Zanim wybierzesz Red Team czy Blue Team - zobacz, jak działa internet od środka

追加: 2026-06-02

[00:00:02]Yeah, we're on it. Hello everyone. I'm just waiting for the stream to start on YouTube.

[00:00:09]Hello everyone, everyone, and welcome to today's webinar. We are here with Paul.

[00:00:14]Okay, it works.

[00:00:16]Paul is with us. Great. Everything is running smoothly now. It definitely works. I always ask this question.

[00:00:23]Let us know if you can see and hear us. Is there anyone on my phone? No, we are not on my side. I think you can see it, I think you can hear it.

[00:00:32]At least someone is already answering. Hi. Nice to have you in the chat. It's great that you're with us. Today we will talk about interesting things, about the foundations of IT. You can see and hear it.

[00:00:43]Beautifully. Everything is running smoothly. Well, that's great. And I will also answer the fundamental question, because it is probably troubling many of you. Hi.

[00:00:49]Will there be a recording of this? If you have registered for this webinar, you will receive the recording by email, which also includes what I promised in the email, an important thing for you, but more on that later. Listen, my dears, I'll start the slides, and let me know right away what cities you're coming from, where you're connecting from, if there's anyone, maybe someone from abroad.

[00:01:26]We are with Paweł from Silesia.

[00:01:29]We are from Silesia.

[00:01:33][laughter] Each one different.

[00:01:34]A bit like that, a little bit indeed, but we have Lublin, Siemianowice, Raków, Wrocław. Oh, well, yes. Hey Krystian.

[00:01:48][snort] Kraków, Jelenia Góra, Brwinów, Warszawka, Płot.

[00:01:55]Exotic Brwinów. And I have to google it later.

[00:02:00]Cool. Well, you can see that we reach quite broadly. People come from all over Poland. Beautifully.

[00:02:06]Zerfady.

[00:02:08]Okay, I don't know, I'm not smiling. Or maybe it's some correct name or something?

[00:02:14]Znin. I was in Żnin. I was in a sugar factory.

[00:02:19]How beautiful Żnin is.

[00:02:21]Well, I was in a sugar factory. It's a hotel made from an old sugar mill. They have a cool slide there, three stories high.

[00:02:29]Adults can slide down too, so that's a cool, cool option. Well, I guess I'll go for the slide.

[00:02:36]Well, I recommend it, I recommend it. I pronate.

[00:02:39]Okay, listen up, I'm uploading the slides. We have slides. Of course there will be darkness. I don't know this.

[00:02:50][laughter] Listen, today we're going to see how the internet works from the inside. We'll be talking about the fundamentals that are important in working in IT because we're helping people get into the IT industry. Of course, what we help most is to help them get into the cybersecurity industry.

[00:03:10]So we'll talk about that today too.

[00:03:14]My dears, I will also ask quickly. Let me know which of these numbers is you, or if I haven't done anything in Cybers yet, but this webinar is my first and I want to get started. I want to do something. I wonder what's going on here. Secondly, are you already doing something with twos, or are you already doing something with twos and it's going very poorly. I don't know what to do next. Or maybe someone is three. he is already very decided, but he doesn't know whether red or blue.

[00:03:46]So very enigmatic yet very.

[00:03:49]Well, if someone is a first, they might not even know what red and blue mean, and that's okay too, because how else would they know? Take it easy. Okay, we have I'm a dev and I'm securing the app.

[00:04:03]And very good. This is the result of our work, number one, [snort] number two.

[00:04:11]I'm at your school. And very good. I am very happy. Listen, we help in many different ways, including through webinars like this one, but also so you can see who you're dealing with, because mom always said don't talk to strangers, so we'll introduce ourselves. My name is Maciej Kofel and I have been working in cybersecurity since 2011. for quite a long time and I had the pleasure of working in various teams and defensive teams, specifically the blue team, for those who hear it for the first time, so there are such people, there are people in the cybersecurity industry who secure servers, but there are also people who attack servers and this is where the Red Team comes in. I was also in these departments and, like a colleague here, I have recently been securing applications so that whoever creates them, the developers, do it safely and so that it works well and is safe for the client. Well, since 2019, as you may have noticed in emails for 7 years now, I have been running a security school where we help people with just one and two degrees, we help them enter the cybersecurity industry, and we do it successfully. We have a lot of great graduates who are doing great things, and when I hear from them, I'm delighted to see how they continue to develop beyond their cybersecurity training.

[00:05:48]We also have [snort] mentoring programs, consultations, we'll definitely tell you about that today. Paweł is also with us.

[00:05:56]Yes, I'm Paweł Zając. I am a devops, defsekops.

[00:06:01]And I've been working in the industry for a shorter time than Maciek, actually for six or seven years, if I'm counting correctly. E, I became a DevOps somewhat by accident, because I planned to be a programmer.

[00:06:14]I landed this role and it turned out to be a fascinating job with many development directions, one of which is the security side, because in my position at companies I deal with system hardening.

[00:06:31]that is, making sure that they are secure and implementing this so that the entire software development cycles that we participate in are also optimized for security, so there's quite a lot of it. Since I've been working for 6 years, and as you can see, I'm not fresh out of college, I had to switch careers from a completely different industry, because I've done a lot of things in my life that were completely unrelated to IT, and just a few years ago I had no idea how it was possible for someone to write code and then see a website. It was absolutely black magic to me, but it can be done.

[00:07:18]So what? And that brings us to the fact that I will also be [clear throat] a mentor in the IT Security Starter program, where I will try to support you on this journey.

[00:07:31]Listen, as for me, I had the pleasure.

[00:07:36]Besides, Paweł, from what I know, you also work in large IT companies.

[00:07:42]Yes. [clears throat] Yes. Such more global corporations.

[00:07:46]More global corporations. Exactly.

[00:07:47]We have, we have this experience from larger companies, from larger environments, where sometimes you really have to work hard to secure everything, to notice everything, what is there, what needs to be secured. Well, there's a lot of it.

[00:08:00]And here our paths crossed somewhere.

[00:08:06]And when it comes to people who have completed security school, they work, among others, in places like this. So if you ever need to contact them, you can always reach out to them.

[00:08:21]But since Paweł has already mentioned that he has had various strange professions, I am not far from that company either.

[00:08:28][laughter] Before working in IT, working in cybersecurity, I was a DJ, I played bigger parties, smaller festivals, so I had such a cool adventure here. But at some point you had to settle down, you could call it that.

[00:08:45]At least name them, because I remember you naming them, but give me at least three interesting things that you did.

[00:08:52]I worked on ropes on a high-rise building. I was a convoy, transporting money from LenBu.

[00:08:58]For example, I had 15 million to transport.

[00:09:02]I worked in construction in England, I worked in Germany. I ran a taxi company in Wrocław, so there was quite a bit of that.

[00:09:13]So as you can see, you can change your career path and enter cybersecurity, enter IT. But let me know what you are currently doing, what you do for a living, or maybe someone is from a taxi.

[00:09:31]Hey, I remembered that I once had an episode like that, when Uber was entering Poland, I thought to myself, and I live close to the airport, maybe I'll start driving people too.

[00:09:41]So it was crazy work for a month, right?

[00:09:46]Yes, it was such madness that the taxi drivers wanted us, well, I mean all the Uber drivers, they wanted to throw paint on us. Well, there was a lot of it.

