How to start learning cybersecurity? Take this free foundations course!
“How do I start learning cybersecurity?” is one of the most common questions from those trying to break into the field. Keatron Evans hopes his new Cybersecurity Foundations Learning Path is the answer.
While many Infosec Skills boot camps require learners to start with some IT and cybersecurity knowledge, Evans, Principal Security Researcher at Infosec, designed his new courses for the absolute beginner.
“I created the Cybersecurity Foundations courses so it doesn’t matter where you’re coming from. Most of the focus is on people that have no background whatsoever in anything cybersecurity or anything technical,” says Evans, who has worked with many people transitioning from non-technical positions into cybersecurity. “There’s really not a lot of content out there for people who are coming from other careers.”
Evans has over 17 years of experience in penetration testing, incident response and information security management, and has dozens of certifications. That helps him provide the necessary context around the many cybersecurity career paths that are available.
“If you’ve only ever worked in pentesting, then you’re going to teach an introduction to cybersecurity course from the perspective of a pentester,” says Evans. Because of his extensive experience in cybersecurity, Evans developed the Cybersecurity Foundations Learning Path so that anyone new to cybersecurity can find the right role for them.
“A lot of times people end up in job roles that are not really ideal for them, just because they got introduced to it through a person that’s doing that role,” says Evans. “So I tried to create something a little bit different, a little more agnostic.”
Because these introductory courses are designed to be open in scope, they’re great for:
- People who are entering or considering cybersecurity
- People who are already in cybersecurity but realize they have fundamental gaps
- People in other industries who need cybersecurity knowledge
Cybersecurity careers: Finding your path
Many people, even people already in the industry, can’t do a good job of defining what cybersecurity is, says Evans.
“When you’re talking to people that are in the industry and you ask them to tell you what cybersecurity is, most people don’t really know. They know it’s got something to do with technology and computers and the internet and security, but it’s just something they go do a job in and make money.”
One of the first things Evans does in the new courses is to get students familiarized with what cybersecurity actually is.
“We interact with data through computers, web applications, mobile phones — through all these different apparatuses,” says Evans. “Then we have networks that allow us to move that data from one place to the other and to share that data with other people. And then we have things like cloud, where we’re putting our data in someone else’s network.”
“Cybersecurity is really about securing data, how we interact with data and the devices we interact with. To do that, we need technology, but we also need policies and procedures. We need people to audit if we’re doing the right things or not. We need people to manage risk so that we don’t spend too much money trying to address things that aren’t really that big of a risk to us.”
In-demand cybersecurity roles
There are many opportunities in cybersecurity, but some positions are in high demand because they’re a good entry point.
“SOC (security operations center) analysts are going to continue to be one of those in-demand areas,” says Evans. “People get into that entry-level SOC analyst role, and they don’t stay in it very long, which means that slot opens up again.”
The growing popularity of the cloud is causing some roles to become obsolete while others take their place. Evans works with customers who “are telling their people, ‘Look, if you’re a network engineer, you’re going to need to become a cloud security network engineer within the next 18 months, or we probably won’t have a job for you.’”
There are also plenty of in-demand positions that don’t require much technical experience.
“A lot of people that work with risk management frameworks, that work in auditing, they’re not technical at all. They don’t really have to do hands-on exercises.”
Don’t rule out a career in cybersecurity just because you don’t have a technical background, says Evans. But if you do want to explore more technical roles, Evans included a pentesting demonstration at the end of his Cybersecurity Foundations Learning Path that’s meant to be an “appetizer for beginners.”
He also plans to keep releasing new videos every few months or so “to show what an actual job role would look like — if you decided to go that route.”