Cybersecurity Education and Online Safety with Dana Mantilia, the Cybersecurity Social Media Queen

Show Notes

Dubbed the Oprah of Cybersecurity and the Cybersecurity Social Media Queen, Dana Mantilia joins us for an exhilarating journey into the world of cybersecurity. Starting from zero just four years ago, Dana has since built a notable presence on LinkedIn and YouTube with her accessible approach to educating the everyday person about cybersecurity. The episode peels back the layers on the importance of CMMC (Cybersecurity Maturity Model Certification), the pivotal role universities play in educating and certifying future cybersecurity professionals, and how companies stand to benefit from it all.

We also delve into the nitty-gritty of safe online practices. Do you realize how crucial secure passwords and multi-factor authentication are to your online safety? Cyber threats don’t care if you’re a tech whiz or a tech novice - they strike indiscriminately. As we further underscore the role of a Business Information Security Officer in enlightening the masses, we also shed light on the challenges posed by budget cuts and hiring freezes, emphasizing the need to grow talent from within.

Social media isn't just for sharing vacation snaps and foodie pics - it's also a frontier for career development in cybersecurity. Dana shares insights into the potentials of LinkedIn for video content creation and how a YouTube account can serve as a resource library for those seeking to carve a path in the cybersecurity field. And as we wrap up the conversation, we explore the murky world of scams, giving you the know-how to protect yourself and your loved ones from being exploited. This episode is more than a warm chat with Dana. It’s a deep dive into a world that affects us all, offering invaluable insights for both the cybersecurity enthusiast and the online safety curious. Tune in!

Dana Mantilia
Josh Bruyning
Maggie Dillon 

Chapters

• 0:06: Cybersecurity and CMMC Certification Importance
• 11:22: CMMC Certification in Education and Technology
• 16:35: Non-Technical Professionals in Cybersecurity Role
• 26:37: LinkedIn and Cybersecurity Career Opportunities
• 30:22: Understanding and Navigating Scams

Transcript

Speaker 1: 0:06

Welcome to this episode of Security Market Watch, the show that goes straight to the source for security market insights. I'm your host, josh Bruning, and I'm here today with Dana Mantilia and, of course, maggie Dillon is in the house. Maggie, you're going to do a way better job at this, so I'm going to hand the intro over to you. You're in the presence of cybersecurity celebrity, right? So you guys might have seen Dana on YouTube, on LinkedIn, but, maggie, take it away.

Speaker 2: 0:41

Well, I don't know how to really follow that, but other than that, she's coined the Oprah of Cybersecurity and also the Cybersecurity Social Media Queen. So we are very excited that you're here today, dana, and I'm sure you've been all over the place, especially on LinkedIn. Your record, dana, has currently 3.5 million views on LinkedIn, 1.1 million views on YouTube, and you started four years ago from scratch, correct?

Speaker 3: 1:06

Yeah, absolutely. No likes, no friends, no comments, no connections nothing.

Speaker 2: 1:11

I love it. So we're just going to start there. We're going to dive in head first. What made you do that, where did you start and what kind of made you take the plunge into this whole entire beautiful thing you created?

Speaker 3: 1:23

So back in the day I had an insurance agency and I wanted to offer our clients identity theft protection and there wasn't really a product that could be B2B, then to C, everything was direct to consumer. So we developed a product and then, after we did and then we went to go launch it, then I realized that nobody really had a lot of awareness about why they needed identity theft protection. So I thought, you know, this is really an important thing that people need to start to grasp. So I started doing very, very basic, some very silly videos on identity theft and scammers and cybersecurity. And obviously cybersecurity now, even compared to four years ago, is much more of a hot term than back then, and I think a lot of that is because some of the big breaches and things that have happened in the news that the regular people see it and their bosses are starting to say, hey, we better do something about this, but still not taking it seriously, so, anyway. So I started doing that and then got a little bit of a following and I started doing some training for non-technical people just regular office staff kind of people to help them understand that. You know, sometimes we all cause bigger problems because we don't realize what we're clicking on or if we're getting tricked by something. And I always say it's a lot easier to trick an employee than it is to hack into a computer system. So we have to remember that and hackers know that.

Speaker 3: 2:38

So I started doing that and then about a year ago somebody said are you going to get involved with CMMC? I had no idea what that even was, and that is the cybersecurity maturity model certification that the Department of Defense is rolling out for its government contractors, and I wanted to really help. I think this is a very important thing. We have to protect this country, we have to protect all of our information, and but I'm not a technical person so I figured what can I do?

