Jump to content
Killersites Forums

Recommended Posts

I have touched on this before friends, this is an important issue, there is a tremendous shortage of qualified cybersecurity professionals out there. Do you own look-up on Google and Co., the Air Force and the Air Force Association consider it a matter of National Security! This is just one article, so find your own. The US here, but really whatever nation you are from is likely to be facing the same shortage worldwide, needs people, especially school age kids to be looking at cybersecurity jobs for their future.

As the article points out as well, EVERY IT job is now a cybersecurity job. You built an app you have to consider security. You build a website, you have to think security, because especially those of you doing freelance work, your customers are likely not doing it, breaches happen to other people.

I used to do Freelance work... so many companies and software now build web sites for people cheaper than we can. Seriously consider making the move into cybersecurity, the jobs are out there, abundant, and international.

And if you are not interested, talk to your kids or youth that you know. Show them programs like CyberPatriot. Especially girls, there are few to many in this career path. Hackers are not going away, more Nation-States are developing Cyber-attacks against their enemies. You know someone considering the Military? Every branch has cyber specialist fields now, from front-line troops needing protection for their communications to the premiere Cyber Warriors of the US Air Force protecting UAVs (drones), military communications and space born satellites. Not to mention NSA, CIA and other alphabet agencies from other countries.

The field is wide open to those of you willing to give it a shot.

 

Governments Look to Innovation to Solve the Shortage of Cybersecurity Professionals

https://www.meritalk.com/articles/governments-look-to-innovation-to-solve-the-shortage-of-cybersecurity-professionals

Quote

The flood of surveys and reports detailing the shortage of qualified IT and cybersecurity professionals is unrelenting. Estimates put the shortfall at anywhere between 1.8 million to 3.5 million in the next five years.

In the United States there are 112,000 unfilled openings for information security analysts alone, plus another 200,000 additional openings seeking cybersecurity-related skills, according to CyberSeek, a platform designed to close the cyber talent gap and supported by the National Initiative for Cybersecurity Education, a program of the National Institute of Standards and Technology.

The cybersecurity workforce shortage is even worse than the job numbers suggest, according to a report from Cybersecurity Ventures, because every IT position is also a cybersecurity position now. “Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure, and people,” the report says.

 

Link to post
Share on other sites
  • 2 weeks later...

I got into Cyber Security as far as a 2 year degree.  I was unable to get a job with that training and I don't have the financial resources to continue.  Also, all the jobs I see listed in Cybersecurity have a lot of requirements for job experience, a 4+ year degree, plus several expensive certifications.  Also, a lot of what I'm hearing is industry really considers qualified people to be those looking into Cybersecurity as a second career choice and already have experience administering databases or networks.  I've also heard that many colleges have terrible cybersecurity curriculums and many companies are skeptical of these degrees.  This was also true in my case.  I had two Firewall classes and not once did we configure a Firewall or even look at a GUI; it was all about security managerial roles.  

So I'm here starting over from a different direction with Stef's KillerPython.  The strange thing is I feel I might someday be able to at at least do Penetration Testing if I get good at Python and KALI Linux tools which my college courses.  

 

 

 

Link to post
Share on other sites

LOL - Oh, don't get me started on degrees. I am ex-military, ex-public affairs for the US Army Berlin Brigade, ex-bodyguard for Daimler-Benz, worked in a corporate headquarters with people from 13 different nations... but lost out on a job in Detroit with a big company as a web developer that their HR department OK'd me for... just because the supervisor thought I could not handle stress as I had not been to college, seriously? No, I served my country instead of college. Grrrr.

It really comes down to where you are of course. Here in Alaska, no real industry, so yea, this is one of the worst places for cybersecurity jobs.

Age, now that is kinda quirky. You would think, like on TV, Young folks who have had phones and computers in their cribs would be best. In fact, depending on what you read or who you talk about, older folks with computer experience are preferred as we have a deeper knowledge of operating systems and programming languages. Also being ex-military is helpful, we have an inbred sense of strategy and defense. Cyber soldiers from the military have it made.

I would not put much weight in degrees, yours will come in handy later for getting supervisory or management positions in a company. It can also help you in an advisory role as a contractor helping businesses lock down their security if you land a job with a security start-up company.

*Growl* - Oh, don't get me started on certificates. Yea, very expensive and some you have to get renewed continually, most also require regular extra credits as the industry changes so fast, your knowledge is out of date in a heartbeat. The extra credits are easy, lots of 1 hour webinars will give you those. The certificates themselves, they are expensive but really required to work in the industry.  I will add some links at the end. Personally, I live in Juneau, to get the certificates I want, I have to fly almost 600 miles to Anchorage at my cost, pay for the testing, and likely a hotel. But if you walk into a interview with the right certificates, they are worth more and likely cheaper than a degree.

