From the College Football Player to Cybersecurity Enterprise Architect

I think I saw on your LinkedIn that initially, I think your first bachelor's was in business administration.

And before that it was actually personal training. So when I was in college it was everything sports, right. Like my whole identity was this football player, like I gotta make it to the NFL, I gotta make it to the next level. So for me I was like, okay, like my major, I wasn't really thinking about you know the future in terms of what's the most lucrative career path to actually go down. Just hungry, like I came into the industry super hungry, like I said like and even now you have so many different streamlined processes of getting people into cybersecurity, and back then it wasn't like that it was like okay, like you know, this is what it is and you kind of just gotta find your way once you get a certification. Find your way.

So for you, how's pay been like in that area?

Like in the DMV area Pay's been great and, for example, pay's been great. If you're like an intermediate, like cybersecurity engineer, you can come to Washington DC and make baby about like 140, you know. And then obviously you know as you get more advanced it starts from there and you continue to go up 150, 160, 170, 180, that's 200.

This video is being brought to you by Course Careers. What's going on, guys? If you're looking to start your IT career, then check out the IT course at Course Careers, taught by none other than the great Josh Maddox. I'm pretty sure you heard of him, but we all know that it could be pretty pricey in IT and this course is very affordable. And also, if you don't want to pay back those student loans like I have to, then this is the course for you. So check out the course careers course. My link will be in the description. Use code TEXTUAL50 in order to get $50 off your course and get started on your IT career today. What's going on there, everybody? Welcome back to another episode of the TEXTUALTALK podcast, where I'm your host, hd. And today, guys, we have none other than Mr Joshua Wells of Cyber Vault Solutions joining us today. With the unwavering passion for cybersecurity and an unwavering commitment to safeguard businesses from digital threats, joshua Wells is a visionary leader at the helm of Cyber Vault. Armed with over a decade of industry experience, joshua's journey in the cybersecurity realm has been nothing short of extraordinary. Joshua's expertise and deep understanding of the intricate world of cyber threats led him to establish Cyber Vault, a groundbreaking venture dedicated to fortifying digital infrastructure of organizations worldwide. Under his dynamic leadership, cyber Vault has emerged as a trusted fortress, providing robust cybersecurity solutions to clients across various industries. As a technical CEO, joshua is driving force behind the company's cutting edge strategies and innovative technologies. His intricate knowledge of ever evolving cyber landscape enables him to anticipate threats, adapt swiftly and deliver customized solutions that outsmart even the most sophisticated adversaries. Known for his relentless pursuit of excellence, joshua fosters a culture of innovation and collaboration within Cyber Vault. He inspires and empires his team of cybersecurity experts, encouraging them to push boundaries and stay one step ahead in the ongoing battle against cybercrime. So you guys heard that. That means you're in for a treat, and I can tell you it was personally very good to talk to this young man today. So, without further ado, our guests. All right, man. So how you feel about the Washington Commanders finally getting sold?

Man, I think it's time for change in that organization. To be honest, I'm actually a Dallas Cowboys fan, so you know I don't really got a lot of opinions on that, so, but I mean, in terms of it being sold, I mean whatever can get them in a spotlight, to be good again. Man, even though I'm from Washington DC, I'm from this area. You know I'm a Cowboys fan, but you know they've been struck. I know their Cowboys been struggling to get to, you know, the next level and I know you know the Commanders definitely been struggling for the last decade or so, so for sure.

Funny that you said that I wouldn't expect that from you. Well, then again I would. Dallas has fans everywhere. I think people get like it's only certain franchise where Dallas doesn't have the like a lot of fans at like for me. I hear that a lot. When people like I tell them I'm from Louisiana and they think I like the Saints, I was like no, the Saints were horrible when I, when I was growing up, they didn't barely show them because I'm from the northern part of Louisiana, so they really barely show them on TV. Back then they used to either be San Francisco or Dallas. So in Shreveport it's a lot of Dallas fans and a lot of San Francisco fans. For me, though, I'm actually a Broncos fan. I used to. I really was more so like a follow pay manning, so it's like when he's with the Cows. I was there and then they said, oh, you can't like two teams. I said okay, and so I just I used to actually like kind of root for them where Andrew Luck was there, just because I did kind of like Andrew, look, I think they just didn't protect them enough. He was like I'm gonna get my money and get out of here, but good old, you know the sheriff, you know Broncos had a bad year last year with the coach. Well, I think we're showing Peyton. I've been seeing a rush Russes like drops, some weight. Bold prediction I'm gonna say 10 and 6, 11, 5 maybe because a lot of the, a lot of the games they lost last year was within like a touchdown, literally. So it's not far fetched. Yeah, so it's not far fetched to say that now for y'all I don't know, man, it's, I don't. I don't think y'all can do anything to Jay Jones and then leave. Like me, personally, I see the talent there, but I feel like if it's not balanced enough to where y'all throwing the ball too much, I think that's what's gonna be I kill you. See, I don't think y'all have to throw the ball too much. I mean, y'all can still got Eagles problems.

So I mean I'm tired of getting my hopes up every year. Everybody asked me hey man, how do you feel about the Cowboys? Are you excited? And I'm like man, I can predict, you know, hopefully that they actually go to the playoffs. But it's kind of like now we have all the pieces to the puzzle, but we've been here before. So we've been here before where we had the Marco Murray, or like Felix Jones or Des Bryant, tony Romo, you know like, and I'm like man, I'm tired of being disappointed. So for me it's like if the Cowboys make it to the next stage, they do. If they don't, then you know it is what it is Like. You know, even with the Ezekiel Elliott era, like, you know what I mean, I know he's done now, but it's kind of like man, like we got Tony Pollard now you know we got CD lamb. You know DACA is okay, you know what I mean. We got a stack defense. I think they were ranked number one or top five, like last year, in terms of like, yeah, turnovers, like pass defense or and stuff like that.