Speaker 3: 3:01

So that's when I said well, you know what I could do. I could be the interviewer, I could be Oprah and I could interview people over on YouTube. So that's when I started my YouTube channel and I have about 270 videos over there to help people understand little, tiny bite sizes of CMMC, because it's very overwhelming for people and I think that people, if you could break it down, then they can grab it a little bit, but when you just throw too much at them, they just shut down and we can't. These people have to get this certification because we need to keep things going here, so we need to make sure that they're capable of doing that, and here I am today Welcome.

Speaker 1: 3:33

I've got an interesting blend of technical and regulatory and social engineering. It sounds like you know if we're really focusing on scams. This is an area that I've always been interested in and I've always wanted to talk about this topic because it's so relevant to consumers. Right here on Security Market Watch, we often speak to CISOs and that's a large part of our audience and vendors, and so it's all technical speak and people are trying to sell you a technology and it is not resonate with consumers, it doesn't resonate with the normal everyday people. You know it doesn't resonate with our moms, our dads, our brothers, our sisters.

Speaker 1: 4:16

When you start talking about scams and extortion and you know everybody's gotten a text message saying, hey, you know what is the one with the text message where somebody goes they'll say something like oh hey, dana, long time, no see, I'm in town, let's catch up. And you're like, oh sorry, wrong number. Oh, you know what. Well, let's start a conversation anyways. Everybody's gotten those. You know those messages. So I would love to pick your brain on what's going on, how people are combating those sort of scams, because everybody knows personally someone at least who's been scammed. It's big. So how much if you could do a percentage? How much of the CMMC stuff are you covering and how much are you covering scams and sort of the social engineering part? Is it 50-50 or are you focusing on one more than the other?

Speaker 3: 5:14

Well, I think right now on LinkedIn, I would say it's about 50-50.

Speaker 3: 5:19

I would say even more so with regular folks, like today I did a video on AI and how this is affecting the school systems and how are they even telling if kids are writing papers through this? So there's a website that I found or somebody told me about or wherever I don't know where it came from but copyleakscom, and people can go in there and they can put in a paper that somebody wrote and see and it'll tell you what percentage of it is AI generated and it also has a plagiarism tracker, so it will very, very quickly tell you that this was taken from whatever source it was taken from. So that speaks to, I think, very regular people. When I do my messaging on CMMC, sometimes that's really niching down and that cuts out a lot of the people. So I don't really try to get too specific with saying things on LinkedIn about that. Youtube is much more where I really hone in on the very specific things that people have to do for their organization to achieve that certification.

Speaker 3: 6:18

And for those who don't know what is CMMC and how is it used so CMMC is the Cybersecurity and Maturity Model certification that the Department of Defense is rolling out, that they are going to require all of their government contractors to achieve this certification and there's a certification right now in place. But it's all self attestation, so people are just saying, oh yeah, we're doing that. Yeah, we're doing that, and I'm not sure how much is really being done. So I think the DOD thinks it's going to be a pretty small lift to get them from. You know, it's called this state 171 to CMMC, but I think that it's going to be a very big lift because I don't think there's a lot of people that are really following it to the letter. So I think that it's going to be a big deal when it does.

Speaker 3: 7:04

But we have to do this and, like I was mentioning before, we have to protect this country, we have to protect our information and our adversaries are stealing everything because they're very focused on this. You know we're like, oh, let's click on this. Oh, you know, we don't question a lot of stuff and it is very easy for people to get information. They get a little bit of information from this person, they get a little bit more information from that person and then they put it all together Slowly and next day they have a jet.

Speaker 2: 7:33

I love that we're talking about this because, especially as I'm talking to more and more government contractors, we've seen a couple of things, and I love that you started right before the pandemic, because now people are working remotely. Now more than ever, they're bringing on more and more government contractors because of some of the changes that are going on, and the last couple of weeks have obviously changed quite a bit, with projects that are going to be coming in here in 2024. And so tell us some advisement on how people could prepare for this. I mean, obviously they can read up on material, they can do their R&D on it, but if they're looking to schedule out time to get their certification for this, realistically, in your opinion, how much time will that take to be in full compliance to where they need to be with the new requirements?

Speaker 3: 8:19

Are you talking about for CNMC, correct? So I think that they have to start as soon as they possibly can, because what's going to happen is right now, there are only 48 of these third-party assessors that can go into organizations and give you the assessment once you're done with getting ready, once you're done with your preparation. So there's 300,000 government contractors that are going to be eventually depending on when their contracts come due, that are going to need to achieve this. So the supply and demand is those people are just not going to have the availability, the assessors are not going to be available. So if you can get started now so that you can get your assessment done sooner and be an early adopter of this, you're going to be much better off, because the price is going to go through the roof, because it's a supply and demand situation where, right now, some of those guys there's a lot of waiting in the wings here that people are saying, well, I'm not going to do anything until the rules finalize, which is supposed to be over the next 60 days. But they really should, because there's a lot of basics.

