Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Cloud

New 'Nanodegree' Program Provides Hands-On Cybersecurity Training

Emerging streamlined curriculum programs aim to help narrow the skills gap.

Estimates show that by 2021, there will be some 3.5 million unfilled jobs in cybersecurity. That's worrisome for a field under more pressure than ever to protect enterprises adjusting to a new and unsecure world of remote work. 

With an eye toward the skills shortage and addressing security staffing deficits it cited from a Cybersecurity Ventures data forecast, online learning platform Udacity recently launched what it calls an Introduction to Cybersecurity Nanodegree program. The course, taught by security pros, is intended for those just starting out or transitioning fields, to get a leg up on a career. The course is made up of four sections: Cybersecurity Foundations; Defending and Securing Systems; Threats, Vulnerabilities, and Incident Response; and Governance, Risk, and Compliance.

Christine Izuakor, founder and CEO of Cyber Pop-up, and instructor for the Threats, Vulnerabilities, and Incident Response portion, says one of the program's benefits is its project-based nature. "It's an opportunity for students to go through some real-world projects," she says. In one vulnerability management module, for example, students use a vulnerability scanner to search the server for flaws. 

"As we're trying to build the next-generation talent pipeline, it's very important we not only give them the fundamentals but also that we're giving them hands-on experience," she says. Overall her segment will examine threat assessments, threat actors, threat motivations, finding and fixing vulnerabilities, and what to do when a hacker inevitably gets in, despite your best efforts.

A Black woman in a white-male dominated field, Izuakor also hopes that this type of course offering will help more underrepresented people get involved. "The industry is missing such a huge opportunity by not embracing the full scope of potential talent out there," she says.

Izuakor, meanwhile, recently published the Ultimate Guide to a Career in Cybersecurity for individuals interested in learning how to break into the industry.

The next-generation talent pipeline will be key to closing the skills gap, particularly because, as Izuakor notes, the harder roles to fill tend to be in cloud security, AI, and other emerging areas of security.

There are other programs that aim to fill those gaps: The SANS Institute runs the CyberStart program in the US, which creates an onramp for students in community college to simultaneously learn cybersecurity skills and emerge from school in two years ready to enter the workforce.

But of course at the same time that new security skillsets are in dire need, companies are also bogged down by hiring constraints brought on by the COVID-19 crisis. According to a recent SANS survey, 40% of organizations don't know if they will hire new security staff in the next year.

John Pescatore, director of emerging security trends at SANS, says that number is usually around 15-20%, and the sharp rise reflects widespread economic uncertainty and discomfort with hiring new security employees to work remotely. 

Indeed, the survey shows that 30% of organizations are considering bringing on consultants. The implication being, for example, that a company that was considering hiring a penetration tester may now opt for a consultant to perform a pen test instead, Pescatore says.

Post-Pandemic Hiring

Security pros say when organizations do start making new hires, they need to broaden their parameters in order to address the growing skills gap.

"Recession aside, we are still looking at a skills shortage when it comes to cybersecurity professionals and such a situation is only set to become more challenging with demand set to outstrip supply over the coming 18-24 months," says Steve Durbin, managing director of the Information Security Forum, a London-based authority on cyber, information security and risk management. "But when we say there is a skills shortage, what do we actually mean? Yes, there will be a shortage of individuals skilled in the practical aspects of cybersecurity good practice, but a more imaginative approach to providing the necessary skills is needed."

Some security experts, like Megan Bradley, vice president of operations at application security provider nVisium, think security teams could consider overlooking a college degree requirement in favor of those who take cybersecurity courses including Udacity's that provide hands-on experience.

"I can't speak for the entire industry, but we would certainly consider a candidate who participates in an immersive, hands-on cybersecurity program, with or without a college degree," she says, adding that college curriculum tends to be "antiquated" anyway, teaching older technologies and cyber security practices.

Terence Jackson, CISO at Thycotic, argues that while cybersecurity degrees serve an important purpose in providing soft skills, they're not "a great predictor of success in cybersecurity."

"I do believe training and continuous learning are beneficial in our field, but nothing beats hands-on experience, a curious mindset, and the inner will to push through," he says.

Dr. Casey Marks, chief product officer and vice president at (ISC)², says it's important for hiring practices to be realistic. "Make sure experience requirements, responsibilities, salary, and titles all align. Avoid a 'kitchen sink' mentality in terms of job skills," he says. "We'd be the first organization to agree with the statement that holding a CISSP certification isn't necessary for an entry-level position."

And according to Thomas Hatch, CTO and co-founder at SaltStack, a provider of intelligent IT automation software, while he values a formal degree, candidates who complete special courses like Udacity's Nanodegree program should also be considered if they can demonstrate their abilities. "This is all about looking beyond the degree and understanding the many ways that people can gain an education," he says. 

Registration for Udacity's training program runs through August 11 and costs $1,436 (with discounts for those students suffering hardships). The self-paced program takes about four months to complete at about 10 hours per week.

Related Content:

Nicole Ferraro is a freelance writer, editor and storyteller based in New York City. She has worked across b2b and consumer tech media for over a decade, formerly as editor-in-chief of Internet Evolution and UBM's Future Cities; and as editorial director at The Webby Awards. ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
NavazIbrahim
100%
0%
NavazIbrahim,
User Rank: Apprentice
8/5/2020 | 6:21:32 AM
Cybersecurity Training is a Necessity
Being a person working in the online business field and having several websites where we manage customers, I can clearly understand the points you are trying to explain in this article. Cybersecurity was the need of the companies in the past and many depnds on it and will be a necessity in the present and the future, esepcially when considering the fact that the number of digital attacks are rapidly increasing year by year.

I have some personal experiences as well with my Tadbeer Visa website (this one) as I managed to get out of some kind of malware attacks. It's a headache always and hence having this kind of Cybersecurity Training Programs and Courses are the need of the time. We need to prmote such efforts as it's going to be the very first step towards a better future for businesses that rely mostly on database.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/21/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15930
PUBLISHED: 2020-09-24
An XSS issue in Joplin desktop 1.0.190 to 1.0.245 allows arbitrary code execution via a malicious HTML embed tag.
CVE-2020-19447
PUBLISHED: 2020-09-24
SQL injection exists in the jdownloads 3.2.63 component for Joomla! com_jdownloads/models/send.php via the f_marked_files_id parameter.
CVE-2020-3560
PUBLISHED: 2020-09-24
A vulnerability in Cisco Aironet Access Points (APs) could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on an affected device. The vulnerability is due to improper resource management while processing specific packets. An attacker could exploit this vulnerability by s...
CVE-2020-3509
PUBLISHED: 2020-09-24
A vulnerability in the DHCP message handler of Cisco IOS XE Software for Cisco cBR-8 Converged Broadband Routers could allow an unauthenticated, remote attacker to cause the supervisor to crash, which could result in a denial of service (DoS) condition. The vulnerability is due to insufficient error...
CVE-2020-3510
PUBLISHED: 2020-09-24
A vulnerability in the Umbrella Connector component of Cisco IOS XE Software for Cisco Catalyst 9200 Series Switches could allow an unauthenticated, remote attacker to trigger a reload, resulting in a denial of service condition on an affected device. The vulnerability is due to insufficient error h...