looking into that and stuff and i go you know if you can put in a washer and dryer you understand processes you can understand procedures and everything else you've got to do this this and this and this and it works if you have any kind of uh background that would kind of make you think of that i said yeah i bet i bet i know what you're thinking i told him i said you're

thinking there's probably no jobs available for for people like you that you know in in this field you want to move over you're wrong you know go find that job at a help desk go find that job um you know doing uh the hardware team or whatever and work your way into another job because it's it's easier once you get that first job in it to move around so um my first job in it after doing construction for over a decade was um as a sales assistant for a var um i made the sales proposals up and the reason i did that is because i could tell the difference between a parallel cable and a scuzzy cable at the

time so the printer cable because you can by the way it's a 36 pin versus the 50 pin connector on the end um still know the difference probably have one in this building somewhere um so that's the kind of deal it's not too late the jobs are out there um you have to fight for them you have to you know overcome your own friction to go get them don't wait for an opportunity to come to you even if you're in the it field and you want to try something else in the id field once again you're going to have to go out and seize the job you're going to have to go out and find

it and fight for it so go get a good resume get it looked at there are people that will evaluate your resume that are right here inside of b-sides right now go and get moving forward on different uh things that you can do to to learn what's going on if you don't know how packets move through a network that's a great start i was very fortunate my ham radio hobby helped me out on that because i was able to learn how packets move through networks by looking at them over the uh air on on vhf radio i helped build packet radio networks um and and did that for six or seven years before i ever got into an i.t field

i waited too long i should have gotten moved a little bit faster than that um but you know that's the deal you got to keep on moving forward and and getting things done so don't wait for an opportunity to come to you in that fact have you ever heard of the cult of the done manifesto uh brie pettis uh came up with that um matter of fact i got a link i'll drop it in the discord channel in the breakout and also in the track three and the thick of it um here make sure that's going good um he kind of came up with this it's imperfect and it it has problems but it it's it's it's it got some really

good points how do you get done with anything right so three states of knowing not knowing action and completion i'm going to read them all to you you know except things are a draft there's no editing stage yeah this is good especially if you're learning pretending you know what you're doing is almost the same as knowing what you're doing just accept you know what you're doing even if you don't and do it right banish procrastination the point of being done is not to finish but to get other things done the more things you get done the more things you can get done so get things done get that resume out there go for that job

yeah once you're done toss it laugh at perfection right if you wait for that perfect resume where every word is perfect and exactly what you're waiting for blah blah blah you're waiting too long you know give it a best shot get it reviewed they like it get it out there people with dirty hands without i'm sorry people without dirty hands are wrong doing something makes you right doing it just getting out there and getting things done gives you the right to be out there and getting things done yeah failure accounts is done i went to that job interview and i didn't get the job oh well next a matter of fact here's a goal for you

i want you to set how many jobs that you go on an interview for and you don't get you get five of those then you win you're right you just consider yourself a winner because you've at least put yourself out there five times i bet you can't make it five without getting a job destruction is a variant of done can't put this one on jobs um if you have an idea publish it on the internet it counts as the ghost of done you know blogs are still a thing youtube is still the thing go out and research something and put something out on it get some information out there help at a b sides help at a

texas cyber summit get yourself networked into doing things done is the engine of more and it just doesn't get any cleaner than that you know if the more you do the more you're done the more you get done so uh does anybody have any questions or anything is there any questions in chat or in the uh discord here i just want to go ahead and look i know this is supposed to be an hour long but yeah it doesn't really take that long a matter of fact i almost wish that you'd spend the next 30 minutes working on your resume right working on your ability to go out and find that next job if you're looking for another

job or to make the job that you currently have better paul i love again thank you so much i love your story and how you you tell us how you were in one career and you didn't have any experience and you got into i.t and how you phased into cyber security a lot of folks now that are trying to get into space they feel like they have to run to college and get a degree um you have to be done right and you don't have to be done yeah it isn't the case well i love your store your personal story how you can share that with folks out in the space that it can be done

