What do I need to work in cybersecurity?

It is currently 0630 on the morning of my ITF+ exam and I’m doing the most appropriate thing I can think of: not studying.

I don’t think I’ve mentioned it here before, but in true Beata-style I am in a new school (again), this time for IT certifications.

No, no, guys. Give me a minute. This one actually feels right.

I’m a huge nerd which is why this website even exists, sure I have affiliate links strewn throughout but this blog isn’t a huge moneymaker, it’s just my hobby because it reminds me of the good ol’ days of Geocities and HTML.

So anyway, my last year or so in the Navy I was LIMDU was hell-bent on getting “IT certifications” through Navy COOL before I got out.

Why didn’t I?

Well, other than the fact that I spent all my time hanging out at Bruegger’s Bagels, I had no idea what the fuck I was talking about.

IT certifications” is a super, super broad term. There are different “slices” of the IT industry and I had no idea what I specifically wanted to do. I picked “network engineer” out of thin air because it came up on a Facebook ad and the nice guys over at NextGENT gave me a free coaching call and told me what certs I needed.

So I spent the year kind of passively reviewing material on CCENT and CCNA but not getting super into it.

Eventually I just chalked it up to “I didn’t want it enough” and “I guess I like computers as a hobby, not as a job.” and “I don’t want to work customer service, helpdesk sounds like a nightmare.”

So here I am, two years later, with a little bit more clarity.

I’ve realized three important things:

1) I’m actually pretty awesome at customer service
Not to brag or anything. But whether it’s slicing deli meat at the grocery store, or working security at an office building, my innate people-pleasing really works in my favor in this arena.

2) I have a passion for security

Like many other Security Professionals, I kind of fell into this job but I realized how much of being a security guard is just in my nature

3) Physical and Cyber Security are getting heavily intertwined

The lines between physical security and cyber are being blurred.

That’s not something that’s going away anytime soon… or probably ever.

Ideally, I am planning to stay more on the physical side, but it’s helpful to know how both sides affect each other and cybersecurity is a good backup plan for me.

I’ve rambled enough, let’s cut to the chase:

Who do I certify through?

The first thing you need to understand is that certifications are awarded by organizations within the industry (rather than licenses which are awarded by the government)

The organizations in this sector are the following:
(I probably missed at least a few, I’ll update this as I find out)

CompTIA

Cisco

The International Information Systems Security Certification Consortium, Inc. (ISC)2

International Council of Electronic Commerce Consultants (EC-Council)

Information Systems Audit and Control Association (ISACA)

Global Information Assurance Certification (GIAC)

What cybersecurity certificates does each organization offer?

CompTIA Security Certifications


https://www.comptia.org/
Security+
Cybersecurity Analyst, known as CySA+
Advanced Security Practitioner, known as CASP+
Penetration Testing, known as PenTest+

Cisco Security Certifications
https://www.cisco.com/c/en/us/

Network Security Engineer, Network Administrator, InfoSec Analyst
CCNA, CyberOps Associate

Security Operations Team – Security Operations Analyst
Cisco Certified CyberOps Associate

Senior Security Engineer
Cisco CCNP Security, Cisco CyberOps Professional

Security Architect / Chief Security Engineer
Cisco CCIE Security

ISC2
https://www.isc2.org/Certifications


Certified Information Systems Security Professional, known as CISSP
Systems Security Certified Practitioner, known as SSCP
Certified Cloud Security Professional, known as CCSP
Certified Authorization Professional, known as CAP

EC-Council
https://www.eccouncil.org/programs/


Certified Ethical Hacker, known as CEH
Computer Hacking Forensics Investigator, known as CHFI
Certified Security Analyst, known as ECSA

ISACA
https://www.isaca.org/credentialing/certifications


Certified Information Systems Auditor, known as CISA
Certified in Risk and Information Systems Control, known as CRISC
Certified Information Security Manager, known as CISM
Certified in Governance of Enterprise IT, known as CGEI

Global Information Assurance Certification (GIAC)
https://www.giac.org/certifications


GIAC has more certs than I can even name but one of my references (https://www.usnews.com/education/learn-cybersecurity-certifications)

tell me the main ones are:

Information Security Fundamentals, known as GISF
Security Essentials, known as GSEC
Information Security Professional, known as GISP
Certified Web Application Defender, known as GWEB
Cloud Security Automation, known as GCSA

How do I know which ones I need?