Speaker 3: 9:16

Whether you call it CNMC or you call it any kind of framework, the basics are figuring out how to protect the data, how to protect the devices, making sure that people are trained. It's all the same thing, it's just called different things. So, and it's also just good business practices, too, that people need to be thinking of too. It's not just why I have to do this, because I have to achieve the certification, it's I need to be protecting my clients, information, my proprietary information, you know all that kind of stuff too. So the answer is to get started ASAP.

Speaker 2: 9:43

Yesterday got it. So, as far as you mentioned, 46 assessors, is there opportunity for any type of civilian companies or opportunities to add to that number, or these very specific companies or organizations that are only allowed to do it via the government?

Speaker 3: 10:00

No, they're definitely private companies that can go through. They have to actually go through a certification process themselves to make sure that they know what they're doing. You know that kind of thing, and there are more in the works. There definitely are people and companies right now that just have not achieved They've given the official certification yet that they can then be called as a C3PAO is the name of the title, but there are more coming. So, yes, it is a private sector business that can go in their adjustments.

Speaker 2: 10:25

Okay, perfect, and that's kind of why I wanted to ask, because a lot of private sectors don't necessarily do government contracting, and this is something that I've seen a lot of disconnect in. Josh is really starting to get his feet wet in this too, and as we're talking to these companies that want to help both private and government, how you know, how do we bridge those gaps, how do we bring people on board? And then I appreciate you going into depth on that, because that really gives us an insight as to what the magnitude of this is, because if you don't have this certification, you're not going to be able to work these projects. And guess what's increasing in 2024 projects Now yep circle, absolutely.

Speaker 1: 11:00

When 2.0 comes out, it's going to be like drinking from a fire hose. I totally agree. You have to start early and you know what's a really good tool for that Trustmap. Check out my friends at Trustmap. They will help you understand your CMMC posture and get you prepared for when 2.0 is ready. But of course, the third party certification part of this is huge. Just the people who are certified to certify you. I was looking on LinkedIn I don't even know how I came across this. I was going down some rabbit hole and I saw that they'll train you to become CMMC certified so you can do the audits and all that stuff. A course to become a certified CMMC assessor it was something like $5,000 for, like I don't know, maybe it's like a 10 hour course or something like that. But once you're certified as an assessor, there's a whole market for that for people who just go into these companies and make sure that you're audit ready and that you can get your CMMC certification.

Speaker 2: 12:10

Yep, what percentage of those assessors would you say are in the educational industry? Because it sounds like we need to really bring this on in a university capacity, not just the private sector, especially if we have labs or anything to that magnitude.

Speaker 3: 12:27

Yeah, that's an excellent point and I think most of them. Right now I don't necessarily think there's as much of an industry as an academic focus, but I do know like in Connecticut, Southern Connecticut University has a whole area that they're focusing on, CMMC. I'm sure that's happening throughout the country, I just am not aware of which specific institutions. But even going back to colleges, having this cybersecurity as a major, it has completed like 500% increase in the past few years. I mean I even remember when my first set of daughters were going to go look at colleges and they want to be doctors, so it didn't really matter. But you've not even seen that cybersecurity was out there. And now my other daughter is looking and it's. I think almost every single school has cybersecurity certification. There are majors that they can have and I just got contacted from a young man in University of New Hampshire and he's actually they have a major up there that they're focusing on Department of Homeland Security, that specific of a cybersecurity degree. So I was like wow they really are honing in here.

Speaker 3: 13:32

So anyway, so, but I do agree with you that we definitely need to get this much more into the educational system.

Speaker 1: 13:37

I feel like the supply chain, it's like turtles all the way down, you know, because you've got the. There are these universities. They're not, well, they're not universities, but they're these entities, these educational entities, that train the trainers and they're probably, you know, maybe they're competing with the universities for that space, because if you're to build a curriculum around it, maybe that would compete with those guys. But I can imagine there are schools like Metro State, my alma mater, where we have a direct connection to the NSA and the DoD and they sent a bunch of cybersecurity people there. I think they have a CMMC or they're partnering with a CMMC entity that does the training. So, to answer your question, maggie, I think the way that they're kind of looking at this, instead of the university making this a you know a part of their curriculum, they're partnering with these third party educators to bring that on to their existing students. Because I think it's a, it's it's not like a term long course. I think it's something that you could probably knock out in like two, two weeks or three weeks. If it's anybody who knows more about this stuff, you know, drop us a note and you know we can. We can put it in the description, but it's turtles all the way down. There's the assessor and there's a person training the assessor and they're the trainers of the trainers of the assessors. There's a whole business around just CMMC certifications.

