Cyber Security, its training and shortage of cyber security professionals has resulted in the following reports:
- Global shortage of two million cyber security professionals by 2017
- Study finds 90 percent have no recent cybersecurity training
- PWC Cyber Security skill shortage
These are alarming reports, reflect that the cyber criminal gets stronger, no longer the impoverished ‘script kiddie’. Cyber criminals have technical prowess, with positive intelligence, albeit at a cost to the inquisitive enquirer. Ultimately there’s now a growing void!
Cyber security training
Delving into the provision of cyber security training, I’ve reviewed what I consider five large providers and five other providers. However, given the extent of the Internet and geographical disposition, there will be a multitude of other training providers.
The screen shot on the top depicts the relevance and diversity of the persistent threats, which reinforces the demand for cyber security training. View FireEye for the live map. It’s worthy to note the timing, ferocity, attack targets/types and point of origin. The frequency is hard to comprehend, but this is here and now. The wealth of data this provides indicates the intensity of the threat, which is a continuum.
Into the first 5 …
The first 5 reviewed were:
ISACA (Information Systems Audit and Control Association)
In ISACA there is a new platform to address Cyber Security, referred to as ‘Cybersecurity Nexus’. There are 4 areas that can be studied:
- Cybersecurity Fundamentals, $55 for book or download
- Expert – CISM has as an equivalent knowledge base
The fundamentals exam can be done on line and a book can be purchased to support study for $55. The Practitioner and Expert levels have optional Specialist modules, depicted as:
Specialist optional modules
I recommend downloading the brochure , which gives a comprehensive overview. However, if the CISM qualification is held, this can lead directly towards Expert qualification, though as stated, the modules are optional. Be advised that ISACA membership would be a prerequisite.
SANS (System Administration, Networking, and Security)
The SANS Institute was established in 1989 as a cooperative research and education organization. Its programs now reach more than 165,000 security professionals around the world. A range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organisations from corporations to universities working together to help the entire information security community.
SANS are the most trusted and by far the largest source for information security training and security certification in the world. It also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet’s early warning system – the Internet Storm Center.
Three key areas to review are:
CESG (Communications-Electronics Security Group)
CESG is the Information Security arm of GCHQ, and the National Technical Authority for Information Assurance within the UK. This means that we are the definitive voice on the technical aspects of Information Security in Government.
- Providing tailored advice to Government on the security risks of new and existing IT systems, and providing ideas and designs to protect those risks.
- Building capability through the provision of standards and guidance, working with industry to ensure that appropriately assured products, services and people are available, and to build a pool of world class Information Assurance and Cyber Security professionals that organisations can draw upon.
- Provide operational support to existing systems by alerting to specific threats and vulnerabilities, providing incident response, and technical solutions such as cryptographic keys to protect the most sensitive information.
These outcomes are achieved in partnership with industry and academia, as well as using insights into threats from the work of our colleagues in the Centre for Protection of National Infrastructure (CPNI), MI5 and Secret Intelligence Service (MI6).
CESG have outsourced Cyber security to the companies mentioned above, taking a closer what they have to offer is documented below.
BCS – British Computer Society
Ironically, SFIA does not directly specify CyberSecurity as a specific requirement; however, collectively it would empower the business.
APMG Group International
Ironically, courses available here, bounces back to CESG, however the diversity of training on offer is to their credit. You will need to scroll down and review what’s on offer. A good course provided by the Open University (OU), on the Future Learn site I readily recommend, an overview is available here.
IISP (Institute of Information Security Professionals)
Accredited training courses can be viewed here. What you should have noticed, that there is cross-over between all 3 sites that I reviewed.
Interrogation of course details will provide you with the depth and diversity of courses and their applicability.
Overview of other 5 Cyber Security training providers …
- CompTIA – an overview of CompTIA Advanced Security Practitioner can be found here. To view exam objectives and sample questions requires the completion of a registration form, but it’s beneficial.
- Learning tree – the directory of cyber security training is available here. There is a myriad of information on this page that you should find beneficial.
- Open University (OU), provided on the Future Learn site has been referred to previously, but the link is available here.
- QA – at a glance overview of QA is available here and the directory of cyber security and other courses is available here.
- PGI (Protection Group International) – the PGI Cyber Academy is available here, with access to Executive Cyber Awareness available here.
There is a lot of information to absorb within these pages, though given the magnitude of the threat, the selection of reviews has been impartial and without bias. Ultimately it’s your business, the investment to ensure integrity or even you’re reviewing this as part of your job. Whatever the reason, there is a common goal to be achieved, ensuring the cyber threat is contained. That you or your business has taken proactive measures in this continuum, of ensuring your staff is trained and the investment has been money well spent.
Top/Featured Image: By ChadoNihi / Pixabay