7 answers
Gillian
Student
Somerdale, New Jersey
9
Questions
Asked
1002 views
How much training do you receive on a full time cyber security job?
There are a plethora of different cyber security jobs out there, with much to learn as you are being introduced to the many different concepts of cyber security. After accepting a full time cyber security position, how much/what kind of training do you typically receive starting into your career? What are you expected to already know? #JULY20 #technology #computer-science #computer-security #cybersecurity #womeninstem #stem #computerscience #informationsecurity #applicationsecurity #career #careerdevelopment
Login to comment
7 answers
Salman Mohamedy
Security Risk & Compliance
1
Answer
San Jose, California
Updated
Salman’s Answer
Hi Gillian,
Great question! Training really does depend on the company and its leadership. I have seen the range of very minimal to $5,000 a year for an accredited program/certification. The important thing to remember is that you are in control of your own career and you must advocate for your goals and ambitions. Have regular discussions with your manager about topics or areas you are interested, and be ready to discuss how the training can help the goals of your manager, the department, and the company. Being able to connect the dots to the larger picture will help your case.
Once you start a new role, the type of cybersecurity training will really depend on what you are doing. As you already know, cybersecurity is such a broad area and there are many different paths you can take. Keep an open mind when exploring different areas and do not worry whether you have the all the skills within the area because you will learn on the job. As a new cybersecurity professional, no employer is going to expect you to be a subject matter expert right off the bat. Many companies also have subscriptions to learning platforms like Pluralsight, which offer a ton of great courses. Research the different options your employer may provide.
My biggest recommendation would be to build a solid foundation on the concepts and technologies you will be working on. Research different certifications or training courses that interest you and map out a path. For example, CompTIA has a pathway for Cybersecurity starting with IT Fundamentals all the way through Advanced Security Practioner. You don't have to complete every one of these certifications, but it helps to understand what types of skills you should be focusing on and where you should direct your efforts. Stay hungry and continue learning!
Great question! Training really does depend on the company and its leadership. I have seen the range of very minimal to $5,000 a year for an accredited program/certification. The important thing to remember is that you are in control of your own career and you must advocate for your goals and ambitions. Have regular discussions with your manager about topics or areas you are interested, and be ready to discuss how the training can help the goals of your manager, the department, and the company. Being able to connect the dots to the larger picture will help your case.
Once you start a new role, the type of cybersecurity training will really depend on what you are doing. As you already know, cybersecurity is such a broad area and there are many different paths you can take. Keep an open mind when exploring different areas and do not worry whether you have the all the skills within the area because you will learn on the job. As a new cybersecurity professional, no employer is going to expect you to be a subject matter expert right off the bat. Many companies also have subscriptions to learning platforms like Pluralsight, which offer a ton of great courses. Research the different options your employer may provide.
My biggest recommendation would be to build a solid foundation on the concepts and technologies you will be working on. Research different certifications or training courses that interest you and map out a path. For example, CompTIA has a pathway for Cybersecurity starting with IT Fundamentals all the way through Advanced Security Practioner. You don't have to complete every one of these certifications, but it helps to understand what types of skills you should be focusing on and where you should direct your efforts. Stay hungry and continue learning!
Vikas Tirukonda
Engineer
4
Answers
Atlanta, Georgia
Updated
Vikas’s Answer
A group of engineers here. We don't work directly in cyber security, but within electronics manufacturing and we have very little expectation of prior knowledge coming into the company. A lot of school curriculum is to teach you how to think and the basic principles of what you will need to apply in a job. I believe it will also be similar here where they will teach you what you need to know once you start.
Kevin Lam CISSP, PMP, ITIL
Sr. Manager, Incident Response
35
Answers
Santa Clarita, California
Updated
Kevin’s Answer
Training depends on the leader and company. I would say typically a company whom strongly believes in employee development will allocate 3-5 days if not more each a year for training. For where I am today, I am averaging 5-7 days a year though I am juggling to keep up with work in the process.
As far as how much one needs to know, a college hire entering the security field, here's how our organization defines it:
• Performs routine entry level assignments under direct supervision
• Typically requires a college or university degree or the equivalent work experience that provides knowledge and exposure to fundamental theories, principles and concepts
• Develops competence by performing structured work assignments
• Uses existing procedures to solve routine or standard problems
• Receives instruction, guidance and direction from others
• Assists in risk and threat analysis activities including security assessments, penetration tests, incident response activities, forensics services, etc.
• Assists in compiling position papers, assessment recaps, and other technical documentation aligned with functions defined in the job family summary
• Demonstrates technical proficiency in support of those functions, including tool proficiency (can analyze, configure, assist in deployment), coding, technical development and implementation
As far as how much one needs to know, a college hire entering the security field, here's how our organization defines it:
• Performs routine entry level assignments under direct supervision
• Typically requires a college or university degree or the equivalent work experience that provides knowledge and exposure to fundamental theories, principles and concepts
• Develops competence by performing structured work assignments
• Uses existing procedures to solve routine or standard problems
• Receives instruction, guidance and direction from others
• Assists in risk and threat analysis activities including security assessments, penetration tests, incident response activities, forensics services, etc.
