How to Start Cybersecurity Training
Cybersecurity Defined
Cybersecurity is a fairly broad term. Anything related to preventing cybercrime and cyber terror effectively falls under the banner of cybersecurity. Even if we’re to narrow it down strictly to a professional context, cybersecurity isn’t exactly one set of job duties, but rather an area of expertise with a wide range of applications.
Therein, for many, lies the appeal of a career in cybersecurity. With a cybersecurity degree and the right certifications, you could wind up developing your security apps and running your software studio, or you could work as a consultant for anyone from Fortune 500 companies to the National Institute of Standards of Technology (NIST) to NASA, or you could do part-time consulting to supplement another job. Working in cybersecurity, you’re not simply a worker or a staff member or an employee or a freelancer, you’re an expert.
So the question remains, an expert in what, exactly? We have a broad definition, now what does cybersecurity expertise consist of?
We can effectively break information technology security down into three principles and four levels of application.
Those principles are covered under ICA or Integrity, Confidentiality, and Availability. Integrity: Is the data still fulfilling its intended purpose? Confidentiality: Is it hidden from people who shouldn’t see it? Availability: Is it available to people who should see it?
The four levels of application include network security, addressing cyber threats on the transmission level, routers, servers, and so on. Application security, or addressing threats on a software level. Information security, or keeping emails, documents, and even print media secure. And operational security covers the whole framework. You’re putting the processes, and protocols in place or essentially, writing company policy. Operational security, also known as OPSEC, has roots in military security. Think of the phrase “Loose lips sink ships.” That’s an excellent example of OPSEC, security as part of your system of operations.
OPSEC is, in many ways, the backbone of cybersecurity. This is where you’re teaching cybersecurity awareness to your colleagues and developing and implementing overarching procedures and guidelines. All four security levels are necessary, but OPSEC provides a platform from which you can stage your fight against cybercrime in the first place.
Common Cyber Attacks
Sun Tzu said that if you know the enemy and you know yourself, you need not fear the result of a hundred battles. So what exactly are we up against in the cybersecurity trade?
- Hacking – A broad term. Hacking can be used to cover just about everything else on this list. Specifically, it refers to attaining access to sensitive data without permission. That includes everything from ransomware to brute-forcing a password with multiple guesses.
- Cross-site scripting – Also known as XSS, cross-site scripting has websites inject malicious JavaScript into the victim’s browser, usually through a contact form or search box, which is then spread to other sites. XSS scripts can be placed on top of legitimate sites, making them hard to identify.
- DNS spoofing – DNS spoofing has the attacker introduce corrupt DNS, or Domain Name System data, into the cache, causing traffic to redirect to the hacker’s computer, or another computer or device under their control.
- SSL attacks – SSL attacks are part of a whole category of threats wherein a system or network is overloaded with useless data until it crashes or otherwise becomes unusable. In the case of an SSL attack, this is done during the SSL handshake protocol.
- Phishing – You receive an email from your bank: due to a policy change, you will need to reset your password. Now just go to “Bank of Ammerika dot org,” and input your info. Phishing works by tricking you into inputting your information into a website that looks legitimate on the surface when it’s actually an imposter website out to steal your personal information.
- Ransomware – You download a virus, and your computer stops working. It turns on, it boots up, and displays a message “Send one bitcoin to this user to use your computer again.” Essentially ransomware is like remote kidnapping for computers and devices.
- Malware – Malware is a broad term, essentially meaning any software intended to damage a device, computer, network, or server. When it’s unintentional, it’s a bug. Malware is explicitly designed to harm.
- Social engineering – Quite literally the oldest trick in the book. Where many forms of cyber crime exploit vulnerabilities in electronic systems, social engineering exploits vulnerabilities in human nature. As an example, imagine someone wants to borrow your phone for a second. While they’re logged in, like you, they change your email password. It’s a cyber crime, but it focuses on exploiting basic human nature rather than electronic network and system vulnerabilities.
Best Practices in Cybersecurity
The list of potential threats in cybersecurity is growing every day, and this means that the list of countermeasures is growing every day. The best practices in cybersecurity number too many to count, but there are some important principles and guidelines that we can put in place to head off the vast majority of cyberattack threats.
