Huh:
The world's largest hacking conference, held since 1993 and lately drawing in as many as 30,000 attendees, has been held in venues owned by the Caesars Entertainment for well over a decade. According to conference founder Jeff Moss, AKA Dark Tangent, the hotel and casino operator has unexpectedly canceled the con's booking for 2024 with no warning nor explanation.Weird. But DEFCON will continue, at the Convention Center.
The World Economic Forum (I know, I know) released a report of the fastest growing and fastest declining job fields. Information Security is their 4th fastest growing job field.
And it's cheap to get into the field.
Aesop links to John Wilder writing about life paths, and adds his own thoughts. This part from Aesop's post seems key:
A high school classmate, solid C student, nice guy, was a total gearhead. Not college material in any way, shape, or form, and he knew it. But a good guy, and good with transmissions and engines. Three years out of high school, he bought his boss's shop. Ten years out, he owned ten auto shops. Was married, paid-off house, and worth $1M. Before age 30. Never even bothered with the SAT. Knew what he liked, did what he wanted. None of the college grads (which was 95% of my class) could touch that at the 10-year reunion.
A guy fixing air conditioners, transmissions, or furnaces and water heaters is going to make a good living anywhere but Trashcanistan, and the entry requirement is a GED, aptitude, and a work ethic.
Mike Rowe annually pounds the drum that Caterpillar every year has unfilled openings for people willing to learn how to repair bulldozers, cranes, and graders, has a full apprenticeship program, and that in 2 years, you'll graduate with zero debt, and skill that can take you worldwide, and pay $100K a year within a couple of years after graduating, and can't be shipped overseas, unless that's where the broken bulldozer is. And they go begging for applicants, because people would rather mortgage their entire future and not get their fingernails dirty.
Same with the Electric Unions. They'll train you for little/no cost and then get you an apprenticeship. That's a job that simply can't get outsourced.
I've written for almost a decade about how you can teach yourself everything you need to pass basic Cisco network certification. Starting salary is $50,000+ and you can keep repeating the exact same process until you have their Security cert at which point you will be making six figures. If you're a young guy I should point out that SecureWorks has a Security Operations Center in Myrtle Beach, so you can ride your Harley to work at the beach.
The cost? $30 for a book, your time, and the cost to take the cert (couple hundred bucks). My posts are here, just keep scrolling.
The key point here (my posts, Aesop's, and John's) is that the University Marketing departments have done an excellent job of selling short-term social status, not long term Return On Investment. If you're independently wealthy then that's fine, but their pitch of "you'll make a million dollars more if you get our degree" simply isn't true for most students.
College is expensive. People need to look very closely at the expected return on their investment if they're considering going. Social status doesn't put dinner on the table.
There are a lot of alternative paths that High School Guidance Counsellors won't tell them about. Most of those alternatives pay as well or better than a University degree. Caveat Emptor.
Reader C.H. sent the following which made my day. I'm posting it with his kind permission:
I am writing as I believe some acknowledgement is in order.Some years ago you authored a blog post advertising network security as a career path for those new to the job market. At this time I was committed to another profession but I found your arguments to be compelling.
I would later remember this when I grew frustrated with the bureaucracy undermining my work in the role I had and elected to make a change.I am now roughly a year into a desirable SOC position in which I am respected for delivering for my team and lucrative career advancement is assured. This is of course a very enviable circumstance in our crumbling society, and I thought it fitting to acknowledge your direct hand in guiding me there in the hope you may derive some satisfaction from your good works.
Thank you dearly,
---
C.H.
The post he is referring to is one of the ones here. I am really happy that this worked out for you, C.H. If anyone finds themself in a similar situation - or if they know of someone in that situation - you might want to take a look at those posts.
Insty has been banging the drum lately on how young men are increasingly avoiding College. You can't really blame them as it's a pretty hostile environment for men, and saddles most graduates with ruinous amounts of student debt.
But if you're bright, motivated, and hard working, there's a path to a six figure salary that will literally cost you only a few thousand dollars - plus a lot of self study time spent. First, let's talk about the target and the opportunity. The Bureau of Labor Statistics just published a study that highlights the fastest growing job fields through 2030:
That highlighted line? Internet Security. The good news? Nobody cares where you went to school for your security degree, or even that you have a security degree. What they care about are industry certifications. You get the cert, you're in like flint.
Now there's a lot involved with getting the cert, 'natch. I posted about this repeatedly over the years. This is a good starting point, and from there you can click through to here which has a fairly detailed set of things to do, and here which is similar but different to the Borepatch Method.