So but we'll see, man, I think some of them stats, I think some of them stats was fools gold when, uh, depending on the teams they went against, when they looked like very good Fun fact for the for the listeners out there, I actually gave DACA hotels and high school. When we beat them in the playoffs, we beat them so we beat them so bad they thought we was going to state. We thought we was going to state too. When we didn't end up going to state, uh, it was kind of like, I mean, funny enough, it was like, uh, my school, huntington, and his school, how we were in the same division, district one for eight. So we actually ended up losing them to them during the regular season, just cause play calling and crap like that. And we say, all right, watch when you know we see y'all when it count. And that was how she wrote yeah, man. Well, guys, welcome back to episode 96 of the textual talk podcast. I'm your host, hd, and you know I appreciate everybody for just tuning in with us. Have you seen the vlog? You seen? I just got back from SplunkConf and just back here this week to give you guys some more content. Now today we have a great guest for us. His name is Joshua Wells. He is. He has a lot of titles. I'm just going to say right now he's a enterprise architect and also he wants to provide solutions. And today he's came to stop in with us to tell us about his journey and a little bit about his business. Let's give him a round of applause, please. Yo, josh man. So earlier we was talking about sports. You know he's got to bring everybody in that they that can deal with. Matter of fact, if you listen on YouTube right now, make sure you're going to subscribe, hit the like button for the algorithm. And also, if you're on Spotify, apple podcast, google, whatever, please make sure you subscribe and leave a review so it can help us out in the algorithm. But also for my YouTube watching their watchers or Patreon watchers who is your favorite football team? Drop it in the comments below. Your favorite football team will let me know a lot about you. I'm just kidding, but, josh, thank you for stopping in with us today. Man, can you, can you just introduce yourself, for?

us, you know. First and foremost, thank you so much for having me on here, henry. It's a pleasure to be here. I love what you're doing and, as Henry mentioned, you know I got to. I wear a lot of different hats, you know, especially during the duration of my career, and up to this point, you know a little bit about myself is I've been in the cybersecurity industry for a little bit over 12 years. I've concentrated in various areas, such as engineering, architect, compliance, endpoint protection, penetration tests and vulnerability management policy, rmf, and you name it. I'm sure there's a few more I'm leaving off the board but I'm immensely a passionate about cybersecurity. When I first broke into this industry, I had a background in, you know, football. I played football through college. I've been playing since I was six years old. So transitioning into tech for me there was no streamlined process, but as I got in, you know, through trial and error, you know, through studying, through, you know, really helping myself and self development, I was able to reach the level where I'm at now as a business owner and as an enterprise architect. So I'm immensely passionate about cybersecurity. I also teach at several universities, such as Michigan, colorado and Long Beach Polly as well. So yeah, I'm here. I'm so passionate about this field that I love helping other people transition into it, and you know anything that has to do with cybersecurity. I can talk for about like 10 hours. I just want to throw that out there.

Now that's dope. Funny enough that you did say you used to play ball. I'm looking at you right now I can't, I'm only looking at you from neck up, but I'm going to say that you probably play like running back, maybe like safety, something along those lines.

Play running back, play kick return. Pretty much, that's it. Those are my two spots like running back and kick return. So, yeah, yeah, you hit it right on the new.

I can always guess I got you do this thing. I do this thing all the time when I was watching football or college or whatever. I'm just guessing people height. So, like, for me, I played a strong safety. Sometimes I played corner, it really just the pin who was calling the plays or whatever that day, so actually Doing the scrimmage. It was so funny. Luckily they didn't go my way today do hit me with a double move and he was wild or he was out over. But they, they went to somebody. Yes, yes, they didn't, they didn't come this way. But now that's cool. Like, for example, you play ball. And then one of my other episodes of shooting this week he's actually played college ball or college basketball, like that. So it's just cool Seeing people transition from there. Now I wish I would have known that before him because as a person, you play football. Did you play in college?

as well. I see several different colleges. So football for me it was kind of like a. You know I navigated different areas and coming out of high school is actually a top recruit. But you know I made a lot of mistakes along the way in like in college, in terms of like transferring and you know, Not really being patient where I was at and stuff like that. So I actually played at several different schools for sure.

No, the reason why I bought that up is because I think one of the biggest issues that former athletes deal with is not knowing what the transition into that one of some of these people will talk Early on in their life that their goal was there. They were going to be a football player or whatever Basketball you name it in this boxing, but when that didn't happen, they don't have a plan double a. I always say playing be. We can say playing double a. They didn't have a plan double a and you start to see them kind of spiral out a little bit depression, still trying to hold on to the dream of just Maybe trying to play any semi-pro leagues or some of these other leagues that really don't mean anything but you're not getting paid enough money to. It's not like you want to. Now, if you want to go XFL, by means, go there. That's different. I mean you got some visibility. They got some connections with the league. You may bounce back even Canadian football league, anything outside of that. I mean arena is cool because I seems to be with, bounce back from arena and get some trials and, you know, make some noise for themselves. But other than that, all these other little leagues and in all those things, I Personally would tell you to find some else. You can make much more money and take care of your family another way. It's instead, of you know, possibly hurt yourself, because that's the deal too. When it comes to football, it's like Do you want to put it all on the line? And that's the scary part like you got a really mean. Now you can't. That's a collision sport. Right, there's not a contact sports, collision sport. But this isn't the sport and cyber podcast. I wish it was. Maybe I'm gonna give them somebody a hint and they want to start there. I think they pretty. I think that would be pretty cool. Well, I might have a segment where I talk to transition and athletes. I think that'd be pretty cool. So you already covered that. You did play Football in high school. Outside of that, I mean football in college and high school. Outside of that, what you do academically, like what did you? I think I saw on your LinkedIn that initially, I think your first Bachelor's was in business administration.

And before that it was actually personal training. So when I was in college it was everything sports, right, like my whole identity was this football player. Like I gotta make, is it NFL? I gotta make it to the next level. So for me I was like, okay, like my major, I wasn't really thinking about you know the future in terms of what's the most lucrative a career path to actually go down. So, you know, I was like, you know, personal trainer, you know, and nothing against personal trainers because people have made a successful career out of it. But for me it was just more of like, let me just attach myself to something that's athletic and get by and try to make it to the NFL. So for me, I wasn't really paying attention to that towards I got until I got, like towards the end of my, you know, college football journey and, you know, do the injuries and transferring, that's what kind of like reality started to set in in terms of like man, you know what. I don't think it's too late to kind of like, you know, trade off my major or transition into a different major. Maybe I have to stay in school a little bit longer, but I think down the road this may be a little bit more beneficial for me. So that's when I got started and I got into business administration and I learned business systems and that transitioned me and not information technology. So I would say initially that was my first technical Degree that I, you know, transition to from, transition to from there.

