6
6
0
More than 209,000 cyber security jobs in the U.S. are unfilled, and postings are up 74% over the past five years, according to a Peninsula Press.
How are we going to deal with this shortage of individuals? What I can tell you is that if we as a community do not figure it out, you will find outside influences "trying to figure it out" for you. For the past 15 years, I've helped train CISSP, CISM, CISA, PMP, Security+ and CEH professionals. I know that if individuals are willing to step up and explorer this career, we can make a dent in the cyber security shortage. But this can not happen at a rate of 10-12 people in a group at a time. This needs to happen in the order of 100's to thousands at a time.
It looks like the most difficult hurdle for people will be to "Simply Decide" that this is what they want in their future and to go after it. We have to stop "tinkering" with this field of cyber security and really rally behind the groups of people making the most difference. Most commercial training facilities are charging 2,995 to get read slides to you. The only problems seem to be is that it is expensive and boring.
This is why we've created affordable resources to help all military personnel and wounded warriors. For every civilian or non-injured who joins my cause, I will sponsor 1 wounded warrior and mentor them to a new career for free. We've done this with the Wounded Warrior Cyber Combat Academy before and the cause is worth continuing.
If you are willing to help yourself, I'm willing to help you and any warrior. But it all starts with a choice. You have to choose. Is cyber security right for you?
Message me if you have any questions... I welcome your thoughts and feedback.
How are we going to deal with this shortage of individuals? What I can tell you is that if we as a community do not figure it out, you will find outside influences "trying to figure it out" for you. For the past 15 years, I've helped train CISSP, CISM, CISA, PMP, Security+ and CEH professionals. I know that if individuals are willing to step up and explorer this career, we can make a dent in the cyber security shortage. But this can not happen at a rate of 10-12 people in a group at a time. This needs to happen in the order of 100's to thousands at a time.
It looks like the most difficult hurdle for people will be to "Simply Decide" that this is what they want in their future and to go after it. We have to stop "tinkering" with this field of cyber security and really rally behind the groups of people making the most difference. Most commercial training facilities are charging 2,995 to get read slides to you. The only problems seem to be is that it is expensive and boring.
This is why we've created affordable resources to help all military personnel and wounded warriors. For every civilian or non-injured who joins my cause, I will sponsor 1 wounded warrior and mentor them to a new career for free. We've done this with the Wounded Warrior Cyber Combat Academy before and the cause is worth continuing.
If you are willing to help yourself, I'm willing to help you and any warrior. But it all starts with a choice. You have to choose. Is cyber security right for you?
Message me if you have any questions... I welcome your thoughts and feedback.
Posted 9 y ago
Responses: 3
I have bounced in and out of network security my entire career. Currently I am doing load balancing again and out of security. I just did 4 years of network security engineering / architecture work. It is a great field and the demand is there.
If you are interested in this field, there are many ways to get involved. I personally always suggest to stay closer to the equipment on the infrastructure side. It generally pays more than analyst work and has a bit more retention when things go bad.
Proxies, Firewalls, VPNs, IDS/IPS, SIEMs. Stick with the equipment and find a niche. It is a great industry and field (comes with a nice pay premium too). My only suggestion is to not grab all of the certs at quickly and drag it out. I got my CISSP last year and was kinda of forced to. I agreed on the condition that I would receive a solid raise. Use the certs as leverage, or to get your foot in the door. If not it will be a lost opportunity and a lot of maintanence (cpes, annual fees) for little reward.
If you are interested in this field, there are many ways to get involved. I personally always suggest to stay closer to the equipment on the infrastructure side. It generally pays more than analyst work and has a bit more retention when things go bad.
Proxies, Firewalls, VPNs, IDS/IPS, SIEMs. Stick with the equipment and find a niche. It is a great industry and field (comes with a nice pay premium too). My only suggestion is to not grab all of the certs at quickly and drag it out. I got my CISSP last year and was kinda of forced to. I agreed on the condition that I would receive a solid raise. Use the certs as leverage, or to get your foot in the door. If not it will be a lost opportunity and a lot of maintanence (cpes, annual fees) for little reward.
(0)
(0)
Leo Dregier
So this is what I'm talking about, most people are forced through the certification process by dod 8570 requirement. Wouldn't it make much more sense to have a whole diverse field of people who want to be in this industry rather than forced to? Don't get me wrong, a lot of people need to be forced or they will never get it done frankly, but I'm kind of speaking to the shoe on the other foot here. I always look at "people, processes and technology" Most people "are" comfortable with the technology, but I'm suggesting we revisit the people element and the process part. Instead of waiting or the people above you to force you into a process that perhaps people didn't want to begin with, if we focus on the people part that "want" or "need" this process then we have to change the way we think about this.
I came from a time in the certification world where people invested in themselves. I'm trying to rekindle that spirit and will put my own money/resources where my mouth is. When I teach cissp, more times than not 1-2 out of 10-12 people in the class are excited to be there. 1-2 people hate being there, but most are just going through the process.
Thank you Mr Fiore, I appreciate your feedback and comments and of course... your service...
I came from a time in the certification world where people invested in themselves. I'm trying to rekindle that spirit and will put my own money/resources where my mouth is. When I teach cissp, more times than not 1-2 out of 10-12 people in the class are excited to be there. 1-2 people hate being there, but most are just going through the process.
Thank you Mr Fiore, I appreciate your feedback and comments and of course... your service...
(0)
(0)
LCpl Steven Fiore
Leo Dregier -
edit: Sorry, I kind of went on a rant below. I was looking more at the private sector than the dod 8570 requirement. I agree with your response. Sometimes people need to be forced, but I think the certs nowadays need to have better value for people to pursue them by themselves. The certifications themselves need a serious overhall as well. If i work on firewalls exclusively, what do I care about ballocks, cctv, biometrics, the proper height of fences, or what MAC is (hint: it isn't a layer 2 address, its a form of access control). Make the certs more relevant and the reward equal to the work and people will go and get them.
original rant:
It isn't the process, or even the expectation that is the problem. It frankly is the security certifications themselves. No, job posting or HR department gives any care to say the merit badges of the CISSP, or OSCP. What you are told to get or required to get are CISSP, GIAC, S+. These certs are non techincal certs for the most part. Yes, there are techinical pieces to these certs, but they don't have any value.
Example:
If I put down I have a CISSP-ISSMP on my resume, a non IT security company might look at that and the requirement for CISSP on their job description and pass me over as it is not the same. I put down GSLC on my resume and apply for a management role. It isn't a GIAC right?
Bottom line is that certs are great, but you either get them for academic reasons or you get them for career advancement. If you get them for career advancement, you stick to a small few and only really publicize tho.
Entry level - S+
Intermediate - CISSP or GIAC (government)
management - CISM
auditing - CISA
looking at those 5 choices, they are honestly crap certs from a technology standpoint. Anyone can memorize facts and pass, hell that's how you pass these. They are a mile wide and inch deep.
HR departments need to start asking for other certifications besides these 5. OCSP is one of the best and most difficult security certs out there, but it has questionable career value (outside IT security companies).
I left out one major one. CEH. I did this on purpose, as I have run into collegaues who don't even list it on their resume for a stupid reason. The H in that acroymn can hurt you in a job search sometimes. It also isn't a bad cert or course, but it isn't all that either.
Sorry, it is a beef of mine. I only realized something was wrong when I was looking at job descriptions about 10 years ago and saw. CCIE Required, CCNA Preferred on a lot of postings. Someone did it erroneously and everyone copied it.
edit: Sorry, I kind of went on a rant below. I was looking more at the private sector than the dod 8570 requirement. I agree with your response. Sometimes people need to be forced, but I think the certs nowadays need to have better value for people to pursue them by themselves. The certifications themselves need a serious overhall as well. If i work on firewalls exclusively, what do I care about ballocks, cctv, biometrics, the proper height of fences, or what MAC is (hint: it isn't a layer 2 address, its a form of access control). Make the certs more relevant and the reward equal to the work and people will go and get them.
original rant:
It isn't the process, or even the expectation that is the problem. It frankly is the security certifications themselves. No, job posting or HR department gives any care to say the merit badges of the CISSP, or OSCP. What you are told to get or required to get are CISSP, GIAC, S+. These certs are non techincal certs for the most part. Yes, there are techinical pieces to these certs, but they don't have any value.