Speaker 1: 15:02

Okay question when it comes to third party vendors, in terms of people sort of, in the technology space. So your identity, people like you know over at strata and all those guys, do you, do you recommend maybe they're not selling directly to government entities yet, but maybe that's a market that they can tap into Do you recommend that technology companies should they become CMMC certified as a way to differentiate themselves from other, from their competitors, in that they can do business with the government? So I guess, in that sense, my, my question is is the CMMC certification a differentiator and does it give a company a competitive advantage?

Speaker 3: 15:54

I would say that it probably does, because it's a very you know, it's a big deal to achieve it and it's something that states you are very, you know your, your company is very, very secure. So if you were a private industry looking at that, I have a couple of MSPs that I work with that they had, they work with a lot of you know big government contracts and they have, you know clearances and everything. You know all that kind of stuff. And I just think you know, even just from my point of view, that that speaks volumes when somebody is a private sector is talking to them saying, well, you know they're working with you know the DoD and they got some pretty big contracts. You know that they're, you know that they're protecting, so they could probably protect my stuff too. So I, yeah, I would definitely say that something like that's going to help out.

Speaker 2: 16:35

I kind of want to switch gears a little bit, and you do a great job of talking about a non-technical person, and I want to hit home because we're I say it every show, I'll say it again we're at a 3.5 million deficit in cybersecurity and we need y'all's help big time. So non-technical folks how do they become an authoritative figure if they are not a cybersecurity expert? You hone in on this on your website, on your LinkedIn. Obviously. You've done a fantastic job of taking a lead role in that in and of itself and that methodology. So tell us a little bit about that, or or maybe how you design that to where you are today.

Speaker 2: 17:08

And advice for anyone who doesn't really want to be a cybersecurity expert or go into that field necessarily, but they're running a business or you know, they're trying to do a startup company in some capacity. That could be like what Josh said, a third party vendor in some aspect. And then also you had that, that CMMC designation. That could change the game as well. Tell us a little bit about your opinion on that and what you've seen.

Speaker 3: 17:30

Well, I think that anybody needs to look at this as you know, like, for example, if everybody just did two things, if everybody made sure that all of their employees had very secure passwords that were only used for their you know their work logins they don't have the same thing their dog you know whatever for everything and anything that, and having multi-factor authentication on everything you have to do to log in to work, including email just those two things is going to be huge. You are going to do a great job in getting a huge leap to where you are protecting your company. So see, that doesn't sound like okay, I can do that, right, I can make sure everybody has a password that's secure. I can, you know, get my IT guys to install MFA and then I'm doing cybersecurity. That's what we need to do. We need to start giving people credit for when they do something as basic as that sounds, but it's not basic that that is something that they are taking a step towards cybersecurity because I think it's so intimidating the word cybersecurity is so intimidating because they're just thinking of networks and firewalls and hackers and all this stuff. Then they don't understand any of that stuff that you know that's not what we're talking about. We're talking about the people and the processes that you can put into place, and I think one thing that is really going to be a position that's going to develop over the next bit is I call it the BISO the Business Information Security Officer who's going to work with the CISO and the regular people and they're going to take that information from the CISO and they're going to make sure all the regular people understand, you know, what they need to do and what courses they need to take or whatever they need to do, kind of thing. And I think that's going to be a great position for someone who wants to maybe help out in cybersecurity but doesn't have a technical background, because you're really not going to need a technical background to do this, you know.

Speaker 3: 19:02

Think about basic things like an incident response plan. Whoa, that sounds very intimidating. What does that mean? That means that when the crap hits the fan, what is everybody doing? What are the employees doing? Are they on social media? Are they posting? Are they calling their friends? What is happening? Because it's going to be like the wild west.

Speaker 3: 19:18

If you don't have a plan, who do you call? Do you know who to call? Do you have a number stored in the computer. Can you get into the computer? You know, these are all these basic things.

Speaker 3: 19:26

Do you have cyber liability insurance? That you need to contact them? They may tell you the steps that you need to follow in order for your you know claim to be paid. So, anyway, I think that those are some very non-technical things, that somebody in a company could take those skills and add them and then they're a much more valuable person. If they were to leave and go somewhere else, they could say, hey, this is what I put into place for this company and that's a lot less expensive for a company to help one person help with that versus hiring a whole another person. It's an added skill for somebody, let's say, an HR person or something along those lines. So I think there's little steps that we could take that we are really going to have to take, and again, it doesn't have to be as intimidating as we think it is you love the idea of the BISO.

