Bootstrapping Your Cybersecurity Education by Jan Carroll

hello everyone thank you for your patience and thanks for joining us this morning are joining joining me this morning um i'm delighted to be back at b sites and besides dublin in particular my hometown the last time i was here i was out in the in the foyer as a as a vendor and so it's my first time as a speaker at these sites so i'm very excited just okay bit about me um my name's john carroll and i'm going to talk to you today about bootstrap being your cyber education um i'm a lecturer with a cyber security director with ucd professional academy and i've also started my own company fortify institute so my own

cyber journey and i've always worked in tech i started as an electrician 25 or more years ago and then i went into education and i t training and about and that's why i stayed there for a while and then a few years ago i decided i wanted to change and that change was to move into cyber security so i took a master's and then i also completed a lot of the courses i'm going to talk about this morning so i do have that insight as well and the other thing as as the lecturer one of the at the end of the the courses i do i always have a session with with my students about where they want

to go next and i tell them about these different courses and they're always surprised that they're they're there that they're free that they're accredited they're supported and they're accessible from ireland and most of them are flexible and especially with um the impact of covet it's made these courses even more accessible okay so there's a lot of um benefits of pros and the other thing is we all are aware of the the global cyber security skills gap and cyber cyber ireland did a survey last year and they identified that um nearly half of the roles as their cyber security roles aren't being filled so there is a huge skills gap and because of that there is a lot of a lot

of funding going in to cyber security courses in particular our skills needed by and the cyber security security industry in general okay so and that's good good for us um yeah i'm often asked this question about skills versus qualifications uh and what i always say is it depends okay we all know people who have brilliant skills they're great at pen tests and they're brilliant developers but they don't have the qualifications and then we also know people who may have lots of qualifications but if you don't lose your skills you lose them and and what i'd say it does depend it depends where you are in your career and where you want to go bigger organizations will look for those

um bits of paper smaller organizations may be happy enough if you can if you can do the job so it does just depend what i'm going to show you today is it's college isn't for everyone okay being able to invest three or four years full time isn't um isn't ideal for everyone some people aren't don't have the um there's barriers to them maybe they can't afford maybe their young parents maybe they actually can't access and physically access the college like we've counties in this country that don't have um colleges so what i'm going to show you as well is courses where you can get um quick you don't have to invest too much time but you can get qualified and get

started on your career are if you're in your career you can um either diversify or improve on your career prospects so oh yeah what i wanted to say was this this talk came from an article i wrote last year about about this very thing and i i compiled all the different resources and i popped them up on my on my socials you can have a look um but i didn't want to just stand up here today and start listing and a load of links that's no fun for anybody so what i've done is i've come up with five personas and each of the personas is somebody at a different stage of their security career and hopefully you'll um identify with at

least at least one of them okay so first off we're going to look at anna and anna is at the start of her career she's she's young she's not showing a couple years out of school and she has skills but they're all self-taught college isn't for her and there's certain barriers there that she and she can't afford to go and and she can't afford to do part-time so what i would say to anna first off is go on have a look at fetchcourses.ie fetchcore study is a database of the further education courses available in ireland and these courses are available to anyone over 16 and since covert a lot of them are online so the courses are offered by your their

etb your local um your local education and training board and before we used to be restricted to the courses in our area but now because they're online we can access courses anywhere so if anna goes on to fetch courses and searches for cyber what you'll find is that um bald oil training center is offering a a cyber security analyst course it's the comptia one she can do it a couple of nights a week it's all online and she gets the she can do the the exam as well and it's completely free okay um if that doesn't suit her maybe she's not available those nights she can go on to eat college study ecollege again is

government funded it's available to everyone especially since covet used to be only for job seekers now it's for anyone and there's a whole range of courses there for anna she can go on there and sign up to the comptia security plus and she can sign up today and she can do the exam the the exams are included as well you get it you get a second go at the exam and it's supported so you have a mentor as well so it's not like going i know you can get some of these courses online and you can study for them but these include the exam and they are supported okay and there's a range of other

courses on ecollege not just um tech courses cyber quest is another uh government funded organization they are partnered with um ict skills skills net and they offer courses for job seekers and they have three different courses depending on your your own tech skills and they want to um get people upskilled or re-skilled in cyber security and they also have that support aspect where they'll help you get a job as well fish is an organization and i know fit well but they they work with a lot of training providers but they also do and do um apprenticeships so there's tech apprenticeships and there is particular cyber security apprenticeship so ifana wants to work and learn she can get an

apprenticeship i would also say for if she wants to get certified and get certified quickly she ine offer the full uh training for the ejpt the junior pen tester so she can do the full course and then if she wants to sit the exam she can get the ejpt the junior pen tester for about two hundred dollars and she'll have that certificate in her back pocket ready to go and another course that i do recommend is ictf and they offer a range of courses and they also work with um ctr skills net but they do a cyber security boot camp for women okay as completely free they have their next intake in may and i've done that course and it's a

