Is a Cyber Security Bootcamp for you
If you are interested in becoming a cyber security professional and starting a career in cybersecurity, you might start looking for courses or learning materials to get you started. As part of this search, there’s a good chance you’ll come across a cyber security bootcamp.
A cybersecurity bootcamp may be a good option for you if you can learn new skills in a relatively short timeframe, prefer instructor-led content, and have the available finances to pay for the courses without expecting an immediate return on investment.
Before investing your time and resources into a career, you should also consider if this is the type of career you want, and the information in the following post may help you to decide, detailed here.
What is a bootcamp
A skills bootcamp or cyber security bootcamp is considered an introduction to cyber security where you can learn the cyber security fundamentals. The bootcamp is intended to be an intensive training course to provide you with the foundational knowledge you will need to start your career in the cyber security industry.
How long are the bootcamps
A skills bootcamp will often be structured as either part-time or full-time, and will often last either 3 months or 6 months depending on your availability to attend the classes.
The exact timeframe can vary from course to course with many offering online evening classes, although you should always check the course schedule to make sure that either part-time or full-time you are available to attend the classes which are offered.
Topics covered in a cyber security bootcamp
One of the most important considerations for any bootcamp you should consider is the course syllabus and what exactly you will end up learning by the end of the bootcamp.
As you will be looking to apply for jobs in the cyber security industry after the training, if the bootcamp doesn’t leave you in a great position where the industry recognizes your knowledge, it’s not a great outcome.
There are many industry-recognised certifications for cyber security, however, there’s a good chance that the specific bootcamp you are looking at will be unfamiliar to most who work in the industry. You will likely be able to discuss the topics covered by your bootcamp, however, a more well-known certificate or qualification may be more beneficial than a bootcamp alone.
Fortunately, there are bootcamps that train you towards achieving industry-recognised qualifications as part of the course, such as the CompTIA Security+ qualification, and these are the types of bootcamps recommended for further consideration, as ideally, you will leave the training with a broad knowledge of online threats, cyber-attacks and cyber security concepts and a recognized qualification to give you a better chance of starting your career.
However, it is important to note that qualifications such as CompTIA Security+ already have a syllabus and study guide available at much lower costs than most bootcamps. So, depending on the content for the rest of the bootcamp and your own personal preference for self-study or a more intensive instructor-led training process, this could determine if the bootcamp is worth the cost for you.
Topics for bootcamps or self-study
For any new starter to the cyber security industry, ideally, you want to have a fairly broad knowledge of many different topics, which should include both offensive security concepts as well as defensive security principles. You shouldn’t be expected to be an expert for any entry-level position, but understanding fundamentals is important.
There are many niches for cyber security, and many topics that someone new to the industry shouldn’t be expected to be familiar with, but a good baseline should include a few different cyber security types.
Web Applications. A good understanding of how modern web application architecture works, the communication protocols in use, how API calls are made, a familiarity with different programming languages in use, how databases are utilized, and how the authentication systems can work.
An understanding of web penetration testing activities, including recognizing online threats and using cybersecurity tools to conduct vulnerability assessments should be expected as part of any cybersecurity professional’s knowledge base.
Some information on web applications and the types of vulnerabilities that can be affected by the OWASP Top Ten and the practical training labs from PortSwigger can be reviewed.
External and Internal Networks. A business will often have a mixture of devices and systems in use. Some may be directly accessible from the internet and are more directly exposed to potential threats.
This would be considered part of the External network. This could include a company firewall, web application, VPN solution, or other services considered necessary for remote access.
There will also be an Internal network. This typically would consist of devices that are not directly accessible by people on the internet. This is where most company laptops and desktops would reside, as well as internal services, databases, servers, and potentially an Active Directory system.
Understanding network security concepts, as well as how to conduct network security monitoring, threat identification, and how to implement network configuration settings should be considered as part of the standard skillset for a cybersecurity professional.
Importantly within the cyber security industry, is not only understanding how all these systems work, but also understanding the risk management and most likely threats for each system such as:
- Where and why vulnerabilities can be introduced,
- How to conduct malicious attacks and exploit these vulnerabilities,
- Understanding how to mitigate threats,
- How these vulnerabilities can be fixed, and
- Being able to advise and communicate to clients or colleagues on how to fix these issues.
Many topics could also be considered a bonus on top of these fundamentals.
- Knowledge of certain tools that are commonly used, Burp Suite, Nessus, Qualys, Wireshark, Nmap
- Experience and knowledge of a range of command line tools with both the Windows and Linux operating systems
- A good understanding of the OWASP Top Ten
- Experience with programming and one or two languages
- Knowledge of more modern cloud security risks
Any bootcamps which can provide recognized qualifications, cover the fundamentals, and have some extra topics included could potentially be worthwhile and worth some further consideration.
There are also free resources such as the Cisco Networking Academy which can provide information and educational resources on all the networking fundamentals.
The need for more Cyber Security Professionals
Cyber Security is still a growing industry and there is also a shortage of digital skills and experienced cyber security professionals. There also continues to be an increasing awareness of the need for both cyber security specialists and cyber security testing to be conducted.
As more stories related to hacking are reported, more companies are looking to implement security standards and adhere to compliance standards as well as regularly assessing threats that may potentially impact their assets. This will continue to be a driver for more cyber security expertise.
The security industry can also lead to a high-paying career, and so although a bootcamp can be seen as a relatively large upfront cost, if the course successfully helps to launch your career it may be worthwhile in the long run.