[00:09:58]It was, it really was.

[00:10:00]I didn't [laughter] you didn't fail anyone. Do we have someone from the construction industry or do we have someone from working with the client? There are important things. Perhaps someone wants to change careers.

[00:10:15]There was such a question. I have n't been on Friday yet.

[00:10:20]Oh, we have a manager test in the Big Four.

[00:10:24]Greetings then. I once worked for one of the Big Four companies.

[00:10:34]I would joke whether you're still at work or not, but [laughs] I don't want to.

[00:10:40]But this is not a joke.

[00:10:41]This is not a joke. So I kind of respect this specificity of work. Okay, my dears, let's move on. Plan for today?

[00:10:51]Yes, the plan for today is to go step by step through the basic elements that most environments will be built from.

[00:11:01]So in this case, we'll go through a web application as part of a demo that will put it all together for us. But generally speaking, the components that we're going to go through, the ones you see on the slide right now, will appear in absolutely everything we want to create, right? Because we have to do it on some system, we have to have a database, we have to have a network, we have to secure it, we have to connect it all into one whole. I will only add some more logistical things.

[00:11:30]Listen, we are here for you and will answer your questions, but to make it all go smoothly, I will post the link in the chat. So if someone is on YouTube, I post a link to the chat where you can ask questions. Then I will have it all in one place. It will be easier for me to just collect these questions and then answer them.

[00:11:52]So if you have any questions, feel free to click on this link and then we will have time to answer them, so take it easy.

[00:12:03]Paul, what?

[00:12:04]Let's start with Windows.

[00:12:08]This is not Windows. Oh, there's Windows too.

[00:12:12]Okay, we'll start with Windows. Because everyone knows Windows. Yes, most of us, the vast majority of us, learned how to use a computer on Windows.

[00:12:22]For many people, Windows will remain the only operating system for life. Um, we also often encounter him in corporations. If we go to work for companies, usually the workstations will support Windows because we have a lot of integrations for this system, right? Whether it's Active Directory, which we need, or applications like Teams, Outlook, the entire 365 package, which is simply used a lot in these companies, so this knowledge certainly won't hurt, and in fact will help.

[00:12:58]But on the other hand, Windows is not just the icons and desktops we all know.

[00:13:03]Yes, Windows is a full-fledged system on which we can host applications, we can run services, we can use it as a server, we can automate it, and yes, we can write scripts, i.e. do what we would also do on Linux, but in a slightly different way, with slightly different tools, and it's worth knowing that Windows can be used in this way.

[00:13:33]Among the things we can use now, we have, for example, virtualization. Yes, we can run VMware or Virtual Box, whichever is more convenient for us, and run the system within the system.

[00:13:47]Yes, if we want to learn something on Windows and we don't want to mess up ours or we want to learn Linux, we can run such a virtual computer on our computer thanks to this application. The second system, to be precise, is of course Linux. Yes, Linux is a very important system, yy, because according to statistics, about 70% of all yy devices connected to the Internet run on Linux in some form. We also have more or less conscious contact with Linux, because it is in many devices, because it is simply a lightweight system.

[00:14:29]And now, as we can see on the slide, Linux can be in a desktop version, i.e. the one on the left. There are icons, there is a browser.

[00:14:39]It looks almost like Windows, but can also be in a terminal version.

[00:14:45]Yes, there are a lot of different colored symbols on the right side. This is the terminal, another version of Linux management.

[00:14:55]Thanks to this terminal, we can do everything that we can do in the desktop version, and usually much more, because the commands are usually more extensive when we use them from the terminal.

[00:15:10]And now I realize it looks a bit like black magic. M most people, when they are shown Linux in the console, are very scared, they don't know what to do with it, but it's not that scary at all. You can learn it quite quickly and you can understand quite quickly that using the system this way gives you a lot of benefits, allows you to do a lot more and after a while, for me, for example, it's actually easier and more intuitive, [clears throat] so we'll definitely cover that as well. Let's move on to the basics for now.

[00:15:48]Paweł, what was your first Linux?

[00:15:51]Ubuntu.

[00:15:52]Rebellion. Okay. Utu, u Vuntutu. Then I tried a few other distros. I once managed to do some magical RMRF on my Linux box.

[00:16:05]If someone doesn't know, there are commands that RM stands for remove. Then [snort] I specify the RF parameters, which means absolutely everything recursively, not just what is currently in the folder. Force, so that the system does not accidentally hesitate. And slash, i.e. the entire disk. with one command you can clean your computer.

[00:16:26]And Linux is not Windows. Linux won't say, "Hey, you know what, you shouldn't delete this, or even shouldn't delete it."

[00:16:33]Linux is very obedient. If we don't pay attention, he won't do it anytime soon, [clears throat] so I was very surprised then.

[00:16:44]Sorry about that database disease. Yes, databases are also an extremely important element of all these systems, because it is the place where we store information in an orderly manner.

[00:17:00]You can compare it, you can compare these databases to a very intelligent Excel spreadsheet, because they are also published in tables, but due to the way these databases work, we can very quickly search them, modify them, combine the data, and generally work on them. And in the context of an application, such a database is important because it simply stores all the data.

[00:17:28]Yes, this data is not stored directly on the disk or in the frame, it is stored in the database to be easily accessible.

[00:17:37]For example, Facebook, which most of us probably use, stores all posts, user comments, and generally all data about what we do in a database. Similarly, when we visit a bank's website, we see the transaction history or information about the account balance. And this also lies in the database every day. When [clear throat] we want to check it, the system queries the database, extracts this data, or modifies it when we spend money. An important element here is SQL, the language we use to talk to the database. This is a specific way of formulating queries. We will show it in a moment with an example, but it is worth knowing that this is the way in which we are able to perform various operations on the database.

[00:18:28][snort] Thank you very much. If someone doesn't understand the meme on the right, please don't worry. He is for me.

[00:18:38]If [clears throat] someone understands this very well.

[00:18:40]Um, computer networks, yes, that's what holds everything together. I need to bring this up because while we all use the internet on a daily basis, knowing how to turn on a browser and run Netflix is ​​a bit too little for professional work. Yes, that's why we need to dig into it. But starting from the beginning, the Internet is, to put it simply, many computers or other devices that are connected to each other, can see each other and communicate with each other. For example, a printer and a laptop at home can connect to each other. We can send a command to print a document via WiFi. Yes. And in the same way we are able to connect to a server that is on the other side of the globe. Of course, this path is more complicated, but the principle is the same. [clears throat] To understand how this works, we also need to consider IP addresses, because while in the local network we can call Paul's computer and printer 1, on the Internet there are a few more Pauls and it would quickly lose any meaning.

[00:19:56]That's why there are more printers on the Internet. Yes. [laughter] And more and more lately. Yes, because everyone is going 3D.

[00:20:05]Here on the slide you see an example of an IP address. It is simply a sequence of numbers divided into four octets that are unique, or at least should be unique, in a given network for a specific system or device. And now if I start a server and leave it to die, it will automatically get this IP address and you will be able to communicate with it.

[00:20:34]using this address.

[00:20:37]We do not use these IP addresses on a daily basis, because let's face it, remembering them in this form would be very burdensome.

[00:20:45]We use something called DNF, which means [clear throat] there are these servers that our computer connects to. For example, I would like to visit wp.pl.

[00:20:56]My computer connects to such a server, and the server tells it what IP address to connect to.

