easy-accordion-free domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114zoho-flow domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114wordpress-seo domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home/mother99/jacksonholdingcompany.com/wp-includes/functions.php on line 6114I first met Nicole Hoffman, who is a Security Investigator for Cisco Talos and part of our Strategic Analysis, Threat Intelligence and Interdiction team, during the recording of the Talos IR On Air\u2026 <\/a>Read more on Cisco Blogs<\/a><\/p>\n \u200b<\/p>\n I first met Nicole Hoffman, who is a Security Investigator for Cisco Talos and part of our Strategic Analysis, Threat Intelligence and Interdiction team, during the recording of the Talos IR On Air Q1 2023<\/a> episode. This was a live broadcast in which we discussed the trends observed by the Talos IR team in the past quarter. Nicole\u2019s team, among many other things, put together these quarterly threats overview<\/a>. During the On Air recording, I noticed that Nicole had great camera presence and was able to articulate, what most people would consider, complex topics in a language that really anyone would understand. A techie with the gift of gab! I was immediately interested in Nicole\u2019s path into cybersecurity and in general, as a professional.<\/p>\n I graduated high school and initially started a career in the medical field. I went to school to be a medical assistant, and then I started nursing school. I worked for a short time as a phlebotomist, which is a medical professional who is trained to perform blood draws on children and adults, but it was really hard for me to find a job, because my husband was in the military. This meant that we moved often, and this was not expected to change any time soon. At some point I decided to make a career change so that I could have multiple skills that would allow me to find work regardless of where we moved to. My husband, who was a network engineer in the military, already had a lot of Cisco books on CCNA and CCNP preparation. I started studying remotely, making use of all these textbooks and aiming for a career as a cybersecurity engineer. While studying for my CCNA, however, I found it quite boring. It wasn\u2019t until I attended my first cybersecurity conference virtually that I got excited about the topic. The conference was called ATT&CKcon, and the talk that I watched showed how the MITRE ATT&CK framework helped a threat intelligence team track targeted intrusions. To be honest, I didn\u2019t understand all of it, but I found it totally fascinating. I have never looked back.<\/p>\n Originally, they assumed it would be something that wouldn\u2019t stick. I don\u2019t think they assumed I would get as passionate about it as I am now. But my husband was very supportive, maybe partly because he knew he would save money as we already had a lot of textbooks on the topic. Besides, he had a degree in the field and has been in the industry for 20 years now. We continue to support each other. He is such a good person to have around not only as a mentor, but also if I have a question while investigating something or in an area which is outside my technical knowledge. Also, it\u2019s nice to be able to just chat about cyber stuff at home. So yes, I think originally everyone thought it would just be a phase, and I would probably go back into medicine and continue nursing school once my husband got out of the military, but that hasn\u2019t been the case.<\/p>\n I would say that after that first conference, I really enjoyed not only attending conferences in person, but also virtually. I find the research fascinating. A lot of the first jobs I had in cybersecurity were at startups with very little resources and dedicated cybersecurity staff. This meant that I rarely had a group of other threat intelligence professionals in the company that could teach me the way things are done. A lot of times it was a group of interns who were all equally lost trying to find their way through a problem. This is why I came to value people who share their research, do open-source projects, or present their knowledge at conferences. This was a chance for me to learn. I relied on open-source tooling for the bigger part of my work, and it wasn\u2019t until I gave my first conference talk that I realized I could be one of those people who gives back to the community. It was a very heartfelt realization.<\/p>\n The first conference that I spoke at was GRIMMcon in 2020, which is one of my favorite conferences. I later talked at the SANS Threat hunting & Incident Response Summit, and the SANS CTI Summit in 2021 and 2023. I still find it very emotional each time I present. It is something that I look forward to, as a way to pay back and connect with the people that I look up to in our field. But the most exciting thing is that this year, I actually got to speak at ATT&CKcon in October 2023, which is the reason why I\u2019m in threat intelligence. Together with a Talos colleague, we presented a talk about the benefits of creating your own knowledge base using ATT&CK as a taxonomy specifically for tracking adversaries over time. It is very special for me and my family to hold this presentation, closing the circle.<\/p>\n Don\u2019t spend your time, money, and effort getting a bunch of certificates before you know what you really want to do. I see a lot of people come in and they immediately start getting focused on certificates. Some of those certifications cost thousands of dollars and are a big investment of your time and money. I did one of the entry-level more affordable certifications, Sec+<\/em>, and it has been very useful for getting a foot in the door, but I would say, don\u2019t spend a bunch of time and money and effort, especially if you\u2019re going to school already. There\u2019s only so much you can absorb, and your brain is probably already fried. Before you sign up for anything, first do your research, look at the type of things you would be doing in the job, and only search for certificates that would potentially benefit that<\/strong> specific role.