I know it’s easy to get lost in the alphabet soup. I wish it was as easy as telling you that one organization hold more weight than the other but that’s not exactly true.

The best way to figure out what certs you need is to look up a few job postings of what you want to do and see what they typically require. You’ll likely notice it’s a mix between all of them, so use your best judgment.

From my personal opinion, it seems like CompTIA Security+ and Cisco CyberOps Associate and CCNA might be the most entry level ones.

That being said, I’ve heard Sec+ is no walk in the park. Sure, it can be a standalone cert but if you’ve never clicked a mouse before in your life you’ll probably have trouble.

My school is having me start off with the basic “Core” CompTIA certifications which are ITF+, A+, Network+, and Security+ which comprises the CompTIA Secure Infrastructure Specialist (CSIS) stackable certification.
https://www.comptia.org/certifications/which-certification/stackable-certifications#cybersecurity

Where can I get training?

Here’s the fun part.
The demand for cybersecurity professionals is SO HIGH that there is free training everywhere.

The focus of this blog is #MilitaryToCivilian transitions, though, so I’m mainly going to focus on military/veteran opportunities.

I should mention, though, that while a lot of training is free, the certifications themselves are not cheap. This is why I decided to go to a school that included the cost of the certs in the price of tuition.

I’m only at the very beginning stages but California Institute of Arts and Technology is an incredible value, especially if you’re using your G.I. Bill. I was hard pressed to find any cybersecurity bootcamps* (more on that later) that would take the GI Bill as payment, but CIAT is a trade school that focuses on certifications but their programs also lead to a degree in Computer Information Systems

Veteran Employment Through Technology Education Courses (VET TEC)

https://www.va.gov/education/about-gi-bill-benefits/how-to-use-benefits/vettec-high-tech-program/

VET TEC is a program offered by the VA that is SEPARATE from your GI Bill.

With VET TEC you get:

Tuition for a full-ime high-tech training program
Money for housing (equivalent to E-5 w/dep BAH)

The requirements are that you:

  • Aren’t on active duty or are within 180 days of separating from active duty, and

The only thing is that VET TEC is such a popular program that they ran out of funding the last time I looked (last year) but it looks like they’re expanding and increasing funding as part of the  Isakson and Roe Act of 2020 (https://benefits.va.gov/gibill/isaksonroe.asp)

 

Onward to Opportunity (O2O)
https://ivmf.syracuse.edu/programs/career-training/

Onward to Opportunity (O2O) is a no-cost industry-focused and validated career skills program that connects transitioning service members and active duty military spouses to high-demand careers in Customer Service Excellence, Information Technology, and Business Management.

To be eligible you have to be:

  • Active Duty Military (US Army, USMC, US Air Force, US Navy, and USCG) – Any transitioning active duty service member who will transition from military service to the civilian workforce in the next 6 months with an “honorable” discharge status.
  • Veterans – Any veteran who has already separated or retired from the military with at least 180 days of active duty service and a “honorable” discharge status.
  • National Guard and Reserves – currently in part-time status. If the service member is on active duty in the National Guard or Reserves, they may be subject to the active duty eligibility as stated above.
  • Spouses – Spouses of eligible veterans, as well as spouses of all active duty service members and Selected Reserve members (regardless of the expected date of separation), are eligible to apply to the program. (Spouses who have also served and currently serving will be subject to criteria listed above.)

Federal Virtual Training Environment (FedVTE)
https://fedvte.usalearning.gov/

FedVTE provides free online cybersecurity training to federal, state, local, tribal, and territorial government employees, federal contractors, and US military veterans.

I’ve found several other links for cybersecurity training for veterans that ultimately just loop back around to FedVTE so it seems like a solid place to look.

THAT BEING SAID, I’ve registered for FedVTE before and maybe I’m just really dum but I couldn’t figure it the fuck out.

The interface isn’t very user friendly and, while I did find a bunch of training videos, there wasn’t a clear pipline of where I was supposed to start or finish.

Looking at it now on my laptop, it’s a whole different experience than when I was using it on my phone.

There’s not really anything telling you what you’re supposed to start out with. I picked their “Cybersecurity Analyst” course to start out with because it sounded right?
The very first video in the course felt very much like walking into a class halfway through the semester. I had no idea what was going on, I got through three modules before I clicked out.

