As was foretold, we've added advertisements to the forums! If you have questions, or if you encounter any bugs, please visit this thread: https://forums.penny-arcade.com/discussion/240191/forum-advertisement-faq-and-reports-thread/
Advice on Cybersecurity Program requirements
Arch
Neat-o, mosquito!Registered User regular
Neat-o, mosquito!Registered User regular
Don't worry, your favorite resident bug scientist is still going to be playing with bugs and being a scientist.
My wife, however, is looking for a career change and is incredibly interested in this program or one like it: https://msmis.eller.arizona.edu/masters-programs/azsecure-cybersecurity-fellowship-program
However, while she has a large amount of experience in running and managing databases (she was a database manager for a museum, NPR, and now for Department of Child Safety), all of her work in this area was on the user side. That is, inputting data and actually using the databases after they've been constructed, so she doesn't know a lot of programming.
The requirements for the program here, specifically, are as follows
Now, I was able to recommend Code Academy, at least, for learning Java and PHP, but I don't know enough about the other requirements to make specific suggestions about where she could go to learn it on her own. Any suggestions here, from someone who is more of a frog rammer, or who maybe works in Cybersecurity?
Thanks!
My wife, however, is looking for a career change and is incredibly interested in this program or one like it: https://msmis.eller.arizona.edu/masters-programs/azsecure-cybersecurity-fellowship-program
However, while she has a large amount of experience in running and managing databases (she was a database manager for a museum, NPR, and now for Department of Child Safety), all of her work in this area was on the user side. That is, inputting data and actually using the databases after they've been constructed, so she doesn't know a lot of programming.
The requirements for the program here, specifically, are as follows
Before joining our program, students should have experience in computer and Web programming. Students should have knowledge and experience with (1) Java and (2) JSP and Servlets, PHP or .NET/J2EE. Knowledge of database connectivity via ODBC or JDBC is also recommended.
Now, I was able to recommend Code Academy, at least, for learning Java and PHP, but I don't know enough about the other requirements to make specific suggestions about where she could go to learn it on her own. Any suggestions here, from someone who is more of a frog rammer, or who maybe works in Cybersecurity?
Thanks!
| Zinnar on most things | Avatar by Blameless ClericPsycho Internet Hawk wrote: »
0
Posts
The laymen's translation of the requirements: Know Java, and some sort of Web application framework.
Java:Sounds like you already got this one covered.
JSP/Servlets: This is Sun's solution for implementing web applications in Java. This is probably your best bet for #2 as you are picking up Java anyway for #1.
PHP: Skip it. It's another programming language, one designed around web development, but they require Java by itself anyways, so just stick with the Java stack instead of learning multiple languages. It's not that it's not worth learning, strictly speaking, but you need to cut out whatever you can, and it's somewhat redundant.
.NET: Skip it. It's got the same problem as PHP. This is Microsoft's application framework. They are presumably interested in something called ASP primarily, which is Microsoft's web framework, but you will want to pick up either C++ or C# to do anything substantial with it. Your wife is already learning Java and you will have enough to pick up with that.
J2EE: Sun's enterprise application frame work for Java. A large chunk of this is the web framework, which you already have a requirement for: JSP/Servlets. There are lot of other bits and bobs here, so come back here if you have time, but focus on web first since they seem to care mostly about that.
JDBC/ODBC: These are two different interfaces for talking to databases programmatically. Ignore ODBC for now. JDBC by itself will be sufficient, and if you are using Java, you will need to talk to ODBC through JDBC anyways.
Stuff they missed that you will need:
HTML/CSS: Since your wife is going to be learning a web framework, she is going to need at least a rudimentary knowledge of HTML/CSS.
SQL: It sounds like maybe you've got this one covered already, but I'm guessing not based on the wording you used re: databases. It's pretty much the "standard" (except there are a million different flavors) language for talking with relational databases. You will need to learn the basics for JDBC/ODBC.
