America’s national security is increasingly dependent on its ability to secure IT infrastructures at every level: from extensive and highly sensitive government repositories of classified data to small manufacturers that hold DOD contracts. The attempts by bad actors to penetrate computer networks are relentless, and the cost is staggering. According to the Federal Bureau of Investigation Internet Crime Report, the cost of cyberattacks in 2021 was $6.9 billion. The average cost of a data breach in the same year was $4.24 million.
Exacerbating this national security problem is a shortage of skilled cybersecurity workers. According to Information Systems Security Association (ISSA), “The top ramifications of the skills shortage include an increasing workload for the cybersecurity team (62%), unfilled open job requisitions (38%), and high burnout among staff (38%). Further, 95% of respondents state the cybersecurity skills shortage and its associated impacts have not improved over the past few years and 44% say it has only gotten worse.”
For those seeking careers in cybersecurity, the opportunities have never more abundant. According to Lightcast, a global leader in labor market analytics data, each of the first nine months of 2022 set records for the highest monthly cybersecurity demand since 2012. Between 2021 and 2022, public sector cybersecurity demand grew 25% to 45,708 postings, while private sector demand grew at a rate of 21% to 710,035 job listings.
According to the Bureau of Labor Statistics:
- The median annal salary in cybersecurity in 2021 was $102,600.
- California is ranked No. 1 in top median pay ($135,200) for a security analyst.
To respond to the needs of employers for skilled cybersecurity workers, the Business Training Center at El Camino College offers a wide range of cybersecurity training classes, many designed to attain industry-recognized CompTIA certifications. To learn more about those classes and certifications, we present the following interview with El Camino College instructor and cybersecurity subject matter expert Jeremiah Minner.
Q. What is your background in IT and cybersecurity?
Jeremiah Minner
Jeremiah Minner: I majored in computer science in college, and throughout my career, I’ve worked on the IT and security side of my assigned positions with various organizations. I’m currently teaching for CompTIA, which includes ITF+ Certification — a class that introduces basic IT knowledge and skills that helps professionals decide if a career in IT is right for them — and CASP+ (Advanced Security Practitioner), which is an advanced-level cybersecurity certification for security architects and senior security engineers charged with leading an enterprise’s cybersecurity readiness. I’m happy to be able to share my passion for these topics with students who are involved in the cybersecurity program at El Camino College.
Q. Tell us more about the CompTIA certifications.
Minner: CompTIA is an industry certification-based organization that focuses on baseline knowledge and advanced certifications in the IT industry, from infrastructure to databases and cybersecurity. They are widely recognized within the industry. Their A+ Certification is considered the baseline certification for anyone who wants to enter the IT field. CompTIA Security+ is a gold standard global certification that provides the baseline skills necessary to perform core security functions. This certification is essential for anyone pursuing an IT security career.
One advantage of CompTIA classes and certifications is they are vendor neutral; students are not trained in any proprietary implementations of technology. Rather, students are given a good overall picture of best practices that work throughout the industry. This is one reason why CompTIA certifications are widely recognized throughout the industry as a standard, baseline certification for IT skills and knowledge.
Q. How do CompTIA Certifications help someone advance their career?
Source: CompTIA
Minner: These days, IT hiring managers are under tremendous pressure to find candidates who can quickly become productive team members, who can troubleshoot problems and complete projects on time, with minimal direction. Candidates who hold high-value IT certifications like those from CompTIA are likely to be considered job-ready. As companies across every industry pursue digital transformation — an effort to become a data-driven organization — skills-based IT hiring will only increase over time. This means that someone who lacks a college degree but has one or more CompTIA certifications can be considered as attractive, or perhaps even more so, as a candidate with a newly minted bachelor’s degree.
In the simplest terms, CompTIA certifications will get you noticed and make you more likely to get an interview. IT hiring managers are looking for someone who is serious about learning and can demonstrate a commitment to continuous learning — a trait that is crucial in the fast-paced and ever-changing tech space.
The Global Knowledge 2019 IT Skills and Salary Report states, “Ninety-three percent of decision-makers around the world agree that IT-certified employees provide added value above and beyond the cost of certification. When asked to estimate the economic benefit of certified employees versus their non-certified peers, 63% said it exceeds $10,000 a year. Twenty-two percent placed the number above $30,000.
