If you’re looking to fast track your entry into the world of cybersecurity, an intensive bootcamp will put you through the paces and spit you out on the other side leaner and meaner, and ready for a career in information security.
Bootcamps in the world of information technology aren’t quite as brutal and physical as their military namesakes, but they do specialize in throwing a lot of new information at a lot of people in a short period of time. Bootcamps embrace the assembly line model of education, and the line doesn’t stop for slow learners. You’ll have to absorb a lot of new concepts and data quickly to keep up.
The results are well worth the trouble. In as little as 5 days, you can get a crash-course in almost any information security topic, usually including hands-on experience, and in some cases sufficient knowledge to take and pass an IT security certification exam.
Along the way, you’ll have opportunities to interact with experienced cybersecurity professionals and form strong bonds with your fellow bootcamp attendees– known in most programs as a “cohort.”
Cybersecurity Bootcamp Basics
The elements of a bootcamp are sometimes hazily defined between different providers, but you can make an appraisal of most bootcamps based on these common attributes:
Bootcamps are held during a fixed period of time and usually in a fixed location (although online options are also available) for a limited number of students. Competition can be fierce to join a cohort for a particularly popular bootcamp. Plan to book well ahead and ensure that you have the ability to attend full-time during the course period.
More and more, bootcamps are being offered after hours or on weekends to accommodate students with full-time jobs already, but the traditional immersive bootcamp makes no such concessions—you will be expected to attend all day each day of the session.
Most cybersecurity bootcamps are relatively short and have a highly focused curriculum, which means they don’t have a lot of time for handholding to get candidates up to speed on the basics of the underlying technologies. This means that most bootcamps have similar entry requirements. These typically include:
- 1 – 5 years of IT industry experience
- Basic TCP/IP (Transmission Control Protocol/Internet Protocol) networking skills
- Basic IT certifications such as the A+ or Network+
For more advanced camps, a basic understanding of these topics may be required for enrollment:
- Network and port scanning
- Log review and analysis
- Network traffic monitoring and packet analysis
- Web protocol structure such as HTTP (HyperText Transfer Protocol) and FTP (File Transfer Protocol)
- Knowledge of scripting or programming languages such as Python, Java, or Perl
- Advanced IT or cybersecurity certifications such as Security+ or CCNA (Cisco Certified Network Associate) Security
Cybersecurity bootcamps are inexpensive compared to other types of IT bootcamps, running between $1000 and $8000 for the full program. This is inline with many continuing education courses of similar length offered in the IT industry. The cost may or may not include the price of administering related certification exams, which some bootcamps offer at the conclusion of the course.
Bootcamps vs. MOOCs: Weighing Your Options
MOOC stands for Massive Open Online Course, a concept that is being widely hailed as the future of online education. The first MOOCs appeared around the same time as the first bootcamps, and in response to the same voracious demand for easy access to up-to-date knowledge and training. But while bootcamps rose from industry veterans focused on delivering rapid, practical, hands-on education, MOOCs evolved from traditional college-level classes, designed to impart general knowledge and thinking skills as part of a broader educational experience.
MOOCs today have grown away from their collegiate origins, and can be found on every topic under the sun. Many are still offered through accredited institutions and are taught by full-fledged college professors, but more and more MOOCs are being offered through private vendors that hire experienced professionals in the field rather than college professors.
Particularly in cybersecurity, many MOOCs are focused narrowly on specific technologies or topics, or may be designed specifically around passing exams for popular information security certifications like the CISSP (Certified Information Systems Security Professional) or the CompTIA Security+ certificates.
This means MOOCs are a good fit for candidates who are looking to acquire industry-specific skills in more bite-sized chunks than bootcamp courses offer. Several different MOOCs can be strung together to form a customized curriculum that addresses specific gaps in knowledge. Some MOOC providers offer a certificate program or the ability to accumulate college credits that can be transferred toward an undergraduate or graduate degree.
Bootcamps, on the other hand, have a fixed curriculum that teaches to a particular standard. The skills tend to be hands-on and practical in nature. Many bootcamps put participants through actual simulated security response situations, or expect them to work directly with networked systems to lock them down against attacks. This is in sharp contrast to the more theoretical concepts that MOOCs tend to focus on.
