The median age of Facebook employees is 28 years old. At Google, it’s 29. And at many smaller and still unknown startups likely to emerge as the next high tech empires, it’s even younger. The hottest trends attract the youngest workforce, the brightest and most innovative talent, the ones who see what’s coming around the next curve.
And the next big thing that is coming is definitely cybersecurity.
Demand already far outstrips supply in the information security workforce. According to CSO Online, global demand will create a need for six million more cybersecurity professionals by 2019.
Many of those six million new infosec professionals are sitting in high schools around the country right now. If you are one of them, you could be getting ready for a long, lucrative, rewarding career before you even graduate.
Learning Starts Early for Cybersecurity Professionals
A college degree always offers a leg up in the technology world, but the field of information security changes so fast that it’s not enough—at the end of a four-year degree, much of your knowledge will be four years out of date. Succeeding in cybersecurity requires an investment in self-study and development outside the fold of organized academic programs– and that’s an investment you can begin making today.
Your preparation should begin with the basics: the fundamentals of the hardware and software that comprise today’s internetworked world.
Although many high school students are already adept technology users, the ubiquitous nature of seamless software and devices in their worlds actually puts them out of touch with the place where most security vulnerabilities are found: the low-level interfaces where the machines whisper to one another directly.
Becoming familiar with these things involves stripping away the abstractions and delving into the code, facing down the blinking green cursor of the command line, stripping off the case and checking out the connectors inside the machine. Hackers understand how to manipulate the surface layers of technology to subvert systems because they recognize how the underlying parts fit together. Cybersecurity specialists have to learn the same things.
Like generations before, this is a matter of curiosity and exploration. Build a home server system. Make your own website. See something cool in an app you just downloaded? See if you can code the same thing yourself!
There are probably also resources at your own high school. Classes in robotics or programming will begin at the bottom and teach the principles of IT design from the ground up. You can be sure your teachers would be thrilled to share their own knowledge on the subjects!
Thinking Like a Thief
Knowing the technology is not enough for a career in cybersecurity, though. Students have to come to know the enemy, as well.
Fortunately, again, there are many resources for obtaining this knowledge that are free and on the Internet for anyone to reference.
Some of the best are:
• SANS Institute’s Internet Storm Center (ISC)
• U.S. Computer Emergency Response Team’s (CERT’s) alerts and bulletins mailing lists
• Open Web Application Security Project’s (OWASP’s) Top Ten List of web vulnerabilities
Certifications can also help in learning the basic principles of cybersecurity. CompTIA, again, offers the Security+ certificate; ISC’s Certified Information Systems Security Professional (CISSP) is another excellent general overview of security concepts and practices.
A skill among hackers that is often unappreciated is much less technical in nature: a good understanding of human psychology! A lot can be learned in history, social studies, and other classes that discuss how humans make decisions on a daily basis. Criminals exploit these habits of thought to introduce scams like phishing emails, which deceive users into believing they are legitimate requests for bank or credit card information, and to engage in social engineering, talking people out of passwords or gaining access to unauthorized systems.
Security professionals become keen observers of human nature, looking for psychological vulnerabilities as well as technical ones. The time spent in high school, surrounded by hundreds of other people from all sorts of backgrounds every day, is a wonderful place to develop your own astute observational powers.
Finally, there are an excellent series of summer camps sponsored by the National Security Agency (NSA) called GenCyber. These camps are aimed specifically at pre-collegiate students and offered all over the country. They provide an early glimpse into the specifics of information security as it is practiced at the very highest levels.
Getting A Degree in Cybersecurity
No matter how much preparation you have made while you are still in high school, most businesses will want to see something more before hiring you into an information security position.
The best way to polish your skills and knowledge is to enroll in an information assurance program at a designated Center of Academic Excellence in Cyber Defense (CAE-CD). These centers are designated jointly by the NSA and Department of Homeland Security (DHS) as institutions that meet the highest standards in information security education. There are three specific designations:
• Technical schools offering certificate and two-year associate’s degree programs (CAE-2Y designation)
• Colleges and universities offering four-year and graduate programs (CAE-CDE designation)
• Research institutes (CAE-R designation)
Since the field is constantly evolving, sometimes on a weekly basis, the practices you establish while studying cybersecurity in high school will continue to serve you well through the course of your career. Security staff who stop learning are ones whose organizations get hacked. Those who excel in the field are the ones who open up the Internet Storm Center first thing in the morning, who check CERT e-mail alerts as soon as they come into the inbox, and who keep studying the newest defenses, vulnerabilities, and trends every day.
There’s nothing stopping you from getting started today.