Hi everyone, Ed Amoroso here, and at this point in our video progression, I'm assuming you've been with me for a bunch of videos, perhaps through multiple courses and so on. I want to give you some advice now. This might be one of the first questions, really the most popular question that I get as an instructor, as an educator, as a professor, as a practitioner in cyber security. Is, how do I forge a career in this area? If you're a young person, you might be sitting there saying, wow, I like this. I like cyber security. How do I get in to? What are the different areas? Let me give you kind of the categories of career places where you can make money doing this and kind of the path to it. We can talk a little about that in a minute, but let me give you the different sort of end state. So first, is you might try to make a career as sort of a hacker, an attacker in cyber. Now, there are a lot of bug bounty programs out there that will pay individual researchers to break into systems under ethical circumstances. It could be a nice way to make money. You could be a penetration tester, you could work for military breaking into things. Or, you can even work for a company that wants to be doing some very active testing. So, if you like that, you like breaking into things and you feel like that's your skill, your skill is finding weaknesses in something and exploiting it. You can make money of that. Now you don't want to make money doing something illegal. That's not a good idea, that's absolutely the wrong use of that skill, that God given skill that you might have. But you really can make a living in hacking through ethical penetration, testing and perhaps working for the military. Second, the most obvious is move to the defense, right? [LAUGH] If you enjoy cryptography, you like setting up firewalls, you like setting up defenses, you like doing architecture, you like doing operations, you like keeping track of data, doing analysis hunting. That's what defenders do and that's what we do in a typical enterprise or government chief information security officer team. Chief information security officer or C-I-S-O or CISO is the highest position in cyber security in a typical enterprise, and you may aspire to that, part of a team doing that kind of defense, defensive sort of position. A third area is more of the compliance area. That's where you're overseeing cyber security. You're doing assessments and audits and you may be pretty good at keeping track of requirements and documenting them. And you might be very good in the way you communicate. So that can certainly be a career for anybody who's got say an accounting bent, or background or interest. Audit and assessment might be something you'd be very good at. A fourth possibility is to get into the building of tools. Like you'd work for a vendor or work for a cyber security company. If you have a startup streak in you and you think you'd like to build some new company, build the next greatest company like FireEye and Palo Alto Networks and FortaNet, all these companies that have gotten very big and done really well because they had visionary founders. Maybe that could be you, or you'd like to work in that sort of environment, a start up. Another possibility is government. Just about every government in the world are looking for cyber security experts to both oversee their industry and their society and also to protect government systems. Tends to move a little bit more slowly, but if you've got great patience and you have a sense of social purpose, then working in a government environment can be just absolutely wonderful. So you've gotta consider that. And finally academia, a component of my path. I spent a lot of time personally in the enterprise environment as a CISO for a large telecommunications firm. But I've also been a professor for 29 years, teaching cyber security to thousands of undergraduate and graduate students. If you enjoy research, if you enjoy teaching, if you enjoy that kind of environment, then academia makes sense. Now how do you come to these things? Well its always hard work. It doesn't matter which of these paths you pick. There is no easy way to get there. You stand at the base of a mountain, you look up at the top and you say that's where I want to be. Don't forget that there is a mountain between you and it. You may know exactly where you want to be but hard work is the way to get there. You want to focus on having a good technical background, you want to focus on having a good business background, and you want to focus on your ability to communicate, writing, speaking, presenting, understanding. These are the kinds of skills that are going to help you. So, regardless of the path you take and whatever your end point would be, I do hope that you decide cyber security is a career that makes sense for you, and I look forward to seeing wonderful things out of all of you in the next few years. Thanks.