In a nutshell, you can get a Cisco CCNA Exam Prep book for small money, read on your own in your evenings and spare time, take mock tests to make sure that you understand the material, and then take the real cert class for something like $1500. This will qualify you for an entry level IT job, probably around $50k/year. You continue with the next level higher certification, doing exactly the same as above. When you get that you'll qualify for a higher paying job.
You'll get to the point where you're getting certified on ASA Firewall or the like, and then you're an Information Security Analysts. With the cert, you apply for one of those BLS jobs.
They key, you have to spend a lot of your own time on this in self-study. That's a pain, but you save all that dough you'd be spending on the Dirty Commies at the University. Plus you don't have to put up with all the "Be less White and Male" nonsense that they'd make you take (and pay for).
I got an email recently from a reader who had read some of those old posts of mine (thanks, C.H.!). He had found himself in a frustrating job and took this path. How he's working in a Security Operations Center and pretty happy at where he got himself.
It's been a while since I'd posted this sort of thing, but this seems like a good time to remind our younger Gentlemen Readers (or our Old Fart readers who have sons or nephews) that there is an alternative to the College Mill.
The number one issue facing cybersecurity firms is a "chronic shortage" of qualified staff.They predict a shortage of over 3 million practitioners by 2021. And this doesn't count military postings, where the problem is even worse.
That's according to the founder of market analyst Cybersecurity Ventures, Steve Morgan. "The single biggest trend, globally, is that there are chronic work shortages of qualified cyber security staff. It's an absolute epidemic," Morgan told supply-chain blog Channelnomics.
Morgan's company in 2016 gathered feedback from executives listed highest on the company's list of 500 top cybersecurity firms, many of whom pointed to the same problem.
If you're young and looking for a change of direction (or if you have a kid who is), you might want to check into this.Basic competency (one or more of the following):
- Cisco certification (Cisco CCENT certification or higher)
- Relevant industry certification [(ISC)2, CompTIA Security+, EC-Council, GIAC, ISACA]
- Cisco Networking Academy letter of completion (CCNA 1 and CCNA 2)
- At least three years of combined experience in approved U.S. military job roles
- Windows expertise: Microsoft (Microsoft Specialist, MCSA, MCSE), CompTIA (A+, Network+, Server+).
- Linux expertise: CompTIA (Linux+), Linux Professional Institute (LPI) certification, Linux Foundation (LCFS, LCFE), Red Hat (RHCSA, RHCE, RHCA), Oracle Linux (OCA, OCP)
OK, so Uncle Sugar has shot hisself in the foot (this is my surprised face ...), but industry needs security guys (and gals). The money is good, and by the looks of things the problem will be around for decades. I've been writing about this for a while now. There's lots of good free training.Rigid hiring processes and low pay for specialized employees have kept the U.S. government from developing the type of cyber workforce it needs to keep up with growing attacks, according to an independent analysis.The Partnership for Public Service released a report on Tuesday saying the federal government has positioned itself poorly for recruiting cybersecurity personnel at a time when the nation as a whole is already facing a shortage.
A few weeks ago you wrote a bit about breaking into networking and IT security with Cisco certs. Two comments on that:I knew a lot of Cisco SEs, and all of them were smart dudes. So you know about Eseell.
1) Last week I accepted a job offer from Cisco to become a pre-sales systems engineer for service providers and data centers in the Southwest US. At least a small part was due to your voice being one of dozens of current and former Cisco employees I've spoken to about working there, none of whom said that it wasn't a good company to work for.2) Several managers I interviewed with were quite vocal about the fact that my CCIEs and CCDE were more valuable credentials to them than any college degree could be, so you were definitely spot on about that.
There are slides in PowerPoint or PDF - 474 slides in the case of this course. There's real training info here.This is a lecture and lab based class giving an introduction to vulnerability assessment of some common common computing technologies. Instructor-led lab exercises are used to demonstrate specific tools and technologies.Course Objectives are- Learning a general methodology for conducting assessments- Scanning and mapping network topology- Identifying listening ports/services on hosts- Fingerprinting operating systems remotely- Conducting automated vulnerability scans- Auditing router, switch, and firewall security- Auditing UNIX and Windows configuration and security- Performing Web application and associated database security assessmentsThis class will serve as a prerequisite for later class on vulnerability assessment which dive deeper into specific areas such as Windows VA or web application VA.
