So, after being a recruiter for 7 years where I've specialised in IT, Infrastructure and Cyber Security, recently, I found that the wheels in my mind starting going off after one of the Cyber Networking sessions. I was listening to a CISO's talk about Cyber awareness; albeit this topic isn't new, especially about how we should reevaluate the University courses and create a distinct path for a cyber career, it was almost as if I had an epiphany.
From networking with the cyber security community (e.g. AWSN/ DOTM meetups etc.) I've found them to be such a supportive network. As Cyber is still fairly new, you will find that traditionally, Cyber specialists come from a network background and then made a switch in their career. However, I realised that there's still many unexplored avenues.
At one of the networking security lunches, I met a lady who found a cyber career after she found her passion in cyber security. Prior to that, she came from a legal field and it took a while to overcome the natural barriers and stigma associated to the non-traditional IT career before she was able to make the switch successfully.
A few weeks ago I had a sudden inspiration. Why shouldn't I start studying again? It was a great learning journey when I completed my Bachelor in Computer Engineering 7 years ago. And studying shouldn't stop there! Although I have learnt so much from networking with various people in the IT industry, I realised there's an untapped source of rich knowledge in the current IT community.
So I reached out and posted on LinkedIn asking for the Cyber community's thoughts on which course I should enroll as a starting point for me to build a good foundation.
Never would I have expected the response from the community! 66,622 views on my post and more than 100+ likes and comments giving me advice and pointing me to so many helpful sources. I was blown away by how supportive everyone was in this amazing community of Security professionals. #flabbergasted #verythankfultoeveryonewhocontributed
Hence, I have decided to compile a few key ones that have been highlighted consistently in the discussion to help any newbies as they start their journey too.
Hot favourites seemed to be...
It seemed that the market sentiments is that it is good to start off first with Security+ then CISE segway classes to pursue courses in CompTIA. After which, SANS series class will be a good complement (https://www.sans.edu/academics/certificates). Apparently, Security+ is good for those who are selling IT products, or just starting in technology and looking for a good foundation. It also provides a good baseline for knowledge certifications and a beneficial revenue boost for companies. A useful link -http://www.professormesser.com/sy0-401-course-notes/
Cybrary.IT & IT Masters' free courses
Recommended as a great mini cyber security management course, which is essentially a condensed CISM. Quite a number of people like this as it has really helped them build a good foundation in Cyber even for those who had no prior background in technology.
CSM/ CASP/ CEH/ CISSP
CISSP seemed to be likened as a mile wide and inch deep sort of course, good for general learning, more for information security management. It is not really hands-on and there seems to be a lot of requirements before one can take it, e.g. at least 5+ years of IS experience.
Security Engineering (COMP 6441/6841) by OpenLearning SEC.EDU
25 hours of online lecture and it has a lot of relevant information. The presentation style and content is also quite interesting. As they are run by a Bluestone University and CBA, it seemed quite a credible source of learning as well.
A few other useful online forums/ resource that was brought to my attention -
So after all that, I have decided to embark on the CompTIA Security+ course with Cybrary.IT. I am excited to start this course and plan to do a post every fortnight to write my key learns which will be helpful for future cyber newbies. At the same time, this will help discipline me to finish the whole course. Of course, this is not forgetting our local meetups and Security events. In conjunction with that, I've also started a new LinkedIn group called the Cyber Risk in Sydney and a Cyber Risk in Sydney meetup group.
It's a group where people are passionate about these two words: Cyber & Risk. If you want to keep up with cyber trends and latest talk of the town, let's get together and meet up with like-minded people! In this group where your lovely host is yours truely, we will be meeting up once a quarter. This is to help you nurture your network, share ideas, experiences, contacts, anything cyber risk. Don't underestimate the power of networking! Stay tuned!