Making Six Figures in Cyber Security Without Hacking Skills

Introduction

Speaker: Boyd Clewas, international cybersecurity expert
Thesis: You can make a six-figure salary in cybersecurity without coding or technical skills by becoming a cybersecurity auditor.

Importance: Essential for auditing systems and holding personnel accountable for security.
Personal Experience: Boyd built his career on the PCI DSS framework (Payment Card Industry Data Security Standard).
Scope: International standard for companies that store, process, or transmit credit card data.

Internal Security Assessor (ISA): Works within the company to prepare for security assessment.
Qualified Security Assessor (QSA): Third-party auditor who ensures company compliance.

Requirement 8.16: Limit repeated access attempts by locking out user after no more than six attempts.
- Firewall Setting: Should be set to a maximum of 6 failed attempts.
- Example: Setting on SonicWall NSA firewall was 10—this is non-compliant.
Requirement 8.17: Lockout duration must be a minimum of 30 minutes or until an admin enables the account.
- Firewall Setting: Should be set to at least 30 minutes.
- Example: Setting was 5 minutes—this is non-compliant.
Requirement 8.18: Sessions idle for more than 15 minutes must require re-authentication.
- Firewall Setting: Set to 30 minutes—non-compliant.

Importance: Knowing why each requirement exists makes you a better consultant and cybersecurity professional.
Example: Requirement 8.16 exists to prevent brute-force attacks by locking accounts after several failed attempts.

Job Market: Numerous six-figure job openings for roles requiring PCI DSS knowledge.
Training: Boyd Clewas’s cybersecurity training academy
- Website: boydclewis.com/grc
- Special Note: Exclusive academy with selective admissions

Call to Action: Engage with the content (like, comment, share) and explore cybersecurity career paths.
Impact: Helping people start their career and make a significant income in cybersecurity.