Do I need a degree?
A common thought for young people looking into the information security and cybersecurity space is to go to a four year university for a Cybersecurity Degree. A degree may be helpful when looking for a career, but it isn’t always the most ideal pathway. Like with any field, a degree will set you back in some ways, and set you ahead in others.
For example, there are very few – if any, Cybersecurity Degree Programs that are tailored to the actual pace and current timeline of the Information Technology world of today. Most Curriculums are well past being dated, and you can learn some tools, but there becomes a tough line between teaching information security, cybersecurity, and just plain penetration testing/ethical hacking. That’s what I’ve noticed the most of these curriculums lean towards, it’s ethical hacking style structure, instead of cybersecurity. Other programs dive too much into theory and criminology, and less of the technical and field side of things. Not enough Microsoft Windows and PowerShell, and too much Linux and Open Source tooling.
Now this is a great mindset to develop the foundation, and analytical mindset, and a lot of Open Source tooling can be similar in nature to common industry tools, however many institutions remain in dated systems, so students are learning on Windows XP and Windows Server 2000.
This could be an endless discussion, and it will be tough to fix the academic setting in Cybersecurity, as the landscape is forever changing and advancing, arguably faster than any academic institution could keep up with. At least with Information Systems and Computer Science styled programs, students can learn the stationary foundation of a programming language, the logic and structure, and life cycle of software. There is a vast and ever changing world in cybersecurity, to where a curriculum could effectively be out dated by the time it made it to production.
So what then if no college?
The internet is full of fantastic resources for anything you could need, from automotive and home repairs, to fashion advice and more. This is no different when it comes to information technology and specifically cybersecurity topics. While a degree can help someone decide which of the 10 core cybersecurity domains they lean towards, the plethora of resources online can do that just the same, and more than likely for less than a fraction of the cost.
My Topic Picks
TryHackMe is one of my favorite resources out there. It is a free learning resources with hands on labs and attack boxes, as well as walkthroughs and tutorial “rooms” where you can apply the crawl, walk, run methodology to getting comfortable with topics you like. There is a paid option, which opens up more cloud resources, and the ability to connect to the boxes through your local machine via VPN, but it’s completely optional and would not inhibit your ability to learn with it.
They do a great job in gamifying the material and rewarding badges, and just recently released their first industry certification.
https://tryhackme.com/dashboard
HackTheBox is another gamified learning resource, similar to TryHackMe, it allows users to work at their own pace and move through a crawl, walk, run methodology to get comfortable at their own speed. HackTheBox focuses more on doing and less on learning the material first. This is a great for to put your knowledge to the test, or throw yourself to the fire – if that’s how you prefer to learn.
Like TryHackMe, HackTheBox has a large community surrounding it and is also free and paid tier driven. You can learn for free and try the boxes without paying, but if you subscribe to their plans you do get a bit more benefit.
TCM-Academy is my third and final beginner resource. What started out as a paid only resource, they’ve recently launched a number of completely free entry level courses that can help provide that foundational level of knowledge and experience to people wanting to pivot into the IT or CyberSecurity industry. Unlike TryHackMe and HackTheBox, TCM drives to teach learners how to build their own enviornments for testing, whether through Virtual Machines locally hosted or in a cloud like Azure.
For example in the Ethical Hacking course, we build out a mock up of an enterprise domain, with workstations and a domain controller, to attack it and take total control of the domain controller. The videos are lead by industry experts and very well laid out. If you’re just dipping your toes into the space, the free tier videos are outstanding.
All in all, a degree will only hurt you if you rely completely on that degree. You have to treat the classes as a bridge, and spend the extra time to get out there learn more. This is an industry that won’t slow down anytime soon, and we can’t afford to stop learning.
English
Leave a Reply