Mike Miller - Break in Cyber

People work extremely hard to make their mark in Cyber Security. Many make theirs being a great pentester. Others are advanced SOC Analysts or even CISOs. Here's how I want to make mine:

I have spent 25 years in this field and been blessed enough to make a good living and have great experiences. I never obtained a college degree and wasn't really considered "smart" when I was in high school, but was fortunate enough to have a great mentor.

So how do I want to make MY mark?

→ I dream of being the person that helped someone achieve their goals that they've been told were impossible.

→ I dream of helping someone change their family's entire life because they got a job with a great salary and now may work at home.

→ I dream of helping people become successful by teaching them some of the mistakes I made.

I want you to feel valuable, powerful, and know that you are an asset to not only the organization you work for, but the Cyber Security community as a whole.

That folks, is how I want to make my mark. I hope that I've been able to help at least a few of you in your journey.

You are going to do great things.

#cybersecurity #informationsecurity #infosec #careers

5 months ago (edited) | [YT] | 15

Mike Miller - Break in Cyber

I just researched 8 Courses that will help you earn a Cybersecurity Certificate with Google. It includes Foundations of Cybersecurity, Managing Security Risks, Networks Security, Assets, Threats, Vulnerabilities and a ton more.

It is often hard to figure out where to start when you start your Cyber Security journey. There are so many courses and so many directions you can go.

The mistake many people make is specializing too fast. It is important to have a very solid and broad foundation across the Cyber Security industry. For that reason, today I’m going to talk about the Google Cyber Security course and certificate.

Here are 8 courses that will help you work toward earning your Google Cyber Security certificate and gain a very strong foundation.

1. Foundations of Cybersecurity (9hrs) - recognize core skills and knowledge needed to become a cybersecurity analyst, identify how security attacks impact business operations, explain security ethics, identify common tools used by security analysts.

2. Manage Security Risks (9hrs) - identify primary threats, risks, and vulnerabilities to business operations, examine how organizations use security frameworks and controls to protect business, define commonly used SIEM tools, use a playbook to respond to threats, risks, and vulnerabilities.

3. Networks and Network Security (11hrs) - define the types of networks and components of networks, illustrate how data is sent and received over a network, understand how to secure a network against intrusion tactics, describe system hardening techniques.

4. Linux and SQL (21hrs) - Explain the relationship between operating systems, applications, and hardware. Compare a graphical user interface to a command line interface, navigate and manage file systems using Linux commands.

5. Assets, Threats, and Vulnerabilities (19hrs) - classify assets, analyze an attack surface to find risks and vulnerabilities, identify threats such as social engineering, malware, and web based exploits, summarize the threat modeling process.

6. Detection and Response (17hrs) - identify the steps to contain, eradicate, and recover from an incident. Analyze packets to interpret network communications. Understand basic syntax, components of signatures and logs in IDS and Network detection systems.

7. Automate Cyber Tasks with Python (24hrs) - Explain how the Python programming language is used in cybersecurity. Create new, user defined Python functions. Use regular expressions to extract information from text. Practice debugging code.

8. Prepare for Cyber Security Jobs (14hrs) - Determine when and how to escalate a security incident, engage with the cybersecurity community, apply for cybersecurity jobs and prepare for interviews.


Checkout the courses at 👉 bit.ly/3FN3rHQ

Need help landing a job? I can mentor you at www.harmonygrowthlab.com.

#cybersecurity #infosec #informationsecurity

6 months ago (edited) | [YT] | 11

Mike Miller - Break in Cyber

How many pages should a resume be?

9 months ago | [YT] | 3

Mike Miller - Break in Cyber

Want to Stand Out from the Crowd and Land a Job in GRC? Learning this PCI Framework will help you become Priceless in the Cyber Security industry.

Many years ago, I was working a contract with a large chain retailer (one many of us have shopped at) as a Security Administrator. I wore many hats including both offense and defense. This was way before I even knew what GRC was.