Bootcamps also provide a much faster and more comprehensive education than MOOCs. A single MOOC might run for eight weeks and cover only a narrow subject, as is the case with this popular Coursera offering on mobility and cybersecurity. In contrast, a cybersecurity bootcamp will take only a week, and cover the entire spectrum of knowledge behind network security. A narrow exception to this general rule are bootcamps like the Training Camp’s Cisco Cybersecurity Specialist courses that offer certification exam preparation in direct competition with some MOOCs.
Finally, bootcamps are typically on-site and in-person, as opposed to the distributed, online-only nature of MOOCs. This makes bootcamps a better fit for candidates who benefit from the team-based exercises and social nature of cohort-based education. It also provides more networking opportunities. Bootcamp participants meet a lot of people who are either already in the information security industry or on their way there– contacts that can be very valuable in future positions.
How to Find Cybersecurity Bootcamps
Google is your friend in the quest for cybersecurity bootcamp availability. There are no dedicated bootcamp review or listing sites. Search by location and the phrase “security bootcamp” to find options in your area, or use the keyword “online” for virtual bootcamps. New bootcamps emerge regularly, so continue to search until you actually book your course.
For even better results, include keywords related to your specific interest or requirements in the search. For example, if you want a bootcamp that builds toward a CCNA Security certification, use those keywords in your search.
There are a broad spectrum of bootcamp operators but a handful of them offer options both online and nationally and have established track records in information security training and certification….
The SANS Institute
SANS is one of the oldest information security training institutions in the United States. Founded in 1989, SANS provides a number of cybersecurity resources widely used in the community, including the Internet Storm Center, the SANS Reading Room security research white paper archive. SANS was also a founding sponsor of the Center for Internet Security.
SANS has the biggest network of training centers in the U.S. and provides the largest number of cybersecurity bootcamp courses by far—both in terms of enrollment and subject matter. The institute also founded and administers its own security certification track, the Global Information Assurance Certificates (GIAC), and many of its bootcamps are oriented toward preparing participants to pass GIAC certification tests.
- Locations: Most major American cities, some international locations, and online
- Admissions: Laptops required, otherwise class-dependent
- Costs / Course Length: $2000 – $8000, class and options dependent
- Notable Programs: A Forensics track and Development security track
- Certifications: Full spectrum of GIAC certifications
SecureNinja is a cybersecurity training company founded in Virginia in 2003. The company maintains tight connections with various industry leaders like Microsoft and CompTIA and provides training for large corporations and government agencies, including the U.S. Department of Defense.
SecureNinja offers continuing education credits and has classes oriented toward preparing students for many popular information security certifications.
- Locations: Alexandria, VA; Columbia, MD; Kettering, OH; San Diego, CA; and online
- Admissions: Class-dependent
- Costs / Course Length: 2 – 5 days, prices unpublished
- Notable Programs: Advanced Cyberwar bootcamp
- Certifications: A wide variety of industry-standard certifications from EC-Council, ISACA (Information Systems Audit and Control Association), CompTIA,FITSI (Federal IT Security Institute), and more.
The InfoSec Institute was founded in the late 1990s, as widespread computer security problems began to emerge across the Internet. Based in Chicago, the company has spread out to locations on both coasts and elsewhere in the Midwest, and also offers classes online.
The company offers corporate training as well as bootcamps and supports a range of certification options. Some bootcamps offer dual certification options, allowing students to test for and acquire multiple certificates from one course.
- Locations: Chicago, IL; Boston MA; Colorado Springs, CO; Baltimore, MD; Dulles, VA; and online
- Admissions: Class-dependent
- Costs / Course Length: 5 – 7 days, $3000 – $5000
- Notable Programs: Career track options, bundling several classes with additional support resources for hiring and research
- Certifications: EC-Council, ISACA (Information Systems Audit and Control Association), CompTIA, CERT (Computer Emergency Readiness Team), and others
Formerly the Information Systems Audit and Control Association, ISACA is the elder statesmen among IT education and guidance organizations in the U.S., having been founded in 1969. The organization was originally focused strictly on IT governance issues but has broadened its range of information and services over the years to include many facets of IT operations, including information security processes.