[00:21:04]then we can reach the device directly using the IP address, making our life a bit easier. There is one more topic we need to discuss regarding the network. I realize that these are a lot of concepts at once, but it will be possible to recreate, as Maciek said.

[00:21:25]Ports, yes, ports are different entrances to the server.

[00:21:30]And now we are setting up some service at the port. For example, port 80 will usually be the web server, i.e. if we upload a website there, it will be available. There have to be different inputs so that the computer, you know, the server, excuse me, knows what we actually want to do, what we want to connect to.

[00:21:54]Paweł, you have mutated.

[00:21:58]Maybe it's been too long since the gad system decided that enough is enough.

[00:22:03][snort] [clear throat] I was talking about the port having to be open, because even if we start the service, yes, but we don't open that port, it's like trying to get in through a closed door, it just won't work. So this is a very important aspect in the entire application configuration.

[00:22:23]Let's move on to the next slide.

[00:22:24]Perhaps it is also worth adding that there can be many open ports on each server, because a server is rarely dedicated to just one thing. Well, for example, there may be a web server, there may be a mail server, and all of this may be located on one server. And without these ports, it would have been difficult to get there. So we have a port for web browsing, we have a port for mail, for FTP, and for other services as well.

[00:22:57]Okay, switching slides.

[00:23:00][clears throat] Okay, security, which is a very important piece of this puzzle, because every piece we've discussed is a potential target for attack. Yes, the user interacts with everyone in some way, even if not directly. Everyone needs to be on some kind of network to be available.

[00:23:25]So securing these elements is very important, but it is not that simple, because we secure the system differently, we secure the database differently. For example, in operating systems or applications, the division into users will be very important for us, because in both Windows and Linux we have ordinary users who have limited privileges.

[00:23:49]We also have privileged users in [snort] Windows. these will be administrators in Linux this will be routi [snort] the user can do much more we can compare it, for example, to a school building where we have regular users, i.e. students who have specific places where they can move around. We also have an admin, who is our director, and he can enter, for example, his office, he has a key to it and he can not let anyone else in.

[00:24:24]but he may, for example, have employees who need access there and may grant them such access. Yes. And the same thing happens in systems when some users need access to some resources, so we allow them to do so, but they don't necessarily have to have immediate access everywhere.

[00:24:44]This division is very important because one of the most common goals of an attacker is privilege escalation, i.e. moving from this unprivileged user to our administrator. With higher privileges, we can do absolutely anything to the system, extract data or delete what's there, right? or encrypt as a popular ransomware.

[00:25:12]So our attacker gets onto such a server, has access to a mostly unprivileged user, and tries to become an administrator. Therefore, it is very important to divide these powers.

[00:25:28]There is a rule that users are given as little permission as possible to have, and at the same time as high as they need.

[00:25:38]Yes, we provide access to everything you need. But we don't give this access excessively, because it's simply dangerous. Yes, we need to control this access too.

[00:25:48]Of course, companies have appropriate departments or people who deal with this, and in accordance with good practices, users are grouped and only then granted permissions. Because if we gave each user permissions separately, in two or three weeks we would have absolutely no idea what who has access to, and it would be impossible to sort it out later. So this is also where systems come in, there is a lot of control over how we manage these user permissions.

[00:26:24]When it comes to data, both in motion and at rest, right? i.e. our databases and files, but also network traffic. This is where it 's very important for us to encrypt it.

[00:26:39]Um, because if we don't encrypt this data, anyone in the subnet will have access to it.

[00:26:47]Yes, traffic can be listened to in the database, you can get in and simply check what's inside.

[00:26:55]So by building system security through such small steps we are able to defend ourselves against a potential attack. Because, as the saying goes, when it comes to attacking, it's not a question of if, but when. So you need to prepare for it as best as you can.

[00:27:16]Redundant access is also a big problem in systems.

[00:27:18]Um, well, I've encountered at least a few times uh situations where something was posted on the internet that shouldn't be there and I won't mention it in a certain company.

[00:27:31]It was discovered after three years that the configuration file was publicly available and somehow no one noticed. Mistakes happen, but you have to take care of it, because there are certain rules, because there are certain practices to avoid them. these rules are for example, can you flip the slide, please.

[00:27:51]Bright.

[00:27:52]For example, there are rules regarding passwords, because what we see at this moment in the presentation are the top ten passwords from last year according to NAFKA. It's a bit hard to believe, but they get this data from reliable sources and people actually use such passwords, and these are passwords that are, let's be honest, trivial to crack, they take seconds [clear throat] considering their length and complexity.

[00:28:24]Therefore, as a rule, if something does not need to be shared, we do not share it.

[00:28:31]Yes. One more thing regarding security, because this is important for our demo. As we mentioned earlier, SQL is a database query language. Yes, this is how we communicate and the SQL Injection vulnerability we will be talking about is a situation in which we are able to pass a piece of this SQL and change the way the application works.

[00:29:02]This is possible in a situation where the application does not validate, does not check the input data properly, some filter fails and as a result we are able to do things in the system that we should not be able to do.

[00:29:19]Please experience the slide, because there we have it exactly here I would like to be. Yes, here is an example SQL query. At the top, [clears throat] as we'll see, there's a valid query that checks whether the username and password that were provided match those in the database.

[00:29:38]If we go through it one by one, we have select, which is the command for the database to select everything. From users, i.e. from the users table.

[00:29:50]Where, where user, which is the variable that we will use, equals the one that was provided by the user, and also password equals the one that was customized by the user.

[00:30:07]So our database will look for an entry in this table where the username and password match those provided by the user.

[00:30:21]I explained it quite clearly.

[00:30:23]Maciek, would you like to expand on this somehow?

[00:30:27]Well, this is, this is, listen, this is what's happening under the login screen.

[00:30:31]You log in to Facebook, Instagram, or anywhere else and there is a check to see if you are in the database and if your username and password match. If so, then go inside. If not, then you get a message that your password or username is incorrect.hm exactly. And below we have an example of SQL Injection. Hmm. And now as we notice at the top, um, our example has an apostrophe at the end. The apostrophe is a sign that this is the end of the query.

[00:31:07]And if we were to provide that apostrophe after entering the username, as you can see at the bottom, we'll close our query. There is still the next part that checks the password, but here we have it, I'm just moving the mouse around the screen, but yours will actually be more visible.

[00:31:26]But the hash that's there tells SQL that the rest is a comment. Don't worry about it at all, it's for the user and in this case the password simply won't be checked.

[00:31:40]So the database will check if the user exists. If it exists, great, let's go ahead and log in.

[00:31:48]Now let's move on to the demo. I just need a quick second. Okay, I'll switch screens.

[00:32:00]Wait a bit longer. Oh, we'll do that. Now it will be full screen. If you want to see it for yourself, you can turn it on full screen. It may also be more convenient for you. Paul will also be expanding. I definitely will. And if you need me, I'll be there.

[00:32:17]Let me know if it is visible or not. Oh, god, I'll say it, it works for me, [clears throat] but you say you want bigger ones. Yes Sir. Okay.

[00:32:30]Then you would have to enlarge these terminal letters. Take this. Add ctrl shift plus. Oh, it's okay.

[00:32:42]It's okay. [clears throat] This is a Linux console. Yes. Um, what we want to verify here is we'll take a look at the systems we've set up.