So I typically tell those College kids to check out over the long term the role that you're gonna do. Please look into that and see what type of money you're gonna make, especially just what you could possibly expect coming out of school. Too many kids are going into school and picking. I don't want to say it's wrong, because you should be able to do what you love and make a living, but this is a totally different world than 20 years ago. It's not the same. Me and my my god E, we're just talking. We're talking with some, a certain situation, but we're reflecting back when we were 22 23 on what we are doing and I was like man at 22 23. I said I think I was doing help desk making, you know, around 40k. But I was like that 40k at that time was close to like, and maybe like 60k in today's time, and we were just talking about how things are different and this everything just wasn't like on social media. It's just a different time when you could at least like okay, cool, if I start out here, you know some people was working on that life to make 40. So those are one of the things why I picked you know the majors I chose to pick and go into In college. Did you do any internships, like when it came to okay, boom, you got business administration, now you want to go into it. Once you made the switch to it, were you able afforded, to do any Internships in school, or what?

so, for me, I didn't do any internships, like I did do work, study at school. So I did the help desk at several universities. Like I worked, I helped out. Sometimes it was paid, unpaid, and I just volunteer it because at that point I was like, look, I got a transition and I got to get started somewhere. You know, at that point I wasn't a hundred percent invested, but I was still, you know, working towards like really trying to build a lucrative career, like since it was like the end of my college career and, yeah, even getting now. I didn't do any immediate, immediate um, excuse me internships at the moment, but what I did is I did a ton of contract jobs. I did a lot of a ton of temp jobs. So let's just say, for example, you have temp agencies out there that may need a, you know, cybersecurity specialists or cyber security analysts. And then from there you know I've reached out to temp agencies. Hey, this is only two or three days. Hey, this is only a week. You know what, let me go ahead and get this experience, though. And then from there that's when I started build up my portfolio, right, because who wants to take, you know, temp jobs for maybe like a week or you know a couple days or whatever you know, and it kind of built up to like a month and into a couple months, into a year, until full-time position. And that's how I kind of kind of transition into cyber security from there, so starting off as a you know, a business analyst, and then help desk analysts, and then really just transition and then security analysts, and From there it blossom. And that's all she wrote. But I didn't take on a hundred percent internship, I would say directly at the college, like that.

Okay, no, no doubt that's actually a pretty smart way. Some people wouldn't be willing to go that route, but that is one of the easier ways to get experiences through. You know, a company to agency, like you said, because, hey, a lot of times I go to interlevel worlds you're the two years experience, right, but once it's paid experience or I actually have a document, I found a link then we're saying you know, some Companies don't even specify being paid experience. So, with that being said, it's many different ways to skin the cat and you just you just name one, and that's probably why I couldn't pinpoint exactly where your starting point was. You like y'all I went on his page no lie here like 20 jobs on there and I was like I don't know where to start. I just tried to pin my different areas. But before we get out the topic of school, I briefly want to talk about that now. I believe you're back in school now at capital, if I'm not correct, I mean if I'm not wrong, right, yeah, and you're in the PhD program and I want to talk about I've been seeing like some of my Associates, like in this sector, wanted to go back to school and get PhDs and not got my masters and I'm just over school. I'm not over it in a sense that I wouldn't do it. I'm just Over in a sense that I don't think I had a time to. I would probably only do it if I didn't have to pay for it right, because I already got paid. These people back starting next month Well, that's what they hope they get. But what decision was it for you to do a PhD? Was it the fact so you could be teaching college students or no, just some people. Just like the prestige of saying I'm doctor, you know, I'm Dr Wells like what about the PhD? Intrigued you to go back into it because I could tell you I know it's not really the money. Like there are people that don't have PhDs in cyber they love people don't have degrees in cybersecurity or a tech friend general and making a lot of money, so it's not really the money. Like, what made you want to do it, I would say, is a mix of things.

I would say the. The first part is um, and I'm with you like school. I'm like over school man. I'm like you know what I got my master's. I'm like man, let me, I'm done right. And For me it was just more of about the credibility piece and more of like just having that additional badge and honor on my profile. So, you know, even if being an established business you know I mean, having that next to my name, you know Just shows more credibility and I feel like um, you know, and I always tell people to, at the same time, a lot of times when you're, when you're inside security and you're throwing out your resume and you're conversing with different recruiters, you know it's all about advertisement. How are you advertising yourself? Right, you know you can advertise yourself with search. You can advertise yourself with education, but I mean what it really boils down to is it can you do the job and key you execute at it at a high level? But I'm a big person on image, I'm a big person on visibility and I like to average advertise myself as such. So I would say is a mix of things in terms of like, you know, like alright, that's Joshua Wells to, you know, cyber security architect and business owner. He has his PhD and I want to show that I went to the necessary channels and that this isn't just like some gimmick or like Me faking it to. I make it right. I literally went through trial and error to get to the point of where I'm at and that's pretty much just like a badge and honor and it's like I beat the game at that point. You know, it's kind of like certifications and I'm cyber security. The CIS is considered the highest level and once you get that, you like okay, like I'm good, like you know. So I feel like for this. For me it was more of like just taking on that challenge of just getting that and just really adding more credibility to my name and even addition to that, you know, when I first started out I was like man, this is super functional because we only meet once a week. You get your assignments turned them once a week. I don't think it's like the traditional PhDs where you got a go and you're working five days a week. They understand that they're working individuals, you know, attending these Institutions and like they really, really create the structure of the classes and courses to really accommodate like your everyday, everyday life. So that's what I like about it. But I mean overall some mix of things. But I think you know anything that can help benefit me in my business and push me forward and help advertise my services or just me as a brand, I'm definitely going to take initiative and do it.