I remember when I started, they were being audited for this thing called PCI. The stress of my peers that were involved in the audit were extremely high. This was their first time in a PCI engagement and had no understanding of it.

Even though I knew nothing about it, I threw my hat into the ring to help. If business or organization is handling credit cards, they must be PCI compliant.

There are 12 Requirements that you must learn to help an organization become compliant:

1️⃣ Install and Maintain a Firewall Configuration to Protect Cardholder Data

2️⃣ Do not use Vendor Supplied defaults for System Passwords

3️⃣ Protect Cardholder Data

4️⃣ Encrypt Transmission of Cardholder Data across Open Public Networks

5️⃣ Protect all Systems Against Malware and Viruses

6️⃣ Develop and Maintain Secure Systems and Applications

7️⃣ Restrict access to Cardholder Data by Business Need to Know

8️⃣ Identify and Authenticate Access to System Components

9️⃣ Restrict Physical Access to Cardholder Data

1️⃣0️⃣ Track and Monitor Access to Network Resources and Cardholder Data

1️⃣1️⃣Regularly Test Security Systems and Processes

1️⃣2️⃣Maintain a Policy that Addresses Information Security for all Personnel

If you can learn and understand these requirements as well as the technologies behind them, you will be a golden asset.

Anyone can have a career in GRC. All you have to do is learn as much as you can and work extremely hard. It is a level playing field for everyone.

If you want to learn a little more about the PCI requirements, you can learn more here lnkd.in/gAbYNQBM.

What are some of the soft skills that go along with working in GRC?


#cybersecurity #informationsecurity #infosec #grc

1 year ago | [YT] | 9

Mike Miller - Break in Cyber

Dear Cyber Security Enthusiast, Here are 10 Top Jobs in Cyber. Not sure which direction you want to go? Let me Help.

Learning = Job Security

1. CISO - you be da' person responsible for the entire security posture of an organization.

2. Security Analyst - Ain't nothing getting past you. You be the peep that gets to analyze security incidents.

3. Security Engineer - Hey now, you're all all star. Get your game on. Be the person that gets to design, implement, and maintain the security infrastructure.

4. Security Consultant - Like to be the center of attention? Great, cause everyone be coming to you to figure their stuff out. Help provide solutions.

5. Security Researcher - "As seen on TV", you get to be the person that is researching vulnerabilities. Find the vulns before the bad guys do.

6. Malware Analyst - Always wanted to be an investigator? Why don't you try reverse engineering some malware to figure it out and help better protect against it?

7. Incident Response Manager - When everyone is running around screaming, you be the cool cat who is just calmly sitting there with a plan. Everything is going to be ok... You promise.

8. Security Awareness Trainer - Want to know EVERYONE at the company? Well, this is a great way to do that because everyone has to do it. Be the person to teach someone else to prevent a breach.

9. Penetration Tester - Want to be the coolest person on the block? How about some good ole' ethical hacking. Hack, find, and report stuff before the bad guys do.

10. Security Compliance Officer - because we all know that EVERYONE loves compliance. Be the dude that ensures that the company has all it's ducks in a row. You might not be the coolest person at the company, but hey, maybe you'll get to wear a badge.

By getting familiar with the positions above, you have a much greater chance of a very successful career in this field because you're going to find what your interests are and set goals to get there.

Obviously I couldn't list them all, I don't have enough space. Feel free to tell me the ones that interest you.

❓ WHOAMI ❓

I'm Mike. I'm a vCISO at Appalachia Technologies.

I packed 25 years of experience into my Break in Cyber Playbook. It talks about how to break through these barriers to get into cyber, and also how to grow your presence so that you attract recruiters. It takes the career puzzle of cyber security and puts it together for you to make a clear picture. It's no fluff.

📕Today, my book is on sale for $13.50 with code BOOK10. Take charge of your career today. Grab it at www.breakincyber.com/product-page/break-in-playboo….

