James Lyne, Chief Technology Officer, SANS Institute, tells Security Advisor how cybersecurity specialists without basic IT skills are like surgeons that don’t know anatomy.
There is a serious shortage of cybersecurity specialists the world over. In fact, studies show that almost 70% of cybersecurity professionals the world over claim that their organisation is impacted by a lack of cybersecurity skills. What this means for the industry as a whole is increased workload on existing security & IT staff; open, unfilled vacancies, hiring of random junior professionals and an inability to utilise technology to its full potential.
Those in the industry say that skills shortage is most acute among security analysts and cloud security professionals. And with more organisations accelerating their digital transformation journey and shifting entire workspaces to the cloud, this shortage becomes a matter of grave concern.
Again, the cybersecurity skills gap has two sides to it: the first is that there aren’t enough cybersecurity professionals and two, there aren’t enough professionals skilled in dealing with the new and emerging demands of cybersecurity.
In order to address the skills gap, SANS Institute offers training at various levels. What this means is that not only can seasoned cybersecurity experts increase their knowledge, but people who are new to the industry can also build a solid foundation for a career in cybersecurity. Core knowledge and practical skills in computers, technology and security fundamentals are crucial for launching a career. That’s why CTO James Lyne developed SANS Foundations.
“At SANS we have been training people in cybersecurity for years. These are people who come to refresh their knowledge, to learn new cybersecurity skills, but also people who are new to the industry.” The training organisation saw across the globe that, especially for these newbie’s, it is not always easy to understand the fundamentals of cybersecurity. “This is because they lack some basic concepts of computers, networks, data or applications. And those very elements are crucial to understanding how cybersecurity works.” Lyne draws the comparison with a surgeon. “Basically, we were training cardiologists without them knowing any anatomy. That’s a frightening idea, isn’t it? That a surgeon doesn’t know exactly where your heart is and what it’s for, but they are going to operate on you anyway”, the SANS CTO grins.
Refreshing your knowledge
Reason enough for SANS to develop a training that builds the foundation for a solid career in cybersecurity: SANS SEC275: Foundations. Not only newbie’s can benefit from this training, but also students with a background in IT can refresh and grow their knowledge and hands-on skills with it. The people new to the industry were the initial target group for SANS, but to Lyne’s big surprise, IT professionals are also enthusiastic about the Foundations training. “Students who don’t know much about IT gain a lot of crucial knowledge in a relatively short time, but we also see that people who already have this knowledge pick up new things more quickly”. After all, technology is developing at a furious pace and keeping up with it all is virtually impossible. “We see people who once studied computer science, but who have never worked with containers, for example. And virtualisation technology has also changed in recent years. With this training you can brush up your knowledge in these kinds of areas and even learn some new things”.
The ultimate way to learn
SANS Foundations is a very rich e-learning platform with many hours of content in the form of video, audio, study books and over 50 hands-on labs. Especially those labs make the platform engaging and fun for students. “You don’t just learn the theory, you can put it into practice right away”, says Lyne. He challenges students to get off the beaten track and not just follow the instructions of the teachers in the videos. “Trying things out, finding out what doesn’t work, then getting stuck somewhere and figuring out how to make it all work again in frustration is the ultimate way to learn”, laughs the CTO. “The younger generations are a bit spoiled when it comes to technology, because 99 percent of the time it just works. That is both a gift and a threat, because it means they no longer learn to figure things out for themselves. Whereas the older generation used to have to tinker with things themselves in order to get a video game to work, for example, and therefore quickly learned the basic skills which the younger generation lacks. But you can do yourself a big favour by seeking out that frustration in our hands-on labs, because that struggle really teaches you the basics of IT”.
Closing the skills gap
Lyne’s ultimate goal with SANS Foundations is to close the global cybersecurity skills gap. “We don’t want surgeons without anatomical knowledge. Especially in a world that is changing at lightning speed, where IoT and smart cities will play a big role and AI-systems are ever more evolving, it is important to have a solid foundation of the knowledge pyramid. I want to help people with a passion for technology get into a cool job market where specialists are in huge demand”. In order to be successful in cybersecurity, the general basic skills are indispensable, the CTO states. “The training from SANS provides exactly what you need to take further steps in cybersecurity”, says Lyne. “IT is such a broad area, but it is not necessary to go into depth on all parts. Then it can get a bit overwhelming. SANS Foundations gives you exactly what its name implies: a solid foundation for additional training in the field of cybersecurity”. For him, it is important that not only IT and cybersecurity specialists gain knowledge and skills, but that other professional groups also become increasingly aware of cyber threats and the ways to work and live safely. “In this way, we are building a pyramid of knowledge and skills that can ensure the digital resilience of the world”.
The fundamentals training of SANS distinguishes itself from other basic training courses in three ways, Lyne says. “First, the lectures and format are really engaging and fun for students. Those are their words,” he hurries to add with a smile. “I think it’s really the live demos and hands-on labs that make this course most engaging. You don’t just read a book to understand the theory, you actually go and do it. It’s much more fun to build a Python program yourself than just reading theory about it”. The second thing that really set SANS Foundations apart is the syllabus, which is really tailored to help people study cybersecurity. “As I said, the IT field is huge, but this course is curated to help you succeed in cybersecurity. It is thorough and sufficient, targeted and tailored”. Last but not least, the course is constantly updated based on student feedback. “At SANS, we constantly measure student feedback on content, topics and our labs. We also look at how the market is evolving and try to take all those things into account in continuously improving the course, which really makes a difference”.
New features coming soon
“Over the next few weeks, new features will also be added to the platform”, says Lyne proudly. “We have some really ambitious plans. There are updates coming for the videos and labs, but we also have a huge set of new features dropping over the next couple of weeks that are the result of feedback from former students that have just started working in cybersecurity. We will add more content about data fundamentals and machine learning. But we have also enhanced our lab systems so they are even more rich for users to spend time practicing. And for the employers, we will have a refined set of reporting capabilities where they can take a set of students and monitor and encourage their progress throughout the course”.
Taking luck out of the equation
Lyne gets really excited talking about this course: “I really wish there would have been something like this when I was setting my first steps in cybersecurity”, he grins. “It would have saved me a whole lot of time and frustration!” But what’s more, his path into cybersecurity was mostly dictated by luck, “and then hard work and the right mentors”. Lyne wants to take the luck part out of the equation for people with the right aptitude, talent and interest in cybersecurity. “I want a more defined path for them. That is what we are trying to reach with SANS Foundations. You shouldn’t be dependent on luck to work in the coolest and most interesting industry there is. You should just be able to go for it”.