So Smart move, smart move. Now we talked about the temp agencies and all those different jobs that kind of led into your experience. Let's talk about that first big time role that you had. It didn't really have to be big time like certain companies, but the role that you probably would consider your official start like just like yourself. When I was in college I worked at the help desk for the college of business, for the IT director, and they used to be in my resume for years Because I kind of had to spend. I got paid for it, whether it was work, study or student worker job. So. But after that my first big job was help desk For you. After those different temp jobs, what was your first job that you actually did where you say this is my, but really the beginning of my career, a job I can really speak to and interviews and put on my resume and say I did this, this and this. What job was that?

I would definitely say dating back to maybe like 2014 or 2015, and maybe one of those years. But I had a contract. I actually got hired on a contract on a state department. So that was pretty much my first introductory gig, full time position. I'm going in. I'm like man, I'm a security analyst. So it was no more like help desk stuff, even though help desk has like certain characteristics and responsibilities of like cyber security. I know that's a whole another discussion in terms of like the parallels, but that was my first on paper like security job. It was like I think the name of the title was security data analysts and what I would do is assess specific data classification types, run scans on systems, and from there I was like man, I'm working with the big dogs. Now you know what I mean. I'm in here from here skies to limit. So I think that was the introductory cyber security like a job for me and I was excited there I had to go. This was back when we weren't teleworking and working from home five days a week, so I had to actually go into the office. You know I was conversing with people, shadowing like the senior guys, just hungry, like I came into the industry super hungry, like I said, like, and even now you have so many different streamlined processes of getting people into cyber security, and back then it wasn't like that. It was like, okay, like you know, this is what it is and you kind of just got to find your way. Once you get a certification, find your way. Even before the certification, you know, find your way, like whether that's the help desk role, whether that's internships, whether that's contracts or whether that's just knowing somebody. It's through trial and error, you know. But I would say that was definitely my biggest, you know, introductory gig right there. That made me most excited to kind of continue to build off of it.

I definitely would agree with that 100%. There was no real roadmap back then. It was most people you probably ran into started off a help desk and just landed a security job. Back then security wasn't even a focus of many companies. So along you can talk about state-wide Like how was it working at the state? Is it similar to government as far as, like, technologies, old processes, old people, the old ways of thinking, this is how we do it. It's not changing. How was that experience?

My gosh, man, you hit it on the nail. I mean, I feel like the government is still like that today. When it comes to like technology, like you know, they're always behind. Like, for example, I've worked in a private sector and I've worked in with different government entities, like on contracts and stuff, and it's night and day. You know, when you work in a commercial space, oh, that's a new security tool in the market. Okay, boom, let's get it. You know, I mean, let's invest in it. You know Microsoft had a release on a new patch or something like that, or there's a new, just anything. I'm trying to think of some security tools off the top of my head, for example, carbon black or crouch right, those are two technologies I've worked with in a commercial space and it's just like man, this is powerful, right? The federal government probably wouldn't even do that, like you know, it would take them a while to invest or really, you know, inherit a tool like that, because they're used to, you know, working with what they're working with. You know, I mean they have their own budget. What do they use and what do they use the EPO? You said, what, what do they use the EPO? Yeah, yeah, yeah, I think so Yep, yep, and you know they'll use, for example, like McAfee too, right? So instead of like using a Bitdefender enterprise suite or use McAfee, right so it's really just meeting the minimal requirements there. And spreadsheets they are big on spreadsheets, man. They will maintain everything inside of a spreadsheet.

So, to your point is night and day, you know yeah no, but I was saying like so Mac fee is well, I don't think it actually exists anymore because they kind of merged with trends, but Mac fee is an EPO.

Oh, gotcha, gotcha gotcha, gotcha, gotcha.

Yeah, epo is McAfee. They had Nitro at one time, they got their firewalls, they got some other stuff. They really did have a lot of those contracts on lock back when they were the prosperous. But I believe they stayed very stagnant even from just the UI and how things look, and that's how they went down. Because I was as blunt come real quick is. I met a guy who used to work at McAfee as well and we were just talking about what happened with all the layoffs and he was talking about the stuff he used to do there. He was like working for their SIM tool at the time and I was like a sock endless internally to McAfee. We just talking about like all the BS and the stuff that was happening. The writing kind of was on the wall. We kind of look back at it now Like that office. They had a nice campus in Plano, texas that pretty much does not exist anymore. It's been for a rent for a while. Like it was just crazy. Like once they separated from Intel like it went downhill. Intel probably was holding them together because Intel had their own sock there. I was like outsourced. But this isn't the McAfee Intel time rate. I may go on another one of those again, because I have an episode about the worst sock ever that I made years ago. Let me see, yeah, so when you did that state gig, were you still in the DMV area?

Oh yeah, I was in the DMV area. I'm originally from Alexandria, virginia, so at the time I lived in Arlington boom, got on the metro going back and forth and then pretty much from there, just stayed in the DC area and transitioned to different jobs from there.

So yeah, man, I feel like, well, I can't say for the men the men are different, but for the women I know who works in DC man, or the top women, because you would think like I met these women at Splunkoff and I got to see their IGs and I was like, if you didn't know they had like security type of roles or tech related roles, you would think they were doing something else. You would think they're like some IG models or something Like the women in DC is really they really about their bag man. So I know the fellas got to be about it too, but the women, they are really stepping up there. It's crazy, but it's also super expensive there. I think at this point, dc expects people to have like multiple gigs and I think companies should I think companies everywhere should really do the same. It's like don't penalize somebody for trying to make ends, meet their sales or trying to put themselves in a better position. So, but that was just a little tip to talk about, like kind of like a little bit about the DMV area. I wanted to also talk about you being in a DMV area with government roles. That's like if you want to get a government role, it seems like DMV area. That's where it's at. How was that been for you after you did that first state gig? Was it on and on to keep on doing like the government roles or what? This video is sponsored by Textual Consulting. My name is Henry Davis and I run Textual Consulting. I use my teens experience and IT and cybersecurity in order to help you reach your career goals. So a few of once like me trying endlessly to get into cybersecurity but you're having no luck, then you should check me out. I've helped plenty of people get into cybersecurity. I've helped people with no experience, people with middle-level experience, even senior level people. I've helped all type of people and my approach is simple. If you watch some of my videos to show you how to brand yourself, how to job search, how to kill your interview and, most of all, we work on those transferable skills that you have gained in other jobs and we bring them to the cyber space. Trust me, there are a lot of skills that you have that you may not be aware of that will be useful to you in this career choice. So, if that's, you, check us out. Book a consultation. Also, have financing available for those of you who cannot afford to pay one lump sum and yeah, like I always say, I really help you guys and let's stay textual and we are out.

