You know that the right cybersecurity training is crucial in the next step of your career path, whether it’s getting a raise or moving up to the next position. There are, however, many types of training options—which one will open up the most doors to the most in demand cybersecurity jobs?
Over the past five years, cybersecurity has emerged as one of the fastest-growing parts of the overall tech job market, with numerous opportunities for career advancement. One reason for this continued growth is that cybercriminals and nation-state hackers keep getting better at their jobs, creating more threats that security teams need to anticipate and protect against.
What Is Cybersecurity?
In simplest terms, cybersecurity is the defense of computers and networks against cyberattacks and unauthorized intrusions (both internal and external). Cyber-attackers have a number of ways to penetrate or shut down a system and cause chaos, including ransomware, Denial of Service attacks (DoS), direct and multi-vector attacks, phishing, side-channel attacks, social engineering, and much more.
Moreover, these threats are constantly evolving, with dire consequences: a bad cyberattack can wipe out a company’s databases, compromise important information (such as customer lists and confidential data), and cost millions—maybe even billions—of dollars. On a nation-state level, cyberattacks have the potential to take utilities offline and destabilize vital infrastructure.
As cyber-attacks increase in number and sophistication, the need for trained cybersecurity professionals only rises. The trouble for many businesses is that there are not enough cybersecurity professionals to keep up with this increasing demand. A 2019 study by the Center for Strategic and International Studies found that 82 percent of employers reported a shortage of cybersecurity skills. Another seven out of 10 respondents believed this talent gap causes “direct and measurable” damage to their firms.
The same survey also found that, by 2022, the global cybersecurity workforce will have over 1.8 million unfulfilled positions. By the end of last year, however, the talent shortage wasn’t alleviated—either in the public or private sector. In September 2022, the Federal Cyber Workforce Management and Coordinating Working Group published a report stating that, of the 700,000 open cyber positions in the U.S., 40,000 of these jobs are in the public sector.
With a multitude of opportunities, tech professionals with the right training can find their way to a better cybersecurity salary (many of the best cybersecurity employees in North America can earn upwards of $100,000 annual salary, according to one survey) or fast-track to the next promotion. For those eager to break into cybersecurity or switch career paths, there’s also numerous possibilities.
Before we go further, it's worth taking a moment to examine the ideal skills for cybersecurity as a career. According to Lightcast (formerly Burning Glass), which collects and analyzes millions of job postings from across the country, the baseline and distinguishing cybersecurity skills include:
Once you’ve decided that training is the right way to go to advance your career, what are the steps that you need to take?
What Kinds of Jobs are There in Cybersecurity?
Depending on your skills, aptitude and desired specialization, there are a number of cybersecurity positions available, including:
Chief Information Security Officer: Chief Information Security Officers often sit at the very top of an organization’s cybersecurity hierarchy, and they’re in charge of ensuring cybersecurity teams are keeping the tech stack secure. In addition to technical skills, these tech professionals often need quite a number of “soft skills” such as empathy, communication, and team management to ensure everything runs smoothly.
Cybersecurity Analyst: Cybersecurity analysts have a granular understanding of the threats facing a network, as well as the necessary solutions for thwarting those threats.
Cybersecurity Architect: As the name implies, cybersecurity architects design systems to ensure maximum security. Their tasks can include everything from deciding on options for access management to ensuring that all applications used in the tech stack meet the organization’s cybersecurity requirements.
Information Security Analyst: Like cybersecurity analysts, information security analysts protect against data theft and cyberattacks. They can recommend that the organization follow certain procedures and adopt certain tools to ensure maximum network security.
Forensic Computer Analyst: These analysts study cybersecurity incidents to uncover vulnerabilities and ensure attacks never happen again. Tech professionals in these roles may end up assisting law enforcement or government entities.
Sysadmin: While technically not a cybersecurity position, sysadmins must know how to secure their systems against internal and external cybersecurity threats and data theft. As with cybersecurity jobs, the sysadmin role requires a solid grasp on analytics and
Security Engineer: Security and cybersecurity engineers are tasked with coming up with ways to prevent cyberattacks and intrusions. In an average week, they might do everything from pen testing (evaluating vulnerabilities in the tech stack) to installing and testing security patches on vital software.
What Is Cybersecurity Training? Think ‘Hands On’
For a number of years, cybersecurity training was mainly based on book learning and theory, with more practical experience coming later on when college graduates stepped into the security workforce.
That approach, however, is not able to keep up with the current demand for cybersecurity professionals. Instead, cybersecurity training needs to evolve to meet that demand, according to the Center for Strategic and International Studies report.
“Theory alone does not prepare graduates for the tasks they will face once they step onto the job. Practical training and hands-on experience [are] necessary to equip students with the tangible skills employers expect,” the report notes.