Speaker 1: 20:08

Everybody talks about the CISO, but the BISO is, you know it's an interesting role.

Speaker 1: 20:13

You're just sort of between, like you said, the regular people and the security folks and you're there to focus on the business, which has always been really interesting to me, because we say that security should support the business. Cisos should be more business-like. They should focus more on how to drive business, how to get buy-in from you know quote-unquote regular people, not just the individual contributors but the executive folks that are also the regular people. So I'd love to see more BISO openings or even see the CISO. You know I've heard this is controversial you guys, don't come from me, okay. I've just heard that you know some companies are switching to just having a BISO or having a CISO that is more like the BISO, and then eliminating the BISO role altogether, because when you think about it, it sounds an awful lot like that should be the direction.

Speaker 2: 21:06

I want to tie into something you just said there, josh. So I'm actually seeing and this is the time of year we're looking at budget cuts. It's near the holidays, we've got a lot of moving pieces right now and I am seeing companies post positions for CISOs or CIOs. They go through the interview process and then, after they view everybody, they say you know what we're just going to promote from within and knock down the title. Now the problem with this is well, I understand, maybe, the future proofing of the company from a cost reduction standpoint. It is not helping on a technical standpoint for protection and overall high level security for those same business goals, and you really you pointed it on that with the BISO position and whatnot. And I feel like there has to be more discussion on this topic because companies are not doing themselves favors by thinking they're saving a lot of money. Everyone looks at the money.

Speaker 2: 21:55

And at the end of the day, that's not enough to protect us, you know, and if there's any, well, we're all biased here. If there's any department that needs to have some money spent in it, it's this department right here, and they need to understand that is the one department you do not do that in, because it's not going to necessarily do you any favors. Does it help your team underneath? Bring people up? Absolutely, but what are they learning by just doing that? The rest of the department doesn't learn anything from that. So you know what I mean, and I'd like to hear your take on this, dana, especially with you talking about future proofing your business. What do you think on that?

Speaker 3: 22:32

Well, I don't know as far as where things are going in the future, and I think the need for cybersecurity is going to be so strong. But the problem right now is that and I work with a lot of MSPs and they do not have the ability I hate to say this to talk to the C-suite. They really they're very bad. They're very smart people, very smart people. So my job with working with them, with my whole, you know, social media marketing program, is to get them to break down their messaging so that they can talk in a way that they're delivering their information, that the C-suite can understand them, because as soon as they don't, again they're like oh wait a minute, this is costing money, forget it, we don't want to do it. But when they can say things like well, do you have an incident response plan in place? And then they'll have to look at each other, you know, do you say, are your employees logged into their Google account while they're at work? Probably, you know.

Speaker 3: 23:22

Those are little basic things you could talk to them about and they're going to understand, as opposed to getting into all that rigmarore with the talk. So I think that's what it is, is that we need to bring the language down so that everybody can understand it, and then we all need to start talking about it. Everybody needs to be talking about this. Like we said, it affects your older parents, the kids, the people at work. It's affecting all of us with our smart devices at home. I mean, you think about this is something that is all consuming at this point and it's only going to get more consuming. So, anyway, I don't know if I went off on a tangent with that question, so I apologize if I did.

Speaker 1: 23:55

I mean, we can spend all day on that topic. It really is very deep.

Speaker 2: 24:00

Well and you proved something. This is something Josh and I have been trying to tackle, together and individually and in different facets the MSPs. I've worked with a lot myself not to your capacity, necessarily. The problem is the budget, but who protects the MSPs and how do we partner there? Do we go ahead and get those partnerships in agreement and then combine that fee overall for the MSPs to then deliver to the C-suite, because I feel like that's probably the easiest route? But the problem we have and Josh will speak to this all day MSPs think they know everything and they don't want to talk to us because they think we're trying to override them when in fact that's not the case. We're just trying to protect them with an extra layer. So what advice or anything you've seen in the market? Could you speak a little bit about that?

Speaker 3: 24:43

Well, that's a very good point and this is one thing that maybe the technology and the protection that you have got you to hear, but is it going to get you to where you need to go over the next couple of years?

Speaker 3: 24:53

And that's speaking with that same MSP If that MSP got you from where you were to here, but there hasn't been any changes or updates or anything like that, because that MSP they do kind of have a mindset of we're all set, thank you, but we're all set, kind of thing.

