Strange Course Title?

Remember in the not too distant past having to explain what cybersecurity was to family, friends, and co-workers? With all the news of breaches that doesn’t seem to be much of a problem any longer however some of our course titles still give people pause. The Bellevue Leader recently did an article on a few courses that made them think twice – our Ethical Hacking course included.

Bellevue Leader – Strange Courses a Vital Part to BU Education

Fall Season of National Cyber League – Teams Forming

Our BU National Cyber League is heading into its second year and we are looking for players.  Team members have a great time putting their skills to the test in both the individual and team events.  We start our Fall league in mid-October so we are forming our team now.  

If interested contact Prof Rausch (drausch@bellevue.edu). 

More information on the National Cyber League can be found here:  https://www.nationalcyberleague.org/fall-season.  

Bellevue teams compete in National Cyber League

15 Bellevue University students participate in the spring season of the National Cyber League Capture the Flag competition. Participating institutions fielded 627 teams to compete over a three day period to see who could solve the most challenges in the areas of:

  • Open Source Intelligence
  • Cryptography
  • Password Cracking
  • Log Analysis
  • Network Traffic Analysis
  • Wireless Access Exploitation
  • Scanning & Recon
  • Web Application Exploitation
  • Enumeration and Exploitation

Bellevue fielded two teams with our top team placing in the top 10%

CompTIA Security+: The Gateway to Security Certifications

One of the greatest hindrances to mitigating cybercrime is the lack of qualified and skilled professionals trained in cybersecurity.

Cybersecurity is a rising career field with a need for more security professionals in all industries and types of organizations. One of the greatest hindrances to mitigating cybercrime is the lack of qualified and skilled professionals trained in cybersecurity. Companies are looking to fill these roles. And there are numerous people interested in entering the field. There are three categories of people interested in joining the fight:

  1. Young professionals starting their careers
  2. Experienced professionals moving from one career into cybersecurity
  3. Professionals at all levels wanting to learn more about it to better protect their personal and business lives.

All three begin with the question: where do I start my learning about cybersecurity?

Where to start a cybersecurity learning journey

If you’re wondering where to start in cybersecurity, start with CompTIA Security+. Out of the many security certs out there, it’s the easiest route to get certified and learn more about the technologies and business of cybersecurity.

The CompTIA Security+ SY0-501 exam is an internationally recognized validation of foundation-level security skills and knowledge and is used by organizations and security professionals around the globe. This certification proves an IT security professional’s competency in topics such as threats, vulnerabilities, and attacks, system security, network infrastructure, access control, cryptography, risk management, and organizational security.

Courses such as the Cybrary Cybrary Security+ video series covers these topics to prepare students for the CompTIA Security+ SY0-501 certification exam. The fundamentals taught in this class will help you get started in a career as a cybersecurity analyst and build your security knowledge base.

For those entering or even moving around the career, you should understand the many job roles available and find the one that best fits you. The Cyber Seek website (https://www.cyberseek.org/pathway.html) contains a list of careers. It provides an interactive career pathway of key jobs within cybersecurity, common transition opportunities between them, and detailed information about the salaries, credentials, and skillsets associated with each role.

The journey is more important than the destination

With CompTIA Security+ or any certification, note that the journey is more important than the destination. The goal is not simply gaining a certification and letters after your name, but understanding all aspects of a complex and wide career field. Studying for a certification is often the start of your learning about cybersecurity. It expands your mind and helps you see the entire playing field required of cybersecurity analysts. It also lets you know about your strengths and weaknesses, since it’s near impossible to know everything about all areas of cybersecurity. For example, if you enjoy the technical aspects, then you should look at being a security administrator, pen tester, or forensics analyst. If business is more your forte, you should focus on policy, governance, compliance and risk. The certification journey helps you determine your focus areas so you can have maximum effectiveness, no matter your career choice.

Benefits of certifications

Certifications establish your credibility in the industry and open doors for jobs.

Certifications establish your credibility in the industry and open doors for jobs. It’s often the first thing requested in job descriptions. Certifications show you have knowledge in a specific area or indicates that you have the subject matter expertise and that you’ve taken the effort to obtain and maintain it.

If you’re starting your cybersecurity journey, look to the CompTIA Security+ as the place to jumpstart your career and gain critical knowledge in protecting your personal life, your organization and ultimately everyone.

For more information about Cybersecurity careers, see my previous Peerlyst blogs:

I’d love to hear from you about your experiences with cybersecurity certifications as part of your career journey.

Choosing your Cybersecurity Career Path

  • Landing and keeping a job in cybersecurity
  • What’s best for your Cybersecurity career: certification or a degree?
  • Strategic (GRC) vs. Tactical (Technical) career paths

I’m often asked by folks entering the cybersecurity career field, “How do I land (or keep) a job in cybersecurity?” and “Should I get a degree in cybersecurity or focus on certifications?” The bottom line is that there is no one answer that fits everyone. As with most things in life, it depends. Where you are at in your career, life’s journey (i.e., age), financial resources and your own ambitions are all things to consider. In this post, I’ll cover options in hopes of helping you understand the benefits of each and how you can grow your career as a cybersecurity professional. This is part 2 of my series on Breaking into Cybersecurity.

From a career or professional perspective, information security (aka cybersecurity or information assurance) is now a stable and growing profession. Information security jobs are expected to increase by 28 percent through 2026, according to the Bureau of Labor Statistics (BLS). With all the opportunity, landing a cybersecurity job can still be tricky trying to meet the laundry list of requirements that are often looking for the optimal candidate who walks on water.