Q. What are the most common sources of cybersecurity breaches within an organization?
Minner: Hackers are looking for the weakest link in the chain, which is not necessarily some security software or sophisticated technology but the people who work within a company. Anyone in an organization can unwittingly assist a hacker. People can be tricked, and not because they don’t understand what’s going on, not because they haven’t had training, but because they are human. Most people have positive intentions and want to be helpful and trusting. It is those characteristics that a hacker using social engineering can exploit and convince them to do something that they normally wouldn’t do. And that something may just be the attack vector that gives the attacker access to the network. So, for almost every organization, the hardest area to secure is its people.
When an organization has a CompTIA Security+ certified person on staff, they have someone who can provide training to different echelons of the organization and explain to each person their unique role in helping to secure the IT infrastructure and the physical environment.
Q: Could you describe how the most common cybersecurity intrusions occur?
Minner: Attackers try all sorts of techniques. Anybody who has an email account sees on a daily basis multiple phishing emails in their junk mail folder. Why are there so many phishing emails when you know better than to open them and click on a link? Well, because somebody is. Hackers send out these emails in mass quantities. And if even a tiny percentage of recipients open and click on the link, that’s all a hacker sometimes needs.
Cyber Threat Map. Source: Kaspersky
There are attackers who try to gain access directly to an organization’s network. To understand those threats, an organization may use a cyberthreat map supplied by a cybersecurity company like Kaspersky. The cyberthreat map monitors attacks on honey pots or honey networks, which are faux infrastructure deployed to look like actual production networks for the purpose of enticing hackers to try to attack it. This allows cybersecurity experts to see in real time what types of attacks and techniques are being used by hackers stationed throughout the world and how to defend against them.
Cyberattacks come in many forms and in many levels of sophistication. Many attackers try to find low-cost, repeatable, mass production techniques to try to find vulnerabilities within an organization’s network. And once they’ve enumerated some of those vulnerabilities, they will choose one they think they can exploit with a payload, or a weapon specifically crafted for that weakness.
Q: How can an organization best prepare itself against cybersecurity attacks? What types of training should be undertaken?
Minner: Everybody in the organization has a responsibility for security, not only for cybersecurity but physical security but as well. A malicious actor may be trying to get physical access to the building so that they can deploy some sort of technology to infiltrate the network. So, the training within the organization has to include everybody — from the receptionist to shop-floor employees to the CEO and all levels of management.
If an employee with CompTIA Security+ certification is preparing the training course, they must take into consideration the various levels of employees they will be instructing. For example, if a subject like the technical backup of data is being delivered to the IT team, that’s going to be a very detailed and technical discussion. But if that same training is given to senior management or C-level folks, they won’t need such in-depth instruction. But they will need to understand where to save their information, how often it’s going to be backed up, and what their responsibilities are with marking that information. If it’s proprietary information, then it needs to be marked as proprietary information or stored in the right location so that it could be marked for that later. So, everybody has an important role in cybersecurity, and the training has to be developed for the audience.
Q. Can you give us an overview of the cybersecurity training offered by El Camino College and why it is unique?
Source: CompTIA
Minner: The training programs offered by El Camino College are focused on curriculum design to help students attain CompTIA certifications. The courses are broken down into core skills areas and begin with IT Fundamentals — the essential fundamentals course on how computers interact with their network and how they’re constructed — and CompTIA+, which is focused on networking and security fundamentals, and the hardware and construction of computers.
Additionally, they offer Network+, which is focused on how computers on enterprise networks can be set up to communicate with each other and create resilient and redundant networks. The Security+ class provides the core knowledge required of any cybersecurity role and covers best practices in troubleshooting, which ensures students have practical security problem-solving skills.
El Camino College offers a cybersecurity pathway that provides the opportunity to continue to build skills and an infrastructure pathway for those pursuing roles such as system administrator or network administrator.
See a listing of CompTIA courses offered by the Business Training Center at El Camino College.
Q: What is the starting point for a person who doesn’t have a technical background but wants to learn about the cybersecurity field?
Source: CompTIA
Minner: The CompTIA IT Fundamentals+ course is the perfect place to start for a person who doesn’t have a technical background. It provides a baseline understanding of what a computer is capable of and how it interacts with other computers, the internet and the network.
One of the things that makes the El Camino College program unique is its partnership with SynED, an organization that provides concierge service designed to help ensure students are well-prepared to take CompTIA certification exams. The services provided include a wide range of support, from a skills and knowledge assessment to practice tests. This service is included in the cost of the classes El Camino College offers. To me, it shows that they are 100% committed to student success.
###
For more information about CompTIA certifications and cybersecurity training classes provided by El Camino College, please contact:
Eldon R. Davidson
Director, Center for Customized Training
El Camino College – Business Training Center
13430 Hawthorne Blvd.
Hawthorne, CA 90250
edavidson@elcamino.edu