Speaker 3: 25:07

I do think that that's leaving them open to a lot of things and I think they should be embracing having something coming in and helping. I was just talking to an MSP the other day and they were saying, hey, let's bring in a third party just to make sure that we're doing what we should be doing, for this was a different compliance framework, but I love that he said that, because so many of them are like, nope, we don't need anybody checking our work. Nope, but it's good for them because then they're gonna know if something does happen. Listen, we put our stuff in place. We had a third party come in and then they checked out that we were doing what we were supposed to be doing. So when it goes down, it goes down, but we all tried our best, at least to be able to say that kind of thing. So I think they're gonna need to be a little bit more open minded to that.

Speaker 2: 25:48

And everybody has their specialty.

Speaker 3: 25:49

Nobody can know everything right and this is getting so overwhelming with information with MSP world that they need to know. I can't be the best at everything related to IT and security.

Speaker 2: 25:59

Right, okay, no, take Josh, last two minutes. We're making this a heavy marketing clip for all three of us to share. Got it all right. I love it. As far as I wanna just talk about your traction here, because the amount of views you've had is staggering. Obviously, I'm assuming you've used some SEO in that what was maybe your original thought process with where you wanted to go. Obviously, you wanted to get the message out. You wanted to make some partnerships, make some connections, but did you assume it would be as big as it is today? And is there anything specifically that may have changed the game for you during that process that's gotten you to these level of views?

Speaker 3: 26:36

That's a good question. Everything I've done is organic. I haven't done any paid advertising, any of that stuff, and I just think there's a big opportunity for people on LinkedIn because if you look through your normal feed, there's not a lot of people doing video content. So that's one thing I always say, if you can get your face out there in video. But a lot of people are intimidated by that, especially the MSP personality. So what I do with them is I do a promotional video where we're all talking about their services and everything like that, and then I can cut out clips of them talking. They're talking to me, but then now they're talking to the audience. So that's been very, very, very helpful.

Speaker 3: 27:12

But I think anybody you know you really, if you put a game plan together, linkedin is the place to be. But as far as how I got to her, I don't know. I mean I've been posting every day. I really was committed to it and in the beginning, when I had nobody, I mean every single one of my comments that somebody leaves, every single one gets a reply. You know, saying thank you for commenting or whatever, appreciate your input. But when I first started, every if somebody even liked my stuff, I would go and message them and just say I just want to say thank you so much for taking a minute to look at my content and to give me a like right.

Speaker 3: 27:44

That's a little thing but it's kind of cool, yeah, it kind of built up like that. And you know, as far as the YouTube, I think I really wanted to make a stand on CMMC and wanted that resource library so that when people go they you know they could find it. And I think it's similar to this. It's a very casual conversation that we're having about whatever specific topic. We're talking about, non-intimidating, and people can get little bite-sized or, if they want to, you know, go through a couple of them, they can. They're not two hours long, they're 10 to 25 minutes long, kind of thing. So, anyway, I think there's an opportunity for anybody that wants to go out there and do what I did. I didn't do anything special, I just stuck to it. That's what I did. Sometimes I was like what am I doing here?

Speaker 3: 28:27

You know, but you know, I really do think I'm helping people. A lot of people message me and they tell me these terrible stories that happened to their parents or their kid or themselves or their neighbor, and you know they ask me how can you help? And so I'm like, oh, let me see what I can do, and I try to come up with some information for them. And now what's happening is I have a ton of students and young people and people new to cybersecurity that are reaching out to me and they're saying what should I be doing? What you know, how should I be building my career? And I'm thinking myself this is the wrong. I mean, this is the wrong person to be asking. I have nothing to be helping here, but what I'm trying to do now is I'm trying to create a bridge and a group of people that can help the people that need the job recruiters and you know people that have internships with these newbies because we need to put that together.

Speaker 3: 29:12

There's so many other industries that have assistance with the career path and cybersecurity. We know there's such a huge need, but because it's kind of new, there's really not a very specific path for people to take. So there's this big like well, I don't know, should I go take another course? Should I get another certification? You know, but I don't have any experience and you know entry level. They want three to five years experience, which is ridiculous, yeah.

Speaker 2: 29:32

I could tap on this topic all day. I have 15 years of executive recruiting experience and all the recruiters are just sitting here clapping right now with everything you're saying, because it's a different ball game. It's a completely different level of expertise. You cannot operate in the same standards as you would any other field, and the problem is the recruiters, more often than not, don't know anything about cybersecurity. If they do, they pretend like they know way more than they do more often than not in my expertise. And it's really hard because even the people working in the HR department, all they're getting is a wreck from the hiring manager and then typing it in, and then when they're going over a list of questions, they aren't able to dig deeper because they don't know the actual topic that they're asking about. So I love hearing about that. I feel like we could go on a whole tangent and I'll just shut up right there because I am very passionate about that topic.