The Pros and Cons of a Bootcamp
There are multiple considerations for any bootcamp that you may be considering, and a large part of this may be determined by the individual, and whether you can learn the necessary course content in the required timeframe.
Additionally, you should search for reviews of the course from previous students and not just the promotional quotes listed on the course website.
Identify the qualifications you can obtain from the skills bootcamp as well as carefully review the course curriculum.
You should also ensure you will cover multiple topics and disciplines related to cyber security for both offensive and defensive practices.
Pros of a Cyber Security Bootcamp
If you have the time to dedicate to some of the full-time course options, you can cover a broad range of subjects for cyber security threats within a relatively quick 3-month period and be ready to apply for entry-level positions.
An instructor-led course provides the opportunity for feedback on your work and progress and for you to ask questions where you feel you need further explanation. You will also benefit from the other course students who you can discuss lessons with and may provide great networking opportunities after the course is finished when you are all looking to move into the same industry.
For the bootcamp you are considering, be sure to confirm that there are both theory and practical exercises included, as having practical experience can be just as important as understanding the theory behind your practical activities.
Some courses can be all theory-based and will not provide the hands-on learning experience which is crucial for learning and understanding how to utilize tools and how to interpret results.
For the considered bootcamp be sure to review the course curriculum and make sure you will cover a broad range of industry-relevant topics. This can give you a good range of fundamental knowledge within a short time period.
Online and part-time learning options can provide flexibility for your current schedule, allowing you to learn the necessary skills for career advancement without having to dedicate yourself to a full-time course.
Cons of a Cyber Security Bootcamp
Depending upon what is best for you with learning practices the relatively quick pace of the course may not allow you to understand the material properly, requiring a lot of additional time outside of the scheduled classes to get to grips with the material.
The courses should not be considered as a solution to becoming an industry expert. They are designed to cover the basics of a broad range of topics, and you will likely need to continue to learn independently, as well as on the job, for several years beyond this.
As cyber security threats change over time, you should be expected to continually self-educate yourself on the latest emerging threats, available tools, and security standards.
The course quality can be quite varied and when applying for a job within the industry the companies you apply to may not have heard of the bootcamp before, unlike if you listed a university where you had achieved a degree related to cyber security.
Look for bootcamps that offer additional qualifications on top of the bootcamp such as CompTIA Security+ so you will still have a recognised qualification.
The cost of a lot of courses can be quite high. Although payment plans are available with many of the courses, it can be quite a large investment. Over a longer period, self-study with books, online content, and some qualifications paid for directly may be a more cost-effective route to achieve the same outcome.
A skills bootcamp is no guarantee of employment after the training is complete, and there can still be a long process of applying for jobs and facing rejection.
It is important to understand that the course is aimed to provide you with a foundation of knowledge, and after the course, you should continue to actively learn and develop your skills independently.
Cost of a Cyber Security Bootcamp
After looking at quite a few advertised bootcamps, the typical price seems to be around the $10,000 – $15,000 range.
There are some that are a bit more and others a bit less, but this can be considered a rough average range to expect to pay.
Considering the price point, this may rule out a bootcamp as an option for many people. However, this shouldn’t be seen as closing the door on your route to a career in cyber security.
This just means that bootcamps may not be for you and you can explore other options to learn the fundamentals you need to start your career.
Although there are absolutely some cheaper skills bootcamps, many cheaper alternatives don’t seem to have a recognized qualification associated with the course, the course curriculum is a bit more limited than more expensive options and the number of hours spent in classes to learn the content seems limited.
As a result, these cheaper options may not provide you with the foundational knowledge you would need to start looking for entry-level cyber security jobs.
What could you expect for a starting salary
As a bootcamp can be quite expensive, consider your most optimal outcome, which is a career in the cyber security industry.
Your salary after some experience in the industry can be quite high, but that might take a few years to achieve.
Entry-level positions are likely where you would be starting with applications. Some of the salary estimates are a little off for junior positions, as many statistics list an average junior salary of around $80,000.
When reviewing job listings that are described as entry-level or junior, there does seem to be a bit of a common theme that the requirements and job descriptions are more along the lines of someone with a few years of industry experience, and more knowledge than you are likely to get out of a 3-month bootcamp.
Job listings and salary ranges can change over time and you may find something for an entry-level position at the $80,000 price range.
However, there are some genuine entry-level jobs, if you keep sorting through job descriptions, which a bootcamp would prepare you for. For the ones identified, these are more along the lines of a $50,000-$60,000 salary.
Still not bad as a starting point, and it’s important to weigh the cost of a bootcamp against what you can expect for your entry-level salary and decide if a bootcamp is for you or do you want to take some more time on self-study for a lower price.
Are Cyber Security Bootcamps Worth It
So, is a cyber security bootcamp worthwhile? Bootcamps can be quite expensive, although many do provide payment plans, and by the end of a 3-month or 6-month course, you are unlikely to be considered an expert in the industry, however, you should come away with an understanding of a broad range of security fundamentals.
You will most likely still be applying for junior positions or entry-level roles within the cyber security industry. Depending upon your current position, and assuming you have the money to spare, you may consider this the correct step for you to begin your career within the cybersecurity industry.
However, if you don’t learn well under intensive courses or can barely afford the course prices, this type of short course framework may not be for you, where in the end, you will only be a beginner applying for entry-level jobs.
There are lots of other options for learning the skills necessary to enter the cyber security industry. With free online training and information and some time and dedication to learning these skills, you can still begin your cyber security career.