You know that the right cyber security training is crucial in the next step of your career path, whether it’s getting a raise or moving up to the next position. There are, however, many types of training options—which one will open up the most doors to the most in demand cyber security jobs?
Over the past five years, cyber security has emerged as one of the fastest-growing parts of the overall tech job market, with numerous opportunities for career advancement. One reason for this continued growth is that cybercriminals and nation-state hackers keep getting better at their jobs, creating more threats that security teams need to anticipate and protect against.
The February federal indictment of four members of China’s People’s Liberation Army charged with hacking Equifax in 2017, causing one of the largest data breaches in history, is one of many reasons why enterprises large and small are investing more and more in cyber security.
The trouble for many businesses is that there are not enough cyber security professionals to keep up with this increasing demand. A 2019 study by the Center for Strategic and International Studies found that 82 percent of employers reported a shortage of cyber security skills. Another seven out of 10 respondents believed this talent gap causes “direct and measurable” damage to their firms.
The same survey also found that, by 2022, the global cyber security workforce will have over 1.8 million unfulfilled positions.
With a multitude of opportunities, technologists with the right training can find their way to a better cyber security salary (many of the best cyber security employees in North America can earn upwards of $100,000 annual salary, according to one survey) or fast-track to the next promotion. For those eager to break into cyber security or switch career paths, there’s also numerous possibilities.
Before we go further, it’s worth taking a moment to examine the ideal skills for cyber security as a career. According to Burning Glass, which collects and analyzes millions of job postings from across the country, the baseline and distinguishing cyber security skills include:
Once you’ve decided that training is the right way to go to advance your career, what are the steps that you need to take?
What Is Cyber Security Training? Think ‘Hands On’
For a number of years, cyber security training was mainly based on book learning and theory, with more practical experience coming later on when college graduates stepped into the security workforce.
That approach, however, is not able to keep up with the current demand for cyber security professionals. Instead, cyber security training needs to evolve to meet that demand, according to the Center for Strategic and International Studies report.
“Theory alone does not prepare graduates for the tasks they will face once they step onto the job. Practical training and hands-on experience [are] necessary to equip students with the tangible skills employers expect,” the report notes.
Another survey from the Information Systems Audit and Control Association (ISACA) echoes those sentiments, and encourages students, beginners and even seasoned professionals to seek out more practical cyber security training. “If people do not supplement their training and education with on-the-job experience, an apprenticeship or an internship, they will not be prepared to face the challenges that enterprises are encountering.”
From his experience, Chris Morales, head of security analytics at Vectra, agrees that hands-on learning is the best cyber security training.
“For example, taking a student or IT analyst and giving them a process to be a Tier-1 analyst in a security operations center,” Morales told Dice. “These will be the fastest learners when paired with good process and some oversight from an experienced Tier-2 or Tier-3 security team. I think learning as you go, and then taking classes to fill in certain gaps, or to learn new techniques, is the right combination.”
What Is Cyber Security Training Used For?
At its most fundamental, cyber security training—especially for those who are new to the field—can illustrate the basics of cyber security since jobs can vary from network penetration testing to old-fashioned patch management, said Thomas Hatch, CTO and co-founder of SaltStack, an intelligent IT automation software firm based in Utah.
“The first thing I would recommend would be to get a lay of the land, determine what areas of cyber security exist, then dive into specific areas,” Hatch told Dice.
“For instance, there is network penetration and vulnerability, there is exploit management and classic black hat tooling. Understanding secure software engineering is an excellent option for attack deterrence systems such as honeypots. There are many more areas to consider,” he said. “Then take a look at the resources that are available for each of these areas.”
Good cyber security training allows seasoned pros, as well as those with less experience, to dive deeper into the implications of the security threat, Hatch suggested. By understanding how systems are patched for vulnerabilities and what the implications are, security-centric technologists can better understand the implications for the whole corporate network, he added.
Cyber Security Training: Where to Start
As with cyber security certifications, there are numerous cyber security training courses and programs, each offering different views and advice for boosting and improving your security career.
And while there is no set standard, many security practitioners and researchers point to the SANS Institute, a private training and certifications provider, and its catalogue of cyber security training courses as not only a starting point, but also a way to advance a career.
“SANS Training has a variety of subjects across information security and courses can be completed online,” said Andre Barrutia, director of talent acquisition at Coalfire, a cyber security advisory services firm in Colorado. “It is definitely worth the cost and time involved and is certainly in high demand.”
The SANS courses can range from the basics, such as the “Introduction to Cyber Security” course, to the much more advanced “Cloud Security Architecture and Operations” training.
Due to the recent spread of COVID-19, however, SANS and other cyber security training organizations are pushing most of the offerings online.
While these and other cyber security training courses offered by SANS are priced based on the level of complexity and subject matter, other organizations offer free cyber security training and learning courses to get professionals and beginners started.
Cybrary, for example, is a free, open source library of cyber security training and learning material that is accessible through the internet. The organization also offers cyber security training and testing based on skill level: beginner, intermediate and advanced.
For U.S. veterans, as well as other government employees, the Department of Homeland Security offers the free Federal Virtual Training Environment (FederalVTE), which helps connect those interested in security with numerous cyber security training and certification courses that run the gamut from basic coding to reverse engineering.
What Are Some of the Best Cyber Security Training Courses?
In addition to the SANS Institute, Cybrary and Homeland Security’s FederalVTE, several other organizations offer various cyber security training programs.
In September 2019, security firm Tripwire published a list of some of the more well-known and respected cyber security training courses, which includes offerings from organizations including (ISC)², Global Information Assurance Certification, Infosec Institute and the MIS Training Institute.
Another place to look for quality cyber security training is universities. The University of Washington, for example, offers its “Building a Cybersecurity Toolkit” course, which includes the basics of cyber security as well as best practices. This cyber security training course is free and students can gain a certificate for $199.
A bit further up the cyber security training scale is the Stanford Advanced Computer Security Certificate Program, which includes six online courses that will take between 50 and 55 hours to complete. This course, which is geared toward those with a degree but looking to move up the management track, costs more than $3,000, but promises access to executives from Google, LinkedIn, Symantec, VeriSign and LifeLock.
Get ahead by knowing what cyber security interview questions you might come across in your next opportunity!