How to begin cybersecurity training | Guest Professor Robert McMillen

Cyber Work Hacks is dedicated to furthering and strengthening your cybersecurity education and learning, but today's episode is specifically focused on learning. Professor Robert McMillan guides you through all of the different ways you can learn, both in certification training and in education options, and helps you understand which learning method is going to mesh with you and also which ones will attract future employers. So put a bookmark in your search study guide and lend us your attention for this week's Cyber Work Hack. Hello and welcome to a new episode of Cyber Work Hacks. The purpose of this spinoff of our Cyber Work podcast is to take a single fundamental question and give you a quick, clear and actionable solution or a new insight into how to utilize InfoSec products and training to achieve your work and career goals. My guest today is Professor Robert McMillan. Robert's been an instructor and creator of our InfoSec skills modules for a long time, and he was a past guest on CyberWork, and I'm very, very excited to get him back on the show because we hit it off famously last time.

So we're doing a series of hacks together, aimed squarely at the questions asked by cybersecurity novices. So today is a hack. It's involving studying, starting your cybersecurity training in whatever way you choose to do. So you know if you're going to do it, do it to the fullest, and know what you're doing before you get started. So let's talk about how that's done, robert. Thank you so much for joining me today. Thanks so much, chris. Glad to be here. Likewise. So, robert, where does someone begin when trying to decide how they're going to study cybersecurity? Are there questions you need to be asking yourself when deciding whether you want to ship off to college or stay at home and check out books and online tutorials, or take some sort of focus out of training initiatives to gather your skill set?

Yeah, yeah, that is the big question Should I go right into college or should I go right into certifications? And this is true whether you're just graduating high school or say you've been in the career in the industry for a little while but you say, yeah, I need to, you know, accelerate into the next level, I need to get that next level of pay and also I want to feel like I'm not just stagnant. But whether you go for college degrees or certifications, either way you're going to get a career in IT. It's just the unemployment rate is so low in our industry and even though people say they have a lot of finding jobs, which we're going to talk about. But either way, you go for certifications, you go for degrees, you're going to make it. But the path to higher pay and more, you know types of experience like managerial. You know types of jobs are going to be smoother if you do college first and if you can pick college classes that also teach to a certification, you know you get that two for one. You know kind of special if you, if you, if you get that Now, some people won't have the money for college or the desire.

You know the passion to. You know, do some of those things that are unrelated to what they want to do and that makes going to college a little bit tougher. I remember, you know, going to of those things that are unrelated to what they want to do and that makes going to college a little bit tougher. I remember, you know, going to college to get a degree in IT and I had to learn art. I had to learn, you know, medieval art. Why am I learning this? This is not helping me, but in fact it is. It is happening when you go to apply for a job and they see a degree. An employer sees more than just the degree you're in. They see that you were able to start something and finish it in a way that took more than just a couple of weeks. I mean, you've either did a two year, four year, six year, you know type of a plan and that tells employers, ok, this person is going to stick around and they have an overall general knowledge of the way the world works and this is going to be something that you know works in your favor. Yeah, so you could go right into certs if you want. Remember those management opportunities. So when it comes time to lead people, you're more likely going to get that position, you know, from an employer who sees you know that degree. However, I have seen plenty of people with just certifications and experience make plenty of money. It's just not quite as often, you know it doesn't happen quite as often as it does with people you know who do have degrees.

So the next question is, if you don't mind, that you might want to ask yourself is you know, what kind of college should I go to? An online college or a brick and mortar college? And here's what I suggest, and I really strongly believe in this answer. When you ask yourself, I see plenty of people in their 40s, 30s, 20s and just out of high school all contemplating you know this kind of thing. So if you know nothing, you're just graduating high school. You just have the experience of your home lab. You know that kind of thing. You haven't actually worked in IT. I recommend you go to a brick and mortar college. Now, that could be, you know, community college. It could be a four-year degree, whatever you're fortunate enough to get into, but I really think that you should get into a brick and mortar college.