If you read the book and still have questions, reach out. I'd love to hear from you.

🏡 Need a vCISO, Security Assessment, or Penetration Test? PM me.

#cybersecurity #informationsecurity #infosec #leadershipbyexample

1 year ago | [YT] | 20

Mike Miller - Break in Cyber

Dear Cyber Security Enthusiast, Here are 13 Different Types of Cyber Security Jobs including SOC Analysts, Ethical Hacker, and GRC. If you could land one tomorrow, which would you choose?

Mike, I want to work in Cyber Security. I hear this non stop each week. Which sector do you want to work in? Do you want to be an ethical hacker? Do you want to defend? Do you like compliance?

Here are at least 13 positions in Cyber Security (Defense, Office, and GRC) for you to consider.

🔵 Defensive Security:
1. Security Analyst - responsible for monitoring networks and systems for security breaches, investigating incidents, and implementing security measures to prevent future attacks.

2. Incident Responder - responsible for responding to security incidents and mitigating the damage caused by the incident.
Penetration Tester - responsible for identifying vulnerabilities in systems and networks by simulating attacks and performing security assessments.

3. Security Architect - responsible for designing and implementing security solutions for an organization's systems and networks.

4. Security Operations Center (SOC) Analyst - responsible for monitoring, detecting, and responding to security incidents in real-time.

5. Security Engineer - responsible for designing, implementing, and maintaining an organization's security infrastructure.

6. Malware Analyst - responsible for analyzing malware to understand its behavior and develop effective strategies for detecting and removing it.


🔴 Offensive Security:
1. Ethical Hacker - responsible for finding vulnerabilities in systems and networks by conducting penetration tests and security assessments.

2. Exploit Developer - responsible for developing and testing exploits that take advantage of vulnerabilities in systems and networks.

3. Social Engineering Specialist - responsible for using social engineering techniques to manipulate individuals into divulging sensitive information or taking actions that could compromise security.

👨‍🎓 GRC (Governance, Risk, and Compliance):
1. Information Security Manager - responsible for overseeing an organization's information security program and ensuring compliance with relevant regulations and standards.

2. Compliance Analyst - responsible for ensuring that an organization's policies and procedures comply with relevant regulations and standards.

3. Risk Manager - responsible for identifying, assessing, and prioritizing risks to an organization's systems and networks.

4. Privacy Officer - responsible for ensuring an organization's compliance with privacy regulations and developing privacy policies and procedures.

If you could land one of these tomorrow? Which would you choose?

#cybersecurity

1 year ago | [YT] | 22

Mike Miller - Break in Cyber

The Biggest Mistake I Made in my Cyber Security Career that I Hope You Aren't Making.

Years ago I founded a small Cyber Security company. I grew it. Actually I shouldn't say I grew it. My employees and I grew it. I had some of the best employees anyone could ask for. As a small business owner, I was proud. I utilized billboards, radio, newspaper, and of course social media. My advertising methods were the same as any other small business owner at the time. They worked. I had traditional growth.

So where is the mistake? I only focused on advertising my company. When my business was acquired 2 years ago, I realized the mistake I made. I had spent much of my career pushing my logo. I wasn't building relationships. I wasn't shaking hands and connecting to people. I wasn't utilizing my abilities to my fullest.

A near 25 year career, I had knowledge that could help others, so I started writing long posts. My brain wanted to spill information so bad that I had to strategize when I was typing content because I would always exceed the character limit (still an issue). There were so many things I wanted to say. There were so many stories to tell.

The response was overwhelming. I always took for granted the experience I had and never realized that people craved information. People crave learning from other's experiences and stories. In that moment that I realized who I really was. I was someone that had the potential of helping others. Owning my business was fun, but it wasn't nearly as rewarding as making a difference in other people's lives.

I started building true relationships. In fact, hundreds of them a day. My inbox was flooded so bad that I can remember sitting up until midnight because I was convinced that everyone deserved a response to their questions.

