Unique 8 week SANS Cyber Academy kicks off next week

News by Tom Reeve

In what is possibly a first for the industry, the SANS Institute is about to inaugurate a new bootcamp-style training programme for cyber-security professionals.

Thirty-two individuals – ranging in age from 18-58 – have been confirmed to attend an eight-week intensive training course at the SANS Cyber Academy in Cardiff, starting 1 September.

The places on the residential course are fully funded by SANS which expects to recoup the costs from employers eager to snap up the programme graduates. The costs are said to be comparable to the amount an IT department would expect to spend getting new starters up to speed, a process that usually takes two years.

The students were chosen from an initial pool of 24,000 people who took an online skills and aptitude assessment earlier this year. From this pool, 200 candidates were invited to apply for up to 40 places at the Institute's Cyber Academy.

Ninety percent of the students are men, reflecting the broader demographics of the IT industry, according to Steve Jones, UK managing director of SANS. Experience in the IT industry varies from working in a high street tech store and IT helpdesk to recent IT graduates and those with years of experience in IT who are looking to move across to security. In addition, there are a few cyber-security hobbyists who currently work in unrelated fields, he said.

One successful candidate is Matthew Tellier, 31, who holds an MSc in computer science but has found his career path diverging from that. “The work I ended up doing was interesting but I always wanted to get back into the IT industry and cyber-security was always interesting,” he said.

Like many others, he responded to an email from the government's Cyber Challenge mailing list which mentioned the SANS Cyber Academy. “I was surprised by the number of people who took the test, and was delighted to see I ranked so highly,” Tellier said. “Despite my academic background, I thought I would be more out of date than I was, having not been active in the industry for a few years.”

The test threw up a few surprising questions, he said. “I was expecting it to be largely maths based but there were a few left-field questions thrown in there, questions about the chain of custody of evidence which was obviously quite far removed from any question I was expecting,” he said.

“It was quite broad so it gave us a flavour of what SANS was heading toward – they were interested in more than just the technical aspects and took more of a, dare I say, holistic view,” he said.

The networking with other students has already begun. “We already have a discussion group going,” he said. “It's a very exciting and diverse background.”

Another student on the course is Alex Holland, 21, currently studying law at King's College London. Holland has been interested in computer security from a young age, volunteering on internet forums specialising in network security and malware removal.

After leaving school, Holland decided to study law but says he never lost his interest in computing.

“At the end of my first year I volunteered at ORGCon, a digital rights conference, organised by the Open Rights Group, and had the opportunity to listen to technical experts who also had a strong grasp of the legal frameworks which dictate all our computing activities,” he told SCMagazineUK.com. “After that experience I knew I wanted to get into a profession which would combine my interests in law and IT. Cyber security is one profession which offers this.”

Part of Holland's experience is working with an NGO in Hong Kong which campaigns for human rights in China. “As an organisation that goes to the UN and presents case studies, appeals and petitions, they need to make sure their witnesses and data are protected, so from that side of things they require very strong information security,” he said.

At this NGO, the website comes under attack every year on the anniversary of the Tiananmen Square protests in 1989. “It is a sort of annual thing where the Chinese hackers, whether state sponsored or not, try to take down the website so people can't have access to that information,” he said.

The profiles of these two students and the other 30 on the course are available, in anonymised format, for recruiters who are interested in interviewing candidates for cyber-security jobs. SANS will hold a jobs fair for the students halfway through the course.

Steve Jones told SC that the course is based on three main SANS courses: SEC401 that gives a thorough grounding in security, FOR408 that covers hands-on and theoretical forensics / IR and SEC504 that teaches the techniques hackers use – again hands-on and with lots of lab work to hone skills. Supplementary lab work, CTFs, NetWars and a focus on Metasploit pen testing is included, drawn from SANS course SEC580.

“The outcome is that the intense eight-weeks of training will create well-rounded security practitioners who have hands-on, current technical skills in the key areas of defence and attack,” Jones said. “That's what employers have been asking for. People that can join a team, hit the ground running and then potentially move into more specialist areas. Throughout the Academy, we will be reporting on each student's areas of strengths and weakness through a portal and in face-to-face meetings. That is made available to employers so they can make early decisions about specific deployment in the workplace if needed.”

Already there are plans to repeat the programme next year. “Our intention is to run multiple academies per year, but we will assess employer demand – expected to be high – before confirming,” he said.

Organisations can express an interest in the 32 Cyber Academy student profiles by emailing cyberacademy@sans.org.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews