Let’s face it. There’s a huge difference between what’s taught in school and what’s happening in real life, especially when it comes to cybersecurity threats and approaches. Mainstream or traditional higher education is simply having a tough time keeping up with the ever-changing field of cybersecurity and its many facets.
Take, for example, a client of mine whose son graduated with a master’s degree in information systems. He was trying to get a job, and he had zero practical experience because he just went through six straight years of formal education. By the time he got out, nobody would hire him. This seems crazy considering that cybersecurity is such a growing field and there is a shortage of qualified people working in the industry. The need for cybersecurity in the U.S. continues to exponentially increase every single day as new threats become known.
So, when I was talking to him, I explained that he has two things working against him. One, his balance of education and experience is way off base. He needs to start gaining experience in a low-level position to build up his skillset. He has the theoretical background and knowledge but no applicable experience. The second thing lacking is networking, It is extremely important, especially in this industry, and being in school doesn’t always allow for networking opportunities or making the critical connections.
School Isn’t for Everyone
By the time a student graduates from a traditional college or university, the cybersecurity landscape has changed so much. From their freshman year to when they’re looking to graduate, very little they have been taught remains relevant. That’s why specialized schools or accelerated programs exist. These courses can enable you to stay on top of things and be ready to roll without the exorbitant price tag.
For me, school wasn’t enticing. So, I just went out and gained experience and my education was very much accelerated in this field because I would do boot camps, which is like a fire hose worth of information, and then I would go apply it. A few of these types of programs that I would recommend include Evolve Academy and Fullstack Academy. They both offer a wide-ranging curriculum with full-time and part-time options, live online courses, and shorter boot camp-type sessions. When there’s not a global pandemic, Fullstack also has in-person courses in New York.
But these programs are just the first step. You won’t complete a course and then be able to say you’ve arrived or can now command a high salary. You still need the experience to go along with the updated know-how. That’s something I still invest in today. I’m always looking for continuing education opportunities because in this industry, especially—or even in business in general—your education should never stop.
I always say the competencies in cybersecurity aren’t a one-size-fits-all discipline. And that’s the challenge with internal IT folks and even most service providers because there’s no possible way to cover all those competencies and stick within a budget for payroll by having the people necessary on board to do what they need to do.
In addition, MSPs and IT individuals are either hesitant to participate in continuing education or simply don’t have the time to dedicate to keeping up-to-date on the latest trends because they have so many other business details they’re attempting to juggle.
But the reality is, cybersecurity on both the attack and protection side of things is always changing. And with a growing remote workforce, it all becomes even more complicated.
The Human Element
Most schools aren’t teaching the human element of cybersecurity, which is a pivotal area of concern. As humans, we all make mistakes, but when it comes to security, one minor error can lead to a major data breach. And it happens way more than you probably realize. Studies show that 46% of the cybersecurity hacks and incidents were the result of employee carelessness or lack of training. And more often than not, when an employee accidentally makes a security error or has a failure in judgment, they do not report it. This could be due to a fear of repercussion or simply an embarrassment. Other times, they don’t even realize what they’ve done. Employee training is essential, and any corporate IT department or MSP needs to be able to effectively provide the most up-to-date information and be willing to consider learning styles. Without a human-centric approach, companies are setting themselves up to be the victim of the most sophisticated attacks.
Cybersecurity is all about staying ahead of the bad guys. But you can’t do that if you’re sitting in a classroom listening to an instructor drone on all day. This field is one that requires rolling up your sleeves and wading into the nitty-gritty. Yes, a foundation and understanding of the fundamentals are necessary, but so much of the day-to-day is only something you can learn by keeping your ear to the ground and working in the trenches.
Cybersecurity is an untamed frontier. To align with this, accelerated programs and boot camps are a flexible option with a short-term commitment. Hiring managers also look highly on them because the focus of these nontraditional programs is hands-on experience and skill development. Unlike a traditional college information technology or computer science program, boot camps offer career services to help you land a job after you graduate, which is invaluable. These career services go a long way toward helping you leverage and showcase the skills you worked so hard to gain.
Ultimately, if you’re passionate about learning cybersecurity and are committed to providing quality service, these are the types of educational pathways you should investigate.