Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


New 'Nanodegree' Program Provides Hands-On Cybersecurity Training

Emerging streamlined curriculum programs aim to help narrow the skills gap.

Estimates show that by 2021, there will be some 3.5 million unfilled jobs in cybersecurity. That's worrisome for a field under more pressure than ever to protect enterprises adjusting to a new and unsecure world of remote work. 

With an eye toward the skills shortage and addressing security staffing deficits it cited from a Cybersecurity Ventures data forecast, online learning platform Udacity recently launched what it calls an Introduction to Cybersecurity Nanodegree program. The course, taught by security pros, is intended for those just starting out or transitioning fields, to get a leg up on a career. The course is made up of four sections: Cybersecurity Foundations; Defending and Securing Systems; Threats, Vulnerabilities, and Incident Response; and Governance, Risk, and Compliance.

Christine Izuakor, founder and CEO of Cyber Pop-up, and instructor for the Threats, Vulnerabilities, and Incident Response portion, says one of the program's benefits is its project-based nature. "It's an opportunity for students to go through some real-world projects," she says. In one vulnerability management module, for example, students use a vulnerability scanner to search the server for flaws. 

"As we're trying to build the next-generation talent pipeline, it's very important we not only give them the fundamentals but also that we're giving them hands-on experience," she says. Overall her segment will examine threat assessments, threat actors, threat motivations, finding and fixing vulnerabilities, and what to do when a hacker inevitably gets in, despite your best efforts.

A Black woman in a white-male dominated field, Izuakor also hopes that this type of course offering will help more underrepresented people get involved. "The industry is missing such a huge opportunity by not embracing the full scope of potential talent out there," she says.

Izuakor, meanwhile, recently published the Ultimate Guide to a Career in Cybersecurity for individuals interested in learning how to break into the industry.

The next-generation talent pipeline will be key to closing the skills gap, particularly because, as Izuakor notes, the harder roles to fill tend to be in cloud security, AI, and other emerging areas of security.

There are other programs that aim to fill those gaps: The SANS Institute runs the CyberStart program in the US, which creates an onramp for students in community college to simultaneously learn cybersecurity skills and emerge from school in two years ready to enter the workforce.

But of course at the same time that new security skillsets are in dire need, companies are also bogged down by hiring constraints brought on by the COVID-19 crisis. According to a recent SANS survey, 40% of organizations don't know if they will hire new security staff in the next year.

John Pescatore, director of emerging security trends at SANS, says that number is usually around 15-20%, and the sharp rise reflects widespread economic uncertainty and discomfort with hiring new security employees to work remotely. 

Indeed, the survey shows that 30% of organizations are considering bringing on consultants. The implication being, for example, that a company that was considering hiring a penetration tester may now opt for a consultant to perform a pen test instead, Pescatore says.

Post-Pandemic Hiring

Security pros say when organizations do start making new hires, they need to broaden their parameters in order to address the growing skills gap.

"Recession aside, we are still looking at a skills shortage when it comes to cybersecurity professionals and such a situation is only set to become more challenging with demand set to outstrip supply over the coming 18-24 months," says Steve Durbin, managing director of the Information Security Forum, a London-based authority on cyber, information security and risk management. "But when we say there is a skills shortage, what do we actually mean? Yes, there will be a shortage of individuals skilled in the practical aspects of cybersecurity good practice, but a more imaginative approach to providing the necessary skills is needed."

Some security experts, like Megan Bradley, vice president of operations at application security provider nVisium, think security teams could consider overlooking a college degree requirement in favor of those who take cybersecurity courses including Udacity's that provide hands-on experience.

"I can't speak for the entire industry, but we would certainly consider a candidate who participates in an immersive, hands-on cybersecurity program, with or without a college degree," she says, adding that college curriculum tends to be "antiquated" anyway, teaching older technologies and cyber security practices.

Terence Jackson, CISO at Thycotic, argues that while cybersecurity degrees serve an important purpose in providing soft skills, they're not "a great predictor of success in cybersecurity."

"I do believe training and continuous learning are beneficial in our field, but nothing beats hands-on experience, a curious mindset, and the inner will to push through," he says.

Dr. Casey Marks, chief product officer and vice president at (ISC)², says it's important for hiring practices to be realistic. "Make sure experience requirements, responsibilities, salary, and titles all align. Avoid a 'kitchen sink' mentality in terms of job skills," he says. "We'd be the first organization to agree with the statement that holding a CISSP certification isn't necessary for an entry-level position."

And according to Thomas Hatch, CTO and co-founder at SaltStack, a provider of intelligent IT automation software, while he values a formal degree, candidates who complete special courses like Udacity's Nanodegree program should also be considered if they can demonstrate their abilities. "This is all about looking beyond the degree and understanding the many ways that people can gain an education," he says. 

Registration for Udacity's training program runs through August 11 and costs $1,436 (with discounts for those students suffering hardships). The self-paced program takes about four months to complete at about 10 hours per week.

Related Content:

Nicole Ferraro is a freelance writer, editor and storyteller based in New York City. She has worked across b2b and consumer tech media for over a decade, formerly as editor-in-chief of Internet Evolution and UBM's Future Cities; and as editorial director at The Webby Awards. ... View Full Bio

Recommended Reading:

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
8/5/2020 | 6:21:32 AM
Cybersecurity Training is a Necessity
Being a person working in the online business field and having several websites where we manage customers, I can clearly understand the points you are trying to explain in this article. Cybersecurity was the need of the companies in the past and many depnds on it and will be a necessity in the present and the future, esepcially when considering the fact that the number of digital attacks are rapidly increasing year by year.

I have some personal experiences as well with my Tadbeer Visa website (this one) as I managed to get out of some kind of malware attacks. It's a headache always and hence having this kind of Cybersecurity Training Programs and Courses are the need of the time. We need to prmote such efforts as it's going to be the very first step towards a better future for businesses that rely mostly on database.
Why Vulnerable Code Is Shipped Knowingly
Chris Eng, Chief Research Officer, Veracode,  11/30/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: I think the boss is bing watching '70s TV shows again!
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-12-02
An exploitable out-of-bounds read vulnerability exists in libevm (Ethereum Virtual Machine) of CPP-Ethereum. A specially crafted smart contract code can cause an out-of-bounds read which can subsequently trigger an out-of-bounds write resulting in remote code execution. An attacker can create/send m...
PUBLISHED: 2020-12-02
An exploitable Out-of-bounds Write vulnerability exists in the xls_addCell function of libxls 2.0. A specially crafted xls file can cause a memory corruption resulting in remote code execution. An attacker can send malicious xls file to trigger this vulnerability.
PUBLISHED: 2020-12-02
A heap overflow vulnerability exists in Pixar OpenUSD 20.05 when the software parses compressed sections in binary USD files. A specially crafted USDC file format path jumps decompression heap overflow in a way path jumps are processed. To trigger this vulnerability, the victim needs to open an atta...
PUBLISHED: 2020-12-02
A heap overflow vulnerability exists in the Pixar OpenUSD 20.05 parsing of compressed string tokens in binary USD files. A specially crafted malformed file can trigger a heap overflow which can result in out of bounds memory access which could lead to information disclosure. This vulnerability could...
PUBLISHED: 2020-12-02
An exploitable vulnerability exists in the way Pixar OpenUSD 20.05 handles parses certain encoded types. A specially crafted malformed file can trigger an arbitrary out of bounds memory access in TfToken Type Index. This vulnerability could be used to bypass mitigations and aid further exploitation....