The Cloud Security Career Nobody Talks About That Pays $200K

Cloud security seems like the fastest most efficient path to you know 200k USD that one role in cyber security in demand right now that companies are looking for a young Caleb starts at 226 how do you direct him the way now is definitely a lot different it requires a lot more work degrees are great and even if you have a degree that today is probably not going to carry you all the way in All right, guys. We are going deep in cloud security today with an absolute expert in the field. His name is Caleb Oni and he is the host of the Sumub YouTube channel. Also has the cloud security academy where he teaches people how to get a start in cloud security. I always think cloud security is pretty much your fastest path to 200K, but I'd love to hear his take on that. So, Caleb, welcome to the show. Thanks so much for having me, Chris. It's amazing to be on this podcast. really looking forward to what we're gonna discuss today. Yeah, we we have a lot to talk about for sure. So, I think the first thing is it looked like your biggest video was zero to cloud security engineer and you talk about your path. Why don't you just kind of run through how you did that and uh then I'm going to ask you how someone should go about that in 2026. But let's hear how you did it first. Okay, super long story, but I'm going to try and make it as short as I can. So, first things first, it started at university and I was kind of figuring out what I want to do. I studied business computing at university and honestly when I look back at my university journey, they didn't give me much direction for when I finished. So, I needed to figure that out for myself. Luckily, I met a mentor who was a lead cloud engineer and he kind of studied. He specialized in AWS and GCP and was a lead at his company. So, he agreed to mentor me. We spoke a few times. We got on phone calls. I asked some questions about cloud and that gave me something to target, right? So from there I looked into some certifications. I did the AZ900 and that really sparked my interest in wanting to get into the cloud space. From there started applying tens of rejections, loads of different roles I applied for. Some of them got to later stages just got loads and loads of rejections until one company gave me the opportunity. Someone starting now, a young Caleb starts at 2026. How do you direct him? Absolutely. I think the way now is definitely a lot different. It requires a lot more work, Chris, to be honest with you. And firstly, I would say, you know, degrees are great, and even if you have a degree, that today is probably not going to carry you all the way in. You still need to add some things onto that. So, let's talk about certifications. Obviously, I've already bashed certifications a little bit in this episode, but they do have their place and it is important to get them. But at the same time, you need to be doing the practical, right? And that's one of the things we do with the cloud security uh academy is we dive into the practicals, you know, of of what we're actually learning on the certifications, right? So, for instance, you have the AZ900, you learn about a lot of different things on there, right? You learn about your virtual machines. You learn about Azure ID or formerly Azure ID now called Microsoft Entra ID. You learn about a bit of what else? Monitoring etc. You actually have to get onto the tenant and practice this stuff and document it and and that's really what it is. You know, there's a lot of talk about you need to do this, you need to do that. All you need to do is do exactly what you're learning, right? Follow along with the labs or create your own projects that can impress employers even more. So that is what I would advise myself to do. I would advise myself to get my hands dirty so to speak and play around with some of these tools and technologies that would then help me to impress an employer when I'm speaking to them. We have something called a badge collector right in the industry. And a badge collector is someone who goes after certification after certification. Again, I did say in this episode that certifications have their place and it is necessary to get one or two of them. But do not become a badge collector who just goes after the knowledge, gets the certifications and doesn't do the work. So I think that's the biggest mistake, man. People go after the knowledge and they don't have the technical skills. They don't build the technical skills. But I am saying that you need to get some things out of the way so you can start to learn other things. So you can start to go deeper into certain bits of technology. And I've met people who I've asked them, okay, when are you going to finish this? And they're kind of saying they're going to do it in 4 months when this is something that really takes 2 or 3 weeks. So this is about grit. This is about getting things out of the way. This is about the speed that you're learning. And you know, if you're able to learn a bit faster and commit a bit more time rather to what you're doing, you can get things out of the way and end up learning a lot more. So this is just about discipline, Chris. It's not really anything special. It's not anything new. It's about being able to lock in and do the work, get it out of the way, learn more, and be in a position in two, three months where you understand the tools in technology that you need to break into the industry. You know, I mentioned to start the show, cloud security seems like the fastest, most efficient path to, you know, 200k USD. Um, I don't know what that translates to you guys, but um, would you agree with that? So, Chris, I have to be honest with you. I'm from London, the UK, Europe, and the way our salaries work are very different from the US. Now, to go deeper with this, the average salary in the UK is around $33,000, which if you translate it is probably $50 to $60,000. People in America will probably be like, that is tiny. That is nothing, right? And this is this is for full-time salaries, but in the UK, that is a decent salary. I work in the UK, right? and and I at 23 I was working as a cloud security engineer at one of the largest banks in the UK. I'm very transparent about you know what I earn and that sort of thing. I've spoken about it at length on my on my YouTube channel etc. So total comp I earn about £65,000 which translates to around dollars something like that and you know for a 23 year old that is an amazing salary if you ask anyone