• Assists in compiling position papers, assessment recaps, and other technical documentation aligned with functions defined in the job family summary
• Demonstrates technical proficiency in support of those functions, including tool proficiency (can analyze, configure, assist in deployment), coding, technical development and implementation
Liam Riley, CISSP, CASP, POPM, MSIS
Engineer
16
Answers
Tampa, Florida
Updated
Liam’s Answer
Cyber Security Professional here. The cyber security career field is very broad and encompasses many domains. From Defensive Cyber Operations and Offensive Cyber Operations to DevOps and Application Security. There are aspect of cyber security in most all professional career paths. To get into an entry level cyber security role, you will need to demonstrate knowledge equivalent to a Comptia Sec+ certification. There are many cyber security certifications that progress in scope and complexity up through which ever domain you end up focusing on. There are really two training requirements when you get into a position. #1) is the Continuing Education Credits that you will need to complete each year to remain certified. This can be anywhere from 10 hours a year to 30 hours a year depending on the certification. #2) is the amount of time you will need to focus on to excel in the domain that you choose. This number depends on your passion. Choosing Cyber Security as a career field is a commitment to life long learning. Formal Education in the Cyber Security world is important; Security Certifications are just as crucial to advancement.
You should expect to complete at least 80 hours a year in training specific to your chosen path. This is, of course, outside of the hours you will need to put in to finish your degree!
Good Luck!
You should expect to complete at least 80 hours a year in training specific to your chosen path. This is, of course, outside of the hours you will need to put in to finish your degree!
Good Luck!
Jennifer Engle, PCIP
Information Security
3
Answers
York, Pennsylvania
Updated
Jennifer’s Answer
Training never stops! Since threats to security are always evolving, ongoing training is a must. Personally, I have received detailed on the job training, as well as online training specific to my job responsibilities. I also have an annual training requirement for my security position, and required training hours to renew my certifications. You’ll find that some training is industry specific, compliance specific, and cyber specific. My employer also has cyber career paths mapped out, so we are able to see what skills and training are required to move or advance to a new cyber position. We are also offered many training resources, such as Linked-In training, where we can access online course content for obtaining or renewing certifications.
Dave Jones
11
Answers
Updated
Dave’s Answer
The majority of our InfoSec team got their starts in IT, built up expertises in a few areas and then transitioned to security. Entry level IT positions area easy to get if already know basic computer support as most people who use computers do not know how to fix their own computer problems.
It is also common to get these entry level IT positions while going to college. I did that myself while studying computer science.
As there are very few accredited Cyber Degrees you can get, San Jose State is the only one I can think of (Masters in Cyber Security) that means certifications are the way to go.
The most well known and respected is CISSP. You can study for that one on your own, there are multiple books to teach you the domains. You then just have to pay for the test, I think I paid $400 for a proctored test.
I mentioned domains as CISSP will take you through every avenue of security, which can also help you decide what area of cyber you want to spend your time in
It is also common to get these entry level IT positions while going to college. I did that myself while studying computer science.
As there are very few accredited Cyber Degrees you can get, San Jose State is the only one I can think of (Masters in Cyber Security) that means certifications are the way to go.
The most well known and respected is CISSP. You can study for that one on your own, there are multiple books to teach you the domains. You then just have to pay for the test, I think I paid $400 for a proctored test.
I mentioned domains as CISSP will take you through every avenue of security, which can also help you decide what area of cyber you want to spend your time in
Todd E
Technology Auditor
22
Answers
New Jersey, New Jersey
Updated
Todd’s Answer
Hi Gillian,
I'm a technology auditor that's focused on information security. While security skills are important, I wouldn't forget that soft skills and understanding the business can be equally, if not more important. Being able to communicate risk based on your audience that may be less technical (business leadership) is an important skill that both help you land a job and progress over time.
In terms of keeping current on the industry, I leverage IT Pro TV (itpro.tv) and subscribe to newsletters through SANS. Cybrary is free and also has good resources. What's key is that you have an attitude of a life long learner since technology and specifically security, change at a record clip so it's important to keep current.
I'm a technology auditor that's focused on information security. While security skills are important, I wouldn't forget that soft skills and understanding the business can be equally, if not more important. Being able to communicate risk based on your audience that may be less technical (business leadership) is an important skill that both help you land a job and progress over time.
In terms of keeping current on the industry, I leverage IT Pro TV (itpro.tv) and subscribe to newsletters through SANS. Cybrary is free and also has good resources. What's key is that you have an attitude of a life long learner since technology and specifically security, change at a record clip so it's important to keep current.