<\/p>\n I would say there are two parts to it. First, if you enjoy having your own research or having your own blog. or anything that you want to share with the community (without having to necessarily ask permission or have someone edit it and change your vision), then having your own blog is super useful. Even if it has nothing to do with cyber, you could still share it with people and you could still build up a social presence.<\/p>\n Having this social presence, especially in the remote workforce, is a way for you to not only promote yourself, but also network with other professionals. I\u2019ve met so many people just by writing a blog, and then someone says, \u2018oh my gosh, I love this blog. It really resonated with me<\/em>.\u2019 One of my best friends in the field, John Doyle, wrote a blog about burnout<\/a>, which really connected with me. When I read it, I was deep in the pit of burnout, but I was in denial. After reading that blog, I reached out to John to thank him.<\/p>\n The other part of keeping an active social presence has to do with skills marketability. It\u2019s important to promote yourself, promote your own brand, especially when things do not go as planned and maybe you get laid off or the company hits hard waters. You can then always reach out to some of the people that you\u2019ve met through networking and see if there\u2019s anything that they can do to potentially get you a new job.<\/p>\n The importance of soft skills and just talking to people. When you\u2019re first starting out in a career field, it can be very intimidating. Luckily, I had a mentor early on who would tell me \u2019If you really want to learn about the field, you want to learn about the different types of jobs out there or if you want to go work somewhere, talk to the people that work there. Say hey, can we go get a coffee? Can I just ask you a few questions?\u2019<\/em><\/p>\n This was actually how I got my first job in cyber. I asked the CEO of a small local company if he wanted to have coffee, and he ended up hiring me while we were at the cafe. It\u2019s really important to not forget that people are just people, even if they\u2019re in a position of power and soft skills are really important.<\/p>\n We\u2019d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!<\/em><\/p>\n Cisco Security Social Channels<\/strong><\/p>\n Instagram<\/a><\/strong>Facebook<\/a><\/strong>Twitter<\/a><\/strong>LinkedIn<\/a><\/strong><\/p>\n \u00a0\u00a0Meet Nicole Hoffman, a Security Investigator for Cisco Talos, who shares about her career journey in cybersecurity in this blog.\u00a0\u00a0Read More<\/a>\u00a0Cisco Blogs\u00a0<\/p>","protected":false},"excerpt":{"rendered":" <\/p>\n I first met Nicole Hoffman, who is a Security Investigator for Cisco Talos and part of our Strategic Analysis, Threat Intelligence and Interdiction team, during the recording of the Talos IR On Air\u2026 <\/a>Read more on Cisco Blogs<\/a><\/p>\n \u200b<\/p>\n I first met Nicole Hoffman, who is a Security Investigator for Cisco Talos and part of our Strategic Analysis, Threat Intelligence and Interdiction team, during the recording of the Talos IR On Air Q1 2023<\/a> episode. This was a live broadcast in which we discussed the trends observed by the Talos IR team in the past quarter. Nicole\u2019s team, among many other things, put together these quarterly threats overview<\/a>. During the On Air recording, I noticed that Nicole had great camera presence and was able to articulate, what most people would consider, complex topics in a language that really anyone would understand. A techie with the gift of gab! I was immediately interested in Nicole\u2019s path into cybersecurity and in general, as a professional.<\/p>\n I graduated high school and initially started a career in the medical field. I went to school to be a medical assistant, and then I started nursing school. I worked for a short time as a phlebotomist, which is a medical professional who is trained to perform blood draws on children and adults, but it was really hard for me to find a job, because my husband was in the military. This meant that we moved often, and this was not expected to change any time soon. At some point I decided to make a career change so that I could have multiple skills that would allow me to find work regardless of where we moved to. My husband, who was a network engineer in the military, already had a lot of Cisco books on CCNA and CCNP preparation. I started studying remotely, making use of all these textbooks and aiming for a career as a cybersecurity engineer. While studying for my CCNA, however, I found it quite boring. It wasn\u2019t until I attended my first cybersecurity conference virtually that I got excited about the topic. The conference was called ATT&CKcon, and the talk that I watched showed how the MITRE ATT&CK framework helped a threat intelligence team track targeted intrusions. To be honest, I didn\u2019t understand all of it, but I found it totally fascinating. I have never looked back.<\/p>\n Originally, they assumed it would be something that wouldn\u2019t stick. I don\u2019t think they assumed I would get as passionate about it as I am now. But my husband was very supportive, maybe partly because he knew he would save money as we already had a lot of textbooks on the topic. Besides, he had a degree in the field and has been in the industry for 20 years now. We continue to support each other. He is such a good person to have around not only as a mentor, but also if I have a question while investigating something or in an area which is outside my technical knowledge. Also, it\u2019s nice to be able to just chat about cyber stuff at home. So yes, I think originally everyone thought it would just be a phase, and I would probably go back into medicine and continue nursing school once my husband got out of the military, but that hasn\u2019t been the case.