Courses and Certifications:
Understanding the Basics of IT
Students need to have a basic understanding of hardware, software, networking, and fundamental security principles, long before they can be expected to perform cyber analysis jobs. A well-structured cybersecurity CTE program will start with these basic courses that build the skill sets necessary for higher-level cybersecurity work.
The Basic Certs
Two industry certifications provide a background in basic hardware and software skills: the CompTIA IT Fundamentals + (ITF+) and the CompTIA A+ certification. CompTIA is a recognized, IT industry accrediting body that provides numerous certification paths for IT/Cyber professionals.
The ITF+ certification is an ideal entry-level course that provides an overview of hardware and software topics. This certification is designed for individuals who do not have much of an IT background and need a basic introduction.
The A+ certification is significantly more detailed and consists of two exams, a hardware exam and a software-focused exam. Generally, CompTIA A+ is viewed as a good starting point for someone looking to find work as an IT technician.
Next is Networking.
After understanding the basics of IT, the next step is for students to focus more in-depth on networking. A basic networking course will cover the fundamentals of network topologies, network devices, IP addressing schemes, and network security. Once again, CompTIA Network + is one of the more recognized industry certifications in this field. Other networking certifications may not be industry-recognized but that provide background knowledge to achieving the Net+ certification, they are the Certiport Networking certification and CIW Network Technology Associate (CIW-NTA). For K-12 CTE programs these shorter, less difficult certifications are a good stepping stone to achieving the higher-level CompTIA Net+ certification.
Finally, there is the gold standard for basic security principles, the CompTIA Security+ certification. This is a required certification for any government IT/Cybersecurity job. If a student can pass ITF+/A+ and Net+ then they are on the right path to achieving the Sec+ certification. As an alternative certification that is not industry-recognized for employment but is ideal for K-12 students, the EC-Council Ethical Hacker Associate (EC-EHA) certification and the Certiport Network Security certification are significantly easier exams for younger students and cover the basics of security principles.
What’s the Hold-up?
One of the primary issues plaguing the cybersecurity industry is a lack of qualified applicants. The industry is casting a wider net to obtain enough interested applicants to fill a large number of cyber job vacancies. However, the results are that more and more recruits lack basic IT skills to perform the job. This means going back to basics is a critical success factor for any cybersecurity educational program.
What does a cybersecurity Career and Technical Education (CTE) program look like?
A good cybersecurity CTE program will introduce students to the Linux operating system–used for most enterprise network environments. For K-12 students, the Linux Professional Institute (LPI) Linux Essentials certification is an ideal start. This provides an overview of the basic commands and file structure for Linux.
Finally, every cybersecurity student needs at least a basic introduction to the python programming language. Python is often used in conjunction with Linux as it is a scripting language and enables users to create better workflow automation functions within the Linux command line environment.
The model proposed provides a pathway for 9th grade to 12th grade students with a four-year cybersecurity CTE program. These same certification courses can be offered to adult career changers who want to transition into the cybersecurity field but perhaps do not want to invest the time and energy into a two-year or four-year degree program. Technical colleges run by the K-12 public school system typically offer a 700–900 hour certificate program to achieve all of the above-mentioned certifications in one year.
How can I implement a CE Program at my educational institution?
Career and Jobs:
What type of job could a candidate obtain with their Security + certification?
Security + is considered an entry-level certification requirement. Therefore, recruits looking to enter into the cybersecurity profession can expect to obtain entry-level jobs. These jobs are typically help desk positions that provide basic technical assistance to support hardware and software IT systems. Some of the job tasks associated with a help desk position include:
- Monitor and respond quickly to incoming requests related to IT issues.
- Maintain computer systems (Hardware or Software) and act as support if any system goes down.
- Maintaining and managing backups and updates.
With some additional training, another entry-level job is an incident responder. The responder assists in identifying if a security incident has occurred and determines if data was compromised. They can also perform security audits and determine if security flaws or weaknesses are present. These jobs typically start with a pay scale around $50 – $55,000 per year.
As a candidate gains more experience and additional industry certifications, they can move up to a front-line cyber analyst position. The analyst identifies network vulnerabilities through testing and scanning systems. This career requires knowledge of tools to monitor network activity and reporting features to communicate findings to the security team. As the cyber professional obtains higher-level certifications, work experience, and a college degree they can earn pay in the six figures.
The current objective of filling job vacancies in the cyber profession will require that educational programs provide a fast and efficient means of transitioning recruits into these entry-level jobs and create opportunities for additional higher-level training and certifications. Such programs are above and beyond those at the college/university.