Discover your next IT certification,
unlock your potential, earn more!

Jumpstart your career with expert Wiley resources

Certifications and Skills-Based Training

Post image of Certifications and Skills-Based Training

Cybersecurity hiring managers place a premium on candidates who have on-the-job experience, even for entry-level jobs. In reality, “entry-level” cybersecurity jobs don’t mean “first jobs ever”, instead, getting an entry-level cybersecurity job may require a couple of years of IT experience (or equivalent) first. Which causes a problem: how do you get cyber experience without having a job to get the experience? Job seekers can purposefully add “skills-based” training to their certification studies, to demonstrate that they not only know the concepts of the certification, but how to apply them.

Seekers can look for training programs that incorporate skills-based activities, or invest in their own skills-based learning. Functional skills-based training is a way for students to physically practice the skills they are learning, and to develop a security professional mindset. Activities can include:

Tabletop Exercises (TTX): Discussion-based, facilitated events where participants role-play their activities during a cyber incident or other cybersecurity scenarios. Participants in a TTX can explore security roles and concepts in a risk-free environment. There are industry-wide, company-specific and conference-led exercises. While most TTX events are targeted for security incident responder groups, anyone wanting to work in cybersecurity can benefit from participating in a TTX, to better understand how responders make decisions and take actions during a cyber incident, which has policy and tooling implications
Capture-The-Flag Events: CTF Events are competitions that test cybersecurity skills by doing problem-solving challenges alone or as part of a team. The goal of a CTF challenge is to find a hidden piece of information (the “flag”) somewhere in the target environment. CTF events are available for anyone to participate in, mostly online or sometimes in person at conferences and training events. CTF events can be jeopardy style (where competitors solve a series of security challenges in different skill areas) or attack-defense challenges, where participants are given their own environment to defend, that have vulnerabilities that other teams can exploit. Participants must defend their own systems while attacking others. There are “CTF 101” resources online, to help newcomers understand how to participate in a CTF.
Internships: Cybersecurity internships (paid or unpaid) give students time working in a security role in an organization where they can apply their skills to real-world situations. Most internships occur at larger organizations who have dedicated security teams, and the time to train an intern. Internships require full-time working commitments, and often occur during summer months, but applications for those positions occur in the previous fall. Some two and four year education institutions include internships as part of their program. Competition for internships is strong, and anyone interested in pursuing an internship should leave plenty of time to apply for one. Many interns will receive job offers from the employer offering the internship, but even if that doesn’t happen, there is value in the experience and networks that internships create.
Cyber Ranges: Are digital or physical environments which simulate an organization’s network, systems and devices, and cybersecurity incidents that may occur in those environments. These are typically used as part of certification and degree training curricula. Most CTF and training organizations use ranges to provide a safe environment to test student’s knowledge and application of security tools and concepts. Ranges can also be used as a safe space to test the cybersecurity profiles of new technologies and processes. Job seekers should look for training programs that incorporate the use of cyber ranges.
Home Labs: Having a home lab gives you hands-on experience with security tools and techniques. Many security practitioners maintain a home lab even after they’ve entered the field, as a way of keeping up with technology and technique changes. An internet search for “building a cybersecurity home lab” will result in many sites that can instruct someone how to build and use a home lab. Job seekers who have a home lab should put this on their resume.

For cybersecurity professionals, it is not enough to learn only the theory – everything has a practical application for that theory.  Students pursuing a cybersecurity certification  (and a job) should keep this in mind as they choose their learning path.  Look for opportunities to demonstrate you know how to apply the concepts in a practical way, but participating in internships, competitions, and TTXs, and building and maintaining a home lab.  Make sure these activities are included in the training programs you are taking, and include these activities in your resumes and cover letters.