really nice one and it's it's a great refresher and it's it focuses on risk um okay so there there's anna and it's all set up no excuses okay next here we have david so david's about five years into his career he works as a cyber security consultant and he wants to um he wants to progress in his career you want he's getting a bit pigeonholed so he wants to get a few more skills and he also wants to get ready for a management role so what i would say to david is get on to the the fetch.ie and what he'll see is bald oil are offering the comptia casp which is an event an advanced security and practitioner

course and you can start that today completely free and do the exams and it's supported and if that doesn't suit him he can go on to e-college e-college have system in training the programming training but another the thing that might be good for david is project management training so we can go on to e-college and start doing prints too okay and springboard is another one of what i call the best-kept secrets and springboard is a government-funded initiative most colleges and universities in the country offer springboard courses ideally or not ideally but they are offered for graduates but when they say graduates it's not you don't have to have a level seven or a level eight

degree you can have a level six and they also look at your your prior learning and education so don't think if you haven't got a degree you can't do springboard but springboard offer wide range of courses they're all focused on industry needs but they do have cyber security courses um originally springboard were just for job seekers now anybody would anybody who's working can access springboard you just pay 10 so what that means is you can get a degree or a master's for about 400 euro okay so have a look at that they they're sort of limited with numbers but i've done loads of i've done three springboard courses at this point and so check it out

cyber skills started off last year it's an initiative it's another government-funded initiative where four universities have come together and they're working with industries to come up with and targeted pathways and micro credentials in the areas that we need in cyber security this the courses are suited to i t people who are in it already but they just want to get particular cyber skills so for david they do a secure coding and pathway which might be useful for okay cyber skills isn't free that's the only thing but mostly usually it's employers that pay for it if you wanted something quick i would say today would have a look at ccsk it's a certificate of cloud security

knowledge and this is offered by csa's cloud security alliance you can go on and the course content textbooks completely free you can do the exam for about 350 and it's a one-off you don't have to maintain it and i'm just conscious of time now we're good okay so here we have the managers okay with evan and alice and i see a lot of evans evan is the manager who isn't an i.t guy what is at the moment his his hair is on fire he's he's been told he has to sort it out with regards to cyber security but he just doesn't know where to start and what i would say to evan is have a

look at springboard depending on where he's coming from but have a look at springboard have a look at e college but the one i would ex direct evan to is collaboratory so collaboratory is the cyber security hub at tu dublin and they're like a think tank research group but they also have done research to identify that this is a big gap in training the likes of non-tech managers so they're putting together a series of training and these would be sort of one-off couple of hours training and that's where so we'd find out like sort of where do i start so um with regards to evan like what are my assets what are my what are the threats what

are the vulnerabilities and what controls can i put in place and also maybe what framework should i be looking at okay so that would that would help evan out alice on the other hand is an i.t manager so she's she's up to speed on on the cyber security side of things but she's more concerned about her team so how do she get her team up to speed and make sure that they have all the training they need to carry out their role in a secure way so alice can go on to go to cyber skills they will work with employers as well about putting the training together and skillsnet also work with employers and skillsnet offer a wide range of

courses and they work with individual training providers the courses aren't free with skillsnet but they are heavily subsidized great value for courses on there and you can and you can anybody can access them um okay so that's the managers so last we have esther now esther i have a soft spot for esther she's the one i relate to most um esther is what we call a returner okay so esther has taken a break um and returners tend to be tech people who have taken a break from their career for two or more years maybe they've gone traveling maybe they've been sick um or maybe they have caring responsibilities and whatever reason they've taken that break now esther has

taken the break because she's been raising her family and now she's she's ready to go back to work what you'll find is that the bigger companies the amazons the facebooks um and and apples and that they have returned our programs that have been running successfully for a number of years and anyone i've talked to who are running these returner programs they're hugely successful and what they will do is say we'll upskill the individual they'll work on their um soft skills their confidence and they'll also give them some sort of supported phase to reentry into into into the workplace so what i say to esther is have a look at um ict skills they're running a women

reboot now you'll often find a lot of these um returner programs are focused at women but not all of them okay it's just that's what what the numbers are showing and by encouraging more women back into the workplace it helps um deal with the diversity issue as well with some of the diversity issues we have um i'd also encourage esther to have a look at cyberquest sorry requests are encouraging encouraging more women back into the workplace but they're also looking at others who maybe are ready for a second career so you'll often see um individuals from security services maybe they're retiring at in their early 40s and they've got all those all those years of experience so why not retrain

