A lack of training options is definitely not the reason for the lack of cybersecurity workers. Organizations offering affordable training were in abundance at the RSA Conference (#RSAC2022). According to several of those companies, business is good.
Cybersecurity Ventures said the number of available job openings in the industry increased to 3.5 million unfilled positions worldwide by 2021. Tht is an increase of 250 per cent in six years. The US has more than 950,000 workers and 465,000 openings, according to CyberSeek, a project supported by the National Initiative for Cybersecurity Education (NICE). The problem is bigger in India where they are expecting more than 1.5 million job vacancies in cybersecurity by 2025, according to several hiring firms.
Training reducing shortage
However, the US cybersecurity worker shortage in the U.S. is expected to gradually decrease, beginning this year. That’s largely due to corporate and government cooperation in expanding training. Some jobs require college degrees and even graduate-level training, deterring people already in a career or wanting to start one. It’s true that getting a college degree can enhance prospects and salaries. That isn’t necessary to find a job. Many entry-to-med level jobs require no certification and will provide training. The International Information System Security Certification Consortium (ISC2) states that 25 per cent of all cybersecurity workers have not gone to a four-year institution. Both Google and Microsoft offer free courses and certification programs and a path to employment. Then there are for-profit cybersecurity training companies and finding a legitimate provider of training is a big part of the problem.
“Choosing a training provider can be challenging. There are a lot of bad actors out there,” said Don Pezet, founder and video personality at ITpro.tv, an online video-based school. “The greatest example of this was ITT Technical Institute. Students were spending tens of thousands of dollars without gaining meaningful employment.”
The revelation cut off all government funding, primarily from the GI Bill, forcing the company out of business.
“There are a number of cybersecurity and coding boot camps charging thousands of dollars with no guarantees,” Pezet claimed. But students can protect themselves with a bit of diligence.
First, if a school promises to place a student, that’s a red flag. It’s not impossible but it’s highly unlikely. If they do, ask to see the school’s placement statistics. Schools receiving federal student loans and GI Bill funds must track and report this information. “This offers a reasonable expectation of what the outcome will be,” Pezet explained.
Online subscription services, like LinkedIn Learning, ITProTV, Udemy, and Infosec Institute won’t have that information because they don’t promise jobs and the low cost also makes them low risk. Once a legitimate provider is found, the student needs to figure out what kind of job they want. There are a lot of choices, including penetration testing (pentest), security analyst, information security officer, administration, privacy manager and more.
ITproTV provides a free introductory set of courses to give an idea of what the training entails. Training is through online video instruction on iOS and Android devices, Apple TV, Android, and even on a Roku. Costs range from $30 a month to $570 for a year of training. Certification is handled by CompTIA for less than $500. ITpro.tv offers other IT courses, which might come in handy to understand the terminology in the more security-centric courses.
Virtual training in abundance
The company also provides virtual labs for more hands-on training, as well as practice exams.
The Infosec Institute also offers recorded video training focused only on a dozen disciplines. They also offer live video or in-person boot camps, according to Kate Rodgers, director of brand marketing. The cost for the boot camps is around $1000 per person, she said. That cost can vary if an organization pays for multiple participants or if they elect for remote over in-person.
The boot camp cost can be valuable, according to Keatron Evans, a cybersecurity and workforce development expert and one of the trainers for Infosec Institute. “Let’s say, I discover that you have a gap in a specific area that you need to remediate before we can move on to the next step. I can say, ‘Look, your homework for tonight is going to spend an hour in this before we can cover the next lesson.’”
Infosec Institute offers podcasts with descriptions of the various security professions they train for, employee awareness classes and even a free aptitude test. Moreover, they put a priority on building diversity within a security team.
The bottom line is that there is little to no excuse to pursue equipping people to be more security-aware or to prepare for a career in the cybersecurity field. All it takes is that first step.
Lou Covey is the Chief Editor for Cyber Protection Magazine. In 50 years as a journalist he covered American politics, education, religious history, women’s fashion, music, marketing technology, renewable energy, semiconductors, avionics. He is currently focused on cybersecurity and artificial intelligence. He published a book on renewable energy policy in 2020 and is writing a second one on technology aptitude. He hosts the Crucial Tech podcast.