Example:
If I put down I have a CISSP-ISSMP on my resume, a non IT security company might look at that and the requirement for CISSP on their job description and pass me over as it is not the same. I put down GSLC on my resume and apply for a management role. It isn't a GIAC right?
Bottom line is that certs are great, but you either get them for academic reasons or you get them for career advancement. If you get them for career advancement, you stick to a small few and only really publicize tho.
Entry level - S+
Intermediate - CISSP or GIAC (government)
management - CISM
auditing - CISA
looking at those 5 choices, they are honestly crap certs from a technology standpoint. Anyone can memorize facts and pass, hell that's how you pass these. They are a mile wide and inch deep.
HR departments need to start asking for other certifications besides these 5. OCSP is one of the best and most difficult security certs out there, but it has questionable career value (outside IT security companies).
I left out one major one. CEH. I did this on purpose, as I have run into collegaues who don't even list it on their resume for a stupid reason. The H in that acroymn can hurt you in a job search sometimes. It also isn't a bad cert or course, but it isn't all that either.
Sorry, it is a beef of mine. I only realized something was wrong when I was looking at job descriptions about 10 years ago and saw. CCIE Required, CCNA Preferred on a lot of postings. Someone did it erroneously and everyone copied it.
(0)
(0)
Are you able to tell me more about this opportunity? I am currently pursuing a dual bachelors/masters degree in Cybersecurity. Thanks for any info you can provide.
(0)
(0)
Leo Dregier
I've trained people to get their computer certifications over the last 15 years. You can send me an email at [login to see] and I'll be happy to assist.
Just so I'm clear in this thread... "for every 1 person that signs up to get my training I will allow you to bring 1 wounded warrior/disabled vet/ or someone who has a significant need for this training with you for free." As of right now my training is 799 a person with bring a friend free.
This is the kind of thing where you just have to see where the chips fall... Should nobody sign up and 100 disabled vets need this, then I guess we'll have to evaluate how to service all of the people who need the help. We'll do a gofundme or something.
What I can tell you is that in the wounded warrior cyber combat academy, we had great success with sponsorship.
I look forward to hearning from you.
Leo
Just so I'm clear in this thread... "for every 1 person that signs up to get my training I will allow you to bring 1 wounded warrior/disabled vet/ or someone who has a significant need for this training with you for free." As of right now my training is 799 a person with bring a friend free.
This is the kind of thing where you just have to see where the chips fall... Should nobody sign up and 100 disabled vets need this, then I guess we'll have to evaluate how to service all of the people who need the help. We'll do a gofundme or something.
What I can tell you is that in the wounded warrior cyber combat academy, we had great success with sponsorship.
I look forward to hearning from you.
Leo
(1)
(0)
LCpl Steven Fiore
Leo Dregier - will say that is very generous. The price is extremely reasonable (actually below industry) already and helping out a vet that is in need, is very commendable.
(0)
(0)
Leo Dregier
So are you offering this training to all veterans with a VA disability rating? I am 60% disabled but not combat-related.
If you are, I'm very interested in CEH and CISSP training.
PO1 Andrew Gardiner
So are you offering this training to all veterans with a VA disability rating? I am 60% disabled but not combat-related.
If you are, I'm very interested in CEH and CISSP training.
PO1 Andrew Gardiner
(0)
(0)
Leo Dregier
I want to make the biggest difference possible. I put people for profit. Perhaps if we all follow this lead our industry will be in a different place. Please contact me directly if you are interested in our training for free.
Leo
Leo
(2)
(0)
Read This Next