Lately I’ve been doing more hiking than scuba diving. Last weekend, I hiked up Mt. Townsend here in the Puget Sound area of the United States. Man, that was a gorgeous hike. Well, it was more of a steep walk, really. The trail was well defined all the way to the top.
But the week before, things were different. I went hiking at Yellowstone and Grand Teton. Two of my kids and I hiked up an undocumented trail near Middle Teton, up the Hanging Valley to a body of water called the Lake of the Crags. It was a fun hike, but pretty brutal, with 3,000 feet of elevation gain in less than 2.5 miles. Plus, we had difficulty finding the trail much of the time. But the view was worth it. So was the dip in the lake, even though it was absolutely freezing. After all, there was still ice melting down the mountain into the lake. But, I survived.
The Cybersecurity Pathway as an Unmarked Trail
The other day, I was asked if the IT industry has done a very good job at identifying the skills necessary to succeed as an IT or cybersecurity worker. I couldn’t help but think of the difference between hiking up the well-maintained Mt. Townsend trail and the one at Teton. For Mt. Townsend, all you had to do was follow the established pathway. But in Grand Teton, you really had to have your wits about you to make it to the top.
Where am I going with all of this? Well, lately, I’ve noticed considerable confusion about what it takes to learn the cybersecurity profession.
Has the industry done everything it can to define a pathway for a cybersecurity career? There are many who openly wonder. Simone Petrella recently wrote a blog post with her answer. Reiterating a common perception, she stated rather convincingly that there is no defined pathway for a cybersecurity career. Furthermore, she pointed her blogging finger at today’s employers and hiring managers, stating that employers need to define one quickly, because they’re playing a “disastrous game of chicken.” Her point is that today’s employers have to take the first step to define a pathway. They’re the ones who generate the demand for workers, after all. They know better than anyone else the types of skills you need to be a good cybersecurity worker.
She’s got a good point. Plenty of folks have defined cybersecurity education pathways over the years. The Intertubes offer many paths: universities, learning centers and organizations that have convincing pathways placed on slick, SEO-optimized webpages. Social networking and massive open online course (MOOC) platforms abound with pathway options. Many are ready with a degree.
But to Petrella’s point, these pages and pathways seem to be created by people who are trying to sell you something. They’re on the supply side. Where are the employers? Where is their input when it comes to creating an authoritative cybersecurity career pathway? After all, they’re the ones that create the demand.
Blazing a Trail
Well, actually, employers have already made the move in regard to a cybersecurity pathway. They’ve developed an authoritative pathway. I know this, because I’ve seen employers line up over the years to work with us at CompTIA to create our certifications. We have created our certifications for only one reason: Because employers worldwide demanded them.
CompTIA and other certification entities have strived for years to create well-considered, expert-driven certification objectives. Thousands of qualified, working IT employees over the years have contributed to these certifications. Our activities are driven by industry. Furthermore, at CompTIA we’ve defined essential infrastructure and security pathways after listening very carefully to employers such as Cisco, Soft Bank, IBM, and Dell. We’ve spent the past year working with utility companies such as Enbridge Energy, health care providers such as Emerson Hospital and manufacturers such as Ricoh to update our certifications. Each of these companies has their made their move toward creating a well-defined cybersecurity pathway.
First of all, they’ve merged with CompTIA to create a clear, well-defined education path. They’ve ramped up their efforts by spending the time and money to send their experts to us. These experts have helped define clear standards, such as CompTIA Security+, CompTIA CySA+, and our CASP certifications. When you think of the financial commitment these companies have made, it’s really staggering.
Second, these companies use our certifications to hire individuals. To me, that only makes sense: It’s pretty logical, really, for a company to use a pathway once they’ve defined it.
It can be daunting for any individual just starting to learn about cybersecurity. After all, new IT pros have so many entities and companies raising one standard or the other. Learning institutions beckon with degrees and certificates. Richard Bejtlich notes in a fairly recent blog that many disciplines are involved when it comes to developing true cybersecurity talent. He even provided a helpful “mind map” to help the discussion along. But with our expert-driven development model, we’ve captured many of the skills it takes to get well down the cybersecurity pathway.
A Measured Approach
I know how frustrating it can be to go down an ill-defined path. While hiking, I’ve noticed how novice hikers can inadvertently create bogus pathways right into the middle of nowhere. I’ve seen the same thing in the IT space: well-meaning organizations try to create authoritative pathways, but often fail to do so.
But with our approach, we’ve distilled down input from hundreds, and even thousands, of employers, as well as the individuals who work for them. We’ve created learning resources like CertMaster and programs such as the CompTIA AskIT program to help give new IT pros experience applying the skills they gained while following our cybersecurity pathway.
That’s why I’m excited to announce that employers worldwide have already created a defined pathway. They’ve merged onto the cybersecurity pathway. Have you?
CompTIA's Cybersecurity Career Pathway can help guide your cybersecurity career. See which certification will set you up for your next move.