Cyber Security Education and Training Resources for Veterans
For veterans who specialized in information technology (IT) during their service time, acclimating to civilian life and choosing an IT job can be tough. It’s not simply a matter of getting a job — the veteran unemployment rate is 2.7 percent, which is lower than the non-veteran unemployment rate of 4.0 percent — it’s a matter of which job to choose.
The cyber security field is full of promising employment options. By 2021, there will be about 3.5 million unfilled cyber security jobs. The transition from securing our nation’s interests abroad to securing our cyberspace interests at home is a natural one. Government and commercial ventures will desperately need cyber security specialists in the coming years, and any veteran who has experience in the IT field, or is interested in it, will find a lucrative, fulfilling, and exciting career in the cyber security sector of IT.
This resource, provided by the University of North Dakota’s online Master of Science in Cyber Security program, will help veterans get a comprehensive grasp on the cyber security career path by discussing cyber security basics as well as potential jobs and careers in the field. Thereafter, it will talk about how to start a cyber security career, and will identify certifications that can help veterans advance further in the ranks of the cyber security world.
What Is Cyber Security
Cyber security is the practice of identifying cyber threats, preventing cyber attacks, and mitigating the damage should a cyber attack occur. According to Cisco, cyber security personnel protect “systems, networks, and programs from digital attacks.” Since this encompasses such a wide range of industries, fields, and technologies, cyber security is a burgeoning industry that will continue to grow.
The industry, which will see spending exceed $1 trillion by 2021, has a big stake in healthcare, manufacturing, financial services, transportation, government, the military, mobile technology, science, software, hardware, the internet of things (IoT), and the cloud. In other words, anywhere there’s a digital network, there’s a need for cyber security.
Computer scientists first discovered a real need for cyber security when Robert T. Morris, a computer science graduate student at Cornell University, infected ARPANET with a worm in 1988. The predecessor to the internet, ARPANET (Advanced Research Projects Agency Network) was a defense program developed by the US Defense Department in the late 1960s. Morris’ worm was supposed to identify the size of the network, but it contained a programming error and was self-replicating. The worm clogged networks and crashed systems, and Morris was expelled from Cornell.
After that, the first viruses — such as Melissa and ILOVEYOU — ran rampant on the internet in the 90s. Companies responded by developing antivirus software. Cyber attacks became more targeted in the 2000s, when a man named Albert Gonzalez led the organized hacking of TJ Maxx from 2005 to 2007. All told, 45.7 million customers had their credit card information stolen, costing TJ Maxx $256 million.
In 2010, a group of scientists advising the Pentagon reported that, “The threats associated with cyber-security are dynamic in that the nature and agenda of adversaries is continually changing and the type of attacks encountered evolve over time, partly in response to defensive actions.”
The last several years has seen a rise of ransomware and massive data breaches:
- In 2013, Yahoo suffered the largest breach ever, which compromised the account information of 3 billion users. The company was subsequently fined $35 billion by the SEC.
- In 2015, the US Office of Personnel Management lost data on 4.2 million personnel to hackers, including security clearances and fingerprints.
- In 2017, a ransomware virus dubbed WannaCry infected over 230,000 computers in more than 150 countries and demanded payment in the form of bitcoins.
- Also in 2017, hackers breached credit reporting agency Equifax and stole data on 143 million Americans, including the data on 209,000 credit cards.
All of these developments have caused cyber security to become a huge concern for governments and private industries the world over.
Cyber Security Threats and Applications
Cyber security threats include different types of malware as well as social engineering and phishing scams.
Malware is malicious software that infects a computer, mobile device, network, or server. Malware can have a number of functions, from stealing data, to spying on users, to controlling devices remotely, to sending spam from a user’s device. Essentially, malware is a file or lines of code that perform whatever malicious function the attacker is attempting. Some different types of malware are:
- Botnets: Networks of infected computers that hackers control through command-and control servers;
- Polymorphic malware: Can change the code signature, or “appearance” of the code, while maintaining the core algorithm;
- Remote Administration Tools (RATs): Allows the hacker to control a system remotely;
- Rootkits: Hides in the operating system and provide root-level access to the computer;
- Spyware: Allows the hacker to collect information on the users whose computers are infected;
- Trojans: Takes on the appearance of legitimate software and infects once activated;
- Viruses: Attach themselves to other programs and replicate on a computer or network;
- Worms: Self-replicate and automatically spread through a computer or network;
As military vets know, civilian hackers aren’t the only ones who handle malware. Governments and terrorist organizations also use malware to conduct cyber warfare, and veterans with experience in this arena are well-equipped to improve cyber security and malware prevention efforts.