[00:32:54]These are three independent containers. In this case, uh, we 're not going to get into the topic of, [snort] what containers are.

[00:33:03]For the purposes of this presentation, let's assume there are three servers. Okay, because in practice it will give us the same effect.

[00:33:12]As you can see, we have a backend here. So this part got separated because of your enlargement and I can't see it.

[00:33:24]We have the backend, which is the part of the application that sends data from the front end. Yes, the front, or this container here, is what we see on the page. Here we have a website. This is the frontend, i.e. the part of the application that the user interacts with. [snort] The frontend sends data to the backend. The backend, in turn, contacts our database, where we store all the information about the application.

[00:33:59]First we will try to log in.

[00:34:01]This won't be too difficult since we have visible credentials at the top, so let's see if it works.

[00:34:09]I am logged into the application.

[00:34:10][snort] The application is very simple. This level allows me to do two things. The first is to check which users we have in our database.

[00:34:20]And now, to confirm that it is not written like that on the website, but actually exists, we will enter the database.

[00:34:30]Now I will execute an SQL query in the database and tell it to show me everything that is in the users table.

[00:34:40]And we see that we have three users that match what the system showed us. [clears throat] We can add a user, let's name it very creatively test and we give user has been added. And again, if I check, the user is here and if I check from the database level, this is our test user.

[00:35:09]Are you able to enlarge the app even further?

[00:35:14]Application? Well, Ewa writes: "Please enlarge the letters."

[00:35:20]Oh, maybe so. Well, is it good now? Eva, great.

[00:35:24]I guess it's perfect now. Okay, now we'll do it the other way around, because we've checked that what I do in the application affects the database.

[00:35:33]Now we will perform another query in the database, i.e. delete from the users table where username is not in this list. The list is admin, test user and Paweł, i.e. the three users we had at the beginning.

[00:35:51]We see that the query has been executed.

[00:35:55]If I check, I can actually see that we only have three users now.

[00:36:00]The question is, what does the website say about this? There are only three of them. Yes, the system works, the query passes through the waka, reaches the database and cooperates with it.

[00:36:13]Well, let's just say this is only part of what I wanted to show you, because we also have SQL injection to show here, which is what we discussed on the slide a moment ago. And now if I enter our admin password again, but I enter, sorry, username admin, but I will change the password, I will get information that the credentials are not correct.

[00:36:41]Well, now we'll try to cheat. We'll close the query and add has don't care what's next, and then, as we already know, there's end, password and so on.

[00:36:54]We are logged into the system. Yes. The system did not verify our password at all.

[00:37:00]Admin as a user exists and will therefore allow us to log in.

[00:37:06]And in this form it can also work in real systems where something has simply been implemented incorrectly.

[00:37:17]Maciek, are we also doing the second part of the demo or not, because I don't know how we are doing with time.

[00:37:23]You know what, let's save this for a little bonus at the end.

[00:37:26]Okay.

[00:37:27]Paweł has prepared one more interesting thing, but that might be the time for later.

[00:37:35]For now, let's move on to the presentation, because many of you are here to change your career path and I wanted to take a moment to tell you what it looks like in the current job market and I've gathered some cool materials, including the Future of Jobs Report on skills that are on a positive trend and that will be required in the coming years. And, among other things, Networks and Cyber Security is in second place right after AI, so it is clear that this will be a desirable skillset, which will certainly be well paid by employers. Well, if you would like to know what the earnings are like, I collected information from several such reports, two of the largest job boards in Poland, No Flobs and Just join IT. On non fluff jobs you can see that people in security who start in junior positions can even get 14,000 here in B2B, i.e. if someone runs a business, but these are the starting rates - 9,000 net in B2B, i.e. when we have a contract. And 8,000 with an employment contract. Here is the gross value, so we start from there. Well, as you can see, the ceiling itself is quite high, because here you can even count on earnings as a senior citizen as low as 28,000, and for people who earn much, much more. You can also see it on another report from another site, from Just join at. You can see, you can see this explosion. This is always interesting to me.

[00:39:21]It is nicely presented. Expected salary for a junior. Someone who enters this industry may have heard a lot of interesting or uninteresting content from strange people.

[00:39:34]And I want to aim for a salary like 12,000 somewhere. I'm sorry, but let me interject that while this isn't a realistic starting salary in most cases, [snort] moving from junior to mid isn't as long a journey as reaching senior. Yes. The salaries you showed there are very realistic in a relatively short time, because someone who is committed will quickly achieve a certain degree of independence. And that's what this is really about.

[00:40:06]Yes, it's not even about someone having years of seniority, working as a junior for three years and then jumping to mid, it's just that you have to prove yourself more.

[00:40:16]And it's the same with these starting positions.

[00:40:21]Among the people we work with who are in the security school, the ones who achieve the best results are those who demonstrate what they do and do and show their future employer how they can help the company.

[00:40:37]So for me, a junior is a person who comes in and learns, implements, and we teach so that you already know what is important and what is done in a specific position. And probably many of you have also looked through these job offers and seen how many junior positions there are.

[00:40:56]And listen, the situation is this: of course everyone would like to have a specialist in their company and would like to hire a specialist, but specialists are not born. It's not like they grow on a tree somewhere or just appear out of nowhere. A specialist is a person who has followed this path. She went from junior through mid to senior. And it's the same here.

[00:41:21]and the people who will be needed in cybersecurity in Poland will be needed a lot, a really very large number of people, because even the Act on the national cybersecurity system, which was issued in April, is a very recent issue, it covers up to 40,000 enterprises, so the scale here is huge. And now imagine that at least one person there, at least one, and honestly from the point of view of risk analysis, well, one person in the position of IT specialist or cyber security specialist, well, that's a very high risk, so there will be a need for a lot of people to work here. And it is also clear that companies want to hire people.

[00:42:08]E, here in the ESET report, such antivirus companies, the biggest challenge is staffing issues.

[00:42:19]And here some companies are hiring, some want to hire. And here is the biggest problem - it may be either a limited budget or a lack of specialists on the market.

[00:42:31]So how do you become this specialist?

[00:42:34]Nowadays, in addition to having knowledge in the areas Paul mentioned, it is also worth presenting yourself well. It is important that you have a nicely written CV and LinkedIn profile to highlight your good qualities, your advantages, those that will help the employer later in the job.

[00:42:54]And that's also a question I get.

[00:42:58]Oh, very, very often. Paweł, will AI replace analysts, security people, or defsagops?

[00:43:08]What do you think? will not replace. And I have two answers why. [clears throat] The first one, which not everyone will believe, is that humans are much more creative and are able to do things that AI simply cannot think of. AI is a brilliant help. I don't deny it, I use it myself at work and you can achieve a lot this way, but you have to know what you're doing. AI is not absolutely independent and will never be as independent as humans. will become an increasingly better tool for us, just like Visual Studio Code is, not Notepad. Yes it's just another tool. And the second thing is, if someone doesn't believe that technology won't develop like that, it 's expensive and companies [clears throat] that have switched to AI are already turning back because it turns out that AI isn't free. Tokens, these tokens cost a lot of money, they flow very quickly, and already at this point some companies have turned away from hiring juniors, just like some time ago everyone rushed to the cloud, because you have to be in the cloud to be modern, and it turned out that not everyone has to be in the cloud, and when the invoice comes, it hurts. And it's the same here that some things just do n't have to be done this way.

