One of the biggest complaints from company owners I hear from time and time again is as follows:
“We need candidates that have experience to hit the ground running.”
On the flip side, candidates often issue the following complaint:
“We need to have and/or gain experience to get jobs.”
The industry can see this and knows this. However, it sometimes does not adhere to the needs of weathering through “hardship experiences” that are needed to move up in the information security industry.
One thing I always recommend to my students is getting your hands dirty regardless of your level. At the end of the day, someone is going to do the work, so it might as well address and/or be able to address the business needs. Either you are going be in the ship, drive the ship, or help drive the ship.
There is a huge demand for infosec professionals but at the same time, many aspiring security personnel are unemployed and left to the wind due to the fact that employers and companies don’t allow them to obtain the skills needed through on-the-job training. This is what some refer to as the “skills gap.”
Noting this gap, I took the initiative to start up EXXOTeck Training out of San Jose. There, I am bridging the gap for underemployed, unemployed, and/or learning adults who are seeking to gain real-life skill sets in cyber security. In line with market demands, we’re providing hands-on experience by bringing in world-leading experts from Cisco, AWS and other services providers to help students connect the dots.
These hands-on experiences can range anywhere from creating a network and peer-conducted penetration testing to studying companies and reviewing their defensive postures. Many times, students will find themselves in a scenario where they are either conducting a security assessment or acting as a CEO. Consequently, students can learn what it means to do the job of a cyber security professional and to know what overall business impact this type of work might have.
There is little to no direct cost to students who participate in the program due to government grants and funding. Looking ahead, I would like to take this a step further and bring this to the high-school level.
By creating momentum for young students, this will allow interested teens to step outside of the educational system and get ready for a job. This might be beyond my reach, but my vision is to ensure the general public is ready for cyber-driven security, warfare and business.