Ransomware is a type of malware that hijacks a computer’s data or makes it unable to function until the user pays a ransom. Ransomware can also affect entire networks. According to the National Cybersecurity and Communications Integration Center, “Ransomware typically spreads through phishing emails or by unknowingly visiting an infected website.” Cybercriminals walked away with over $1 billion in ransom in 2016 alone, asand that year saw a 748 percent increase of ransomware attacks.
Ransomware attacks continue to threaten organizations worldwide. Given their training and experience in dealing with malicious actors who threaten others’ well-being in emergency situations, veterans are particularly well-equipped to deal with ransomware. Veterans are adept at communicating and following protocols, and organizations need that type of discipline to avoid ransomware attacks.
Social engineering is the act of manipulating a user to give out sensitive information. This tactic doesn’t have to be digital — someone could call you and try to manipulate information out of you, or could try to obtain that information face-to-face. Digitally, however, perpetrators often engage in the following methods of social engineering:
- Baiting: The perpetrator could leave a USB drive — the bait — somewhere with an appealing label on it, and when the user plugs it in, the USB infects their computer with malware.
- Email hacking and contact spamming: The perpetrator hacks into someone’s email and sends spam to all of their contacts.
- Pretexting: The perpetrator uses an interesting pretext — such as telling the user they won something — to gain sensitive and valuable information.
- Quid pro quo: Usually via email, the perpetrator offers to give the user something in exchange for information.
Veterans with experience in military intelligence are well-equipped to spot social engineering scams, and there’s a lot of work to be done toward developing cyber security methods and tools to accurately track down perpetrators.
A specific (and popular) kind of social engineering, phishing is the fraudulent attempt to steal information through an email or webpage. Phishing scams are simple. The perpetrator sends users an email that either asks them to reply with their information, or contains a link that sends them to a fake webpage. The webpage is typically disguised as one they trust. Once the user enters information through the email or on the page, the phishing scam is complete. Scammers can also use phishing to infect computers with ransomware or malware.
Vets who have experience with training others will excel at helping organizations avoid phishing scams. Users need to be trained how to spot phishing attempts and vets can give them clear protocols on how to do so.
Military Cyber Security
According to Ray Rothrock, chairman and CEO of RedSeal, “Based on resilience, military cyber security is cybersecurity the private sector and civilian agencies can study and learn from.” The military’s cyber security specialists realize no network can be 100 percent safe from cyber attacks. Therefore, they build resilience into the networks. According to Michael Morris, CTO of root9B, a company that provides cyber security products and training, “Military personnel make the best cyber defenders simply because they have been steeped in fighting adversaries.”
Military cyber security training prepares personnel to build resilience into networks and proactively fight cyber criminals on their home-turf. Since resilience and proactive deterrence are two things the civilian cyber security industry tends to lack, veterans are a welcome addition to the team.
Cyber Security Jobs and Career Paths
The good news is veterans with a security clearance have an advantage when it comes to competing for cyber security jobs at the federal level. Public and private, there are a number of cyber security careers to choose from, and on average, professionals in these fields earn three times more than the national median income (salary information courtesy of PayScale).
Cyber Security Software Developer
US News and World Report rates software developer as the number one job out of the 100 best jobs in America. Cyber security software developers develop new programs and integrate security protocols and patches into existing programs. You’ll work on a tight-knit team with other developers and engineers, should you pursue a career in this field. Here are some of the details, as outlined by the National Institute for Cybersecurity Careers and Studies:
- Analyze information to determine the need for a new application or the modification of an existing one;
- Consult with customers about software system design and maintenance;
- Develop secure applications and apply cyber security functions such as encryption, access control, and identity management;
- Knowledge of networking concepts and protocols, network security methodologies, computer languages, and secure coding techniques;
- Skill in software debugging, conducting vulnerability scans, and writing code;
- Ability to comprehend and use complex mathematical concepts, tailor code analysis to applications, and develop secure software;
Knowledge of autonomous systems is a big plus for vets looking to become software developers, as is a security clearance. Organizations value good software developers to a high degree. On average, developers earn $104,655 per year.
Data scientists take large amounts of systems data, analyze them, and present their findings in understandable terms to concerned parties. When it comes to cyber security, companies are looking for data scientists who understand data security, which includes using systems, techniques, and algorithms to detect intrusions. Here are some of the details, as outlined by the Central Intelligence Agency:
- Organize and interpret data to inform decision makers, drive operations, and shape technology;
- Develop algorithms and statistical that find patterns and relationships in large volumes of data;
- Communicate conclusions to a diverse audience;
- Advanced degree in a data science equivalent field or related field;
- Experience working with data-rich problems;
- Problem solving skills;
Veterans who gained experience in Science, Technology, Engineering, or Mathematics (STEM) during their service time also have qualifications that can help them become data scientists.