Speaker 1: 30:22

I just want to say I know why you've gained traction. You said I don't know why this works. You know, I don't know. The thing is, information is a product, and you're consistently putting out a product that people want to use. I understand products, I understand the product space. We don't often think of information itself as the product, but there's no product on this planet that anybody's that's going to make any money or is going to or anybody's going to use, unless it's useful, right, Including information.

Speaker 1: 30:52

And so I think just I know that the fact that people are responding to you means that they value the information that you're putting out, especially for those entry level people.

Speaker 1: 31:02

You know, because I talk to people all the time, you know I volunteer my time pretty regularly, probably more time than I should be volunteering, but I'm committed to helping people come up, because a lot of people have helped me when I was in the entry level stage and they're always like Josh. You know how do I break into this industry? I need all this experience and I don't know what I'm doing, and one of the things I direct them to do is to soak up as much information about the spaces you possibly can, and so people like you provide that value not only to the experts, because no matter how much you call yourself an expert sorry, experts there's always more. You can know You're never quite an expert, right All the way down to those who are just getting into the field, even people who are just curious, you know they will find what you're doing incredibly valuable. So that's why it works. For me, it's pretty simple If there's a product that's good, people are going to use it.

Speaker 3: 32:05

Well, and you know what sweet is that is. I love when people reach out to me like there was this one little man. He reached out to me and he said every week I write down your little tips. And then when I have my coffee group with all of my friends, we talked about all the tips and I was like, oh, so little things like that, just really kind of, you know, help, keep me going. Then you know, at the end of the day we all want to be able to look back and say we did something that helped people, right?

Speaker 3: 32:28

So, this is my part that I'm trying to do you're spawning off baby experts.

Speaker 1: 32:32

Hey, that's great. Hey, can I ask a question about scams? I Would, this is burning Me to ask. And so what is the? What is the, the biggest scam that's out there? Like, what's the? The up-and-comer, the rising scam, the thing that everybody should be looking out for? That's, you know, because in the scamming world, once everybody kind of knows how a scam works, then it kind of takes away from the energy of the scam. But then there's this thing that like sneaks up on you, like the Nigerian Prince one day Just kind of snuck up on people and nobody knew what it was. So is there anything that's out there that people should be looking out for?

Speaker 3: 33:17

Well, I like to say to everybody is almost every single scam has two things in common right, they all play off of urgency and emotion. So we have to remember that when somebody says this has to happen right now, you have to do this right now. If we sit back and we think to ourselves how much stuff in our life really has to happen right now? Not much, there's really not much, unless there's an accident or you know something like that, but not much has that. And then they play off of emotion because they know that you're, if it's your boss, your quote-unquote boss that's asking for something, they're gonna follow through with it.

Speaker 3: 33:51

If somebody says you know, like the grandparent scam is a huge, huge one. It's been around for years and it is extremely effective, where somebody will call an elderly person, pretend to be their grandson Down in, you know, in Mexican prison and I need you to wire me money, the poor grandparent is like what? Oh, I'm Johnny's in jail, we got to go help get him out, let's go wire money. And they don't even stop and think about what. Should I try to get in touch with Johnny's mother, you know should.

Speaker 3: 34:15

I they don't stop because, again, it's that urgency and emotion. So as far as which the next big scam coming, I think we always have to stop and ask ourselves whenever we're approached with something they think, does this look a little different than my normal day, you know? Is this something? And if it is, then we need to make sure that we ask those two questions Is it the urgency and is there playing off of some kind of emotion? We also need to make sure that we Tell people like, for example, a new employee. We need to tell them that HR or IT is not gonna call you and ask you for your login credentials. Because if you don't tell them that and they're a brand new employee and somebody calls and sounds like they know what they're talking about and they say, listen that you know I actually get this information to look, give me your login credentials. No, okay, here you go, boom.

Speaker 3: 34:58

And they probably wouldn't even tell anybody that they did that because they might just think, well, that's just normal, I've just people, you know, just give them away. So it's stuff like that. So you know, the more again I keep going back to this again, but it's more that we can all talk about this stuff and Help each other, because there's, it's not. None of us went to school for this, we're all just regular people that people started throwing computers and smart devices at us and like here, go have fun, right. And now we're like asking our kids hey, can you help me like set this thing up right? So it's, it's a whole new world and that's what we have to remember. So I don't know which scam well, that's the but.

