Welcome to week two of National Cybersecurity Awareness Month! This week, we will take a look at the educational opportunities available to jumpstart a career in cybersecurity, from the grade-school level to higher education and beyond, as well as provide a few tips on how to motivate and educate students of all ages to pursue a career in cybersecurity.
Ask anyone in the cybersecurity industry how they got into this business, and few combinations of career backgrounds and areas of study will likely be the same. In the past, cybersecurity degrees didn’t even exist, and the way to get into the field was to teach yourself, learn from peers, or gain hands-on experience over time.
While these approaches are still recommended as you grow in your career, things are changing. We have now started to see formal cybersecurity educational programs being developed that span early education, college degrees, and certifications for current practitioners.
Thinking about a career in cybersecurity? Consider these opportunities:
While kids today have grown up with technology right at their fingertips, it’s unlikely they’re thinking about parlaying their skills into a future career in cybersecurity. Schools may be educating students about online safety, but as an industry, we must provide the resources to help teachers educate students on the field itself and encourage them to get involved. After all, these children are our future leaders.
The Department of Homeland Security (DHS) has developed a guide to help teachers engage students in the study of cybersecurity. Key takeaways include the following:
- Learning about the industry themselves
- Discussing types of scholarships available
- Helping students understand the different career paths in cybersecurity
- Helping students get involved in competitions
The DHS has also developed a no-cost curriculum for schools that provides opportunities for students to become aware of cyber-related issues, engage in education, and enter cybersecurity career fields.
There is also a growing number of nationwide competitions, programs, and summer camps related to the field, including Cyber Discovery, GenCyber, Cyber Patriot, and Girl Scouts, which introduced a Cyber Badge program in 2017 to teach young girls about the basics of computer networks. Competitions provide many benefits to young students, as they typically require them to use professional-level tools and simulate real-world attacks or security problems.
Cybersecurity in higher education
Over the past few years, colleges around the country have added undergraduate and graduate degrees in the cybersecurity and information assurance fields. This includes both part-time and full-time programs, as well as on-campus and online degrees.
The National Service Foundation has partnered with some of these schools to develop a program that provides funding to institutions so they may award scholarships to students for cybersecurity-related degree programs. Many of the schools funded by the CyberCorps®: Scholarship for Service (SFS) have programs designed by the DHS and the NSA, offer lab environments in which students can practice defending against real-world attacks, or require internships as part of their program.
Whether students choose a cyber-specific degree or another field such as criminal justice, data analytics, mathematics, or engineering, there are plenty of cybersecurity jobs available after they graduate. Most of us have heard of the ever-increasing cybersecurity workforce gap, which has been predicted to reach 1.8 million by 2022, according to a recent study by (ISC)². Most STEM fields can lend themselves well to a cybersecurity career because they require students to develop the necessary critical thinking and communication skills.
While in school, students should look to build their network by attending local security events such as those put on by the Information Systems Security Association (ISSA) International and ISC² or becoming familiar with their local Defcon group. While preparing for graduation, students may look to NIST’s CyberSeek tool (a part of the NICE framework) to help select a career path and find job opportunities in their preferred role and location.
Professional development and ongoing education
With the current workforce gap, organizations these days tend to be severely understaffed. This provides ample opportunity for those already in the field to try new things and continue to build upon their skill set. Information security analysts at smaller or less mature organizations typically wear multiple hats and work across different focus areas, including security operations, incident response, penetration testing, and governance, risk management, and compliance. This means that the learning never stops and there is always a new challenge to face.
If you are looking to formally educate yourself as a practitioner by trying out different roles, consider reading articles, attending webinars, or playing around with a home lab environment. There are also plenty of formal education programs (such as the SANS Institute), professional development training programs, and professional associations that host events and trainings, such as ISSA and ISC². Professionals can also complete certificaitons such as CISSP, GSEC, OSCP, CEH, and CCSP, to name a few.
If certifications aren’t your thing, conferences are a great way to connect with others in the industry, learn about new tools, and see some really awesome talks. Who knows, you may even want to give a talk yourself someday! Some Rapid7 favorites include DEF CON, Black Hat, DerbyCon and BSides, which has conferences that take place all over the country.
Joining a member Information Sharing and Analysis Center (ISAC) is another way to continue to educate yourself and become involved in information-sharing groups for your organization’s industry vertical. ISACs help owners and operators of critical infrastructure protect their facilities, personnel, and customers from both physical security threats and cyber-threats by collecting, analyzing, and disseminating actionable threat information to their members and providing tools to mitigate risks and enhance resiliency. A number of industries are represented in ISAC groups, including financial services, healthcare, oil and gas, and industrial control systems. Many offer trainings, webinars, and conferences throughout the year.
Cybersecurity career transitions
As the cybersecurity field continues to grow, there will be tons of opportunities for professionals to get involved, whether they’re acting as a liaison between security and the business, becoming a security advocate, or even building their skills to transition into a security operations and hands-on role. System administrators, network engineers, and software developers have a lot of the foundational skill sets recommended to be successful in this field, and with the right organization-provided training, other IT professionals or even nontechnical employees can transition into it.
The nonlinear path into the cybersecurity industry provides ample opportunities for those interested in a career in this field to get involved, whether they’re sitting in an elementary school classroom, college lecture hall, or at a desk.
Looking for more in National Cybersecurity Awareness Week blog series? Check out last week’s blog post, “National Cybersecurity Awareness Month: Manage Your Risk at Home with Simple Tweaks to Your Voice-Controlled Devices,” and stay tuned for our upcoming blogs, which will discuss password management best practices and securing the nation’s most critical infrastructure.