In recent posts, The State of Security
has interviewed teachers who are helping to bring cyber security education to Canada's schools. We would be remiss, however, if we didn't recognize others' efforts to bring these types of training programs online and to institutions located elsewhere around the world.
To cover this broader trend, we'll now speak with Ryan Corey. Ryan is President and Co-Founder of Cybrary, a respected IT security training provider
What is your role at Cybrary, and how did it start?
I am the President / Co-Founder. I had the idea for Cybrary because I had been working in the cyber security training space for 12 years, and I realized how slow-moving and static the training industry had become. The attack surfaces and technologies are moving fast, so why accept the fact that training evolves so slowly as the way things should be done?
To address the massive need for more talent in the field, and to make sure the training offerings moved quickly, I felt that an open source and free training model was the best solution.
What educational aspect of cyber security today concerns you most?
It’s the fact that attack surfaces are so quickly expanding, yet we have so few people who are equipped to secure those surfaces. From mobile to IoT, we aren’t collectively prepared to handle the build of these products securely.
What was the motivation behind your organization developing and offering cyber security education?
The primary mission of Cybrary is to make cyber security learning available to anyone, anywhere, for free. The world needs a platform that gives anyone the chance to learn these concepts, for hiding cyber security know-how behind a paywall that is generally in the range of $3K-6K for a one-week class is not the best thing for the tech landscape.
What type of classes are being offered on Cybrary?
Cybrary provides IT and cyber security courses for everyone from beginners to advanced professionals, including leadership training.
What other organizations do you look to for curriculum guidance?
Cybrary’s model is open source because practitioners have always been the best at training, especially when it comes to deep technical content. The certification bodies like CompTIA, ISACA and (ISC)2 have always done a fantastic job of creating curriculum, but the practitioners typically know the technical and tactical concepts better.
As a result, we have both the cyber security companies providing courses on their products, and we have industry practitioners providing courses on other concepts.
How do your programs fit into an overall educational strategy for someone interested in cyber security?
Cybrary is beginning to break cyber security learning down into bite-sized chunks. We believe no matter where someone is in their career, bite-sized learning is easier to digest and less-cumbersome, so it's easier to embrace. Therefore, one’s educational strategy on Cybrary can be to come for short stints, consume skills that may take 1-3 hours to learn, and then take a micro-certification to prove deep knowledge on that concept. Then they have improved in that small increment.
They can come back the following day, week or month, but either way, they walked away with something in that instance. Committing to a class, like a Security+ or CISSP, is a 3- to 6-month commitment for most. However, learning at 1-3 hour intervals and walking away with something for doing so is a simple approach to self-improvement.
As soon as we launched this capability on our site, it instantly became half of the learning that was taking place with us. Just imagine: 170,000 people last month took training with us, and about half engaged with bite-sized learning versus the traditional long-form classes. That speaks for itself.
How do you see Cybrary’s educational efforts impacting the global requirement for more security professionals?
We have trained about one million people on cyber security concepts in the last two years and about 170,000 last month. About 1,500-3,000 new people join Cybrary to learn every day. They learn, and then they take assessments.
I'm hoping that this can continue and that we keep getting amazing classes from leading cyber security companies like Tripwire and leading professionals like Georgia Weidman. If this keeps up, we should be able to put a dent in the talent gap.
What would you like to share about your company that we have not asked?
Well, here is what we are looking for. We want the companies creating the technologies and the practitioners doing the work to teach courses for our users. The companies producing product courses not only drives awareness for the best technologies in the industry, but it also helps practitioners build more solid resumes because these technologies are showing up on job descriptions.
From the practitioners, we want them to teach people literally whatever they are best at. Anyone can apply to teach a course with us. We provide the tools and the how-to steps to create a great course. Just reach out on our website!
Our search for novel approaches to and settings for cyber security education continues. Stay tuned!