The global cybersecurity workforce gap is estimated at 2.7 million people, with the problem particularly acute when it comes to entry-level roles.
Cybersecurity nevertheless promises an interesting and potentially lucrative career. Even though the profession is open to people with any degree or none – providing they have the aptitude to learn – it can still be daunting to make the initial first steps and difficult to know where to begin.
The talent pool might potentially be expanded through more inclusive and broader hiring strategies. Against this, unrealistic hiring practices sometimes create barriers to entry for those looking to enter the profession, especially those seeking a career change.
The path into a career in information security is, however, eased by a growing number of entry level training schemes and courses. The Daily Swig has surveyed this landscape to chart some promising routes offered by various reputable training providers.
Catch up on the latest cybersecurity education news and analysis
For example, cybersecurity skills training organization (ISC)2 reports that more than 1,400 individuals have undertaken its entry-level infosec certification pilot exam since the program launched at the end of January 2022.
The qualification is designed to support industry entrants embarking on cybersecurity careers, ranging from recent university graduates, to career changers, to IT professionals looking to switch roles and focus on infosec. In all cases, the certificate offers a means to validate their foundational security skills.
Laying down foundations
For employers seeking to fill entry-level roles, the qualification offers evidence that newcomers have the foundational knowledge, skills, and abilities necessary to thrive in the sector. According to (ISC)2, the qualification shows that candidates for junior roles are familiar with technical concepts whilst having an aptitude for on-the-job learning.
The (ISC)2 entry-level pilot exam evaluates candidates across five domains; security principles; business continuity, disaster recovery, and incident response concepts; access control concepts; network security; and security operations.
In preparation, candidates pay for a choice of either live instructor-led training sessions (available as a course package that includes access to online learning resources an exam voucher for $649) or more economical online, self-paced learning resources (available with an exam voucher for $199).
Within the cybersecurity education market, however, (ISC)2 is far from the only game in town.
World of choice
The SANS Institute offers a five-day, in-person Introduction to Cyber-Security course that covers a mix of technical and business issues. SANS Institute courses are well regarded but not inexpensive.
GIAC Information Security Fundamentals, for example, retails at $6,600.
Other paid-for SANS Institute introductory courses focusing on specific areas of cybersecurity – such as cloud computing, digital forensics, and incident response – are also available.
SANS also offers free-of-charge security workshops and other content, though this material is more geared towards the professional development needs of those who have already established a cybersecurity career.
eLearning
Coursera offers access to online courses from leading universities and companies.
The Coursera platform provides routes that run the gamut from short online classes and hands-on projects that teach job-relevant skills in less than two hours, to job-ready certificates and degree programs. Short courses cost up to $99 while professional certifications run between $2,000-$6,000 and degrees between $9,000-$45,000.
A yearly subscription to Coursera’s online courses costs $399.
Coursera offers a variety of entry-level cybersecurity courses, each affiliated to universities or technology companies.
For example, Introduction to Cyber Security Specialization from New York University includes four courses aimed at beginners. It can be completed in about four months with four hours of learning per week.
Attractive, lower cost options might also be found in modules and courses in cybersecurity from Udemy.
There’s also an Introduction to Cyber Security course from the UK’s Open University that is particularly suitable for those looking for a flexible course aimed at beginners. The course doesn’t lead to a formal qualification but is available online and is accredited by several reputable organizations in the UK cybersecurity sector.
“Over eight weeks, the course will take on average three hours a week to complete,” an Open University (OU) spokesperson told The Daily Swig.
“The course is accredited by APMG International, the Institute of Information Security Professionals, and the (UK) National Cyber Security Centre. The Certificate of Achievement for this course demonstrates awareness of cybersecurity issues across 12 of the IISP skills groups, and demonstrates that participants have completed a course that meets the awareness level requirements of NCSC Certified Training.”
Another option from the Open University involves a part-time degree course that offers a BSc in Cyber Security at the end of six years. There’s also a postgraduate micro-credential in Cyber Security Operations.
The best way to find Open University courses related to cybersecurity is by using the course search bar on the OU’s homepage.
Book smart
Quite a few well established and respected infosec professionals got their start in the field by simply picking up a book and getting stuck in.
There’s no better example of this than noted bug bounty hunter David Litchfield, who 25 years ago passed his Certified Novell Administrator (CNA) exam courtesy of a related CNA guidebook, thus certifying his ability to maintain networks running the then ubiquitous but since obsolete Novell NetWare networking software.
Fast forward to the 2020s and you’ll find PortSwigger’s* Web Security Academy offering a free-of-charge service that explains key concept and vulnerabilities in web security. This learning exercise is reinforced through a series of labs graded ‘Apprentice’, ‘Practitioner’, or ‘Expert’.
Practice in the labs gives learners proficiency with Burp Suite, a web security testing tool that’s the industry standard for pen testers and bug bounty hunters alike.
Next, The Daily Swig’s own John Leyden plans to try his hand at modules from the (ISC)2 entry level qualification to see how he fares. Stay tuned for a follow-up feature this autumn.