Another survey from the Information Systems Audit and Control Association (ISACA) echoes those sentiments, and encourages students, beginners and even seasoned professionals to seek out more practical cybersecurity training. “If people do not supplement their training and education with on-the-job experience, an apprenticeship or an internship, they will not be prepared to face the challenges that enterprises are encountering.”
From his experience, Chris Morales, head of security analytics at Vectra, agrees that hands-on learning is the best cybersecurity training.
“For example, taking a student or IT analyst and giving them a process to be a Tier-1 analyst in a security operations center,” Morales told Dice. “These will be the fastest learners when paired with good process and some oversight from an experienced Tier-2 or Tier-3 security team. I think learning as you go, and then taking classes to fill in certain gaps, or to learn new techniques, is the right combination.”
What Is Cybersecurity Training Used For?
At its most fundamental, cybersecurity training—especially for those who are new to the field—can illustrate the basics of cybersecurity since jobs can vary from network penetration testing to old-fashioned patch management, said Thomas Hatch, CTO and co-founder of SaltStack, an intelligent IT automation software firm based in Utah.
“The first thing I would recommend would be to get a lay of the land, determine what areas of cybersecurity exist, then dive into specific areas,” Hatch told Dice.
“For instance, there is network penetration and vulnerability, there is exploit management and classic black hat tooling. Understanding secure software engineering is an excellent option for attack deterrence systems such as honeypots. There are many more areas to consider,” he said. “Then take a look at the resources that are available for each of these areas.”
Good cybersecurity training allows seasoned pros, as well as those with less experience, to dive deeper into the implications of the security threat, Hatch suggested. By understanding how systems are patched for vulnerabilities and what the implications are, security-centric technologists can better understand the implications for the whole corporate network, he added.
Cybersecurity Training: Where to Start
As with cybersecurity certifications, there are numerous cybersecurity training courses and programs, each offering different views and advice for boosting and improving your security career.
And while there is no set standard, many security practitioners and researchers point to the SANS Institute, a private training and certifications provider, and its catalogue of cybersecurity training courses as not only a starting point, but also a way to advance a career.
“SANS Training has a variety of subjects across information security and courses can be completed online,” said Andre Barrutia, director of talent acquisition at Coalfire, a cybersecurity advisory services firm in Colorado. “It is definitely worth the cost and time involved and is certainly in high demand.”
The SANS courses can range from the basics, such as the “Introduction to Cybersecurity” course, to the much more advanced “Cloud Security Architecture and Operations” training.
Due to the recent spread of COVID-19, however, SANS and other cybersecurity training organizations are pushing most of the offerings online.
While these and other cybersecurity training courses offered by SANS are priced based on the level of complexity and subject matter, other organizations offer free cybersecurity training and learning courses to get professionals and beginners started.
Cybrary, for example, is a free, open source library of cybersecurity training and learning material that is accessible through the internet. The organization also offers cybersecurity training and testing based on skill level: beginner, intermediate and advanced.
For U.S. veterans, as well as other government employees, the Department of Homeland Security offers the free Federal Virtual Training Environment (FederalVTE), which helps connect those interested in security with numerous cybersecurity training and certification courses that run the gamut from basic coding to reverse engineering.
What Are Some of the Best Cybersecurity Training Courses?
In addition to the SANS Institute, Cybrary and Homeland Security’s FederalVTE, several other organizations offer various cybersecurity training programs.
In September 2019, security firm Tripwire published a list of some of the more well-known and respected cybersecurity training courses, which includes offerings from organizations including (ISC)², Global Information Assurance Certification, Infosec Institute and the MIS Training Institute.
Another place to look for quality cybersecurity training is universities. The University of Washington, for example, offers its “Building a Cybersecurity Toolkit” course, which includes the basics of cybersecurity as well as best practices. This cybersecurity training course is free and students can gain a certificate for $199.
A bit further up the cybersecurity training scale is the Stanford Advanced Computer Security Certificate Program, which includes six online courses that will take between 50 and 55 hours to complete. This course, which is geared toward those with a degree but looking to move up the management track, costs more than $3,000, but promises access to executives from Google, LinkedIn, Symantec, VeriSign and LifeLock.
Get ahead by knowing what cybersecurity interview questions you might come across in your next opportunity!
Conclusion
Unfortunately, cyberattacks won’t slow down anytime soon—if ever. Over the next several years, we’ll likely see cyberattacks such as ransomware and DoS increase in tempo and sophistication, especially when cyber-attackers begin to fold A.I. and machine-learning tools such as ChatGPT into their workflows.
But that increasing rate of attacks also means a continuing demand for cybersecurity professionals—which gives the profession a very positive job outlook. However, organizations will only hire professionals they feel can do the job, which means all cybersecurity experts must continually work to keep their skills up-to-date. But for those who’ve mastered the intricacies of cybersecurity, the opportunities are out there.