and come into cyber security so that opportu that opportunity is there springboard i'd also direct asked her to springboard and there are lots of opportunities there have a look and see what area she wants to um upskill in and again the ict skills net they have lots of opportunities and then the last thing i'd say to esther is get on to cyber women ireland cyber women ireland is a voluntary non-profit organization that is set up to advance uh to try and get more women into cyber and keep women in cyber and also get more women out on media out on the airways talking about cyber security issues i'm on the board so if anybody is interested um let me

know we're looking for more and more people all the time okay so we've gone through that hopefully you've seen uh one of those personas resonates with you now i do know that i've already covered um the courses that are relevant to ireland that are supported that are free and low cost and that have certification they come with accreditation and i know there's others out there um such as cisco networking academy they're great for and partnering with some of the other um providers that we looked at and they have a fundamentals of cyber security they've linux training they've python training of lots of other bits and pieces um itac is the innovation technology atlanta gateway so they're based on the

west they run um cyber security boot camps and other specific cyber security training so if you're over that way have a look and they also partner with um skillnet now there are the moocs like i know there's loads of subscription services online there's pluralsight there's um cybory and this the likes of hacked box and try hacking there's all of those okay and they're really good they offer either free trials or some sort of free level of um access so please check them out as well with regards to the moocs the massive open online courses with coursera and edx you can access and with futurelearn as well you can access the education you can access the training but you will

have to pay for the certificate or sometimes the exam and coursera worked with ibm as well they they were delivering a course online and but i think it's it's running at the moment futurelearn are backed by um open university and i like their courses especially it's for sort of entry level and they use sort of mixed media as well so that they're the courses that i'm familiar with and um hopefully you've got something out of that and i did i know i went a bit fast but i was sort of conscious of the time and oh look i've given you a few extra minutes on your break so if anybody got any questions all of those resources i have put on my

socials and i've also if you go out onto my website my website's not um fully functional yet but i have put a link to all those resources okay i'm around all day stop me if you want to say hi and any questions yes thank you very much that was brilliant um i do a lot of like really entry-level stuff trying to get more people into cyber security and i've been asked more recently going to schools and try to get more girls into it but i don't want to be that guy going out and preaching to them about yeah cyber so what do you see are the biggest blockers of the biggest barriers to girls getting into cyber

security in the first place yeah well i'm glad you brought that up i'm involved in another organization called cyber for school girls and we do exactly what you said we go into schools and try and get girls um to consider cyber security as as a career option and that's what we can just keep banging the same drum and we need to get we need to get more i know it's not women's problem to solve like the diversity issue is everybody's problem and not just women's problems are the underrepresent underrepresented group so we all have to do our part and so that's one one thing we need to do um but we do need role models and

it's a whole you need to see it to be it and we need to get the younger women into the schools to tell them how wonderful it is um because snoke it's not there's no good me going in but i go in they see their mom or their granny i don't know but they need to see young young women going in and encouraging them that way and tell them how how how great a career it is how much money they can make how the pandemic um made it that we could we didn't lose our jobs during the pandemic all of these positive things and it's fun i see i i love all the all the

tech stuff so it's getting that out there but i have to say i'm i've been in the industry a long long time i'm not seeing huge changes unfortunately like when i i did my first degree there was five women in a room of 100 and i don't think it's too much different now from talking to lecturers but we can just try we can just try okay and i haven't please let me know if there's courses there if there's courses you know of that i haven't mentioned and because part of the problem is getting this information together so if you can feed it into me and i'll try and get it out there as well

[Music] well you know what we i've only come on to the board and it's sort of been it hasn't been very active over the last couple years like a lot of a lot of organizations but we're certainly open to to any options i know cyber ireland does have a platform for jobs um but yeah it makes sense it sounds like a good idea and but certainly consider it useful yeah connect me yeah anybody else okay so what about the masses what what would be the best universities to have a mice in cyber security a master's um because i'm talking about the low cost no cost nci does a master's with um ict skills if you go into ict skills net

and they have a whole page on cyber security and they do offer a degree and the last time they offered it it was a two-year online um degree with nc sorry masters with nci you needed to have a level eight and it was coming in about i think it was like 1500 like i haven't seen value like that anywhere for our masters and so that's that's one i did mine in in blanche but um but nci that one with nci and it's uh but have a look at the springboards i don't know exactly what's on springboard at the moment but go on to springboard and keep checking with springboard because they update sometimes there's a january

intake but most often it's um september october so have a look at that yeah and i just want to ask em as a person who has transitioned from a different career into cyber as a female and i am currently studying springboard course um and i'm wondering how important is it to have the certifications along with the qualification as a transitioner with a previous career if you know them well watch what you'll find i know i i didn't start getting into cyber security until i was in my 40s and you're always you're often trying to prove yourself and having the certs sort of helps with that you still have to be able to do the job nothing's going to

replace that but it might get your foot in the door um and i it sort of goes against everything when i say that but i'm just being realistic you know but connect let's have a chat okay okay anyone else go and have your break okay thank you very much [Applause]