because a lot of young people or a lot of people that are looking to transition out of one career into another and they feel like they need to just jump into a cyber security role and sometimes that's not the case um where i i think this space as a whole we're we're in a place where a lot of companies don't have the capability to do on-the-job training you've got to know some you've got to have some understanding and some type of hands-on experience doing something or some inclination showing folks or showing the hiring managers in hr that you've got to you have the ability to learn um getting that cert or the degree you have

to bypass hr or the gatekeeper but i think if you can somehow bypass that by showing um your activities and capture the flag events or any type of uh cyber or i.t related events or networking events can you go kind of more into that on you know i'm a mentor also for um cyberpatriot not this year but cyber patriot is a great organization to to uh get involved with i just got through seeing another talk from uh a kid here at le high school um which is my alma mater i went to that school long ago and um the the work that he's been doing over at the the museum uh is is phenomenal uh

being with those kids and being a mentor for them helping them with things as simple as you know how does ssh work or how does https work or how does encryption work um you go learn it yourself and you tell them or you already know it you tell them whatever it takes um but one of the things i do encourage everyone to do is to get a degree if you can uh if you're predisposed and you can go ahead and get it done and you have the capabilities of getting it done there are a lot more opportunities for work for you it is difficult for me i i can't tell you i throw my resume around

a lot while i was um kind of looking for different positions i did not get call backs i never on a vast majority of them because i guarantee you when they looked at my resume versus others it didn't say degree and a lot of the jobs out there demand a degree and i'm like i got 25 years of experience in i.t securing financial institutions uh and and keeping them up and functioning and running that didn't matter to these people they were just hr they and sadly they it never got to the hiring managers to understand the difference there right um so get a degree if you can if you can't get a degree that's fine there are

tons of work out there tons of work um and once again mentor cyber patriot kids um get involved with these organizations here once again on your on your resume volunteer for elf louise uh or some other charity go to the food bank put that on the resume you know say that not only you're helping you know uh in your field but you're also broadly helping the community um those kind of things really make a difference uh i think when it finally gets to the hiring managers does that help kim i mean great great info and that's what i was gonna say is when you're looking at people's resumes uh what do you look for if they don't

have the relevant experience from a specific employer um so again i i i echo that as just showing what you're doing in personal development along with uh education and certifications and when we hired uh interns over uh broadway um i was part of the process there we looked for people that um there were a couple of people that applied they were done they were they they were job ready right the whole point of our intern program was to get people job ready at least understand what they needed to do in the job for example um that we could only work 20 hours a week with the interns so we were like okay you're only working

one hour eight hour day and then you're coming in saturday at 9 00 pm and we're leaving about sunday morning at six because that's the job that we're looking for in i.t we're going to be doing some major upgrades and so we made sure that they had active roles in those upgrades because we wanted them to understand exactly what it takes to do it work what it's not all hey i'm in you know normal hours and that kind of stuff so if you can find an interim program like that where they're just not having you do data entry or some other thing um that's that's the best kind to be in the one that we had had is we literally

week after week after week we ran them through every single area of i.t from hardware to the cio and um database administrators whatever um they got to work with everybody and then the last week we said your choice what do you want to work with so that actually helped people focus on the different aspects of what they wanted to do um so there's there's a lot of things out there than i'm just a hacking a red team kind of thing yeah there's there's so many job opportunities out there for everything in cyber security oh that's a good idea where is that i think i have um you want to know what cyber security looks like right

um i think i can put that on the screen

that's your break room right what's that i said that your wallpaper that's your break room right yeah it is my break room that's funny i didn't know you saw that as a flash going by but yeah i took a picture of that break room and it's really nice because they won't let us into that building anymore because i work in another building um um so yeah it's pretty funny so i use that as a background sometimes for my uh my team's meetings and stuff um so yeah it's fun

recently closed second i'm going to my history because i just pulled this thing up um of course it's showing all my slides here i'll just go find it real quick hey paul i have a question if uh you would be so kind to answer it yeah i'd be happy to uh it's in the discord but somebody asked can you apply to a job posting more than once if your resume has increased after a length of time sure because a lot of times those jobs also change right um the way that they're listed and posted um so yeah i don't think that's a problem at all and especially if your uh work situation or whatever uh has been modified i'm pretty sure