Python is good to know, it was not common when I learned it in 2000, but most of the common tools of the trade are written in it. Java is more common but is really a security nightmare with massive vulnerabilities. I have tried, unsuccessfully, to get my boss to change us from a Java shop to a Python shop.

KaliLinux is a great tool and it will help you learning to use it and the Linux operating system inside and out. Many of the cyber security tools we use are included in it. Place it on your machine in a virtual machine so you don't muck anything up playing with it... unless you have a second machine.

As far as jobs go - start training yourself now. College courses in general are not bad, I had a networking course that has helped me better understand the networks and how they work that I need to secure. So look for singular classes that can help you understand the world Cybersecurity works in. Sign up for news letters, I like The Hacker News, many of my headline here come from there. There is another site, Dark Reading that has an app for mobile devices. Keep up on the industry with blogs and news letters like the "NewsBits" from SANS.org. This way you can walk into interviews with confidence, you know the players, threats and tools if asked. Remember it is a new field, their are not enough experts around, so they want people who can learn quick, you will show you may not have all the technical knowledge yet, but you know the industry and the threats.

Volunteer, once you know some stuff and have a base idea, help local businesses understand the threat and they are targets regardless of how small they are. I learn a lot my teaching others what I know here. talk to computer teachers at local schools, they may not cover it and allow you to work with a computer club etc. The next suggestions can be good for any nation, but assuming you are in the US. Canada has many of the same organizations. Also if there is an election, volunteer to work with the IT team to lock it all down. They likely focus on people and getting the candidate out there, so someone needs to oversee security, just remind them of the Democratic party attack. What data is available that another candidate could use against them if leaked. That will go a good ways in an interview as experience. There is also the Red Cross for whatever nation you are in. The American Red Cross (ARC) has Disaster Services Technology (DST), we are the ones who respond to a Hurricane Harvey and set up disaster headquarters with servers, networks, printers, laptops, internet, phones, radios, and other tech the aid workers need to do their jobs helping people. The ARC also has IT End User Services (IT EUS), we are the IT support for the Red Cross in normal non-disaster times. Help desk, setting up communications and computers, everything IT for chapters and offices. Talk to your local Red Cross chapter. Then there is the Civil Air Patrol (CAP), it is a private civilian organization under the US Air Force. They are the primary means of Search & Rescue in the US. They have to be secure as they also do drug interdiction work with the feds, so squadrons need good IT personnel. Many squadrons also have a cadet program, so you can teach teenage cadets security.

Then there are also security competitions. High schools and military type units for teenagers, such as ROTC, CAP, etc take part in a yearly National Youth Cyber Education Competition called CyberPatriot that you can volunteer for to help coach teams. I just heard of another one for females, Girls Go Cyber Start that likely accepts volunteer coaches. Then there is the college version, the Collegiate Cyber Defense Competition (CCDC) which needs volunteers. Again you can learn a lot while helping these teams and if you are taking college courses you may be able to join a CCDC team, or just as a coach. If nothing else, it looks good on a resume and gives you experience.

Go military - including Coast Guard. Even if just National Guard, Air National Guard, etc.. Then there are reserves, Army Reserve. Coast Guard Reserve, etc. All branches of the military need cyber warriors, for protecting combat nets etc., if not your thing, then the guard etc.

If you are close, try state government jobs. Many are just now getting into cyber security.

For training,

  • I would strongly suggest StationX as Nathan has some excellent training tutorials. I am finishing up his 4 part Complete Cyber Security Bundle. It is more on your own security, but he does a lot on tools. Again, the more you know the more you can talk the talk in interviews and maybe get by without immediately having expensive certificates.
  • Also check out The Hacker News training courses. I found StationX through them taking courses I got here. It is Hit and Miss, I had some good courses and some not so good, but all are affordable.
  • Data Breach Today resources - Data Breach is just one of many "Theme Sites" by ISMG. You get involved with their mailing list and you will get notifications for free webinars from many retailers as well as their own instructors. Some are extra credit. Even the retailer ones you can learn about threats as well as the software to fight them. Another good source, I watch webinars multiple times a week. Just be careful, many of the retailers want telephone/email and the sales people WILL contact you. Use fakes when you can, same with downloading white papers etc.
  • BleepingComputer is another good site.

So this is long enough and I really do need to do some work...

Cheers and feel free to ask any more questions.

Link to post
Share on other sites

I appreciate your feedback.  I guess I just wanted to share my experience as I started to find the Cybersecurity career path discouraging and for now I've walked away from that path.  

I wanted to share my experience as a word of caution to anyone else considering Cybersecurity as I think the requirements for it are absurdly high.  Now if another person reading this had better financial resources than myself to pursue training and also lived in a major metro area with more opportunities, going to college specifically for Cybersecurity might work out.  For myself, I think it was a mistake and I'm starting over.  

Edited by Dan13
Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
×
  • Create New...