[00:44:29]I'm just saying, well, people think differently, and I've talked to many specialists, because we've also discussed this topic, right?

[00:44:42]And I absolutely don't see such a possibility.

[00:44:45]AI in the hands of specialists is a great tool, but in the hands of people who start without the support of other specialists, it is something that can cause harm. And let me tell you honestly, yes, AI has really messed things up.

[00:45:06]In my current job, I do many, many things that I would do by hand.

[00:45:12]And so it automates my work, really routine tasks, draws conclusions, helps a lot, but ultimately at the end of this research it's me who interprets these results and can do something further with them.

[00:45:28]This is a great support tool, but such strategic thinking. The creativity that Paweł mentioned is something that AI is not good at, and these decisions are ultimately made by a human to take some action and they require a human.

[00:45:48]And I have an analysis tool and it's great for that. Yes, the name artificial intelligence is just a slogan. This is an analysis tool, very advanced, but only for analysis.

[00:46:01]And listen, also remember that there are always two sides to cybersecurity. The light side and the dark side. And while we still have ethics and we don't want to hurt anyone with our actions, cybercriminals have long since given up on that and are using AI and various models to rob you, your families, and impersonate various companies. among other things, for example, here is an article about how cybercriminals use tools to create websites on the Internet. Look, maybe you've logged in to some Microsoft account before. This page looks perfect here. I wouldn't stick to anything. It looks beautiful as a login screen, with probably some SQL floating around underneath, but there is one thing that should not cause you concern, namely the address. It is clear that the quality of work of cybercriminals has also increased. And now think about how many cybercriminals there are and how many people are on the good side.

[00:47:20]So we need even more of us on this good side.

[00:47:26]Well, that's work. Cybersecurity work is one that cannot be replaced by AI. will support, but not replace.

[00:47:35]And this is often my target, and I'll tell you, I'm still in this bracket, so I meet people along the way. By the way, Paweł, I guess you also changed professions after the age of 30, right? I was completely hooked on my first job. I got my first job in IP as DevOps in September, when I was 29.

[00:48:05]Oh, well, you see.

[00:48:06]So, New Year's Eve, when I was about to turn 30, I was working at IP, but it was still [snort] quite late. Besides, in this context, it's not like I went to college and did it.

[00:48:22]Because I changed professions when I had two children.

[00:48:27]Overall, it's quite a difficult situation, is n't it? It wasn't like I had two at the time, I finished work at midnight and learned what was three at IP.

[00:48:37][snort] Exactly. And so do people who come to us who currently have a job that they may no longer like, that is burning them out, they want to change something and they are worried whether it is the right time. What's more, I'll tell you honestly that there are also people in their 20s who write that it's too late to change their career.

[00:49:00]And then I always ask this question: can you see yourself in this current job, which doesn't give you pleasure, until you retire?

[00:49:11]If you don't see it, then maybe something needs to change.

[00:49:15]And here I have the example of David. Dawid yy worked at the yyy warehouse for 17 years and is currently a great specialist when it comes to pentesting. From time to time I send her information about what certificates he obtained and what he did. And yeah, sometimes I ca n't even keep up with what he's doing, so these are really amazing cases.

[00:49:39]Because it often happens that people come to me and say: "Okay, listen, I'm just firing up this YouTube, I 'm doing labs, tutorials, but it's all without a plan or structure and without any sense, because people often disagree, that's okay, [snort] because people often think that just watching a few pieces of information on YouTube and they can start, but they forget about the basics.

[00:50:12]And my dears, that's why Paweł and I have prepared the IT Starter for you.

[00:50:20]This is a program where you acquire the foundations that Paweł talked about in his presentation, which he also showed in the demo. This is a program where you can get started and acquire solid IT foundations. We break down these foundations into prime factors. We have networks, we have Linux, Windows, SQL, and the basics of security. And these are elements that you will encounter in every job.

[00:50:51]Whether it's IT, security, or any other, you will always encounter them.

[00:50:57]And this is a program that will give you these two things. First, These are solid foundations so you can build your future career on them.

[00:51:06]And the second thing is, yes, the second thing is that you'll learn which path in cybersecurity to choose next, because as I mentioned, [clears throat] I'll finish, for example, I've been to both, so I had the pleasure of doing it.

[00:51:21]You might be at a point where you don't know which one to choose yet, but something that will definitely be useful to you is these foundations. As for what it looks like, we created a program on steroids, a security starter on steroids.

[00:51:36]We have eight live meetings, and every Wednesday you 'll meet with specialists, including Paweł.

[00:51:44]I think Paweł will meet the most. So you have what I mentioned about AI. You have someone you can talk to about AI results, even and you can confront them, because if you read and trust these videos 100%, you can really get lost and either learn strange things or, well, do something that's not meant to be, that won't get you anywhere near your goal.

[00:52:18]So every Wednesday you can meet with a mentor, ask a question live, and you leave with the satisfaction of knowing what's going on. And as I mentioned, we have six meetings with Paweł, but we also have two more.

[00:52:35]So two of those eight meetings are where we'll host practitioners. Practitioners from both sides, specifically from the Blue Team and the Red Team, so you can see what both roles are like, so you can ask a question to someone working as a Security Analyst, or to ask a question to someone working as a Pentester, and decide which direction to take next.

[00:53:06]And we'll have Weronika Maciejewska, with whom I work, and I also work with Kuba. There are mentors from mentoring programs. Great people, great specialists. I could go on and on, but you'll meet them in person, so you'll have the opportunity.

[00:53:26]And what's more, if you change your mind and after these materials you've covered, think, "Damn, security isn't for me." Then know that these elements Networking, Linux, Windows, SQL, and security basics are all elements you'll encounter in every job.

[00:53:51]Yes.

[00:53:52]In a DevOps role, you'll definitely learn all these things, right?

[00:53:57]That's for sure. I'm actually wondering what IT specialization doesn't require these things.

[00:54:04]I think that even if, by some miracle, you become a programmer and don't absolutely need them for your life, it's a bit weird to write programs blindly. It's nice to understand what's going on around you. So, really, it's useful in every branch of IT. Yes, because understanding the whole concept, understanding the whole thing, is very beneficial because you have to talk to these people. I don't know, working as a database specialist, you theoretically focus on databases, but these databases are system-based, communicating over the network, right? You have to talk to other teams, so this knowledge is simply the foundation for working in IT, the glue that makes it all work. So these are the foundations in every IT role, not just in cybersecurity. So remember There's no wrong solution here.

[00:54:55]If you go further in cybersecurity, great. If you go in any other direction, you'll always have the foundations that will stay with you until the end. And they will stay until the end, because you'll have access to lifelong learning, but more on that later. I wanted to introduce you to Kacper.

[00:55:14]Kacper was a chef, currently working as a pentester at one of the companies.

[00:55:20]Paweł Kacper decided to take on mentoring, and that fueled his entire learning process. We shared progress checks, CV improvement. These are all things that helped Kacper.

[00:55:35]I also invited Kacper to a pentester project once, where he could also demonstrate his practical skills. We also have Ania, who worked, is currently working, and has even changed companies again, as I recently observed, but she worked at a local government office, was a clerk. And well, she even wrote, "If someone had told me two years ago that I'd be working in cybersecurity, I wouldn't have believed it, and it's amazing that I'll be doing what I'm doing now." I really want what I chose, not some random decision like a parent once did. Perhaps you're in a place where you went to work and ended up there because, for example, you had to earn money to pay the bills.

