The reality is self-evident: exponential advances in technology, the escalating complexity of systems, society’s increasing reliance on digital devices to manage daily tasks, and the global rise of significant threats posed by malicious actors ensures cybersecurity is here to stay.
Government entities are struggling in their efforts to recruit and retain qualified personnel to staff critical cybersecurity positions. Organizations in the private sector are recruiting talented candidates from local, state, and federal agencies at such a quick pace it is leading to significant shortages in areas directly impacting our infrastructure and national security.
Corporations in the private sector are inundated with new regulatory and compliance requirements for data residing in diverse geographic locations they never knew existed. They are frantically drafting policies, reallocating scarce resources, and staffing for previously “unneeded” capabilities in the midst of a 24/7 media cycle reminding them daily that they may be the next potential target of a massive data breach the cable stations consider to be newsworthy.
Academic institutions, once immune from the pressures of the need for immediacy and a high operational tempo, are no longer enjoying that luxury. Administrators are working tirelessly to develop relevant curricula, hire qualified instructors, and provide high-quality programs of learning for a new wave of students seeking to pursue careers in the discipline of cybersecurity.
Did you spot the missing (and often forgotten) variable in the equation? The STUDENT.
Whether discussing traditional students in colleges and universities, or non-traditional students changing careers, their questions and concerns tend to remain constant. What is cybersecurity? How can I enter this emerging field? Where should I start? Most importantly, who can I ask and where can I find the people with the answers?
As a cybersecurity professional with one foot in the private sector and the other foot in academia I will offer a few tips that may serve to assist and support your efforts. These tips are not relegated solely to students; educators and administrators new to this discipline who find themselves responsible for creating cybersecurity programs can benefit from these seven tips as well.
#1) Research the NICE Cybersecurity Workforce Framework.
The NICE CWF consists of 7 Categories, 33 Specialty Areas, 52 Work Roles, and over 2,000 KSA’s (Knowledge, Skills, and Abilities) and Tasks clearly defining expectations for current and future cybersecurity needs. It was developed by government, academia, and the private sector to create a common lexicon and understanding for all three verticals to facilitate mutual cooperation and establish programs in support of training and workforce development needs.
#2) Cybersecurity requires more than technical skills.
Innovation happens at the cross-section of disciplines, and technology is only one of those disciplines. Cybersecurity demands the synthesis of many skills including critical thinking, analysis, reporting, compliance, leadership, and many others. Cybersecurity touches every profession at every level. To consider it solely through a technology lens is both self-limiting and self-defeating.
#3) Industry certifications will assist you in finding a job.
Cybersecurity certifications are valuable insofar as they provide prospective employers with known metrics and expectations of the body of knowledge possessed by the recipient of the certification. It is not a perfect system – neither certifications nor recipients are all created equal – but it does assist in establishing standards and baselines for practical cybersecurity skills. That has the potential to open doors which would otherwise remain closed to candidates.
#4) Formal education will allow you to build a career.
While the training afforded by industry certifications tends to be practical and intense, programs offered by academic institutions tend to provide a much broader and in-depth understanding of the foundational concepts and comprehensive knowledge required to be successful in the cybersecurity field. In an age in which people are learning more and more about less and less, a broader base of knowledge has the potential to lead to a wider range of opportunities and successful outcomes.
#5) Cybersecurity is not just theory: those who CAN do, teach.
It has been said that “those who cannot do, teach.” Although that may possess some element of truth in certain disciplines it does not apply to cybersecurity. In the military we employed a three-part teaching methodology: explanation, demonstration, and practical application. In addition to providing soldiers with requisite training it also built confidence and trust in the instructors’ competency levels. If you find yourself with an instructor stating, “I have never personally done cyber, but I did sleep at a Holiday Inn Express last night,” you may want to consider enrolling in a different class.
#6) Build a broad foundation of knowledge before specializing.
Most people I encounter seeking to enter the cybersecurity field are doing so as a result of a specific interest such as forensics, ethical hacking, vulnerability assessment, and any number of other options. I love their passion and focus but still encourage them to experience (and understand) a wider variety of disciplines before choosing to specialize in one area. This can lead to the discovery of new passions and provide higher degrees of competitive advantage when initially entering the field.
#7) Start small, seek incremental wins, and accept a few losses.
One of the greatest risks associated with unbridled enthusiasm is starting too fast with too much. Begin with the basics and realize that any accomplishment – even ones that fall short of grand dreams and goals – are still incremental wins trending in the right direction. The fact that your first position is processing tickets on a technical help desk, and not the CISO position for which you applied, should not leave you discouraged and questioning your decision to enter the cybersecurity field.
If you are a student, an instructor, or a curriculum developer thinking about entering the realm of cybersecurity – and if you possess the desire, enthusiasm, and determination to start at “ground zero” and learn continuously – your future looks bright and is virtually without limits.