I'll come back with some better learning resources later as I'm short on time right now, but the book "Head First: Servlet's and JSP 2nd edition" is a good place to start for a lot of this. It's a bit out of date but not terribly so since you're just picking up the basics. It's well written and aimed squarely at beginners. It covers enough HTML as well to get you started. You're probably going to want to tackle a bit of java first though. Code Academy as you mentioned is probably a decent place to start for that.
Edit: One thing I can't believe I forgot to mention, what about simply taking some extra classes? It's pretty typical for places with programs like this to offer extra classes to fill in some knowledge gaps with the program prerequisites. From my experience at least, this a great route to go if you can afford it.
Gotta disagree with Malgaras about .NET. It's versatile and powerful and in no way deserves to be compared to PHP. C# is basically a better version of Java.
There is an explicit mandatory Java requirement. The other stuff is a "choose one". Given that, it makes more sense to stick with Java based frameworks than to learn C# on top Java just to lean .NET. As to whether C# or Java is "better" is frankly a religious war that is out of scope here given that the requirements explicitly state that students need to know Java.
Ultimately if interested in "hacking" the answer is "every time you encounter something you don't know how to do, like needing to understand a new language, go learn it, there are infinite resources on the web." But I think OP didn't ask that, just, "how quickly can we prepare to meet the entry requirements for this course of study."
I also agree with Malgaras that that's a hell of a course of study. While it's obviously a good field to break into, "cyber security" is such a broad term that picking a more narrow topic to approach first might be more appropriate.
Wrt that list, it sounds like the program is aimed at developers, which I am also not.
Does your wife already have a degree and is there a reason why she couldn't find a job as a DBA, really hone in on database security, and pivot to a more security focused job from there?
Most people I know in the industry are kind of lukewarm about degrees, especially a security focused degree as an entry level qualification. Security teams are typically IT people that no longer do IT because they specialized. Usually an entry level security candidate is going to have around five years of IT experience in one form or another.
What was your path into cybersecurity? Did you start as general IT and specialize from there?
the "no true scotch man" fallacy.
I did a bunch of IT work for family, friends, and church. Took some courses and got some certs for Systems Administration and Network Engineering. Recession happened right as I was set to be a Network Engineer and use money from that to finish getting a Bachelor's. No work for two years other than a small business I built via fliers doing support for home users and small businesses. Also temping but even that was pretty dry for like a year. I applied to an ad on Craigslist during the recession and two years later they got back to me. Was a company doing web application security that did hire entry level for basically no pay. I got a few other people in there but that company changed their organizational structure so that there's no guarantee you end up in a role with transferable skills.
So happenstance that is non-repeatable basically.
I DO wish I had a master's, but only because it would open up promotion stuff for me, not because it would actually get me into the field to begin with.
My schooling is technically on hiatus for the same reasons.
I've been in, out, and around cyber security related positions for the last decade myself. And it's much the same experience.
It's generally only the newer guys that come in with explicit training, since courses in this stuff didn't really exist.
It's usually a bunch of people that were in a position of some type, and just wound up getting more interested/focused on the security aspects.
"Cyber security", as was mentioned, is also pretty generic and non standard. One company can have cyber security be nothing more than running nessus scans and similar and reporting on results.
Others may have active pen test teams who know far more than how to configure a scanning tool. And still others would rope in Firewall and intrusion prevention/detection systems under that.
That's without even getting into application specific security (Databases, web servers, financial systems) and/or policy making and standards adherence.
If your wife has an interest, I'd say she should absolutely pursue, but she should look and see exactly what kind of focus she wants... that will narrow things down from this large buffet of vaguely related stuff to something more manageable.
I also echo the same thoughts about degrees, unfortunately the people hiring tend to like them, especially if you are new. They will get your resume in the door more often than not having them when starting out. They start to get less relevant the longer you have been doing your job so long as you have a solid track record in your career.
It seemed like the program I linked in the OP would be what she wanted (according to her), so thanks for all the help about how to get started with the program requirements!