Through this journey I have realized many things:

1. Relationships are built by people, not logos. If I would have spent as much time building relationships as I did advertising my logo, I would have built a multi-million dollar company.

2. It doesn't matter if you are selling T-shirts on the corner, used cars, or insurance, if you have built a community of trusted relationships, they will follow you wherever you go.

I'm not here pushing products. I'm pushing information to help others. Do I offer product and services? Heck yeah, but I'm not out here slinging them every day.

Want transparency? I get more leads now than I ever have, but it's because of the relationships we've built.

Sure, if you Need Career Advice, reach me at ➡www.breakincyber.com/⬅.
And OK, if you want a World Class Cyber Security company to help you sleep better at night? PM me.

Until then, I'll be right here telling stories and making goofy videos.

I'm Mike Miller. I hope that you have in one way or another benefited from my content the past two years. Hopefully by now we've shaken hands virtually. If not, we should.

#cybersecurity #informationsecurity #infosec #leadershipbyexample

2 years ago | [YT] | 7

Mike Miller - Break in Cyber

Don't Tell Anyone I Told You This, but if you are Not Technical, You Still Belong in Cyber Security. ⬇

Governance, Risk and Compliance (GRC) is a sector of cyber security that is in very high demand. Every organization has to have a set of policies and procedures to ensure the business is able to achieve objectives, address uncertainty, and act with integrity.

Let me give you an example.

Everywhere you swipe a credit card, that business has to have proper security controls in place to protect your card data. It needs protected because if in the wrong hands, your information can be used maliciously.

Because of this reason Visa, Mastercard, American Express, and Discover came together and formed an organization called the PCI Council. This council consists of some of the world’s best security professionals. Collaboratively, a set of standards was introduced called the PCI-DSS.

Any organization that processes credit cards is held to PCI-DSS standards. Today, there are hundreds of security controls that companies have to follow.

Examples:
Proper Antivirus
Firewall protection
Encryption on credit card data
Detection systems to detect possible breaches
Policies on protecting the CDE (Card Data Environment)
Proper background checks on employees that access the CDE

These are only a few examples of some of the hundreds of security controls for companies processing cards.

However, there are other security frameworks to set a baseline for organizations to protect their intellectual property, client data, and to even protect digital assets from being used inappropriately. If a person is not extremely technical, GRC can be a great pivot into cyber security.

One example of a career in GRC is a security auditing. A security auditor understands various frameworks and works with organizations to ensure they are meeting compliance standards. Many companies do not have a full understanding of security controls that need to be put in place for compliance. A security auditor’s job is to ensure that an organization has a full understanding of required security controls and to identify gaps where certain controls fall short. The job also entails gathering evidence to ensure compliance.

For a successful career in GRC one must:
Have excellent communication skills
Be extremely organized
Detail oriented
Gain knowledge of frameworks
Report writing skills

You will find there are controls you will fully understand if you aren't technical, but you will also gain technical knowledge by working with the right mentor.

Want to Work with Me? There are Three Ways I can Help:

1. If you want to break into Cyber, let's talk at ➡www.breakincyber.com/⬅.
2. If you are already in Cyber but stuck, let's talk. ⬆

3. If your organization needs a security provider that rates in the Top 250 in the United States (Pentesting, vCISO services, Security Assessments), let's talk. My PMs are always open. I'll hook you up.

#cybersecurity #informationsecurity #infosec #security

2 years ago | [YT] | 12

Mike Miller - Break in Cyber

Here is a 26 Step Cyber Security Analyst Guide. This reference guide will help you be better prepared to defend against any incident your organization may have. Save this for future reference.

🔵 Incident Response Process:
1. Identify the Incident - Recognize indicators of compromise (IOCs) and unusual activities.