Despite ISACA’s age, it is a relatively new entrant into the cybersecurity bootcamp market. The organization has long offered the coveted Certified Information Systems Auditor (CISA) and Certified Information Security Manager (CISM) certifications, both of them notably stringent and highly valued by hiring managers. The company launched its CSX (Cybersecurity Nexus) program in 2014 with additional associated certifications and bootcamp training.
- Locations: Chicago, IL; Washington, DC; New York, NY; Denver, CO; San Francisco, CA
- Admissions: ISACA membership required, 1 – 5 years of IT industry experience required
- Costs / Course Length: 5 days, prices unpublished
- Notable Programs: CSX Practitioner Bootcamp
- Certifications: CSX Practitioner, CISA, CISM
Comparing Your Bootcamp Options
Deciding which bootcamp to enlist in will depend on your individual goals and capabilities. The most immediate and obvious differentiators are subjects and certifications. Some bootcamp operators simply may not offer the type of course you are interested in, or may not offer it in a convenient location. Pricing is generally consistent between camp operators, so cost won’t likely weigh heavily in your decision.
Beyond that, you should consider the following aspects when choosing which bootcamp to attend …
It’s tempting for bootcamp operators to pack in as many students as possible during a given session, increasing the size of the cohort to increase revenues while maintaining fixed costs for instructors and materials. But a large cohort means more limited individual interaction with instructors, which can otherwise be one of the most valuable parts of a bootcamp program.
Shoot for a cohort size below 30 if possible. Smaller cohorts also result in stronger bonding between students, which leads to better networking opportunities later on.
Many cybersecurity bootcamps focus on classroom education but count on students to perform lab exercises online. Better bootcamps conduct labs during class time, and with hands-on projects that allow cohorts to work together in building secure systems, auditing actual network logs and structures, or installing and configuring security software.
There is no substitute for gaining actual hands-on experience at these tasks. And, there is no better way to gain an understanding of how and why to perform tasks than by having the watchful eyes of instructors physically present while you work on them.
Look for Reviews
Many bootcamps are relatively new and have relatively little feedback or reputation in the information security community. Naturally, there’s some risk associated with signing up for these lesser-known camps, however, you may find that many of the organizations behind them are themselves well-established even if the bootcamps they offer are quite new. Searching Google for reviews of those organizations in general, and for the specific bootcamp courses you are interested in particular, should provide some feedback on the quality and presentation of the course.
Almost all bootcamp providers self-publish reviews from prior students, but these should be taken with a grain of salt since the companies have a powerful incentive to include positive reviews and eliminate negative ones. However, a fair representation of the style and structure of courses can still be obtained from such sources.
Getting the Most out of Your Cybersecurity Bootcamp
Bootcamps go quickly and it’s easy to come out the other side feeling like you have missed much of what was on offer during the course. Despite your best efforts, it’s impossible to give your full attention to every single step as you progress through the course.
Be Ready for Success
Preparation will help you make the most of your bootcamp experience. Although you and many of the other students will be coming in with a limited knowledge of information security practices and techniques, the more familiar you are with both the underlying technologies being secured and the basic vocabulary of cybersecurity, the more easily you will assimilate the lessons of the bootcamp.
Because many bootcamp operators also function as a resource for security concepts and information, you can prepare yourself by reviewing their open-source study guides and incident information. In particular, SANS’ Reading Room website and ISACA’s CSX resources expose much of the information that feed into certifications, while also serving as more general information security resources.
Build Your Relationships
You might feel a tendency to put your head down and focus on the course material while you are inside the maelstrom of bootcamp class work, but don’t give in!
Networking is a part of the package at most bootcamps. In the long run, the people you meet there might be far more valuable to your career than the actual cybersecurity tools and techniques you are taught. The tools, after all, will change; but the people will be in the industry for years and can serve as valuable contacts and provide advice over the course of your entire career.