Speaker 1: 35:29

You've. You've like, outlined a Map for understanding and navigating scams, and it is future-proof, because, you're right, it's always gonna be about emotions and immediacy. Mm-hmm, okay, great, I had another question. That was gonna. I was so enamored with your response that I forgot all about my follow-up. I was just so, I was just so.

Speaker 1: 35:55

Great, all right. Well, we're coming down sort of to the end of our time here. Dana, is there anything that you want to talk about and you want to get out there? I mean, we've talked about everything from CMMC to scams to, you know, third-party education and all that stuff, but is there anything that we haven't asked that you're? You just want to get out there and you want people to know?

Speaker 3: 36:24

No, I think that we just need to really make sure that things that we take for granted Maybe our elderly parents don't take for granted, like, for example, we all know Facebook, is it gonna call you? They don't know that. So if somebody called them from Facebook, they think somebody from Facebook is on the phone with them. That and then also one that that happens a lot is if your computer either Goes dark and comes up with a phone number to call, or sometimes there's even sirens going off or whatever. You know. That freaks people out and now they're doing whatever the computer screen says.

Speaker 3: 36:52

We need to make sure tell no, no, just turn the computer off, restart it and it should go away. But if you don't tell somebody that again they're like oh my goodness, my computer is gonna explode and I need to do whatever this phone number is telling me I need to do, and next you know Someone's logging in and getting in there. So it's if we all share the little bit of information that we know will all collectively be gathering bits and pieces and be able To better protect ourselves and our families and our children. That's all another situation, but that's what we need to do is just just start talking about it at home, at work, you know, with your friends, whatever, and doesn't it to be a big long conversation? Just if you hear about something, share it. So then if somebody else runs into it, they're like, wait a minute, I just heard about that kind of thing.

Speaker 2: 37:34

I have one thing that I'd like you to talk about. Tell us about your newsletter. You're upcoming newsletter that you've been putting together.

Speaker 3: 37:40

Okay, sure, yes. So I am one of the admins of the cybersecurity community group on LinkedIn, and this group is crazy. It's growing by leaps and bounds. It's literally growing by 500 to a thousand people every single day. It's up to 130,000 people. So what I wanted to do was to make it more interactive.

Speaker 3: 38:00

So what we're doing is we're trying, we're asking people if they want to give us their email address, and they were coming out with a Newsletter which is going to be, you know, kind of cool.

Speaker 3: 38:06

It's gonna have videos in it, articles, helpful information about the industry, helping people get jobs, top of internships, the latest and the greatest of what's happening in the industry, in CMMC, and it's just gonna be a nice way that people in the group can get to know each other a little bit better. The next thing we're gonna be doing is going to be creating some kind of a platform, like either a slack or some kind of a group, where people can then go and communicate with each other, because I just think it's it's, if you look at the amount of intelligence In that group of different people, and if we could all just help each other just in that one little group, even though it's getting so big. I think that that that would be a great thing. So if anybody wants to get on the newsletter, you can just, you know, through LinkedIn, send me your email address and say newsletter and I'll put you on there, awesome.

Speaker 2: 38:49

Perfect and any other platforms that people could find you on what? Where should they go to find more information on you and your company?

Speaker 3: 38:56

Sure, they can go to cyberdanacom to find out about my social media marketing Company. And if they want to go over to YouTube, they can just put in cyberdana in the search bar and I'm sure it will. You know, come up there, and then they can watch some of my videos. They're not all about CMMC. Some of them are just about cybersecurity in general, so hope that they're helping normal people to regular people fantastic.

Speaker 1: 39:16

And you can find me on LinkedIn. You can also find us on YouTube, you can find us on Instagram and you can find Maggie as well on LinkedIn. We're all pretty active on LinkedIn. So if you love the show, if you're a fan or if you have any tips on how to improve, shoot us a message.

Speaker 1: 39:35

We love to connect with the audience. We love to connect with you. We love to hear what's going on Just out there in the world and there's anything that you want to know that will help you to understand the cybersecurity industry a little bit better, understand the landscape a little bit better. We are happy to talk and to give whatever advice and just to learn from the public in general as well. So, thank you. Thank you so much for listening to this episode of security market watch. If you're on YouTube, please subscribe, hit the like button, share it with a ton of people. If this is information that's valuable to you, it'll be valuable to others as well. Dana, thank you so much for being on the show today, and Maggie, keep rocking it. You're great. You're the hurricane, appreciate it, thank you. Bye, everybody, bye-bye, and that's a wrap, right.