How much training do you receive on a full time cyber security job?
There are a plethora of different cyber security jobs out there, with much to learn as you are being introduced to the many different concepts of cyber security. After accepting a full time cyber security position, how much/what kind of training do you typically receive starting into your career? What are you expected to already know? JULY20 technology computer-science computer-security cybersecurity womeninstem stem computerscience informationsecurity applicationsecurity career careerdevelopment
Great question! Training really does depend on the company and its leadership. I have seen the range of very minimal to $5,000 a year for an accredited program/certification. The important thing to remember is that you are in control of your own career and you must advocate for your goals and ambitions. Have regular discussions with your manager about topics or areas you are interested, and be ready to discuss how the training can help the goals of your manager, the department, and the company. Being able to connect the dots to the larger picture will help your case.
Once you start a new role, the type of cybersecurity training will really depend on what you are doing. As you already know, cybersecurity is such a broad area and there are many different paths you can take. Keep an open mind when exploring different areas and do not worry whether you have the all the skills within the area because you will learn on the job. As a new cybersecurity professional, no employer is going to expect you to be a subject matter expert right off the bat. Many companies also have subscriptions to learning platforms like Pluralsight, which offer a ton of great courses. Research the different options your employer may provide.
My biggest recommendation would be to build a solid foundation on the concepts and technologies you will be working on. Research different certifications or training courses that interest you and map out a path. For example, CompTIA has a pathway for Cybersecurity starting with IT Fundamentals all the way through Advanced Security Practioner. You don't have to complete every one of these certifications, but it helps to understand what types of skills you should be focusing on and where you should direct your efforts. Stay hungry and continue learning!
As far as how much one needs to know, a college hire entering the security field, here's how our organization defines it:
• Performs routine entry level assignments under direct supervision
• Typically requires a college or university degree or the equivalent work experience that provides knowledge and exposure to fundamental theories, principles and concepts
• Develops competence by performing structured work assignments
• Uses existing procedures to solve routine or standard problems
• Receives instruction, guidance and direction from others
• Assists in risk and threat analysis activities including security assessments, penetration tests, incident response activities, forensics services, etc.
• Assists in compiling position papers, assessment recaps, and other technical documentation aligned with functions defined in the job family summary
• Demonstrates technical proficiency in support of those functions, including tool proficiency (can analyze, configure, assist in deployment), coding, technical development and implementation
You should expect to complete at least 80 hours a year in training specific to your chosen path. This is, of course, outside of the hours you will need to put in to finish your degree!
It is also common to get these entry level IT positions while going to college. I did that myself while studying computer science.
As there are very few accredited Cyber Degrees you can get, San Jose State is the only one I can think of (Masters in Cyber Security) that means certifications are the way to go.
The most well known and respected is CISSP. You can study for that one on your own, there are multiple books to teach you the domains. You then just have to pay for the test, I think I paid $400 for a proctored test.
I mentioned domains as CISSP will take you through every avenue of security, which can also help you decide what area of cyber you want to spend your time in
I'm a technology auditor that's focused on information security. While security skills are important, I wouldn't forget that soft skills and understanding the business can be equally, if not more important. Being able to communicate risk based on your audience that may be less technical (business leadership) is an important skill that both help you land a job and progress over time.
In terms of keeping current on the industry, I leverage IT Pro TV (itpro.tv) and subscribe to newsletters through SANS. Cybrary is free and also has good resources. What's key is that you have an attitude of a life long learner since technology and specifically security, change at a record clip so it's important to keep current.