[00:56:24]I've experienced similar situations with people.

[00:56:27]I've heard stories like this. Someone took a job, wasn't interested in it at all, felt burned out, and wanted a change. So maybe this is the option for you. Now, what do you get in the mentoring program?

[00:56:41]You get the Security Starter course. This course alone, if you'd just like to have the materials for yourself and work through them independently, costs 1999 PLN. And as I mentioned, Linux networks and Windows Security are included in the course, so you can refer to these materials whenever you want. This is a review of our program. Everything is well-thought-out, divided into modules, and the instructors explain the materials in a very accessible, professional way. So, here's Asia's positive comment about the Security Starter. And what's important, in the mentoring program, you get lifetime access. If you wanted to just join the security starter course off the street, access is for 12 months. You can join and complete it as many times as you like.

[00:57:34]The materials are available on the platform 24/7, so you can study in the morning or in the evening.

[00:57:42]Each of us is different, and that's why we have this form of learning. I like, I like studying in the morning, but in the evening it 's more like a chillout, but morning is my time. I like it, and that's how my cybersecurity learning was. When I was moving between departments, I would wake up at 5:00 a.m., before the whole house was up, and that's when I would study. Paweł, you said you studied at night, so everyone has a different one.

[00:58:11]And everyone has, you know, there's no right or wrong path here. Everyone simply has one.

[00:58:17]No, not really.

[00:58:20]Everyone has a slightly different way of functioning, and for me, evening really is the time where I can sit for a long time [laughter] and [clearing throat] I actually absorb more.

[00:58:32]Acquire knowledge. Exactly. And when it comes to this knowledge, you can then confront it with Paweł, among other things, during live meetings. Every week you 'll have a meeting where you can ask questions, seek advice, and support. We're there for you. I'll also be at some of the meetings.

[00:58:51]So that you have someone to bounce off the thoughts and observations you 'll have each week.

[00:59:01]Of course, Weronika and Jakub will also be there to answer your questions about these two paths. Should I go more defensive or more offensive?

[00:59:12]And we're talking about meetings here.

[00:59:16]They're on Wednesdays at 6:00 PM, but if you have any questions after these meetings, you can ask them in the Discord channel.

[00:59:26]You can also share your thoughts there. And while you're working through these materials, join Discord and ask a question.

[00:59:35]We're there too. Of course, you'll also receive a certificate of completion.

[00:59:41]And I have a bonus, because listen, this is our seventh year in business, and I thought I should also give you a nice gift, and you'll get two. The first is that for the 15 people who join, there will be a one- on-one session with me after they've completed the program, where we'll talk about what you can do next. It's an individual session, one where we can go through your CV, we can go through your LinkedIn profile, and talk about the next steps you need to take. Then I focus more. I send you three questions before the meeting, you answer them, and we do a coaching session to support you on your way forward.

[01:00:29]And listen, it can also be a job interview, a mock job interview.

[01:00:36]And as you can see, there are opinions after such interviews. The conversation with you showed me what to pay attention to during such a job interview, and I also know what it will be like. It's a brilliant idea.

[01:00:47]I realized what stage of my learning is at, and that's why this form of support is also here.

[01:00:55]As for this, it gives a lot, please, it gives a lot, because we've often talked about this—I think we've already talked about it more than once— that people don't submit CVs because they think That's not it yet, is it? And such a conversation, verifying it, is a great incentive.

[01:01:14]Exactly. Sometimes people think, "I still need to learn this, I still need to do this." In reality, they've been ready for a long time, but they need it, sometimes you need to hear it from someone. Listen, when it comes to the price, 2999 PLN is the amount you need to spend on your investment in yourself.

[01:01:39]And there's a second bonus: if you want to go further, you have a great opportunity to do so; you don't have to buy another mentoring program, which costs 6999 PLN.

[01:01:58]Here, you have the option to first enter Security Starter, the IT Starter mentoring program, and then if you want to choose one of the mentoring programs, you just pay the difference. So it's a form of pre-payment for advice. So if someone wants to go further, they don't have to; they've already credited the amount they spent.

[01:02:21]They've credited that amount towards their development, so you only pay the difference.

[01:02:27]Now, as for the important things, you might be thinking, okay, but maybe it's the course itself.

[01:02:33]I'll choose it myself. The course, and it'll be fine. And of course, that's also an option.

[01:02:37]If someone wants the course itself, no problem.

[01:02:40]This is also something that will help you, but it works for people who want to work independently.

[01:02:47]So, as you can see, I've compared the two here.

[01:02:51]The full material on networks, Linux, Windows, SQL, and security is everywhere, both here and in the Security Starter course and in the IT Starter program.

[01:03:01]Lifetime access to the materials. Well, in the Security Starter course itself, we have 12 months. Lifetime access is available in the IT Starter program. A live mentor on Wednesdays for these eight meetings, two months. This isn't included in the course itself.

[01:03:16]We have it in the mentoring program.

[01:03:18]Live questions and answers are also available here, but only in the mentoring program.

[01:03:24]Guidance, demonstrations by practitioners, and Q&A sessions with practitioners are also included in the mentoring program, and help in deciding which path to choose is also included in the mentoring program.

[01:03:39]We have a one-on-one session for the first 15 people to join.

[01:03:44]And also remember that the amount you invest in the IT Starter program counts as a down payment for the main mentoring program.

[01:03:58]So you can see the difference is small.

[01:04:01]It's 1,000 PLN. That's the difference in where you are after those two months. Remember that this isn't the kind of course you can buy and put on the shelf, think about it, and one day I'll do it. And also remember this. You'll probably receive an email soon. And I'm also remembering my promise in emails, so I invite you to check your email soon that this program could change your life. And remember that you'll also receive an email and a link soon, but you can also read the review here. Also remember that even today I had an email conversation about how I'd love to meet in Łódź, so if anyone is in Łódź, we'll probably be organizing a meeting soon. Um, so here we are, whether I or Paweł are happy to meet offline, so it's not like that, We're just talking from the computer to you and we're still communicating. Um, we're real people, we can scan your face, it's not AI [laughter] and we like to see you, so we don't disappear and we're working. So if you're interested, here's the link I promised you in the email, so you're welcome. I'll also post a link to, um, I'll also post a link to the chat so you can, uh, click.

[01:05:39]Okay, that's not it.

[01:05:49]And we'll move on to the Q&A session in a moment.

[01:05:57]Okay, you can click the link in the chat and we'll answer your questions.

[01:06:05]Pin the message.

[01:06:08]You can also scan the QR code. This is a secure QR code.

[01:06:13]That's what I would say if I sent someone a dangerous QR code.

[01:06:18][laughter] [gasp] Yes, yes, I know, I know. You might be opening it on your phone right now, and it's really safe.

[01:06:26]Generally, remember that it 's not that scanning the code itself is something scary and what might already be Kill you.

[01:06:35]Remember that what happens there after that, you might need to provide, for example, your Facebook or email login and password.

[01:06:44]Well, the opening itself, of course, in extreme cases, it might be, because there might be browser vulnerabilities and other things like that, but generally what's more important is what you do with it after clicking. Be careful.

[01:06:59]And now, another important thing. We're starting on June 10th. That's Wednesday, but we have to close registration earlier, so it's important to register by June 3rd, at 11:59 PM.

