The cybersecurity skills shortage is no secret. With upwards of 3 million unfilled roles it can be easy to recommend new students and mid-career professionals jump into the world of cybersecurity. Unfortunately, there are many barriers to entry that are difficult to overcome - a desire for experienced employees, the need for varied technical skill sets, and limited formal education or training programs available. Seemingly every organization wants a team of rockstars, but few want to provide the instruments, training, or time to build the band.
Our team recently had the fortune to host an event that included two budding cybersecurity minds, Sweta Alla and Andrew Bernal. Sweta and Andrew are motivated, bright, and determined Juniors at Central Catholic High School in Lawrence, MA who have gone out of their way to improve their cybersecurity education however possible. Their stories also highlight the shortage of cybersecurity training available to new learners, both in formal and informal settings. The Security Innovation team hopes the guidance, resources, and experiences shared by Sweta and Andrew help others learn, but more importantly, we hope they highlight the need for more formalized cybersecurity training and motivate educators and professionals to improve their curriculums.
Security Innovation: Can you tell us a little about your studies and interests?
Sweta: My name is Sweta Alla and I plan on majoring in aerospace engineering, with my target future job being an astronaut. Although this is probably not what you expected to read here, it goes to show that anyone can have an interest and learn about cybersecurity, even if they do not plan on working in the field!
Andrew: I am Andrew Bernal and am thinking of majoring in computer science or cybersecurity. Designing and breaking computer security seems like an interesting job, but I’m not sure exactly what I'd like to do for a career.
Security Innovation: How did you get interested in programming and cybersecurity?
Sweta: In middle school, I started playing around with loops and functions using block code on Scratch. In high school, I learned Visual Basic in school and self-taught myself Swift freshman year. During my sophomore year, I got my first real taste at coding in real life with GameMaker which led to getting certified in Python and Data Science on edX. It wasn’t until I went to my first CMD+CTRL event this February that I was introduced to the world of cybersecurity.
Andrew: I started making pigpen ciphers in 3rd grade. One day I found The Cyber Mentor’s ethical hacking course on youtube and then I got interested in cybersecurity. I also did a lot of Scratch in middle school and am taking a computer science class right now.
Security Innovation: What resources do you find most helpful for learning new programming and cybersecurity skills?
Sweta: I find formal coding classes to be the most helpful when learning new programming skills, as the structure and organization of the course have helped me discuss and grow with a group of like-minded classmates. Outside of school, I find apps backed by major companies like Swift Playgrounds to be highly effective. EdX’s verified track also allows you to gain a verified certificate, which can help improve the overall strength of your resume as you learn!
Andrew: I learned the basics of Java from Mr. Joyal who runs my computer science class at school. When I got interested in cybersecurity I was lucky to find a bundle of books on Humble Bundle that I’m currently reading, including We Have Root, Cryptography Engineering Design Principles and Practical Applications and Big Machines. The Cyber Mentor has really gotten me interested in ethical hacking. Christof Paar’s Introduction to Cryptography course is another great resource I’ve recently been working my way through.
Security Innovation: What are the biggest challenges you run into when trying to learn more?
Sweta: The biggest challenges I run into are figuring out where to look and what is worth my time. Just searching up “learn to code” on google will leave you with thousands of possible ways to learn. Sifting through this pile of results to figure out which path to follow is the real tough task.
Andrew: The biggest challenge to learning is making time to do so between schoolwork. Also, some of the notation, like rings and sets in cryptography, can take a while to understand.
Security Innovation: What would you recommend to students who might be intimidated by groups and events targeted at professionals?
Sweta: Take a friend or encourage a school group to check out the event. I don’t think I would have gone to my first cyber range unless my friend decided to come along and support me. Once you are at an event you come to realise that everyone there wants to learn and grow regardless of their age or profession. The environment as a whole is very welcoming, and there are plenty of first-time adults as well.
Andrew: You have nothing to lose! There’s no sign-up fee and many of the problems can be solved with basic knowledge. Even just changing numbers in a URL can work.
Security Innovation: What would you recommend to students who might be intimidated by groups and events targeted at professionals?
Sweta: Take a friend or encourage a school group to check out the event. I don’t think I would have gone to my first cyber range unless my friend decided to come along and support me. Once you are at an event you come to realise that everyone there wants to learn and grow regardless of their age or profession. The environment as a whole is very welcoming, and there are plenty of first-time adults as well.
Andrew: You have nothing to lose! There’s no sign-up fee and many of the problems can be solved with basic knowledge. Even just changing numbers in a URL can work.-
Security Innovation: What other suggestions or guidance would you have for people interested in cybersecurity but not sure where to start?
Sweta: Participate in a cybersecurity event! Whether it is a cyber range, Cyber Patriot competition, or anything in between, these events are a great way to get a taste for the cybersecurity field and gain valuable resources from people headed in similar paths.
Andrew: Find what area interests you and learn more about it. Lots of generous people have made YouTube videos to help teach about almost any topic for free. It's just all about putting the time in.
We hope the recommendations provided by Sweta and Andrew help in your cybersecurity learning journey. If you are still not sure where to start, ramp up your skills on our Community Site and then join us for Hot Dogs and Hacking 2020!
And if you’re an educator or team leader working to improve cybersecurity education, reach out to our team at getsecure@securityinnovation.com where we can provide guidance and discuss options for improving education.