By Professor Steve Linthicum*
- Demonstrate a passion for both lifelong learning and the cybersecurity industry
- Consider participating in cybersecurity related organizations
- Consider learning Project Management and ‘soft skills’ and provide evidence of attainment
An advantage of having longevity in the information technology field is you gain an understanding of where we are today and how that compares with history lessons of the past. One of those lessons relates specifically to economic principles associated with supply and demand. The basics of these principles strongly suggest that where a resource is in short supply, generally the demand for that resource is high, resulting in the cost for the resource rising.
Mindful of the fact that IT certifications, from a historical standpoint, rose in importance in the final decade of the 20th century (1990-1999), it is helpful to return to that place and time. Novell was the primary leader in the certification arena its CNA and CNE certifications. Microsoft made great strides in the latter half of the decade, leading the charge with its MCSE certification, and commanding that leadership in the early years of the 21st century. Every student wanted to achieve the coveted MCSE certification, and for most who received it by passing the six (6) exams, opportunities for employment, even for students who lacked work experience, were there.
Advance nineteen (19) years to today’s world and the identities of popular certifications have changed. Gone from the scene is Novell and its popular Netware operating system. Microsoft is still around, with its workstation server products continuing in popularity, but facing strong competition from the open source community. That clamor relating to obtaining its MCSE certification appears absent, replaced with a broad array of certifications that focus on cloud technologies, cybersecurity, and some surprising additions.
For guidance relating to cybersecurity certifications, the Cyberseek website, sponsored by the U.S. Department of Commerce, is useful. It details on a National level, as well as state and metropolitan area levels, the current levels of the cybersecurity workforce and total cybersecurity job openings. It also lists six (6) certifications (Security+, CIPP, GIAC, CISSP, CISA, and CISM), providing information relating to the number of people holding the certification for a defined region, along with the job openings requesting the certification.
Cloud security certifications are relatively new to the field and fall into two major categories. Those categorized as vendor neutral include CompTIA’s Cloud Essentials+ and Cloud+, the Cloud Security Alliance’s CCSK certification, and the (ISC)2 CCSP certification. On the vendor side, the two front runners are Amazon Web Service’s Cloud Security – Specialist certification and Microsoft’s new Azure Security Engineer (AZ-500) certification.
Having some familiarity with these certifications, for most people considering an IT/cybersecurity career, it makes sense to begin with lower level certifications. For security job roles, consideration should be given to the CompTIA line of certifications considered by some as the “certification trifecta.” That is their A+, Network+, and Security+. These serve a foundational role, providing evidence of both a willingness to learn and some proof that you understand the basics of information and communication technologies. Their importance used to be measured in terms of landing that first job in IT roles that the Department of Defense in directives 8570.01 and 8140.01 define as Information Assurance Technician (IAT) levels 1 and 2.
However, there is still the difficulty those seeking jobs in this industry face without experience. We are all aware of that “Catch 22” conundrum. In order to get a job, you’ve got to have experience. In order to get experience, you’ve got to get a job. That’s were creativity becomes important. Ask the question, how can I get an employer to hire me with my limited level of certifications and little or no work experience? The answer may well be by following some of the suggestions detailed below.
Demonstrate a passion for both lifelong learning and the cybersecurity industry
I often tell people considering cybersecurity as a career pathway there is only one requirement. You must be a lifelong learner, willing to take the time necessary to keep up with technology. If you do not have a LinkedIn account, get one. Use your profile in a manner that tells a story about what you are doing that evidences a commitment by you to lifelong learning. Display certifications you hold, providing sufficient information for a potential employer to verify certification attainment. LinkedIn provides the ability for you to become an author, composing articles that establish your ability to write in a quality manner. Pick content that you are comfortable based upon your knowledge, skills, and abilities (KSAs), to write. Know that it will be read by others and you will be judged on your communication ability. Best perhaps to have a trusted advisor proof read it before you push the “published” button.
Consider participating in cybersecurity related organizations. I’ve provided the list below to students in Southern California as a means of identifying networking opportunities. This is area specific and you may not have access to some of these organizations in your local area. But you do have Internet searching capability. Try finding groups that may interest you through websites like MeetUp.
Here in Southern California we have a variety of national and international organizations that provide this ability to network on a local level. Specific networking opportunities you may want to consider getting involved with include:
- Infragard– An FBI created public/private partnership. Joining requires you go through a process characterized as a “security risk assessment.” There is are local chapters located in San Diego and Los Angeles.
- ITDRC– The Information Technology Disaster Resource Center is a volunteer organization that provides communities with the technical resources necessary to continue operations and begin recovery after a disaster. It harnesses the collective resources of the technology community to provide no cost Information, Communications, and Technology (ICT) solutions that connect survivors and responders in crisis.
- ISSA– The Information Systems Security Association is an international organization of information security professionals and practitioners. It provides educational forums, publications, and peer interaction opportunities that enhance the knowledge, skill, and professional growth of its members. There are local chapters located in San Diego, Orange County, and Los Angeles.
- ISACA– The organization engages in the development, adoption and use of globally accepted, industry-leading knowledge and practices for information systems. Previously known as the Information Systems Audit and Control Association, ISACA now goes by its acronym only, to reflect the broad range of IT governance professionals it serves. There are local chapters located in San Diego, Orange County, and Los Angeles.
- (ISC)2– An international association for information security leaders, committed to helping its more than 140,000 certified members learn, grow and thrive. There is a local chapter located in San Diego.
- AITP– The Association of Information Technology Professionals was created in partnership with CompTIA, and serves as the go-to resource for individuals seeking to start, grow and advance a career in technology. There are local chapters in San Diego and Los Angeles.
Consider learning other skills and provide evidence of attainment
When most people think of what is required to attain cybersecurity professional attainment, they express having the KSAs associated with defending and attacking networks. While those skills may be important, there are certainly other skills that play into this role. Reliance on useful information when making decisions about what we should be teaching is helpful. The New Foundational Skills of the Digital Economy report, issued by the Business-Higher Education Forum and Burning Glass, helps to define the nature of skills employers are seeking for the digital workforce. The graphic below appears on page 11 of the report.
In a recent posting on a closed forum for CompTIA instructors, one of their executives posed the following question: Did you know out of the 129,397 total U.S. Cybersecurity job postings during Q1 2019, Project Management was rated #4 as a top specialized skill? When I asked about the source of this information, I was told they got “this specific data point from the Burning Glass Technologies Labor Insights Tool, May 2019.” I’m not surprised by the finding. Having taken and passed different version of exams for CompTIA’s Project+ certification, I know of the value of the information I learned that enabled me to possess this certification.
Also identified in the graphic above are what we in education commonly refer to as “soft skills.” From the perspective of a technical educator, this is a challenging area, and more likely results from experiences both inside and outside of the classroom. Communication skills (including writing as detailed above) will improve by participating in the activities identified above. Learning how to react in a collaborative fashion can happen through the participating in those groups identified above. Critical thinking, analytical skills, and creativity are a natural byproduct of both learning and working. They will be fine-tuned as you gain job skills.
ABOUT THE AUTHOR
Steve Linthicum taught cybersecurity courses for decades as a professor at the college and university level, and currently works with the California Community College Chancellor’s Office in a workforce development role. He holds an array of IT and cybersecurity industry certifications.