Organizations value good data scientists a great deal. On average, good data scientists earn an average of $125,280 per year.
According to the Bureau of Labor Statistics (BLS), “Information security analysts plan and carry out security measures to protect an organization’s computer networks and systems. Their responsibilities are continually expanding as the number of cyberattacks increases.” Security analysts benefit from the knowledge of cyber security and behavior, which helps them grasp the human motivations and actions of perpetrators. Here are some of the details, as per the BLS:
- Monitor the network for cyber attacks and investigate them;
- Install security software and research IT security trends;
- Recommend security enhancements and educate computer users about new products and procedures;
- Minimum of a Bachelor’s degree in Computer Science or related field, Master’s degree optimum;
- Work experience, which can include military experience, in a related occupation;
- Information security certifications preferred; candidate should possess analytical skills, problem-solving skills, ingenuity, and attention to detail;
Vets who worked in IT or a related focus in the military will have a leg up in becoming a security analyst. Additionally, a general cyber security degree enables candidates to work for any organization.
On average, security analysts make $98,756 a year.
Penetration testers are also known as “ethical hackers,” which in itself provides a description of what these professionals do. A penetration tester’s job is to find vulnerabilities in an organization’s cyber security. This involves hacking networks and acting as if you’re an unethical hacker, for the purpose of determining what needs to be fixed.
The qualifications for penetration tester jobs are similar to those of a security analyst. If you’re good at hacking systems, a good communicator, and you obtain the education and certifications that organizations desire, you’ll find no shortage of jobs available. Military IT skills are especially applicable, given the fact that penetration testers specialize in finding vulnerabilities in systems and communicating next steps to decision makers. On average, penetration testers earn $126,895 per year.
How to Start a Career in Cyber Security: Veteran Training Programs and Benefits
As a vet, you already have a leg up in launching into one of the most lucrative and rewarding careers in America today. Employers and educators value experience more than anything else. If you have any applicable IT experience from your military service, it’s just as good, if not better than a Bachelor’s degree. Try the military skills translator to see if your experience is applicable to any of the jobs and career paths outlined above.
Here are some of the veteran training programs and financial benefits you can take advantage of as a vet. The good news is this isn’t an exhaustive list. The more research you do, the more options you’ll find in front of you.
The GI Bill can help you go to school, get free training, and land a job. Schools and employers are on the lookout for vets because your skill-set and discipline level are a huge asset to any organization. Let’s run through your entitlements and options:
- Yellow Ribbon Program: Pays for your in-state college tuition at a public institution, or foots part of the bill for a private school or out-of-state college. As a participant in this program, UND voluntary participates in the Yellow Ribbon G.I. Education Enhancement Program, meaning UND will pay the additional out-of-state tuition costs. Check to make sure you meet the program’s eligibility requirements.
- Vocational Rehabilitation and Employment: If you were already involved in cyber security or IT in the service, there’s a chance that all you need is some additional training and/or certification to land a job. The VR&E program sponsors that training and can help you if you sustained an injury in the service.
- Top-Up Assistance: If you’re still technically a service member and want to take some cyber security classes without using all of your GI benefits, this program can help make that happen.
- VET-TEC: VET-TEC doesn’t actually use up any benefits, and you only need one day of GI Bill entitlement to qualify. The program provides housing and training for those pursuing areas such as software development, information science, programming, data processing, and coding.
National Centers of Academic Excellence (CAE) program
This program is sponsored by the DHS and NSA. The centers of academic excellence are colleges and universities with exceptional cyber security education programs that meet specific criteria established by subject matter experts in order to provide cyber security knowledge-units (KUs).
SANS VetSuccess Academy
This 100 percent scholarship-based program is aimed at vets that are no more than six months into a transition to civilian life. VetSuccess provides not only training but also Global Information Assurance Certification (GIAC — see below).
CyberCorps Scholarship for Service (SFS)
The CyberCorps Scholarship comes with a very specific requirement: once you graduate, you must go to work for the government. This can be at the federal, state, local, or tribal level. It’s perfect for you if you’d prefer to work in the public sector of cyber security.
Additional Cyber Security Certifications
Many jobs require certifications for employment consideration. Here’s an overview of some of the certifications on offer.
GIAC: Global Information Assurance Certification includes cyber defense, industrial control systems, penetration testing, digital forensics and incident response, management and leadership, as well as developer certifications.
IACRB: The Information Assurance Certification Review Board operates on a global level and offers certifications in seven job-specific sectors.
Offensive Security: Offensive Security offers certifications that cover penetration testing, advanced attack simulation, and application security assessment.
CISSP: Billing itself as “the world’s premiere cybersecurity certification,” the CISSP offers certifications in IT/ICT security administration, cloud security, security assessment and authorization, secure software development, as well as healthcare security and privacy.