Yeah, you know I doubled and dabbled in different areas, like, for example, like you know, I will go work on another contract or I'll just work on it with a private company in terms of like doing cybersecurity there. But the thing is about DMV. It's kind of like, you know, when you're in a train somewhere or whether you're like out to eat at a restaurant, it's almost like weird if somebody says they're not a government contractor, right, it's like. You know, I do government contract, and whether it's like in a different area than cybersecurity, whether it's like finance or whether they own some specific contract, it's weird to not do government contracting over here. You know. So when you talk to people and you're like, yeah, man, I do a roofing or something like that, or you know, I'm an architect at this company and blah, blah, blah, or hey, I work at a Google, it's just like, oh man, that's different, you know, because everybody's in a government contract in space or has been at some point in their career, which is like really, really fascinating, you know. But I mean, it's limitless opportunities here, you know, and that's where the government contracts you know come from.

So, right, yeah, I heard it's a little bit superficial out there too. That too, yeah, you know, have a certain title, certain type of job, they're gonna look at you funny Like I've heard that as well. 100%, I've heard. That's reasons why some people have wanted to just leave the area, because it's like I'm over, like all the superficial stuff. Oh, for sure.

Of that part For sure. You know it's a different culture. It's a different culture. It's like, you know, every city got its different culture. Or you know, like, when you go to, let's just say, california and stuff, they're like really, really laid back. You know, my cousin actually lives there. So when I went I'm like man, this is a culture shot, you know. But when you're in DC, everybody's like, you know, really really just focus and like really really a little bit uptight. But when you meet certain people it's like man, all right, like this guy's dope, this girl's dope, you know what I mean and they're really, you know, kind of just more open. But when you go to New York City, everybody's about their business. You know what I mean. It's like hustle and bustle. So I will compare this more to like New York City opposed to like any other state, like in the US, in terms like culture.

Yeah, I agree, I think. I mean it is what it is. I think people just gotta you know, gotta play the game. That's how I tell people no triple H. Now, I did have a question on here that I wanted to ask and you can talk about this at a high level or you can get specific so for you, how's pay been like in that area, like in the DMV area? And also, is it pretty much understood that you need to have a clearance in order to get paid as well? Good question.

Good question, good question, good question. I would say, hmm, pay's been great. For example, pay's been great. And let me give you example. If you're like an intermediate, like cyber security engineer, you can come to Washington DC and make baby about like 140, you know. And then obviously you know, as you get more advanced, it starts from there. You continue to go up 150, 160, 170, 180, past 200 and etc. And I feel like you know, with from at a on a global level to, as you know, hacks continue to happen and you know, exploit start, you know continue to happen, and stuff like that. I feel like the salaries are just gonna continue to increase and it's crazy, because sometimes I'll go in, indeed, right, I'm like man, like these jobs, like the, the salaries are starting to increase again and it's like slowly increases, increases year by year or based off of, I guess, whatever contract they're actually called them for. So I would say the pay is really really well and it's just going to continue to increase as, like, more cyber attacks start to happen and continue to happen at the same time.

So yeah, and I'm actually glad that you bought that point up our listeners. Another gym Do two things. One If you want to see if you're being underpaid or not, go check out, indeed link, then dice other sites and just see what they're trying to offer. It's gonna be one thing, that's what you know if you're getting underpaid. Two if you want to keep on getting paid, never stop interviewing. I don't care if you just got the job last week. Interview it's gonna keep you fresh, it's gonna help you know what skills are in demand so you can learn those on your own. And whenever you're ready to bounce or Maybe move around your company, you'll be good. Those are two things that can always help you stay ahead of the game, because a lot of times people get comfortable get a job they interviewed like two, three years and possibly get it laid off, and now your interview skills are trashed for a while because you're an interviewer in a while. It happens to everybody. Happened to me like a last year a couple of interviews kind of a little rough. It wasn't bad, but they weren't as good as I could be. So never stop interviewing, just apply to apply. The worst thing they could do is say sorry, you know, after further consideration we can go somewhere else. But hey, that's life, everybody done. Don't get every job. They apply to trust me. But so earlier on we talked about being an enterprise architect. Would you consider that to be your niche in cybersecurity, or what would you consider to be like your strongest point or like the typical positions that you go after when it comes to getting an cybersecurity related job?

No, that's a great question because I feel like you know, I've been in various positions, like in point protection engineer. I worked in compliance, I worked as an analyst Uh, you know, vulnerability management was like a big one. I worked in uh for a long, long time. But I feel like I have a holistic view. Um, I have a very detailed view, but I also have a overall holistic view of cybersecurity and how to actually secure networks. And I think that's where the architectural background comes in, like you know, I mean For whether it's, uh, you know, a caspy solution, vpn and point protection, what type of security tools do we need to leverage? What do we need them at? You know what operating systems that we need, what are the vulnerabilities? You know in terms of compliance, what frameworks do we need to follow? So that's just the overall, you know high level, you know overarching, like Architectural. Look on cybersecurity, you know, like from an infrastructure, infrastructure standpoint. So I would say right now, that's definitely my niche in terms of like, all right, somebody needs to come in, take a look at our infrastructure, what security tools that we need to implement, what processes, personnel, etc. So really just mapping the pieces together so they actually flow together.

So that's cool and that's why my next question is actually because you said some some good acronyms in there, but I kind of want you possibly to talk about them a little bit For the audience. So I was going to ask you this what is an enterprise architect and what do they do? What type of skill sets would you need to be an enterprise architect? Because the funny thing is, a lot of times when you hear architect, some people probably automatically go to being super technical, which you? You have architects that are technical, but Architect is the. I would say. I'll let you say more in your words, but what I think of it is like more so the planner. They're not necessarily the executioner, because they're just putting things in place. Like when the architect is drawing the blueprints Of a building, they have to scope it out, get out of dimensions right, draw it every now. They got to be very detailed and everything they do, but after that it's not on them anymore. They'll probably come through and just see if the plans are going to change, but they're kind of removed from that. They know I have any. This contractor, we need to get this, this, this and this. So similar what you're saying on the network side, but I will let you in your own words kind of talk about that and then some of those acronyms you talked about, so we could maybe the viewers can say, oh, I already know some of this stuff and they could probably Transition to something else as well.