Eventually I realized it was marked “Intermediate” and I now understand that it’s directly correlated to CompTIA’s CySA+

I can see that they do have CompTIA A+ Certification prep so I’ll definitely be back here in a few weeks.

But it’s definitely one of those things where you have to know what you’re looking for.

 

LinkedIn Premium
https://socialimpact.linkedin.com/programs/veterans/premiumform

If you haven’t already used it up (I did), you can get LinkedIn Premium free for one year. LinkedIn Premium includes access to the full LinkedIn Learning library
You just need to log in with Troop ID through ID.me on the link above.

LinkedIn Learning offers a ton of courses on business, technology and creativity.

You can get foundational courses, test prep, and everything in between.

I’m probably going to re-activate my Premium account soon just so I can access all of these again.

 

Microsoft Software and Systems Academy (MSSA)
https://military.microsoft.com/programs/microsoft-software-systems-academy/

Microsoft Software and Systems Academy provides a 17-week training for high-demand careers in cloud development or cloud administration. Program graduates have an opportunity to interview for a full-time job at Microsoft or one of their hiring partners.

https://blogs.va.gov/VAntage/85748/free-veteran-training-microsoft-software-systems-academy/


When I first heard about MSSA in 2016 it was a SkillBridge program but there have been major updates to the program in recent years that makes it also available to veterans.

It is now offered fully online but unfortunately the specializations in cybersecurity and database administration were removed from the program.


https://www.militarytimes.com/education-transition/2021/03/06/microsoft-training-academy-goes-virtual-boosting-efforts-to-prep-veterans-for-tech-careers/

 

CyberVets
https://www.cybervets.virginia.gov/training-programs/cisco-training-program/


CyberVets is a 12-15 week training program that offer industry certification in six tracks: Cybersecurity Operations, Security Infrastructure, Software Engineering, Operations/Technical Support, Security Management, and Network Security

Eligibility includes Veterans, Transitioning Service Members (must be within 180 days of separation), National Guard, Reservist, or Military Spouse

 

Vets in Tech (ViT)

https://vetsintech.co/cybersecurity-class/

ViT is not free but they offer VERY affordable 5-day training bootcamps.

I have not had any personal experience with them other than being on their email list for their mentorship program but it looks like they offer certification prep for about $10 ($12 after Eventbrite’s fee)
You just need to verify your eligibility through TroopID and buy your ticket. It looks like they sell out fast so you may have to book a class far out in advance.

They also show a pretty thorough breakdown on their website of which certifications you should take and in which order. For example, they say CCNA is challenging so it would benefit you to take Sec+ and Net+ first.

 

VetSec

https://veteransec.com/about/

VetSec is a non-profit founded by active duty and veterans that offers

  • A Slack channel with over 1,800 members, which allows veterans in any IT or cybersecurity field to network with each other.
  • Free training videos, focused on ethical hacking.
  • A Cyber Security blog with tutorials on a wide variety of topics.

 

This sounds like an incredible community and I hadn’t even heard about them before doing research for this blog post.

 

FortiVet

https://www.fortinet.com/corporate/careers/vets

The Fortinet Veterans program focuses on helping veterans transition into the cyber-security industry.  The program seeks to capitalize on the natural synergy between national defense in the Armed Services and defending critical information for businesses and government agencies.

 

Grow With Google
https://grow.google/programs/veterans-commitment

Google collaborates with the USO, Student Veterans of America, and IVMF (O2O above) to offer a scholarship for their Google IT Support Professional Certificate through Coursera.
Again, this is for an IT Support role, not cybersecurity but with further digging I found that Google actually offers a 4 week IT Security course as part of their IT Support cert for free called “IT Security: Defense against the digital dark arts” found here:
https://www.coursera.org/learn/it-security

 

Their IT Support cert covers the material in the A+ exam so you can earn a dual credential upon completion.

 

I’ve written this post to the best of my ability and I’m sure I’ve gotten some things wrong. I will update this as I progress in my cybersecurity studies.

References:

https://hackr.io/blog/best-cybersecurity-certification

https://www.coursera.org/articles/popular-cybersecurity-certifications

https://www.usnews.com/education/learn-cybersecurity-certifications

 

Other links to cybersecurity training:
https://www.cybrary.it/

Some of the links in this post are affiliate links. This means if you click on the link and purchase the item, I will receive an affiliate commission at no extra cost to you. All opinions remain my own.