Below are some steps for you to determine certs or degree and help you build your cyber career:

  1. Pick a path. There are two main categories of cybersecurity careers: Strategic and Tactical.
    1. Strategic includes Governance, Risk, and Compliance (GRC), Policy, IT Audit, security frameworks and management.
    2. Tactical includes everything technical: security systems administration, networking, application security, security operations, incident response, vulnerability management, and penetration testing.

Pick the one where you have the most strengths. If you love playing with technology, go tactical. If you’re more prone to management and process, consider strategic. A word of caution: don’t try to do both and be a jack of all cybersecurity trades. Folks in this position (like me) are often seen as a master of none and are disqualified from many jobs. I’ve been told dozens of times that I’m too technical for strategic jobs and not technical enough for tactical. By the way, picking one over the other does not mean you won’t need to know how the other side works. Strategic needs to understand technology and tactical needs to get business risk. The Cyber Seek website (https://www.cyberseek.org/pathway.html) contains a list of careers for each path.

  1. Determine your education path. This is how you will reach the goal of getting the cybersecurity job of your choice. Cybersecurity degrees and certifications each have benefits and costs. Both can be used to open doors on cybersecurity careers.
    1. Degree – Expand or gain knowledge over time. With a degree you learn how to learn. This is crucial in the ever-changing cyber world. You’ll also gain additional professional skills like communications, leadership and management. Another positive for education is that a degree is forever and does not require any upkeep. It will get you in the HR screening process door if an IT degree is a particular job requirement. It indicates that you have the work ethic to complete something. Of course, it comes at a cost; both time and money. An inexpensive education option in the United States are 2-year schools (aka community colleges). The National Security Agency (NSA) designates 2 and 4-year schools as Centers of Academic Excellence in Cyber Defense. See https://www.nsa.gov/resources/students-educators/centers-academic-excellence/.
    2. Certification – Establish your credibility. Certifications show you have knowledge in a specific area or indicates that you have the subject matter expertise. If you’re just starting in cybersecurity, the CompTIA Security+ (http://bit.ly/2Ei6Xtw) is the perfect place to start. It covers the basics, without requiring you have extensive knowledge or experience. Certifications based on a point in time and require continuing certification. The benefit is that you can often take a 1-week boot camp or watch a video series like Cybrary and complete the certification exam shortly after. This can be a low-cost option for many.
  1. Practical Experience / Practice. Getting certifications or a degree does not guarantee a job. You must continually practice what you’ve learned and build on that knowledge. This should come from both practical experience and personal practice.
    1. Experience. For many cybersecurity jobs, this matters more than degrees or certifications. For those who are new to the cybersecurity career field, start in a help/service desk or security operations center (SOC). These are great ways to gain positive professional experience learning how cybersecurity operates within an organization. You can also gain experience by volunteering to fix or security computers for a community group (e.g., senior center, religious organization, etc.). In return, ask for a reference. By the way, you don’t have to start in cybersecurity. All careers can teach about professionalism and how organizational operations. These can provide much-needed perspective outside of technology.
    2. Practice & Do Your Homework. Cybersecurity is a career where you must keep learning and relearning to stay relevant and keep your skills sharp. I often tell my students, “Homework begins after you graduate” and “The real test is in the real world (not in the classroom).” You flunk a test in school, you can still graduate. You flunk a test irl (in real life), you won’t get the job or get to keep your job. This means you need to keep learning. Take advantage of sites like Cybrary that provide free videos on many aspects of security.
      1. For the strategic / GRC track, you need to read a lot about cybersecurity. Study the latest frameworks (NIST, CSC), laws and regulations (PCI, HIPAA, GDPR, State Laws, etc.). Read security news like krebsonsecurity.com.
      2. For the tactical / technical track, practice your skills. You should have a home lab environment with physical equipment, virtual machines or both. You can do much of this for very little cost. Learn Linux by getting a Raspberry Pi or load VMWare or VirtualBox. Learn how to hack and protect yourself.

No matter the path, you need to:

  1. Be aware of the other side. If you’re tactical / technical, you still need to understand strategic / business, and vice versa.
  2. Network (the human kind). Join security groups in your community like ISSA, ISACA, ISC2, OWASP, Infragard, etc. This is a great way to meet other passionate cybersecurity professionals. These groups may also provide mentors to help you chose your path and keep your skills sharp through continual learning.

This is just a short tutorial on building your cybersecurity career. Like in the Matrix, you need to pick a path (the red pill or the blue pill / strategic or tactical / education or certification) and move towards your goals.

If you chose not to decide, you still have made a choice. Don’t let the choice be made for you.

BBB Cybersecurity Program: Learn How to Protect Your Organization From Phishing Attacks

The Better Business Bureau (BBB) Foundation and its partners present a FREE cybersecurity program for businesses that will provide education on how to protect your business from phishing attacks. It features our own Gary Sparks and Karla Carter.

Learn How to Protect Your Organization From Phishing Attacks!
Topics:

  • What is Phishing/How Does Your Company Protect Its Information
  • The Social Enginneering of Phishing Scams
  • Combating Phishing Attacks in Larger Organizations and Financial Institutes

When: Wednesday, October 31, 2018
Time:  8:30 am – 11:00 am
* 8:30 am – 9:00 am Registration and Breakfast
* 9:00 am – 11:00 am Keynote/Breakout Sessions

Where: Metropolitan Community College – For Omaha Campus Building 24 (5370 N 30th St Omaha, NE)

Learn more and register at https://lnkd.in/dUMebHb