Over the last several weeks we have shared a lot about skills-based hiring. It has been focused on the perspective of the employer and hiring manager, but there is another person involved, the applicant. Of course, they are where the rubber meets the road in the hiring process but it’s imperative to dive into the viewpoint of the potential hire. I will jump back to the employer side of things again but to help break up the monotony let’s deep dive into how an individual can control their future through skills-based hiring.
Skills do not come in a one-size-fits-all model. There are several ways that an individual can obtain skills to obtain the job of their dreams. Some of them are free, some of them are low cost, and many have a larger price tag. Regardless of the one you choose, with a little bit of tenacity and grit, you can break into cybersecurity 100% of the time.
Free Options
- Self-Study and Research
- Industry Blogs and News Sites: Regularly read cybersecurity blogs (e.g., Krebs on Security, Dark Reading) and news sites.
- YouTube Tutorials: Many cybersecurity professionals and educators share free tutorials on platforms like YouTube.
- Open-Source Tools: Experiment with tools like Wireshark, Nmap, and Metasploit in a home lab environment.
- Hands-On Practice:
- TryHackMe (Free Tier): Access to a limited number of free labs and challenges.
- Hack The Box (Free Tier): Basic access to some of the labs and challenges.
- CTF Competitions: Participate in free Capture The Flag competitions hosted by various organizations.
- Networking and Community Involvement:
- Join Cybersecurity Forums and Groups: Engage in discussions on platforms like Reddit, Spiceworks, or specialized forums.
- Attend Free Virtual Conferences and Webinars:** Many organizations host free online events and webinars.
- Mentorship and Internships:
- Find a Mentor Through Networking: Reach out to industry professionals on LinkedIn or through local meetups.
- Apply for Unpaid Internships: Some internships might be unpaid but provide valuable experience.
Low-Cost Options
- Apprenticeships:
- CyberUp offers a 6-month pre-apprenticeship training for candidates to earn their CompTIA Security+ certification. After completion, candidates will begin their paid, on-the-job training cybersecurity apprenticeship program.
- https://www.apprenticeship.gov/ - for other apprenticeship programs near you.
- Online Courses:
- Coursera, Udemy, Cybrary (Free or Low-Cost): Many courses have free options or are available at a low cost, especially during sales or with financial aid.
- Hands-On Practice:
- TryHackMe (Paid Tier): Access more advanced labs and features with a paid subscription.
- Hack The Box (Paid Tier): Unlock more labs and features with a subscription.
- Networking and Community Involvement:
- Local Meetups: Some local meetups may charge a small fee for events or workshops.
Paid Options
- Certifications:
- CompTIA Security+: Typically costs between $350-$370 for the exam.
- Certified Ethical Hacker (CEH): Costs around $1,200 for the exam, with additional fees for training materials.
- Certified Information Systems Security Professional (CISSP): Costs around $749 for the exam, with additional fees for study materials.
- Formal Education:
- Degree Programs: Costs vary widely depending on the institution but can range from a few thousand to tens of thousands of dollars.
- Bootcamps: Intensive programs typically range from $5,000 to $15,000, depending on the provider.
- Conferences and Networking:
- In-Person Conferences (e.g., DEF CON, Black Hat): Registration fees can range from $200 to over $2,000, depending on the event and type of pass.
- Advanced Online Courses and Specializations:
- ITPro TV: Several options and class types with hands-on ranges that can range from $500 - $5,000.
- Coursera Specializations or Professional Certificates: Can range from $39 to $79 per month.
- Udemy Courses (Full Price): Typically range from $20 to $200 per course, though sales often reduce the price.
This isn’t an exhaustive list of options but it is a great starting point to build your skills in cybersecurity. My biggest advice is to follow these four simple recommendations to achieve your final goal, employment.
- Determine where you want to be: There are so many options in the world of cybersecurity that you can pick a career. It can be slightly overwhelming to break down all the functions, skills, and opportunities available. The only way I have found to learn about each of these is to build a network of professionals on your side who coach and advise your journey. Through networking and mentorship, you can determine the best path and work towards the development of your training plan.
- Map out your learning journey: Now that you have a sense of what you want to do you need to figure out how you get there and gain those skills. Through conversations and research, you can determine the most important skills needed for the role and begin finding ways to learn them from the recommendations above. Free is always a great option but as you read, there are more than a few ways to get to the finish line here.
- Build your network: Along your journey find new and fun ways to meet people. That can be virtual or in-person but building your community is critical to your long-term success. Find groups like OWASP, B-Sides, Defcon, ISACA, ISC², or others that meet regularly and provide professional development opportunities. These events are a great way to build advocates in roles you are interested in.
- Pay it forward: It never feels like it happens fast enough but if you follow these rules you will eventually increase your odds of success. When you do get there remember how it happened and over to return the favor to someone else trying to break in. Bring new programs and opportunities to your work and continue to advocate for new hiring best practices. We all can acknowledge the system can use some help so join us in being part of the solution!
Now get out there and start gaining those skills! If you are someone looking to gain skills check us out or find us when you are ready to get to work. If you are a hiring company same advice, reach out and ask us how you can tap into our amazing bench of cyber-trained career transitioners! See you out there.