[01:07:17]Later, this won't be possible, because we're starting on the 10th. We're starting with a group on the 10th, so we need to gather a group by June 10th.

[01:07:29]He's prepared with meetings, he's prepared materials.

[01:07:35]I'll also be there. We have mentors scheduled, so you can expect a truly amazing time with industry people who will help you gain fundamental IT knowledge.

[01:07:50]Yes, I remember those events. " Meet me, excuse me, meet me."

[01:08:03]But were you in Wrocław? We were in Wrocław? I'm sure I was, but Lewogóra is Where was that?

[01:08:11]Warsaw. The top left was Warsaw.

[01:08:13]But I do n't think you've been to this one yet. This was my first one. So listen, as you can see, I meet people in different places. Paweł and I have seen each other offline many times, so I cordially invite you to these meetings too.

[01:08:28]And now we'll move on to the Q&A session.

[01:08:30]I'll open up my magic question sheet and I also see that there were questions in the chat, so I'll get to them, but one by one.

[01:08:44]Okay, already, already, already, already, already, already, already, already, already, already, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, now, I have a few questions. Okay, now I have a few questions.

[01:09:06]Okay, here we go. Patryk asks: "Hello, I've had a long time, I have a lot of text to read. Hello and welcome. I have been wanting to start working on the juice for a long time now. I know about the practices on tryhmi. I have purchased the Security Starter course and in the meantime I am learning Security Plus, i.e. the Security Plus computer. Can you advise me on something I should focus on going in this direction? I would like to add that I currently live in the UK, but I would like to live in Poland sometime soon. Thank you and best regards.

[01:09:39]Well, this requires so much practice. First of all, because it's important to show the employer what you're good at and what you want to do.

[01:09:52]So you also need to present yourself not only, not only with your CV, but I also always recommend people to use LinkedIn. There too, because whether you like it or not, someone will always check you before the interview.

[01:10:07]Someone will always type your name and surname, even on LinkedIn or even Google, and check who they will have a meeting with.

[01:10:14]Whether officially or not.

[01:10:18]Paweł, would you advise something?

[01:10:21]I would advise consulting with you on this matter, [snort] would n't you? Yes, quite seriously. Well, I think that conducting such a test interview is very beneficial because you know what questions you might be asked, and sometimes these are questions that are not entirely technical. The point is not that you have to cheat here, but there is a question like what incident did you encounter recently that was special.

[01:10:48]Yes. And you have to have something specific in mind to say it, right? Because sometimes there will be a void as a result of stress.

[01:10:58]Sometimes you need to know how to say it, so I think that such a consultation really works, and even if it doesn't, you can just start going to talks, because that's also a big learning experience.

[01:11:12]Yes. Well, with each conversation it gets easier and easier. This is also training.

[01:11:17]From what you're writing here, you're already doing a lot, so maybe you just need to be persistent, start the process, the recruitment processes, go to those interviews, meet people.

[01:11:29]Maybe it's time, maybe it's time, because you're very active here, so get in touch and we'll see what we can do next.

[01:11:40]It is worth remembering that it is always possible to find some technology that you are not yet familiar with. There's always more to learn, right? You can't approach your readiness to look for a job this way.

[01:11:53]Yes, because it is a learning process, especially in cybersecurity, it is an endless process. Just like cybersecurity itself, it is a process that never ends.

[01:12:04]And we also have a second question.

[01:12:07]What do you think about ISO 27001?

[01:12:11]Learning audit towards cyber.

[01:12:13]auditing studies towards cyber.

[01:12:16]Well, this is also you know cyber, not cyber is not limited only to work in juice or to the work of a pentester. If you want to be an auditor, go this route. Here I have little experience in this topic, so Paweł, have you met? I mean, I know a lot of auditors, of course, because I know what this job is about too. Well, the compliance processes that we did in the company also fall within this scope. Paweł, do you have any opinion whether it is worth going to ISO? I do n't know if it's worth going, because I don't know this market, unfortunately.

[01:12:53]I can guess that this could be an interesting direction, because it is a popular norm. I also went through some company-related compliments to meet this standard. Um, so this could be an interesting, interesting direction, but I do n't know anyone who would deal with it.

[01:13:15]Well, now auditors will also be needed, definitely more, even though it is because of NIS 2.

[01:13:24]Exactly. Is the CRA now issuing another such directive through Dora?

[01:13:31]And these are only the EU directives here, and there are also directives for the United States, for example.

[01:13:36]other markets, so people who will check whether we comply with these requirements, well, they will also be desired on the market. The only question is, does this type of work interest you? I always tell people to check themselves. It is important to check, to talk to someone who is there, who deals with this. So, a piece of advice, if you're asking if it makes sense, ask someone who does it. So, you know, find someone on, uh, LinkedIn, reach out to them and maybe they'll respond.

[01:14:08]Well, that's a great idea, because people are generally very open. gladly.

[01:14:13]People like to talk about what they do.

[01:14:15]People like to talk about themselves, so there's a good chance you'll get some feedback.

[01:14:21]And it's worth getting to know what a given job looks like in reality, because it can often differ from what you imagine, right?

[01:14:30]And it's also worth, you know what, it's also worth asking questions about specific companies, because not every company is the same. The specifics of working there vary in different companies, so it's worth asking someone who works in that particular company to find out if it's actually worth working there.

[01:14:51]I even say this from my own experience.

[01:14:53]I had such an experience that I asked someone if it was worth working for this company and was told that it was not worth it, because I was leaving here and it was better not to, because the company would also close down.

[01:15:09]Well, this is also a big plus of the community you have created, not that you can find many, many people from different companies and often this type of advice can be called happening.

[01:15:20]Exactly. So if you join one of the mentoring programs, you have access to the community and also to me, and then I connect people. So if you told me you wanted to work for a C-ranked company or an A-ranked company or an I-ranked company, then I would connect you with people who work there so you could ask questions and get first- hand information. So this is also the value of networking. This is probably the greatest value. This is a lot.

[01:15:54]This is a lot.

[01:15:56]Um, here's an interesting question, gentlemen. So does it make sense to study cyber security? Are the courses and programs at your school completely sufficient to get a really good start in this field?

[01:16:12]I'll start. Paweł, I'm going to be biased, so start.

[01:16:16][laughter] Listen, first of all, I'm not a hater of studies and they, if someone, I don't know, is young and has time for it, then okay, do those studies.

[01:16:30]If someone is older, I don't know, in their 30s or 40s, and wants to change their career, think carefully about it, because it's a lot of time spent at university, whether online or not, but most importantly, choose wisely, because I've heard of truly terrible things, truly such practices at these schools, that when the course is in pentesting, they installed Burpa, a tool used for pentesting, in the last semester.

[01:17:10]Great.

[01:17:11]They learned a lot.

[01:17:12]They learned a lot. Yeah. So here it is also worth knowing what you will be learning and it is also worth consulting. Well, actually, I thought that by going to such studies I would also learn as much as possible. Well, you don't really understand what is written in this syllabus, for example.

[01:17:28]So it's worth consulting this with someone who is in the industry. It's also worth checking who teaches, because often, well, there are people who just happen to be there, so it's worth verifying. In general, security means trust, it means control. Well [laughter] [clearing throat] [snort] Paweł, I think the same way.

