Cybersecurity Job Outlook

Job future in cybersecurity: Santa Rosa’s Empire College instructor talks need for certified workers

Those who want to make a living defending computer networks from hackers will have a new way to be certified to do so.

Santa Rosa-based Empire College has announced it is partnering with The Computing Technology Industry, a nonprofit trade association, to offer a program preparing students who seek two certifications: cybersecurity analyst (CySA) and penTest+.

Ryan Donham, head of the college’s information technology department, who will lead the instruction for students in the certification program, answered questions about the program and the growing job field detecting cyber threats.

Explain the program requirements, like how long the programs take?

RYAN DONHAM: We have an associate degree program with three options for areas of specialization: Microsoft, Linux and cybersecurity. Each program is 1,440 hours, or 18 months. Graduates are prepared for positions as network administrators or technicians.

We also offer an IT Support Specialist program that is 600 hours, eight months. It’s streamlined and designed to get people in the industry quickly. All the classes are a part of the degree program so students have the opportunity to first try this, then they can upgrade their skills to the degree program at a later time.

For industry professionals looking for higher level skills and certifications we have a 384-hour, six-month Microsoft solutions expert program, which prepares people for the Microsoft certified solutions expert: cloud platform and infrastructure (MCSE) certification.

One of the certificates appears to be “defensive” in that it schools students on how to protect systems from being hacked, the other involves teaching students how to “test” or hack systems. That true? And what are the differences in training for each, if any?

DONHAM: The two new certifications we teach are brand new and cutting edge. These are advanced-level certifications from CompTIA that expect you to apply your knowledge rather than know certain facts. It’s a huge step in the right direction for IT certifications.

CySA+ (cybersecurity analyst-plus) focuses on defensive strategies for networks. It takes a top-down approach to network security. This involves using one or multiple established frameworks to create formalized policies and procedures, Threat and vulnerability management and incident response plans. It also goes into e-discovery and forensics. You’ll learn to use the many types of security tools on the market today and analyze network traffic to find unauthorized activity (which is getting more difficult to detect). You will proactively find, prioritize, validate and mitigate vulnerabilities that exist in every network and respond the right way. You don’t talk “defense in depth” – you do it.

PenTest+ (penetration tester-plus) focuses on ethical hacking to proactively test your network security, validate vulnerabilities and recommend mitigation strategies. This involves a formalized statement of work, rules of engagement and scope for your tests. Your tests can take place from the perspective of an outside threat or an inside treat with limited or extensive knowledge of your network.

Some organizations will test their security team with red (offensive) vs. blue (defensive) exercises. Based on the type or organization a penTest may be required for compliance reasons. PenTest methods include using open source intelligence to find information, social engineering employees, bypassing physical security, active reconnaissance and exploitation with a wide variety of technical tools and anti-forensics to avoid detection of the breach.

Who’s likely to want to enroll in this program?

DONHAM: Everyone from industry professionals looking to upgrade their skills, to young or older adults looking for a rewarding and in-demand career. I’m pushing my son and every young person I know to look into this career pathway.

What is the outlook for landing a job in this field once someone obtains one or both of these certificates?

DONHAM: Huge. All you need to do is Google “information security analyst” or “pentester” job outlook to get all the information you need. The Bureau of Labor statistics predicts 28 percent job growth for the next 10 years, four times the national average job growth rate for all other occupations.

The last security conference I attended I was stopped by an industry professional who asked if I “knew any penTesters? I can get them a job; here’s my card.” It’s a high-demand job with not many people qualified to do it at this point.

To you, what’s the most interesting part of teaching these courses?

DONHAM: I can go on and on about this.

I’ve been in IT for almost two decades now and I don’t think I’ve ever seen things change so quickly in technology as it has with IT security. It’s absolutely fascinating (and scary). Everyday I learn something new and grow. With this industry, I’ll never run out of things to learn and I will continue to do so for the rest of my life, as it is my passion.

As we rely more and more on our digital devices, I feel most people really don’t understand how much information is being collected about them and how easy it is for people to access it.

If they did, they would see the world in a different light.

For instance, recently I hacked a smartphone using a well-known exploit and passed it around to several people I know. The phone appeared to be turned off, and I got looks from them like “so what.”

That look changed to shock when I turned my laptop around and showed them that the phone was actually live streaming video to my laptop, recording our conversations and geolocation, as well as accessing all its texts and photos.

Any app you load on your phone can do this. These people never knew this could happen, and I’m sure they will think twice before installing their next free app on their phone. Maybe they will actually change their passwords frequently and not use the same password for multiple accounts.

It’s all the things people have heard a million times before, but they never think it could happen to them. It’s one thing to talk security, but it never hits home until you actually do it and show them. As they say, actions speak louder than words.

Ryan Donham, Director of Information Technology

Sources

The North Bay Business Journal. (2019). Have what it takes to be a cyberdefender?. [online] Available at: https://www.northbaybusinessjournal.com/industrynews/technology/9196346-181/empire-college-cybersecurity-education?artslide=0 [Accessed 31 Jan. 2019].