However, let's say you've been working in this business for a long time. You've already been doing cybersecurity, you've been managing Active Directory, you've been managing Azure, aws all these different things. Online is the way to go. You'll get through it much more quickly because you already have the knowledge. All you have to do is pass the tests and write the papers. You don't necessarily have to learn as much. You already know 80% of what you need to get that degree and it'll be cheaper for you, faster and it checks that box for employers so you can get those managerial types of jobs.

Yeah, yeah, that's a really good point. Yeah, I was going to say this is a brand new thing that we've done and there might well be like a promo in the middle of this episode, but Cyber InfoSec is doing bootcamp immersives, which are the six month sort of concentrated versions of like a degree where you're getting like multiple certs, multiple sort of intensive, you know experiences, and especially aimed at people, like you said, in their 40s, who are maybe pivoting to a new position or you know, out of a different type of job realm. So, yeah, there's lots of different interesting you know out of a different type of job realm. So, yeah, there's, there's lots of different interesting, you know possibilities. So, yeah, my next question is related to something you said before where you're, you're learning all these things and you're like, oh, this is fun, this is fun, this is exciting. So you know, I think one of the reasons and also you said that you know a liberal arts degree or just a college degree in general shows that you can begin, middle and end a project.

You can think in ways other than directly. You know direct problem solving, which you know. I think I've seen plenty of people I've worked with over the years who are told this is how you do this thing, and then they do the thing it's like well, it doesn't work, so therefore it must not ever work. And then they don't ever have the sort of curiosity to say what about this variant? What about this variant?

Like you know and I think that's the kind of like lateral thinking that comes with you know the sort of more expansive type of educational things, unfortunately, that can come with sort of an other side of it is that you know, maybe you are the sort of person who is an autodidactic learner, where you're just kind of jumping from one topic that interests you to another and, you know, maybe you miss out on some of the foundational concepts that aren't as fun as, say, you know, learning to do code injection or fiddling around with John the Ripper. So can you talk to our listeners about how to ensure that your security training includes all the skills and information you need to do introductory security jobs well, especially if you're relying on your own study schedule?

Absolutely, and first of all, I want to say that boot camps for folks in their 40s that already have some experience, that are looking to increase their skills and get those certifications, that is so much different than boot camps were 20 years ago. I remember I got constantly asked to go to boot camps 20 years ago and it was for, you know, anybody who had a credit card and $8,000. Right right right Now.

You're actually getting something for it and it's being targeted to the right kinds of people, so I think that's a great thing. But back to your question. So here's what I tell my students. Now, you know, I do, I do teach on campus, I teach online and in my intro classes I teach, you know, mid-level and advanced as well, but in my intro classes, here's what I tell them.

This is the experience that I had in my very first class. Is that, walking into an IT class of any kind, you know, security or not you have a brain with a brick wall and that brick wall is missing a lot of bricks. So you can see through that wall. There's all kinds of holes in that wall and your goal is to fill that wall and make it a solid brick wall. And there's several ways that you can do that. But what you're going to find is the best way to fill in those holes is time and experience and education. Now, education is great, but it doesn't always give you the context that experience gives you. So it's not a bad idea to, you know, take a class, maybe even retake a class, so you can understand it a little better.

The second time, my first class, I remember they handed me this 800 page book and I read it from cover to cover within the first few weeks because I was so excited. Yeah, I didn't understand even half of it. Right, there are all kinds of holes in my brick wall. It wasn't even a cybersecurity class, because back then they didn't have any, you know right, but they did teach us about viruses, but that was about it. So what I found was, over the course of the 11 or 12 weeks, the bricks started filling in and I went and I reread that book a second time and when I reread that book, things started to make sense. The bricks started going into place, the wall started getting filled in. I still had a lot more to go before I felt that my wall was stable enough to hold up a building, before I felt that my wall was stable enough to hold up a building, but at least I was on my way and I understood what it took to get there.

