Are Cyber Ranges Becoming the New Gym Membership?
One thing that people in many different occupations have in common is the need for and benefits of experience. That’s true in cybersecurity. While many people working in the field comment that there are no entry-level cybersecurity positions, I disagree. My recommendation to those seeking to enter the cybersecurity field is to Work on building both hard and soft skills. Hard skills, such as being able to demonstrate to potential employers that you understand how various technologies work. Some do this by earning degrees or certificates. Others take a different path.
Degrees and certificates (or certifications) are a means of both learning and earning some credential that provides evidence of your learning. The positive is that you learn and you earn that credential. The downside is that your learning path is constrained and defined by someone else. It may include topics that interest you and others that you have no interest in. That’s why I mentor and coach to take smaller bites at the apple. Take short courses that provide a certificate of completion. Pursue an associate's degree or complete a certificate program before making a multi-year commitment.
The different path aligns with my smaller bite strategy. That’s signing up for one of the reputable cyber ranges. Free programs like AWS’s Self-Paced Labs and Cisco’s Network Academy. Both offer different starting points tailored to your skill level. Both programs have a study and lab component. And have connections to the company’s higher-end paid programs. Given that the starting price is free and the programs are delivered via the Internet, your investment is time.
One company I would like to mention is PortSwigger. These are the folks behind one of the most important tool suites in use today, the Burp Suite. They offer a wide range of valuable training and certifications focused on developing and securing web communications. They are geniuses because much of their training is either low-cost or free.
Another strategy is to sign up with one of the many learning companies, such as ACI Learning (formerly the IT Training Institute), CBT Nuggets, Coursera, INE, and others. These companies are well known for their learning products and educational materials—featuring numerous excellent texts and videos. Please make sure you look at their lab environments. Some have created their own using one of the major cloud providers. Some are using other cyber range companies.
Then there are cyber range programs like Hack the Box and TryHackMe. These programs offer monthly memberships that provide access to their learning community. That community component is important. These companies have turned learning about cybersecurity and cloud technologies into team sports. That’s important because, in the workplace today, employers are looking for team players —people who have demonstrated both technical and interpersonal (i.e., soft) skills.
This brings me to everyone else marketing learning and lab or range products and services today. Buyer beware. Request a list of their learning materials and ask to review some of them. Get a list of and ask to review some of their lab offerings. Before signing up for any of these programs, make sure that you understand what it will cost. Make sure that you know how much of your time you will need to invest. How long does it take to complete the learning (reading? How long does it take to complete the labs? Many of these companies require a credit card. Make sure you understand what they will charge you and when they will charge you. Make sure to ask if something happens in your life, such as you or a loved one getting sick or losing a job, that you can put your membership on hold. If you have to cancel, will they charge you for the remainder of the current month or the remainder of the year?
Take it from someone who has had at least three different gym memberships where I would go to the gym maybe once or twice a month (if that). You don’t want to pay for one of these memberships without a plan for getting the most out of your membership.
Cisco Ethical Hacker Course Update
I've been working my way through the Cisco Ethical Hacker (EH) course and wanted to provide an update. I worked my way through the entire course. I did encounter several issues along the way. I received feedback from others that they also encountered roadblocks where the content didn’t seem right, or exercises didn’t work as expected. I started on that learning path right after the product went live, and to me the team was still working out some of the bugs. That’s to be expected with any learning product as complex as this. This is an entirely free offering, included with the certificate of completion. To earn the certification, there is a cost associated with taking an exam at a testing center. My takeaway is that this is excellent training that I would recommend to anyone interested in either offensive or defensive cybersecurity.
My name is Brian Ford. Welcome to my newsletter. Many know me as a technology instructor, teaching networking and cybersecurity courses. I’m also a coach who works one-on-one with people who want to learn about and understand Internet, cloud, and cybersecurity technologies. I’m also a technology researcher investigating various cybersecurity topics, including how web browsers and protocols can be used and abused.
Things that I’m going to help readers with:
Choose what technologies, certifications, and career choices to pursue.
Become lifelong learners and earn various technical certifications.
Those who have earned a certification maintain and use it to their advantage.
Please take a look at these posts for help with maintaining your CompTIA and ISC2 certifications.
Have you submitted CEUs or CPEs and been audited? I'd like to hear about your experience with audits.
I tell all my clients and students that I get tremendous personal satisfaction from what I do, not because of the paycheck but because of the impact. I encourage clients to keep in touch with me. If you find this newsletter helpful or if you have something you want to share with others, please don’t hesitate to message me.
Are you someone who could benefit from reading this newsletter?