Absolutely and I think in the simplest form where I can put it is kind of like you know if you have an antivirus solution, if you have a VPN, um, what's another? Uh, you know if, if you have a specific hashing tool, right, where are they being placed at? You know you need antiviruses on every computer, that's standard. You know you need to manage your windows updates, that's standard. You know, regardless of what framework or methodology you're actually like utilizing and just really putting those together, you're looking at it from a holistic view on this, on these 10 computers, from a security standpoint, how can we secure these devices? Where do these devices actually need to sit right? So, if you're just coming into cybersecurity and and I always say everybody practices cybersecurity because it's a lifestyle Everybody updates their phone, or you know they get forced to update their phone at some point. Yup, lock phone, Exactly, two-factor authentication, all of that. So all of those are best practices that you're implementing and you're practicing on a daily basis and taking that in consideration from an architectural standpoint. That's all you're doing. You know you're breaking down this device and you're figuring out how you can actually secure it right. So if I would have you know, let's just say, a kid coming out of college and I just paste a laptop right in front of them. If I ask them hey, what are five ways you can actually secure this device? Right, he would probably give me some best practices or he'll give me some recommendations and then from there let's take it a step further. Right, where does this actually need to go? On the network? Right, and even on a higher level, what processes involve do we need to do to make sure that all these devices are secure? You know, and the personnel are actually adhering to these policies? So at every step, you're really just identifying what are the weak points and you're really trying to harden them, whether it's process driven, whether it's, you know, vulnerability related, whether it's like hardening your operating systems, you know, because security tools are good, but they're only as good as your processes and the personnel that actually adhering to them. So for me, coming in, I'm putting all Everything together. It's like putting all the glue together so you may have a piece right here, you may have a piece right there, piece right here, piece right here. So I'm literally just putting the puzzle together from my architectural standpoint and really just getting you know other departments to. You know, come in and adhere to them. You know. So, for example, um, I would say sock two If I'm coming in and I need to do a sock two audit. Or if I'm coming in and I need to, you know, help organization do a self-assessment on zero trust, which I'm, you know, really really well versed and comfortable, and at the same time, you know what security tools are we working with, what are our processes, what are our weak points. So the first step is actually doing a full assessment of what we have in house. We have these security tools, we have these processes, we have this personnel right, and from there it's kind of like if we need to increase the budget, we could, but let's work with what we already have prior to actually spending all this money. And you know, getting all these resources, um, and I know you, I know you probably know 200 in terms of, like you know so many different companies they may spend, you know millions of dollars on security tools and it's just like a little a lot of them actually redundant, you know. So you know I've been a part of an organization that had, you know, a bit defender and then they had, you know, malware bytes and I'm like, okay, this is a little bit conflicting, you know. So really just assessing what you have in house and really identifying those gaps and moving along from it. So that's kind of like the simplest form how to, you know, break down like the cyber security architect and for each agency is different, but from my experience, this is what is it, how it's been so.

Yeah, man, you said a lot, especially that last. I know that we can. No, no, no, I'm saying it's good, but I'm saying the fact that you brought up about people thinking just spending money is fixing the problem and it's not. A lot of times there's some simple things that could that fix the issue, but a lot of times and I was talking to this with a friend and other people they'll. They say, somebody in Charlottes want to get a new tool, they'll just pitch it to the Hire ups and say, oh yeah, we got sore. Sore can do all this x, y and z, just to tell them they got sore to make it seem like they're doing something the whole time. You probably don't even get enough volume to even need sore. At the moment. You're just paying money for a license. You don't use the thing that your sim could do A lot of functionality that you're doing and you're wasting resources on that. So what you said is very true, because they'll spend out of money on that. Then if you need More people, probably don't get more people because, oh well, we're over budget. Well, hey, you're overspent. You know y'all have. You know cofiz proof point oh, 365 locks. You know dlp, we have. You know all these different solutions, but they're not implemented correctly. So now that's right. So I hope you guys really like, took y'all pen and paper. I wrote that down because that that's key and also being a person that's done that before whether my position, your position, anybody when you go into interviews like that and you always exhale what are some of your pain points or what's going on, when you give them solutions like that, where you can give them solutions to what they're doing Most of them, you probably heard, I'll tell people all the time, like my clients, when you go into interviews, let's be solution oriented, let's try to solve problems in the interview. That's gonna make you stick out versus just answering the question.

100%, 100% I think you hit it on the nail 200 in terms of, like you know because I feel like a majority, If not all the security issues that exist in organizations is due to broken processes. You know you come in, you know you got one person doing 15 jobs. Or you come in you don't have no process of how to actually work the tool, or you know any detection in terms of how we, how we, how we actually getting the most out of this tool right. So I think it all just boils down to broken processes in terms of you know why a lot of Organizations face, you know, a lot of difficulties when it comes to cybersecurity.

Let's do this. You did mention I know you mentioned sock to you. I think you also brought up a risk of sex, but what would be the I guess we say top three, top five maybe security frameworks that listeners should know about, because I Typically try to guide people into more GRC based type of roles Early on because of her barrier entries a little lower. A lot of people don't know about. It's not as sexy as some of the other titles but it's one of, if it's probably one of the more critical ones because you need it. You got to be component Keeps the money coming in, keeps from getting fine Auto-stakes. Even the things that we do in, you know, security operations on IR is based on different Frameworks, based on what they said we need for alerting and logging. So, from your expertise, what would be the top frameworks that they should know about For?

