Training the Next Cybersecurity Professionals
Over the past 18 months, the world has transformed, and many professionals relocated to working in a remote setting. Unfortunately, the speed at which this transition took place, coupled with the necessity of working remotely, was a potent combination that escalated cybersecurity risk for almost all businesses. As a result, we have seen more news reports about new and existing vulnerabilities exploited in the wild.
This increase in cybersecurity risk coupled with an unprecedented need for skilled individuals has fueled a growing job gap in the cybersecurity industry. In a 2020 survey by ISC2, approximately 879,000 cybersecurity professionals worked in the U.S. in 2020 and roughly 359,000 additional unfilled cybersecurity positions. Moreover, the gap magnifies when looking from a global perspective with about 3.12 million unfilled jobs.
All this data translates to a need to train professionals in cybersecurity. While many are currently learning in colleges or universities, another area of focus is perhaps a more significant opportunity—retraining those who are willing to make a career change to cybersecurity. Current professionals in technology-related fields can train faster because they have the foundational knowledge required to understand cybersecurity basics. While some come from a technical background, there is also a need for managers and risk assessors.
As a lead technical instructor with cyberTAP, I focus on training people to work in the cybersecurity field. Over the years, we have prepared various people in our programs from wildly different backgrounds, and I would like to provide some insights into cybersecurity training.
First, this type of training differs from the traditional classroom as many people come in with the required foundational knowledge. This foundation allows us to teach at an accelerated pace. Learning new concepts quickly and implementing that into practical scenarios is a crucial trait of many successful cybersecurity professionals. At cyberTAP, our programs utilize both traditional lectures and hands-on training to ensure learners have the base cybersecurity knowledge to get each person into the role as a cybersecurity professional and prepare them for their career.
Second, a significant benefit to cybersecurity learning is applying knowledge hands-on to a real-world simulation immediately with cyber range training. Cyber range training simulates an actual attack and puts learners into very similar situations to the real world. Many new cybersecurity professionals have only read about an issue and have never seen it with their eyes. It helps a person understand how they will react when they power on a machine to see that it has been attacked by ransomware. Providing this training in a safe environment that allows for mistakes to be made in that environment instead of in a real scenario is extremely valuable. Many of our graduates comment after leaving that they felt experiencing an attack was invaluable to their growth.
Finally, cybersecurity professionals can take a couple of major career paths, defensive (sometimes referred to as blue team) or offensive (red team). I have found it quite helpful to train people on how to attack machines, locate vulnerabilities, and determine if it is possible to exploit that vulnerability. This trains a good red team member and helps blue team members understand how attackers think and appropriately plan for this as part of their defense. There are many models for explaining how to think like an attacker. However, one that we discuss is the cyber kill chain produced by Lockheed Martin.
Are you planning on getting into the cybersecurity profession? If so, here are a few things to understand about your new career. First, cybersecurity is constantly evolving, with new threats emerging and new vulnerabilities disclosed every day. This keeps your job exciting and challenging. Having a desire to understand what is going on and always learning is a crucial trait for cybersecurity professionals. Second, we use many acronyms, and when first learning these acronyms, it can be frustrating and confusing. Stick with it, and with time you will understand all the acronyms. Third, every second counts in an incident. Whether it be stopping a hacker infiltrating a network or replacing the data from a backup that gets a worker back to doing their job, time in cybersecurity is money, and your time is valuable.
With all that in mind, if you are looking to make a change and would like cybersecurity training, please contact us at cyberTAP. We offer a wide variety of cybersecurity training options that can fit all levels of professionals and teams.