- Don’t click. If you don’t know where the link comes from if you don’t know what it leads to, if you don’t recognize the URL, don’t click it. It’s challenging to put malware on someone’s computer manually, but it’s very easy to get people to click and download it themselves.
- Remember that not all cyber threats are high-tech. It’s not difficult to find examples of people having their identity stolen because they were holding their credit card in a photo that they put on Facebook or a company that was hacked because they left a whiteboard in the frame for a group picture, or leaks that happened because someone left their laptop open while they went to the restroom at a Starbucks. Cyber criminals are, above all, opportunists. Don’t give them any opportunities.
- Educate your team on strong passwords. The basic idea here: At least ten case-sensitive characters, plus numbers and symbols. Simple as that.
- Avoid public WiFi. If you’re working remotely and don’t get to choose, look into VPN, or virtual private networks, to work safely.
- Download the updates to your security programs. “I’ll download it later” is music to a hacker’s ears.
- Back it up. Cyber attacks will happen. Having data backed up regularly means that you can quickly recover from an attack in the event of malware detection.
- Make regular backups. These days there’s no excuse for any company that works in technology not to make daily backups of their system. The resources are there: take advantage.
- Bring everyone up to speed. A knowledgeable security team is a good start. A knowledgeable company is almost impenetrable. When everyone from the mailroom to the CEO understands what you’re up against and how to protect your company from cyber criminals, a dedicated hacker might still be able to break into your networks and systems, but the vast majority of them will consider you to be more trouble than you’re worth.
Training for a Career in Cybersecurity
The training level required for cybersecurity jobs varies quite a bit, depending on your level of commitment and your goals within the field. If you aim to make cybersecurity the center of your career, you’re going to want to start with a four-year bachelor’s degree. Many companies offer tuition assistance to keep your cybersecurity training cost down so that you can pursue a two-year master’s degree.
If you want to be competitive, you will probably want to pursue advanced cybersecurity training courses to attain specialized certification.
Entry-level jobs and freelance work can be found with only an associate’s degree or just some basic training. This is fine if you only plan on doing cybersecurity as a part-time gig, but if you want to see any real progress in your career, you’re likely going to want to pursue a four-year degree at the least. Ultimately it depends on where you want to take your career.
Your Career in Cybersecurity
Being that cybersecurity is a broad field of expertise, a career in this field can take any number of shapes. Some developers design security software, writers, and teachers who haven’t stepped into a server room in years, consultants who work on a contract basis to write policy, forensic analysts who help recover lost data, and watchdogs who provide continuous monitoring analysis, and so on. Cybersecurity can be your path to a career with groups like NASA or the NSA or consulting on business cybersecurity with brands like Sony and Google.
You might not know precisely where you hope to specialize until you’ve been in the field for a little while, and from there, it will be easier to determine your career and academic goals.
Where Should You Study?
If you are entirely new to coding, it may be useful to study online at your own pace for a while before you start applying to schools. Certain sites can bring you up to speed on the basics if you’re learning cybersecurity from scratch, and from there, you can decide if the cybersecurity workforce is for you. It’s faster and cheaper to dip your toe in the water at home, for free, than to sign up for a bachelor’s degree program and only then find out that you’re more interested in business management or biology. And of course, you’ll have an easier time getting into a college or training program, and doing the assignments, if you already know your way around JavaScript. So your first step is going to be looking into general coding and cybersecurity courses.
Cybersecurity Courses
Many online and local cybersecurity courses designed for beginners are relatively inexpensive, and in some cases, free. This is a way to begin your cybersecurity training before moving on to a more comprehensive cybersecurity training curriculum. StatinoX, Cyber Aces Online, Heimdal Cyber Security for Beginners, and Coursera Introduction to Cyber Security Specialization all come highly recommended. Courses like these will introduce you to the basics, and from there, you may want to consider:
Cybersecurity Bootcamp
A variety of schools offer bootcamp programs that should bring you up to speed so that you can start looking for entry-level jobs for cybersecurity professionals while you continue your education.