my expertise, I would definitely say one of the most recent ones out, I think I mentioned earlier, is zero trust and OMB is actually mandating that by the end of 2024. So a lot of organizations are like scrubbing to get in compliant and it's very new. It's very new. I closely follow sister's guidelines in terms of zero trust. So I think that last time I I checked, I think they have three different tiers which is traditional, optimal and advanced of how you're actually going to implement those solutions. So, leveraging different technologies and processes, you can use one of those models, but I would definitely say zero trust is a new one and it's hot right now. Everybody's trying to implement it every, especially working from home. You know everybody's trying to Trust but verify. You know they're trying to make sure that everybody has access to resources but validate and successfully authenticate to that network. Number two, I would say this and this is always going to be big in federal government, specifically this 853 a deals are like privacy controls. So if you're looking to get into cybersecurity, I mean that's, that's a definitely a big one and that's never gonna go anywhere. They're just gonna add new publications towards it and there's a lot of security tools associated with that, such as stick viewer you know scab Ness is associated with it too. So just learning those three skills and those three security tools could, you know, take you a long, long way. And I would say, lastly, sock to sock to. You know it's an operational framework, and I think that's a big one out there too for a lot of Organizations that here, and to comply with at the same time. So I would say those are definitely my top three Frameworks for you know whether you're looking to break in or whether your organization looking to be in compliant, and you know, abide by those guidelines.

That's cool. We always see those on the job descriptions as well. That's another way I use for clients. They want to look inside. Okay, we're gonna look at four or five GRC type rules and we're gonna see what frameworks pop up. These are the frameworks you should know and learn a little bit about. Maybe if you just learn about one variant detail, that's good enough, because sometimes they might just need an expert on this. Maybe they need an expert on we'll go into some help stuff like HIPAA or HATRA or whatever they got PCI DSS. You could niche down into something. You got to know everything. I mean, over time, a career. You'll probably get introduced to everything, but if you're just good at one, that's good enough at the moment, because some people aren't good at anything. I. So here's this next set of questions I thought were pretty cool. So you are right now kind of saw you LinkedIn that you are teaching DFI are at Michigan. I Wanted to ask you a question from your experience, what things are you learning from your students far as? What type of gaps are you seeing from what students think you're supposed to be based on the jobs that they want to do or this major they want to do, versus how it really is. I think that was one of those misconceptions that they've run into as well. I'm other belief most of the time, because sometimes you have people in costs that's did the job and they're teaching them, but most of the time they aren't. Being the board of school budget doesn't allow for them to actually Get taught the information to where they get access to these tools and get taught the things that they would need to do For a job they want to land. So when they graduate, they have experience with all these different things. Right, I think that's the way it should actually be done. Sometimes they're teaching them some outdated things that doesn't benefit them. So from what should you been your experience with this? As far as students material, I guess maybe you're coming up with a curriculum. How's that? You know? How's this process been for you?

It's definitely been very enjoyable and very old, like I open in at the same time, and I say that because my approaches is really unique, right. So when I talk to students, you know I want them to see like how I Want to. I want to position them in a way of easy success, if that makes sense, and I want to tell my story in terms of look, this is not just a guy that you know just easily transition into cybersecurity. It's like, look, I come from a sports background. You know I didn't always have the resources to learn this but through trial and error, you know, I was able to do that and from using my story and using my trial and error, I try to seamlessly, you know, make that experience more easier for them. And, you know, taking a unique approach, I feel like what they're really looking for somebody that's relatable and somebody that's personable. You know I know no shade to other professors and stuff, but you know you can see kind of, you know, get a feel of, you know, the students being in the class. You know they're yawning and you got to also pay attention to the their attention span, right, like you know, they can't just stare at the screen for like three and four hours and going over numbers and Scans and data and etc. Right, you got to really capture their attention and really just cut to the chase. I feel like cutting to the chase in terms of like, look, these are the security tools you need to know. You know you need to be well spoken. You know what I mean. As you mentioned earlier, always stay sharp, on on top of your interview skills and you know, really just cutting into the chase in terms of what they actually need to learn. Not that's not saying that I'm hiding any you know Courses or lessons behind it but it's more of just like, look, this is what you need to know. Let's get you there and the other stuff is actually gonna come, but let's get you from point a to point point B so you can get started right. So, for example, nessus I know I mentioned Nessus early. I know I mentioned scap earlier. Stigs earlier you know learning those industry tools immediately, learning those acronyms immediately. Learning how to conduct yourself, learning your image you know I mean how to how to approach an interview. You know what questions that ask at the end of an interview. You know how to market yourself accordingly on LinkedIn Advertisement. Those are the things that are really really important. And again, not saying that course content and you know the other professors Aren't providing value, but these kids, you know they really really Are looking for that. They're looking for that relatability and you know they're looking to get from point a to point B as soon as possible.

So yeah, yeah, I think the soonest possible is the issue for a bus to them. To be honestly, we can correlate that to driving a lot of people getting a lot of wrecks because they move in too fast. Y'all listening a lot of y'all getting to a lot of wrecks because y'all moving too fast. If you go the speed limit, you'll get there in good enough time I so I hope I walk and walk with that one, because that's what I see from a lot of them there. They, they want to. They don't want to have a corolla, they want to have, they want to have the range. So they want stuff with the range and then they want to drive super fast to downtown. This that's not typically how it works.

So If y'all I mean, as you mentioned earlier, henry, like in terms of Even you coaching as well, it's kind of like you. You know, universities have a different style and I noticed that they have a like, almost a default style of like teaching. Like you know All the professors, you know they're very by the book and it's no problem to be by the book, but I think that's what makes us special is because we're able to incorporate our personal experiences and give them, like you know, on the job, you know Experiences and scenarios and it provide that value in that area.