[01:17:57]I think studies are for people who have time for it. Well, I've talked to many, many friends about this in general and I've always heard that it's great, you can learn a lot of the basics, but you can develop these basics in a completely different way and much faster, because the studies are structured, the studies are for a group, the groups adapt to a certain level, so it's possible, but I don't think it has any particular value. Um, and I say that my friends told me, because I work today as a DevOps, Def Secops, working with the cloud and currently with AI, big data and doing all sorts of weird things that I didn't know existed before, uh, I don't have any studies, no, just to be clear.

[01:18:44]and I'm alive, I'm doing quite well this time, so if someone has the time and money for it, then cool, but I wouldn't choose studies as a way to guarantee me a job. This definitely wouldn't be my first choice.

[01:19:00]These are no longer the times when someone who has a university degree, a master's degree or an engineer gets a job. It's been a long time since that happened.

[01:19:09]It doesn't matter.

[01:19:10]Well, it doesn't matter. I myself have an economics degree, I graduated in computer science there, but there were more things related to economics than to computer science. The elements you have in security, in IT security, in the mentoring program, these are the most important ones that you learn from these studies, namely how networks work, how systems work, how databases work. Well, for example, I didn't have much experience with security during my studies. Well, I had, I had cool stuff from databases, I had cool stuff from Linux, so there were things like that. But oh well, they weren't designed in such a way that they would later help me in my work. In the sense, they were not made with security in mind, for example.

[01:19:55][clears throat] So, studies last 5 years, right? 5 and a half years since we started engineering, so I work in IT6 with a slight break from Totalny junior. I really was super green when I started working.

[01:20:11]I have reached a senior, totally independent position and I feel that I have invested my time better.

[01:20:21]And also what Paweł said, if you have time and money, go, why not? But also invest this time well. And here, by investing your time in this way, I mean that you should take advantage of study groups, make use of contacts, meet people, and do projects.

[01:20:42]This is something worth doing in college.

[01:20:44]I have done it many times, many times last year and actually this year too, because I was at the Gdańsk University of Technology in February, I gave talks at various universities and talked to students, and it's great that they have these scientific circles. There is a science club called Pink, White Huts in Wrocław.

[01:21:06]Sometimes even people from the street come to these lectures, so it's worth it, it's worth getting interested.

[01:21:11]Well, as far as networking goes, yes as far as networking goes it's a cool place, so yeah. And that's exactly why I needed this opinion.

[01:21:22]Okay. If I have a security starter, there is an option to pay extra. Yes Sir.

[01:21:27]Of course, please contact us and we will arrange for you to pay extra.

[01:21:38]Thank you for the webinar. I have to get the information out. Can I have information about mentoring emailed to me? Of course, if you are registered, I still remember you and you can also find your special offer at this link.

[01:21:51]It is only for people who have registered for the webinar, so you will also receive this information by email and everything will be nicely described, as well as how to join.

[01:22:03]And what exactly percentage of people who completed the course currently have a job in Security? Well, here, you know, how to put it, those who try, because people are different and we also work with adults. If someone thinks that they will buy it and it will give them a job, then you can don't buy it. Or buy it and leave it, right?

[01:22:31]Here, however, you have to roll up your sleeves and do the job. It's not like that. If you want to believe in fairy tales that someone, that someone after a given course, I don't know, in three months became, became some kind of specialist, then you can go to, I wouldn't even call it a competition, but there are companies that say similar things or, for example, say: "You will become a cybersecurity specialist."

[01:22:57]And then I wonder, "Okay, but what am I going to do?" Because that's the idea of ​​me wanting to become a doctor. But in what specialization?

[01:23:08]Sure, yes. It takes time, right? It takes time, repetition and perseverance. This is something that you really need, that you will really need, because I wish with all my heart that you would get it right the first time, but I don't know. Paweł, have you ever had a situation where you had your first interview and it was passed?

[01:23:32]No, I mean, if it's about your first job, no.

[01:23:36]Later, when I was looking for a job, there was a period when there was generally a big boom and interviews became much easier.

[01:23:44]But generally, let's not kid ourselves, it 's a process. Yes, the first one is such a famous fishing rod. No one will do anything for you, because even if I wanted to, I won't learn anything for you. I can explain, I can help. Well, that's what this mentoring concept is for, so that you don't have a situation where you read a topic, don't understand it, and there's nothing you can do about it.

[01:24:07]Yes, everything can be explained and logically explained a fifth time, no problem, that's what we're here for.

[01:24:14]On the other hand, it's also some kind of motivation, I think he has a certain regularity of meetings, so somewhere in the back of his mind there's the idea that we'll see each other on Wednesday, we'll talk about something, so I think that's also an additional motivator. But here, without your own work, as Maciej says, there is no magic here. It's not like we'll buy a course, put the book under the pillow, go to sleep, and in the morning I'll be a cybersecurity specialist. Well, I won't. Yes, this is the way. After the course, this path can begin and it will still require a lot of work, right? Because we get a lot of knowledge, but firstly, the industry is constantly transforming, and secondly, let's be honest, one course does not provide all the knowledge about cybersecurity. Yes, this is a big topic and needs to be constantly developed. Just like I, working every day, have to educate myself every day, right? Because if we are not moving forward, then in the case of IT we are moving backward. So the point here is to be motivated and act within the current scope.

[01:25:19]Yes. In our work you will not lack knowledge.

[01:25:23]But you have to do it and you have to have solid foundations, because just think about it, you go to work as a pentester and you have no knowledge of how networks work. You get it and then something doesn't work for you and someone asks you something, not the routine table for example, and you don't know what to do with it, right? Don't know where to pin this topic. The same goes for knowledge of systems, whether from SQL, Linux or Windows systems, well, this is something you simply need to build on it in the next steps.

[01:26:04]The comment was also cool. Isn't it like you have to be good on the Red Team to be good on the Blue Team?

[01:26:11]Messi is an attacking genius, but he certainly knows more about his opponents and defenders than they do themselves. You know what, yes and no.

[01:26:20]I know people who, because you're talking about this here, good on the red team to be good on the blue team.

[01:26:28]This is honestly not the case. These are two different skill sets. While working in progress, I attended offensive security training courses and it was a great learning experience. It was cool to see what attacking looks like, but those analytical skills were more useful than just learning how to hack something.

[01:26:56]Of course, it's worth knowing that there are attacks, how they work, and so on, but you don't have to suddenly be a great hacker to be a great defender.

[01:27:08]And the other way around as well. I honestly know from experience that some of my colleagues didn't even know what was going on, what was being done in Sok, fellow pentesters. So this did n't bother anyone at work.

[01:27:27]Certainly knowledge will not hurt, but it is not necessary here.

[01:27:32]Yes, it's not super necessary.

[01:27:37]Oh well, my dears. I don't see any questions anymore. I'm so glad you stuck with us until the end.

[01:27:47]If you have any questions, we are at your disposal.

[01:27:52]Ask them via email.

[01:27:54]You have my email, you somehow got here.

[01:27:59]And I cordially invite you to the IT Starter program. Remember that registration is until June 3rd.

[01:28:08]Well, we start on Wednesday, June 10th at 6:00 p.m.

[01:28:15]And for now, we'll hang up.

[01:28:19]We wish you a wonderful evening. Please think about it and we cordially invite you.

[01:28:26]Thanks a lot.

[01:28:27]Thanks. Speak soon.