Boot camp can make you a competitive job candidate for cybersecurity positions. It will make you employable and get you started.
Research Your Programs
In selecting a school, you’ll want to do some research on the programs offered, find out if they’re accredited, if there are any notable faculty members, and whether this school is going to prepare you to build a cybersecurity framework or work in cybersecurity management or do whatever else it is that you want to do in your career.
You will also want to look into financing options. If you hold an entry-level position, you may be able to get tuition assistance from your employer. If you’ve served in the military, you may find financing programs to provide cybersecurity training for veterans. The benefits of a career in cybersecurity can be advantageous, financially speaking, but the path to a bachelor’s or master’s degree can be costly. Anything that you can do to bring your costs down, you should consider doing.
Obtaining Your Bachelor’s Degree
To get competitive in the job market, you’re going to need at least a bachelor’s degree. According to the Bureau of Labor Statistics, the median salary for cybersecurity professionals is around $93,000 a year. But, that’s the median. There are management positions where you can earn over $120,000 a year, and there are lower-ranked positions where you might not be earning half the median.
Cybersecurity is nothing if not a challenging job. Even an entry-level position requires far more training than most jobs. You can pursue cybersecurity as merely a way to make ends meet. Still, if you are not going to develop your understanding of the field to win higher-paying positions, you will be putting a lot more work than necessary into earning a relatively modest income.
Something to consider when shopping around for a cybersecurity school: While some career fields have a certain stigma surrounding online universities, cybersecurity is not one of them. If your work is already focused around online networks and systems, it doesn’t make much sense for an employer to pass you over because you earned your bachelor’s degree on a computer at home instead of on a computer in a classroom. Because you’re generally going to be expected to continue your academic career concurrently with your professional career, it should be relatively easy to find time for further studies even after landing your first job in the industry. If you prefer to learn in a classroom environment, you can always search for “cybersecurity training near me” and see what turns up. But you are not confined strictly to in-person classes in your cybersecurity education.
If you already know where you’d like to specialize, you can get a leg-up in that particular niche by focusing your studies in that direction from the start, whether it’s cloud computing, managing teleworking risks, or studying laws and guidelines so that you can help companies to ensure compliance with regulatory boards like General Data Protection Regulation, but you will also need more general education. You should give yourself room to pivot as you explore your options and find your career path.
All of this is to say that as you pursue your bachelor’s degree, you will want to keep some options open.
Advanced Cybersecurity Certification
Even if you’ve landed a great job, advanced certification and specialization can open a whole new horizon of jobs with cybersecurity firms and other companies.
Cybersecurity training certification is where you can develop high-value skills that will make you a genuinely formidable candidate on the job hunt.
There are hundreds of certifications available to cybersecurity professionals, and it might not be easy to determine which ones to pursue until you’ve spent some time in the field.
Joining a cybersecurity association like Internet Security Alliance or SANS Institute can also be a tremendous advantage on a resume. These associations can help to tip you off to new developments in the industry, new opportunities for advanced education, new job openings, and more. Merely being a member can communicate to potential employers that you take cybersecurity very seriously, and are continuously working on getting better at your job.
Continuing Your Training
If you are a cybersecurity professional, you will always be a student first. Technology changes day after day, there are always new threats and new countermeasures with which to combat them. There is always more to learn, always some way to continue your cybersecurity education.
You haven’t really graduated to professional until you’ve had some cybersecurity hands-on training on the job. Doing exercises in a classroom environment or on your laptop at home can help to prepare you for the threats you’ll face in the workplace, but until you have hands-on experience in risk management or tracking advanced persistent threats, it might not be easy to see how your training will come into play on a practical level.
The best way to stay competitive in the job market is to continue pursuing training, continue attaining new certifications and degrees, continue gaining work experience, and not be afraid to pivot into a new specialty when you see an opportunity. This is a skill set like learning to play guitar or painting: You don’t simply pass a course and learn all you need to know, it’s a discipline that you can continue to learn and improve in for the rest of your life. Your competitors are still learning, so you should be, too.