that it would not be a problem at all and that should be what i'm looking for thank you oh no problem and so that's what i t in cyber security looks like and i guarantee you no matter what type of person you are you fit there some box some little one of those little bubbles is your bubble so um you know whether it's framework or standards or compliance or whatever um there's just so much to do right

and i've already posted this out there in the operating room yeah and thank you so much for sharing that again it's it's really a great framework or a roadmap for folks to look at because um i'm a recruiter by trade and i talk to a lot of people that tell me i want to get into cyber security okay what part because it is really a mild wide and in in a mile deep um there's so many things and and they still don't know so i always say look you know i think it really is you know what what really interests you in information technology because then once you step back then you can look at okay what part of that do

you want to protect then um what piece of it so that's that's great and that's that's great because there are roles that are not technical and a lot of people think that being a cyber security person is you're a hardcore technical person and we need writers yes exactly people that know how to write very well and communicate through different policies right right my big my big areas are the security architecture area and the security operations area that's my um kind of bread and butter areas great well okay vulnerability too how to do that risk analysis assessment um so i know that uh one of the sponsors here is ddi i'm a big fan of theirs

uh to say the least so i really recommend frontline six is a vulnerability management system so there's my my plug for one of our sponsors for b-side san antonio all right hey paul one more question yes uh and this is a personal question for me is uh students such as myself trying to break into i.t would you recommend jumping and specializing in cyber security right away or would you recommend maybe getting a more general maybe a sys admin or maybe a support role first to build those foundations and maybe get into the rhythm of things before jumping into a more specialized security role um i definitely fight if you can for any kind of internship um it will help

you in your resume down the road it'll also help you hopefully focus on what you're looking to do down the road as well uh and if you get into an internship um pick the brains of anybody around you to try and see what you might want to fit into like we're saying this is a very diverse field and so depending on your natural abilities and this there's also a document out there it's it's kind of weird but i like it a lot um if you look up nist nice n-i-c-e um and i could probably go grab that one too i'll throw it in discord um the nice document gives you a road map basically i want to do um this uh this bubble here

or this this uh training thing cloud security bubble what do i need to have to do that cloud security bubble or to do you know i'm a particular role in in cyber security they mapped out mainly for government employees all of the different aspects that you would require to be a cio or cso or a sock engineer or a help desk technician um and it's nice because you can start using that as a roadmap you know if i did this kind of role i could check these boxes off and go learn these different tasks a matter of fact it talks about i believe abilities tasks um oh gosh anybody else good with a nice document here it's been about

a year since i've looked at it um abilities tasks and skills i think skills is one of them as well so if you have a things that you've done things that you learn things you can apply it's really it's a nice document and plus it kind of gives you a great idea of like this document here in front of me with all of these it shows you a vast amount of roles that you can do in cyber security as well i'm trying to work with our teams to try and rewrite some of our job descriptions to fit the nice document i think it's a good framework for um for that once again i can't recommend

staying in school and trying to get your degree if you possibly can it definitely has hurt me a number of times when it comes to job opportunities even as far back as 1994 or whatever um the one team i was working with they were like you'd be perfect for the job oh i can't hire you you don't have a degree bummer um but in some ways i'm kind of it all worked out you know it still worked out very very well for me but the main thing is gotta gotta go for it gotta keep that going and get that first job and don't give up just keep trying you can't take it personal you just gotta

keep going because it is hard it is hard to break in it is um being on the other side it's it's very frustrating we've got all of these really great smart people that are wanting to get into space and you have so many employers that are so short-sighted because they can't see past we gotta have people with certain experience and i get it because uh they don't really have the framework to train folks but um so it really leaves the candidate or the um the job seeker um you know more added stress that they've got to just be they've just got to keep pressing on and they've got to keep pushing um it's it's very frustrating but

once you get into space it's definitely worth it it is it really is um i i i'm very lucky um traditionally my family is in construction um my grandfather started the company my father owned that company at one time um when i was a kid growing up i just knew i was going to be in construction basically from almost time i can remember anything um but i always had a passion for electronics i always had a passion for computers and um then got into ham radio and with all of that it really kind of focused me into that technical type role i always liked the more geeky technical type aspects of

things i appreciate your insight

you