<\/p>\n I would say that after that first conference, I really enjoyed not only attending conferences in person, but also virtually. I find the research fascinating. A lot of the first jobs I had in cybersecurity were at startups with very little resources and dedicated cybersecurity staff. This meant that I rarely had a group of other threat intelligence professionals in the company that could teach me the way things are done. A lot of times it was a group of interns who were all equally lost trying to find their way through a problem. This is why I came to value people who share their research, do open-source projects, or present their knowledge at conferences. This was a chance for me to learn. I relied on open-source tooling for the bigger part of my work, and it wasn\u2019t until I gave my first conference talk that I realized I could be one of those people who gives back to the community. It was a very heartfelt realization.<\/p>\n The first conference that I spoke at was GRIMMcon in 2020, which is one of my favorite conferences. I later talked at the SANS Threat hunting & Incident Response Summit, and the SANS CTI Summit in 2021 and 2023. I still find it very emotional each time I present. It is something that I look forward to, as a way to pay back and connect with the people that I look up to in our field. But the most exciting thing is that this year, I actually got to speak at ATT&CKcon in October 2023, which is the reason why I\u2019m in threat intelligence. Together with a Talos colleague, we presented a talk about the benefits of creating your own knowledge base using ATT&CK as a taxonomy specifically for tracking adversaries over time. It is very special for me and my family to hold this presentation, closing the circle.<\/p>\n Don\u2019t spend your time, money, and effort getting a bunch of certificates before you know what you really want to do. I see a lot of people come in and they immediately start getting focused on certificates. Some of those certifications cost thousands of dollars and are a big investment of your time and money. I did one of the entry-level more affordable certifications, Sec+<\/em>, and it has been very useful for getting a foot in the door, but I would say, don\u2019t spend a bunch of time and money and effort, especially if you\u2019re going to school already. There\u2019s only so much you can absorb, and your brain is probably already fried. Before you sign up for anything, first do your research, look at the type of things you would be doing in the job, and only search for certificates that would potentially benefit that<\/strong> specific role.<\/p>\n I would say there are two parts to it. First, if you enjoy having your own research or having your own blog. or anything that you want to share with the community (without having to necessarily ask permission or have someone edit it and change your vision), then having your own blog is super useful. Even if it has nothing to do with cyber, you could still share it with people and you could still build up a social presence.<\/p>\n Having this social presence, especially in the remote workforce, is a way for you to not only promote yourself, but also network with other professionals. I\u2019ve met so many people just by writing a blog, and then someone says, \u2018oh my gosh, I love this blog. It really resonated with me<\/em>.\u2019 One of my best friends in the field, John Doyle, wrote a blog about burnout<\/a>, which really connected with me. When I read it, I was deep in the pit of burnout, but I was in denial. After reading that blog, I reached out to John to thank him.<\/p>\n The other part of keeping an active social presence has to do with skills marketability. It\u2019s important to promote yourself, promote your own brand, especially when things do not go as planned and maybe you get laid off or the company hits hard waters. You can then always reach out to some of the people that you\u2019ve met through networking and see if there\u2019s anything that they can do to potentially get you a new job.<\/p>\n The importance of soft skills and just talking to people. When you\u2019re first starting out in a career field, it can be very intimidating. Luckily, I had a mentor early on who would tell me \u2019If you really want to learn about the field, you want to learn about the different types of jobs out there or if you want to go work somewhere, talk to the people that work there. Say hey, can we go get a coffee? Can I just ask you a few questions?\u2019<\/em><\/p>\n This was actually how I got my first job in cyber. I asked the CEO of a small local company if he wanted to have coffee, and he ended up hiring me while we were at the cafe. It\u2019s really important to not forget that people are just people, even if they\u2019re in a position of power and soft skills are really important.<\/p>\n We\u2019d love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Security on social!<\/em><\/p>\n Cisco Security Social Channels<\/strong><\/p>\n Instagram<\/a><\/strong>Facebook<\/a><\/strong>Twitter<\/a><\/strong>LinkedIn<\/a><\/strong><\/p>\nQuestions<\/strong><\/h2>\n
What inspired you to pursue a career\u00a0in cybersecurity?<\/strong><\/h3>\n
How did your friends and family react when you first started your career change?<\/strong><\/h3>\n
What were the things that you would say has formed your career as a threat intelligence professional?<\/strong><\/h3>\n
What\u2019s your single most\u00a0important piece of advice to people considering a career in cybersecurity?<\/strong><\/h3>\n
Maybe you can talk a bit about social presence and brand because you\u2019re one of the professionals that has a clear brand.<\/strong><\/h3>\n
What is the one thing you wish you had\u00a0known at the start of your cybersecurity career?<\/strong><\/h3>\n
Questions<\/strong><\/h2>\n
What inspired you to pursue a career\u00a0in cybersecurity?<\/strong><\/h3>\n
How did your friends and family react when you first started your career change?<\/strong><\/h3>\n
What were the things that you would say has formed your career as a threat intelligence professional?<\/strong><\/h3>\n
What\u2019s your single most\u00a0important piece of advice to people considering a career in cybersecurity?<\/strong><\/h3>\n
Maybe you can talk a bit about social presence and brand because you\u2019re one of the professionals that has a clear brand.<\/strong><\/h3>\n
What is the one thing you wish you had\u00a0known at the start of your cybersecurity career?<\/strong><\/h3>\n