So and yeah, I think, like you said, relatability is a big one. A lot of the time sometimes the structures, instructors, are out of touch and it's not really conducive to A lot of people's learning styles. I think that's why you also see the rise of courses. A lot of courses now are being put out at a better clip and they're a little bit more digestible then. And, let's face it, a lot of people don't read anymore. So I mean it's good, like I have some books that I'll go back through and read through from time to time, but for the most part people don't read books. For the most part, people do not know how to know the audience, which is a big soft skill that I talk about in my Advanced year of soft security career LinkedIn learning course. Knowing your audience is critical. You may have some people you may be trying to talk to people on a PhD level, in a bachelor's level class, and Sometimes that doesn't translate Well for me. I know who my audience is. I know how to reach them. I know how not to just border with their flight. Even in our conversation right now is there different things that I'm doing to make sure this thing stays engaging, but also not to be to the point where it sounds like they're listening to a lecture. Those are the things like a. It was like a couple of live streams ago I gave them a simple definition of like how to Visually picture the dark web and I brought up the episode I mean, what a scene online, king, where symbol was asking about you know what's that out there and how is this a? Everything the light touches. I said, hey, that's just the regular internet. Everything light don't touch is the dark web. Never go there. So it's super simple but yet effective. And somebody visualized that. So I remember that you tell symbol don't go there, because when several went there he almost died. Now you're not gonna die if you go to the dark web, but if you don't know what you're doing, you know I'll just keep it at that, right, but moving on, for that, thanks for that good breakdown of school. Let's talk about you know I spent a little bit of time talking about cyber vault solutions. You know what made you want to start that of how business is going, what type of services that you offer.

Yeah, yeah, no. As far as cyber vault solutions, you know I've been, as I mentioned, I've been in the industry for quite some time and you know we all, at a certain point we can, when we accumulate all this knowledge, we're like man. Like you know, there's always that thought in terms of like man, what if I were to do this on my own? Or I see a better way of doing it. You know, and as entrepreneurs, I know we think like that in terms of like man, like, okay, I can do this, or I I finally accumulated enough information to go on by myself and really kind of revamp something, or really just, you know, create something. You know, out of thin air. You know, and that was kind of my starting point, I'm like man. I've been in the game for a while. You know it's time to go out on my own. I want to really start to create something. And, number one, create that freedom, that freedom path that I'm sure you know all the listeners are here At some point when I get to. You know, create that freedom, freedom path in terms of, like, financial freedom and just building something on your own. So starting that. You know we've reached some early success in terms of, like past performance and we're currently growing at the moment. But initially that's what got me started and for me it's always been a passion behind it. You know I really believe, and I've always believed, that the money will come and follow the passion. As long as you have, as long as you're Driven towards that, you know, goal. So for me that's how I got started and you know we provide a plethora different. You know cybersecurity services, such as vulnerability management engineering. You know penetration tests and cyber security training and much more pretty much everything under the cyber security umbrella. And you know business is going good. You know it's constantly growing, but that's the. That's the challenges to at the as an entrepreneur is like. You know, sometimes business is great, sometimes it's okay, sometimes it's like, ah man, I ain't trying to do this today. And then you know you got to really just be self-disciplined to continue going and get yourself back up again. But it's been good. You know we are working with several different contractors at the moment. We are also in the school systems, as I mentioned, are working with Michigan University. So I do a dad as an independent contractor myself through my company. But it's really, really enjoyable experience, you know, and I'm so glad that I took on this venture to actually create something and Really just you know, compete with others on this market because, as you mentioned earlier, you know the government contracting market is wide open. So that's a little bit about that, for sure.

Yeah, man, you know also for the listeners, and how do they apply, like if they want to work for you, like how's that process go? Are you guys hiring anybody right now?

At the moment. Yeah, we are hiring a few interns. So if you're a I think right now we're hiring for like a sales intern to sales intern and if you're a cybersecurity analyst and you want to intern with us, go ahead and, you know, reach me at WWW that cyber vault solutions, cyber vault, excuse me dash solutions, calm, and you should be able to find this on there to actually submit your resume and tap in with us. So for sure.

Cool, yeah, I've been my type. This cyber vault solutions in another page came up that's like it's the dad's.

The dad's probably did it.

I found out. That's cool, man. I wanted to ask you, I guess, being that you came from my a different background, think it's cool, because I think there will be people Know who are former athletes that are watching this that you don't want to get in. They don't need to be cybersecurity, it could be anything, and the way that you show my think they'll identify with you too. You know, we got things like now the transfer portal, without athletes there transferring every chance they get. You know, coach prime with the Colorado say I come in, I bought some luggage with me and it's top of the line, laudy, I'm not gonna play. Oh, yeah, he's, I'm leaving at that. So, with that being said, what, what would be some things that you would leave the listeners with that we're watching today, and it doesn't necessarily have to be pertaining to technology could be life, it could be whatever. What would be some things that you would want to you know and part on them before you get out of here? I?

Would say don't be afraid to change, don't be afraid to pivot. You know, and you know just walking, your grace, greatness, you know God is, blesses all with you. Know Different talents and don't be afraid to walk in your greatness. And I feel like in a digital space it's so easy to compare ourselves to others. You know we're on Instagram one face, but like I want this, or like you know, this guy got this car and not noticing like a lot of it is reality. You know, and I will feel like I'm excuse me and and and I would just say, um, don't be afraid to pivot. When I first got done with college, you know I was lost. You know I mean I was lost. I didn't know which direction to go and I had to make a hard pivot and I never look back. You know there's some people who actually don't pivot. They're still at the field. You know, 38 years old, 35 years old, 30 years old, 45, you know, you name it. You got people started to feel it's trying, still trying to make it to. You know that next level in which you know At some point you have to pivot and notice that man, there's a different direction. You know God wants more for me, you know, I mean he has more in store for me. And really, just transitioning to that different area, and I feel like you know, um, don't be afraid to walk your own path and you know, don't let anybody tell you any different. If you're, if you're passionate about this space, do everything you can To break into this space and continue growing.

You know, continue being Motivated and continue being disciplined at the same time, all good words, all good words, man, and that's one of the y'all with this one more time Like I said, it's just slow down driving. If you go to speed limit, you get there in time, or you can go know what. You can go five over you can. You can go a little fast. If you go too fast, you're more prone to wrecks and you're more prone to miss out on some things that you should have saw your journey. That that's what I want to leave you out with, because a lot of you guys are seeing some of the things that you should have seen and so when you get there, you can't handle it at that time and you go through some issues that you wouldn't have got into had you just slowed out a little bit. So that's what I want to leave you guys with, but I appreciate y'all spend another episode of the textual talk podcast. Yeah, I really did get on the last episode. I need y'all do good on this one as well. Share it out with people. I need to hear it. Leave us a review. Send me an email. Sponsors, y'all already know what to do. Hit my email, but until next time, like I always say, let's stay textual should raise D and we out.