Back to School: National Cybersecurity Awareness Month Edition
My first cybersecurity memory is working on my Commodore 64 computer with a military-grade type dial-up modem. This was before the Internet and I would use a BBS systems (bulletin board systems) where I would dial in to see and learn about security and hacking topics. This was a time when phone phreaking was all the craze. It seems like ages ago given all the new technology that comes out daily, but these early memories serve as reminders of why I got into cybersecurity. They were my first foray into technology.
This October is National Cybersecurity Awareness Month, and I’d like to take us back to the classroom to give a few lessons on entering into cybersecurity. While I was fortunate to have an early passion for experimenting with telephone systems and talking about security on my Commodore (not to be confused with the bird), many people might need an extra push to really know what it’s like to get into the industry. Today, we are facing a frightening shortage of cybersecurity professionals in the workforce. This widening gap is expected to lead to 3.5 million jobs left unfilled in the cybersecurity profession according to Cybersecurity Ventures. This glaring statistic prompted me to realize that the more we can do to spread the word about cybersecurity, the better. I sat down with my security team to see if they could offer advice, tips and ideas to help empower others to be the next generation of security ninjas. Here’s what they shared (anonymous of course, we are in security after all). To keep with the back to school theme, I’m breaking up my advice by grade level. By the end of this, you’ll have your honorary degree on what it takes to be in cybersecurity.
Nature & Nurture: Cybersecurity Tips for Elementary and Middle School
It was the general consensus on the security team that most of us who got involved in technology had an early aptitude for it. I got exposed to computers and security around the age of 12. This era was unique because there was no Internet (remember the BBS systems) and movies like ‘War Games’ and ‘Hackers’ shaped my malleable brain. One person on my security team said he got into technology at the age of five when his Mom would let him take apart old electronics. If you see a young person showing interest in technology, nurturing it is a sure-fire way to ensure they will continue to grow and ultimately learn the value of becoming part of the security industry. Interest in cybersecurity and technology can start young or even later in life. Another person on the team said it wasn’t until he was in the military in his 20s that piqued his interest in cybersecurity. It’s up to us—parents, teachers, friends and the security community nurture it if there is a natural desire there to get involved with technology. Gone are the days of phone phreaking, we now can tell early on if children have an aptitude for computers.
Studying Goes into High Gear: High School Security Advice
We’ve moved on from the awkward days of middle school and now have found ourselves in high school dazed and confused. A SailPoint security engineer has this advice for high school students: do some research to find more information about all the options associated with cybersecurity. Take an opportunity to participate in a ‘Capture the Flag’ exercise. I agree research is a good first step, and here are some other bits of advice as well. First, this one is a no-brainer, study hard. Your aptitude for learning and learning fast will be measured in interviews and college. Second, learn a programming language – learning python, for example, is needed in today’s security teams, and the traditional security engineer is in low demand and slowly becoming obsolete. Meaning, learn a developer mindset, if you cannot speak their language, then you will struggle with talking risk to them. Next, learn cloud – with the latest trends in moving to the cloud, security leaders need to know and understand the cloud. They need to know CI/CD pipeline development and where security fits in with these new concepts and frameworks. Finally, be the solutions provider. I see too many security leaders waste valuable time and become obstacles to the business when articulating risk. If you bring up an issue or risk, be sure to bring your recommendations to solve the issue along with you. This will only increase your credibility and integrity with the business.
COLLEGE—Not an ‘Animal House’ but a Place to Grow Security Skills
It was a resounding yes from the security team that anyone interested in cybersecurity needs to get a degree. I do recommend you go to college and learn to learn. Nobody in IT or security have all the answers but what defines us as IT and security folks is how we figure out problems. You learn to learn in college and put up skills on the job as you fine-tune your natural gifts. Find your passion and be the very best at it and that will make you stand out from the rest. We even believe that degrees like math of philosophy would work for anyone looking to break into the field. Obviously, you need fine-tune your cybersecurity skills on the side, but these degrees teach you logic and problem-solving. One security program manager on the team said college students should aim to get a job/internship as soon as possible, even if it is not technical. The goal here is that every industry has a security element, so even if a job is not technical in nature, you are still learning workflows and problems on some level that deal with cybersecurity. That’s just the nature of the world we live in.
How to Break into Cybersecurity as a Professional
So, we’ve graduated from college but didn’t get a CS degree. That’s OK. We see this a lot and as we mentioned even non-computer degrees can be an asset. Cybersecurity is not rocket science but it does take passion and craft. I would recommend that new folks to the industry choose a certification in a topic/skill they like and run with it. Also, you will need to gain some level of skills so you can tell interesting stories about cybersecurity in interviews. When I interview someone, I am looking for, “their story” around cybersecurity and their passion which is usually coupled with knowledge. One person on the security team also suggested volunteering to participate in projects that are IT-related, especially if there is a security component. You never know what kind of doors will open when you put yourself out there.