2. Contain the incident - Isolate affected systems and limit access.

3. Eradicate the threat - Remove the root cause and affected artifacts.

4. Recover normal operations - Restore systems and validate integrity.

5. Lessons learned - Document and review the incident for future improvements.


🔵 Common Attack Vectors
1. Phishing emails - Look for suspicious senders, attachments, and URLs.

2. Malware infections - Monitor for unusual behavior, system slowdowns, and network traffic.

3. Brute force attacks - Identify multiple failed login attempts.

4. Web application attacks - Watch for SQL injections, cross-site scripting (XSS), and code injections.

5. Insider threats - Monitor for unusual user activity or data exfiltration.


🔵 Log Analysis
1. Review logs from various sources - Firewalls, intrusion detection systems (IDS), antivirus, and application logs.

2. Look for patterns and anomalies - Failed logins, unusual network traffic, or spikes in system resource usage.

3. Correlate events - Identify relationships between different logs to uncover the full picture.

4. Use SIEM - for efficient log aggregation and analysis.


🔵 Threat Intelligence
1. Stay updated on the latest threats - Follow industry-specific sources, threat feeds, and security bulletins.

2. Understand TTPs (Tactics, Techniques, and Procedures) - used by threat actors.

3. Leverage threat intelligence platforms - for automated threat detection and prevention.

4. Share threat intelligence - with other teams and organizations for collective defense.


🔵 Vulnerability Management
1. Regularly scan systems and applications for vulnerabilities - using tools like Nessus or OpenVAS.

2. Prioritize vulnerabilities - based on severity and potential impact.

3. Coordinate with system owners - for timely patching and remediation.

4. Keep an inventory of critical assets - and their associated vulnerabilities.


🔵 Incident Handling Tips
1. Document all actions and findings - during incident response.

2. Communicate effectively with stakeholders - including management, IT teams, and affected users.

3. Preserve evidence for forensic analysis - if required.

4. Follow legal and regulatory requirements - for data protection and privacy.

Later this week I'll be emailing more tips including career advice. You can subscribe at ➡www.breakincyber.com⬅.

✅ Remember to save for future reference

#cybersecurity #informationsecurity #infosec #leadershipbyexample

2 years ago | [YT] | 8

Mike Miller - Break in Cyber

You probably expect the following from me today:

1. A strategy to land your next job in cyber
2. Ten cyber security jobs that you'd be a good fit for
3. A deep dive into SOC, Penetration Testing, or GRC
4. Which cyber security certifications you should pursue
5. How to get hands on experience

Today though, I just want to tell you that I'm here for you.

✅ I've failed interviews.
✅ I have felt the pain of rejection.
✅ I have been in your shoes and nearly gave up.

I then had someone tell me what it was like on the other side. They told me to keep going. They told me that I was worth something. They pushed me.

Through the pain of each rejection, I knew what was on the other side.
I kept going.

If you don't have that person to lift you up, today, let that be me.

✅ You are smart.
✅ You are worth it.
✅ You are one step closer.
✅ You deserve the life you choose.

Today, I want you to take 5 minutes and turn off the noise. Turn off your notifications, put your phone down, turn your screen off, and look out the window. Think about the knowledge you have now vs. the knowledge you had a year ago. Think about your achievements. Think about the people you've gotten to know. Think about your destination. Then smile, because it's only a matter of time.

Once that is done, buckle back up, tell me what your goals are, and let's get to work. I'm going to push you.

I'll start by sending career tips weekly. All you have to do is make sure you are on the list to get them at www.breakincyber.com/.

If you like my content:
🔔 Ring my Bell on my Profile so you are the first to see my posts
🤝 Checkout my Break in Cyber Playbook under my profile
🔴 @mikemillercyber on YT, Twitter, and Threads
🏡 Need a vCISO, Security Assessment or Penetration Test? I proudly work at Appalachia Technologies, an MSSP in the top 250!

#cybersecurity #informationsecurity #infosec #leadershipbyexample

2 years ago | [YT] | 10