in the UK. Now when you come over to the US and you look at the same role doing the same thing and what they pay on average a cloud security engineer is earning at least 140. That is like the average of what you'd be earning in the US just based off research. So so I hope that that makes sense. And of course when you get to senior roles you're earning 200 plus quite quite quickly and and even beyond. So that's that's sort of my view on earnings and of course Europe versus the US the kind of differences in our salaries. You know you obviously you went the Azure route the Microsoft stack. Why did you make that choice? And when you're coaching people how do you help them decide on AWS, Azure, GCP? I did find it interesting on your channel when you discuss these everyone just assumes AWS is like way ahead. You showed the graph they were ahead. they were about 30% of the market. Microsoft Azure was 21%. So yeah, it's more but it's not drastically more. So why did you make that choice and how do you help people make that choice for themselves? Yeah, I love this question and it's there's there's a lot to get into with this one. So firstly, let me talk about my journey and then I'll talk a little bit about what I've heard in the market. Right? So so with my journey, my mentor was a lead cloud engineer as I mentioned before. He was specializing in AWS and GCP. And for some reason I wanted to go the Microsoft Azure route. And the reason that I went down that route was literally because I had experience with Microsoft tools. Microsoft was the company I liked. You know, I looked into Bill Gates and everything. I just had more familiarity with Microsoft, with Microsoft Office, with Word, Excel, etc. And I was like, why wouldn't I go for Microsoft stuff, right? And it's funny I say that because that is the same thing for so many companies. The reason that Microsoft Azure was able to be anywhere near AWS who are the pioneers who have been doing this the longest is the fact that they have the technology that they can integrate with. They already have Windows on so many companies laptops and devices. They already have Office. They're dominating in one area. And so when it came to building their cloud technology, they were able to integrate and sell so quickly to be at a level where they're now competing heavily with AWS. That being said, let's talk a little bit more about the market. So as I said, I'm based in Europe and in Europe as you're in terms of roles, we see more roles with Azure than we see with AWS or GCP. We see a lot more and this is something that we discuss. You know, I'm not just saying this based on my view. I'm saying this based on the view of many engineers you know currently we have a discord with thousands of uh thousands of professionals and they are speaking about no I'm seeing more as your roles in AWS by far I also spoke to the host of the cloud security podcast Ashish and you know what he told me he was like you know what Caleb like asked him for my audience you know what should engineers be looking at what should they be going with right now and he said forget about AWS GCP as an engineer just focus on Azure And he's speaking about the demand right now. And you know me saying that is not me saying that Azure is more used or more valued than AWS. I'm speaking about roles and engineers and the availability of those roles. There's more and Azure. There may be more roles that pay more with AWS, but it is so much easier to get into an Azure role because of the different positions. like you you can talk about infrastructure roles, you can talk about MDM, you could talk about cloud security, you can talk about so much more than you can with AWS just because of the way it's set up, but uh what about the searchs? You've taken 10. Give us the real sauce that this will be clipped out, I'm sure. What moves the needle? What was a waste of time? What do managers care about? Okay, so I've taken 10 cyber security certifications, some of them cloud certifications, 10 in total. You know what? Like you said, what's the real ROI? What's the return on investment on the 10 that I've taken? Let me list some of the ones that I've taken out to you, Chris. Okay. CompTIA A+ AZ 900, AZ 104, SC900, ISC square CC, GRC Mastery, AI 900, C200, which I failed, still due to take it again. SEC Plus, Net Plus. Okay. So, return on investment like if someone came to me and was trying to break into cyber security and they were like which ones do I start with? I would say first, you know, I I wouldn't say start with the contier A+ as I would have said in 2020 as I started with, right? Instead, I would say go after, you know, I would say go and do some networking courses. Go [snorts] and maybe even do the courses for the Contia A+, but you don't need to take it. It costs three maybe $400 now, something like that. there's no need to spend that money for aert that doesn't really give you the street credit that you want. Okay? So, after you understand that stuff from taking the courses, not doing the search, spending 20, $30 on a couple of courses if you need to or getting it for free online, then I would tell you to go and do the security plus. There's so much debate on the security plus online, but why do we say you should do it? Because everyone knows it. Because if you're going to a hiring manager or a recruiter and you're saying you have the Security Plus, they know what it took to get the certification, they understand what you know. And for some reason, when you search Security Plus on LinkedIn, it is still on so many job descriptions. There are few other cyber security certifications that are showing on job descriptions these days, but the Security Plus remains. So [snorts] that's what I would say to a beginner trying to get in. to someone who's, you know, more mid-level, I'd say you have a bit more freedom. What do you want to learn? Like, what do you want to understand a bit more? You know, maybe you can even get your company to pay for it. You know, it's it's a lot less of a big deal for in terms of, you know, searchs that you go for. Do you want to understand GRC more? You know, look into GLC Mastery. Do you want to understand Azure administration? Go and look at the AZ 104. If you're already in a role, you know, it's it's it's a you have a bit more freedom with what you do. But for beginners in cyber security, I would say SE plus and then go from there and then go deeper and then go onto cyber defenders or you know try hackme and dive into the specific area you want to dive