One year ago, I had never heard of the SANS Institute. I knew nothing about their courses, GIAC certifications, or the CyberTalent Academy program. What I did know was that I needed a career change, and that I had decided to pursue cybersecurity as my new career path.
Late in 2016 I made the decision to return to school to pursue a degree in cybersecurity. I re-enrolled in college, started taking classes, and began to research all things infosec. Part of my research included looking for organizations serving the cybersecurity community in general, and women in cybersecurity in particular. My research led me to the Women’s Society of Cyberjutsu (WSC), BrightTalk webinars, and Twitter, which I had fiercely avoided until now. Then, in March 2017, the WSC hosted a webinar featuring the SANS Institute and some program they had to help women transition into information security.
Through my research, I already knew that the number of women in infosec was appallingly small. Depending on whose numbers you trust, we are somewhere between 8-11% of the community overall. Sonny Sandelius, the gentleman representing SANS in this webinar, discussed those numbers, and talked about the CyberTalent program and its mission to increase those numbers by providing training and certification to women seeking to enter the information security field.
I came away from the webinar interested and intrigued. I took a look at the SANS course catalog and began the application process. At this point I still didn’t really grasp what SANS was about, however, nor did I have any clue what I was getting myself into! I filled out the forms, sent assorted documents, took the evaluation exam, and had the phone interview. When I received the acceptance letter from Sonny in May 2017, I think I was the only one who was surprised, but I’ll discuss my struggles with impostor syndrome another time.
The SANS CyberTalent Women’s Immersion Academy agreed to cover the expenses for up to three SANS training courses, plus practice exams and the Global Information Assurance Certification (GIAC) certification exams associated with each course. In exchange, I agreed to take the training and pass the certification exams. I added up the amount all this would have cost had it come out of my own pocket, and after I picked myself up off the floor, I poured myself three-fingers of bourbon to quell the shakes. Never before had I been offered a scholarship so valuable, and I was more than a little terrified that I had bitten off more than I could chew.
June 2017 came around and I found myself on a plane to Colorado, where I took the first immersive training, SEC401, the Security Essentials Bootcamp Style. This course involves six days of lecture and lab instruction, ranging from basic networking security issues to threat management, cryptography, risk management, plus both Windows and Linux security issues. Someone had described the course to me as being an inch deep and a mile wide, but I would say it was at least a yard deep. Before the first day was over I was very glad I had years of IT experience and context to connect this new information to.
The experience of that first training was powerful. Spending six-straight days in the same room with well over fifty other people who understood, and I mean really understood, the importance of security when dealing with all our technological marvels and monsters, was eye-opening on many levels. First, the bootcamp process always tends to build camaraderie. Even so, there was a sense of a unified purpose from the outset that I had not felt since my days with the High Tech Services Reserve Unit (HTSRU) with the Orange County Sherriff’s Department (OCSD) in the early 2000’s. Everyone in the room was there to learn more about cybersecurity, about how to keep bad people from doing bad things with computers, whether those computers belonged to coworkers, friends and family members, or complete strangers.
Second, this live training was my first opportunity to meet other women in my cohort face-to-face. All of us, from the new college grads to the older workhorses like me, were there because we wanted to be a part of the information security community. We were all there because SANS had selected us from hundreds of applicants. And we were all there because we want to make a difference.
There are several things that make SANS courses different from other classes I have taken over the years. First, the instructors are top-notch. I’ve done technical training myself for more than a few years, and these people are knowledgeable, dynamic, and excellent communicators. Second, the material is dense, yet practical. Everything in the books and lab exercises has a real-world application.
Here’s Netcat, and here’s how you can use it to set up a listener-to-client relay…
Here’s Metasploit, and here’s how you can use it to deliver a payload while spoofing the source address…
Here are some Linux shell commands to help you do system forensics…
All this and more was poured into our brains over those six days. By the end of that week, I was glad I could remember my own name.
After the bootcamp was over, we went home and began reviewing what we had learned and assembling our indices. For those of you who have never taken a GIAC certification exam, it’s fully proctored, and open book, but when you have a stack of books that is nearly six-inches deep you need a really good Index to help you find what you need quickly!
Then came the moment of truth – taking my first ever certification exam. I was a complete wreck. I got lost on my way to the testing center, but I had left my house early, so I still arrived on time. I probably had enough adrenaline pumping through my system to jump-start an entire football team, and I needed it because that first exam was LONG. Five hours long, to be precise, and you only get one 15-minute break if you need to use the restroom or down an energy shot.
And I passed. Suddenly, I was certified, not just certifiable. I was now the proud owner of a GIAC Security Essentials (GSEC) certification!
The other two courses were not as momentous as the first, but going through them still felt like drinking from a firehose. The courses were held online, so we were each on our own to study and build our indices for rounds two and three of the Academy. But we weren’t entirely alone. The mentors for each segment held regular phone conferences, and we have our own Slack team for chatting and sharing info, links, and resources. And the sense of camaraderie remains. I count these women as friends, dear friends, and I hope to keep in touch with them for a long time to come.
But the Academy isn’t just about making connections with other people. It’s ultimately about getting a job in the cybersecurity field. Several women in our cohort did so before completing their final course and related certification. Others accepted jobs shortly after graduation. Some of us have gone to work for cybersecurity firms. Others have found jobs working for large corporations, defending them from cyber threats of various kinds. But all of us have shared two key things:
- The SANS CyberTalent Academy has had a tremendous impact on our lives, in part because of the training and the newfound understanding we have of cybersecurity, and in part because of the foundation it has given us in multiple aspects of the community of people who work in the field.
- Being a graduate of the Academy has allowed us to get interviews we might not otherwise have gotten, and the training we have received has allowed us to perform better in those interviews than we would have done without it.
As for me, I’m working with SANS as a contractor while I finish up my school work. That means I get to review labs, quiz questions, and course materials, helping to make them better for other students who want to improve their cyber-fu. But once I finish school… I have no idea.
What I do know is that having the knowledge and experience of having gone through the Academy will let me go boldly, wherever I go, with a better, more solid foundation than I could have achieved otherwise. And that’s a really good feeling.