Cybersecurity training becoming more specialized, hands-on, says Jason Dion
Cybersecurity has evolved significantly over the past few years, and so has the way cybersecurity professionals learn new skills. The days where a room full of students learn broad knowledge via textbooks and PowerPoint presentations are numbered, said Infosec Skills author Jason Dion.
Cybersecurity professionals need more focused and practical training to keep up with the shifting landscape — and to keep their skills ahead of the bad guys.
“People are looking to train for the need they have, when they need it,” Jason said. “Things are going to move to those shorter lessons, very targeted and very searchable. You’re going to go search for password cracking, and the system’s going to pull out three or four videos that are relevant to you.”
Having trained more than 150,000 students through subscription-based training platforms like Infosec Skills, Jason knows a thing or two about cybersecurity education.
“It’s going to get even more hands-on and lab based,” Jason predicted. “It’s about ‘what can you do?’ as opposed to ‘what do you know?’”
The need for year-round skill development
The growing cybersecurity skills gap is both a career opportunity and a challenge. A rapidly evolving industry means constant learning — regardless of your career stage. It’s no surprise that nearly 60% of infosec professionals spend at least a few hours every week learning new skills and 92% spend at least a few hours learning every month, according to Infosec’s 2019 cybersecurity industry report.
With the half-life of cybersecurity skills approaching two years, online training providers are better equipped to update their content and respond to the marketplace than more traditional institutions, Jason said.
“A lot of schools are trying to speed up that timeline by using electronic books now instead of paperbacks and that kind of stuff, but they just can’t compete,” Jason said. “The great thing about doing boot camps, whether in person or online, or a subscription-based service, is that they can create content much quicker and get it out much quicker.”
Jason said he can take a new Infosec Skills course from idea to execution in under 30 days. That same process took almost three years as a college professor.
Importance of self motivation for subscription training
“With a boot camp, an employer can say, you need to go to this boot camp for five days, and they put you in my class and that’s your place of business for that week,” Jason said. “You’re kind of forced to learn.”
“With a lot of these subscriptions, you’re doing it on your own time — nights and weekends or during your lunch hour. So you have to be motivated to want to do it.”
From a cost-benefit perspective, online subscription services are excellent, Jason said.
“With Infosec Skills — you get access to the entire library of courses, which is awesome.”
That includes 26 courses from Jason, which are organized into two learning paths:
The future of cybersecurity education
Technology hasn’t just empowered students, it’s empowered educators, Jason said.
“Because we have virtualization now, we don’t have to spend $100,000 on a network environment to be able to train students,” Jason said. “We can build those things in the cloud and allow students to be able to use it — and it’s very inexpensive to do.”
The hands-on component of training will become more prominent in the coming years, particularly for some skill sets. And that may be implemented in a variety of ways.
“I don’t just want an instructor who’s going to sit there and talk to me all day. That’s good, and that helps to pass the exam, but you also want application,” he added. “Make sure you’re putting your hands on the keyboard and making stuff work — and for certifications, make sure the platform has practice exams. Because you want to be able to practice before you go spend hundreds of dollars on that exam.”
The misnomer of entry-level cybersecurity
One of the difficulties with starting a cybersecurity career is there aren’t many entry-level roles available — at least not without a strong background in IT, Jason said.
“I think that’s one of the big misnomers out there right now. Everyone thinks there are these entry-level cybersecurity jobs, and they’re often classified like that or sold like that, and one of the big challenges is that there are no real entry-level cybersecurity jobs. Most people in cybersecurity came from another field.”
In fact, 92% of infosec professionals began their careers outside of a direct information security role, according to Infosec’s 2019 cybersecurity industry report.
For Jason, the two primary stepping stones into a cybersecurity career are practical experience with information technology and military clearances.
“As an employer, I wouldn’t want to hire somebody who has never been assistant administrator before or never been a network administrator before,” Jason said. “Because they won’t even know what they’re looking at in the logs to know if it looks normal or not.”
It all goes back to hands-on experience. From training to interviews to job duties, it’s about not just what you know, but what you can do. If you’re new to cybersecurity, Jason recommends trying to get some experience in areas like the help desk, field services, installations or server management.
“Those are all skills that translate over into the cybersecurity side.”
Learn more about Jason Dion’s Infosec Skills courses:
About Jason Dion
Jason Dion specializes in providing actionable information you can use to further your cybersecurity and information technology career. His IT certification and training courses teach you real-world application of the skills needed to face today’s cybersecurity challenges.
Dion is an instructor at Liberty University’s College of Engineering and Computational Science and Anne Arundel Community College’s Department of Computing Technologies with multiple information technology professional certifications, including Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH), Certified Network Defense Architect (CNDA), Digital Forensic Examiner (DFE), Digital Media Collector (DMC), Security+, Network+, A+, PRINCE2, PRINCE2 Agile and ITIL.