So, in the case of students that are just getting started out, the goal here is patience. Don't think that, hey, I've taken one class, I know it all. But also don't think, hey, I've taken one class and I know nothing. You have started a foundation. Let those bricks start filling in. You know, over time, my first IT job it lasted six months before I went on to my next IT job and I was like, wow, they didn't teach me this in school, you know. But over time I started learning. You know troubleshooting methodologies and you know how to document things and you know what kind of education I was still going to need. You know, all those types of things are bricks in my wall and so time, patience and be a lifelong learner.

Yeah, I love that and I just want to sort of editorialize on something you mentioned there regarding the sort of gaps in your role and especially the 800-page book anecdote. I think there's something that I've noticed in my own life that it's sort of a wish I knew then. What I know now kind of thing is that you can't be afraid to just read something and and not worry about the fact that you don't understand all of it, like just keep reading. You know, like it's.

It's real easy to say I don't know what's going on here, I'm completely lost, put the book away, say this is clearly not for me, you know. You know, read it a second time, read a third time. Like each time you're going to have, you're going to have more info than you did the previous time. It's going to start locking in in in more interesting ways. I'm sort of outing myself as as a more arts focused and less tech focused.

But you know, james Joyce, read Ulysses once through, doesn't matter if you don't understand 400 of the 600 pages of it Second time. Once you you feel the rhythms of it, then it's a lot easier to just sit there and poke about in the references and all the historical stuff and whatever. But I think that's I think that's true here as well like you can't be afraid to like read and then not, and then not know something, because, like you know, you don't just read a book once you got, you know, uh, you gotta, you gotta read it and then just keep filling in, like you said, filling in the holes in your wall. So I think that's a really great thing that you did and a really great piece of advice. So we're just about to wrap it up here, robert, but for listeners who might be considering using our InfoSec skills platform to fill in some of the bricks in their wall, can you tell us about some of the skills learning paths that you have on the site and what they can learn about?

Absolutely. Well, I'm very Microsoft focused, as you can see. Well, maybe I'm not sure, but Microsoft certified trainer. Hey, nice, yeah. So I have several paths. I've got securing Windows Server 2019 and Windows 10. They're sort of a combination path. There is a little bit of overlap just because of the fact that you know when you have one, you sometimes have the other. And then Windows Server 2022, as well as Windows 11. And these are the professional editions, so they're really designed for corporate types of security. We do get into a little bit of cloud security as well, but mainly it's you know whether you're doing virtual machines in the cloud or you're doing virtual physical ones on premises. Windows Server is Windows Server and you need to learn, you know, how to use the built-in tools that come with it, as well as some third-party tools to help you secure your network.

Love it. Okay, then those are. I think those are really great foundational sort of job things. You know, there's a better than half chance that you're going to be working with Windows technology in whatever job you're going to work on, and even if it's not this one, it's going to be the next one. So definitely check those out. So, robert McMillan, thank you so much for helping us get fired up in our studies.

Thank you, and it was a tale of two cities for me, took me more than once.

Fabulous. I love it. All right, and whatever it was for you. I thank you all for watching this episode. Hey, tell us what the book is that you needed a second read to listen to or to really get a handle on. If you enjoyed this video, though, and if you felt that it helped you, I hope you'll share it out with your colleagues and forums and on your social media accounts, and maybe with your local librarians. Please like this video and subscribe to keep getting more episodes delivered right to you.

You can go to YouTube, type in CyberWorks InfoSec, and we will pop right up, and then we, you know, if you put a hit the notification button, you'll know each time one of these hits your account, and there's plenty more to come. Lots of learners, lots of different levels for all our learners, and if you have any topics you want us to cover, drop them in the comments below, but for now, I just wanted to again thank Professor Robert McMillan, and thank you all for watching and listening. Until next week, happy learning. Hey, if you're worried about choosing the right cybersecurity career, click here to see the 12th most in-demand cybersecurity roles. I asked experts working in the field how to get hired and how to do the work of these security roles, so you can.