May 4, 2021

I am John Strand and I am teaching a Pay What You Can class… Ask Me Anything!

Hello all,

We are running the next iteration in my Pay What You Can (PWYC) series.  The next class is Getting Started in Security with BHIS and MITRE ATT&CK.  

Long name but let me explain.

We took the top 11 things that would shut out a tester and built 11 modules as the core of this training. We then mapped the class to MITRE because everything now needs to map to MITRE.

So, this is a nice logical step from SOC Core skills, and it stands nicely on its own.

Below is a link with a full write-up and the registration link:


Once again, this class is PWYC.  This means literally that. You can pay what you can.  If you can pay full price, great!  If you can pay half, great!  Can’t pay anything, awesome!

Just come.

But for now, ask me anything.



Here is confirmation and I am in fact, the not male model John Strand:




Is it fair to say that if one is at an SMB with a solo infosec practice and barely any budget to speak of that one should largely disregard MITRE ATT&CK and focus on the 20 critical controls and such? Asking for a friend.


Since someone HAS to ask this, let it be me:

What is the velocity of an unladen swallow?


Now a days with so many masters programs boot camps and the like is it still even reasonable to get an entry level security job with a security+ and a few years of sys admin experience?


Question: when you say “So, this is a nice logical step from SOC Core skills, and it stands nicely on its own.” do you mean that SOC core is a precursor to this one? I’m like half done with SOC Core, and looking for something more in depth with respect to CTI. Also THANK YOU FOR ALL THAT YOU DO IN THIS COMMUNITY!!


If you had to build a vulnerability management program from scratch, where would you start? (Asking for a friend ;) )


Hello John!

Where do you see yourself in 5 years?

What programming language would you recommend for a beginner in the cybersecurity field?

Why did you decide to do PWYC?

Extra question, what is your favorite movie and why?

Thanks for doing this.


How do you feel about Threat Intel?


Some people say theres no such thing as an “entry level cybersecurity job”, they say you must have a few years of help desk or sysadmin role first. Do you believe this to be true?

can someone with no prior tech experience land a job in cybersecurity at the entry level (with the right resume such as having certs)?


In 2021 which is the biggest mistake that we’re doing in securing our infrastructure?

Which security control yields the worst expense to value ratio in your opinion?


In your opinion, what is the most in demanding cybersecurity job? SOC? Exploit developer? Etc.

Also coming from the discord. Appreciate you John:D


Will this be on the test?


What’s your favorite way to digest security news? It can seem as if subscribing to newsletters is a good method, but it can get lost in the noise of everything else after a while (especially subscribing to multiple), and keeping up on Twitter has its own bag of downsides. What do you find works best for you & why? Thanks!

(PS – love listening to the BHIS Talkin’ About news webcasts!)


I was super excited to see the PWYC class come across my email. Unfortunately, my current position has absolutely nothing to do with Cyber Security, so I don’t have a leg to stand on when requesting time to be able to attend. Any plans to possibly run this across 4 weekends in the future? I’m sure I’m not the only who can’t attend due to their current position and work schedule.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.