into whether it's maybe pen testing or even what sock or incident response etc. You can dive deeper on some of those platforms. But that's what I would say for a beginner. What kind of easy things are people not doing when they're just kind of working a job that they could say, "Hey, why don't we change your mindset? Start running this like your own business?" Because it really is. What What do you tell people? Your career is a business. It's it was such an interesting topic and I I'm so glad I got the opportunity to give a TEDex on this. Now the main things that I sort of covered in the TEDex is and this is targeted to people entering and trying to get into their careers not just tech in any areas and also you know professionals who are you know working and they don't they kind of just see their jobs as a job or their careers as a job right but there's so much more to it you're building something right your career is not just a job it is a business right because there are so many business principle that are involved, you know, in a business that you are applying in your job, but you don't really realize it yet. Let's talk about some of them, right, Chris? Number one, sales. You're constantly selling yourself in your career. Of course, we know business sales, right? People get on the phone and, you know, they deny them, turn them down, cold calling, you know, making sure high ticket, etc. But we're doing the same thing in our careers. For instance, when I apply for a job, I have to sell myself to the recruiter. I have to sell myself to the hiring manager and if I'm not able to sell myself, you know, on my CV and then in an interview, then I'm not going to get that role. I'm not going to I'm not going to move forward. So sales is a huge part of the role. Marketing, we have to market ourselves. Think about your LinkedIn and your CV as a marketing platform. Now, now think about a brand, think about Nike, think about McDonald's, etc. You know, if we saw the same shoe with the same features, but it doesn't have the Nike tick on it, I probably wouldn't buy it. But I would if it does. Why is that? Because I've created a brand for myself. Because I've created cuz Nike have created something that makes it seem better than it actually is. And and the key the key message that I was trying to give with the TEDex talk and especially with the marketing part of things is that average work in public is so much greater than excellent work in private. And so that means that you have to share what you're doing and it might not be anything crazy. You might just be doing a course. You might have just, you know, completed something on Udemy, but speak about it, talk about it. And you'll be so surprised the amount of opportunities that could come from that. Today, like I'm on this podcast and I'm the host on a 400,000 subscriber YouTube channel. How did that happen? It was literally from me being able to express, you know, what I'm doing in the tech space. If not, that opportunity would have never come and so many more opportunities would have never come. In the TEDex talk, I spoke about getting a job offer without even interviewing for the role. You know, a company offered me a job based off of my YouTube channel with a salary that was pretty good. It wasn't the same as my salary, but I was like, "Yo, if I wasn't working this job and I saw this come in, I would take it in a heartbeat." But I only got those opportunities because I was sharing, you know, what I was doing online, you know, I was building up my LinkedIn. I was sharing what every every little thing I was doing, I'd create a little post about it. And I'm not the only one. Now we think about now we talk about some people who are on LinkedIn kind of struggling but there are others on that same platform who are getting three four DMs a day from recruiters asking them about their role and those two people might have exactly the same skills exactly the same you know skill sets but one of them is treating their career like a business and the other is just you know they're not marketing themselves at all and so that is the premise that's what I was trying to communicate when I gave gave that TEDex talk and that's what I find so important and what a lot of people don't yet realize and people are starting to realize and so if you realize late you're kind of missing missing out on that on being able to market yourself you're going to look back and be like I wish I did this five 6 years ago you know where I could be right now you know if I really shared what I was doing in the industry outside of just doing my job and so I hope that makes sense Chris and and that kind of summarizes everything I I was trying to say with the TEDex. So, how do you stay informed in the tech world on the newest technologies, the newest AIs? What do you personally do from like an expert in the field? Wow. I mean, that's that's a really good question. I think I I'm someone who speaks to a lot of experts on my podcast and like I've I've interviewed over 50 people in tech, you know, and that ranges from professionals, CISOs, recruiters like yourself, Chris, to, you know, people who've just broken into tech, mid-level, all sorts of roles. And I'm lucky enough to be able to do that and be able to understand, you know, what's emerging, what's new, etc., just through speaking to those professionals. And to someone who wants to kind of follow suit, I would just say watch podcasts like watch this podcast, watch tech job podcast, watch tech certified podcast, etc. And that and that and and that will help you keep your knowledge fresh, know what's going on in the market, etc. And and that's how I'd answer that question. Yeah. No, I'm the same way. I mean, just interviewing people and then doing the the deep dives and different skill sets, I end up learning so much more just by putting out that content. [music] Yeah. I mean, I think that's that's really the best way to do it cuz that's the most current knowledge and and you know, obviously the two of us are talking to people that are current in the field. So, um I think that's great. But Caleb, this is awesome, man. A deep dive in cloud security and my first Azure guest as well. Thanks so much, Chris. This has been amazing. Yeah, awesome. Well, and we'll have all Caleb's links to his TEDex talk, to the cloud security academy, his LinkedIn, all his YouTubes. It's going to be a lot of links for him for this guy, but uh they're all worth it, let me tell you. So, thanks again, man. Thanks so much, Chris. Great.