About the Author

Ryan Ellis is a Navy veteran and a principal cybersecurity engineer at Northrop Grumman. He is into hiking the Manitou Incline, snowboarding, and building things. His credentials include the following GIAC certifications: GSEC, GCIH, and GPEN, plus he holds Security+, along with a Bachelor’s degree in Computer Science from University of Colorado. His LinkedIn profile is at: https://www.linkedin.com/in/ryan-ellis-usn .

Introduction

Cybersecurity is a growing field in high demand; however, many estimates predict a shortage of approximately 3.5 million qualified cybersecurity candidates by 2021. This shortage is leaving many companies vulnerable to data breaches, ransomware, and other cyber-attacks.  To address this shortage, the SANS Institute offers a program to help fill the impending cybersecurity skills gap.  They created a CyberTalent immersion academy to introduce veterans to an intensive, accelerated training program.  The CyberTalent academy provides veterans with world-class SANS training and corresponding GIAC certifications to help launch a cybersecurity career.  These immersion academies are 100% scholarship-based and no cost to participants.  This write-up documents my acceptance and journey through the SANS VetSuccess immersion academy.  I hope this information finds its way to other veterans who can use this excellent opportunity to assist in their transition from active duty to civilian life.

Eligibility Requirements

• Transitioning service members not more than six months away from separation.
• Veterans with less than five years out of the service. Veterans cannot be working in the information security field or have prior work experience from the information security field outside of the military
• Active duty spouses not working in the information security field or with prior work experience in the information security field.
• Must be a U.S. citizen or Permanent Legal Resident (Green card holder).

Application Process

The first step in the VetSuccess Academy is taking the SANS CyberTalent enhanced assessment test.  The test is an aptitude test to discover a candidate’s ability to learn Cybersecurity fundamentals.  The test itself is not difficult, but like many aptitude tests, you will not know if you are doing well nor will you receive your results.  SANS will utilize the results to determine if they will offer you an invitation to apply.  After completing the assessment test, there will be a wait until the application window closes before finding out if you qualified.  If you do qualify, you will be asked to apply to the academy formally. The formal application processes required:

• An application form
• Current Resume
• Copies of College transcripts
• Copy of DD-214 (At the time I did not have a DD-214.  I submitted my statement of service instead)

You then have five days to apply.

Following your application submission, you wait for a couple of months until the submission deadline closes. If your application is accepted, then shortly after the period ends you will receive a phone call from the CyberTalent admissions coordinator to schedule a phone interview.  The interview process was semi-casual and lasted approximately 30 minutes.  The interviewer asked about my current experience, interest in cybersecurity, hobbies, and what I do to learn about cybersecurity topics.  Approximately one week later, the admissions coordinator notified me of my acceptance into the academy.

Experience

The first required class was SEC401: Security Essentials, which was taught boot camp style via live instructor training. Keith Palmgren instructed my SEC401 class.  Keith is a talented instructor, with a vast amount of experience in the field.  His experience, coupled with his relevant stories regarding the materials, kept the boot camp entertaining and exciting.   Following the six day boot camp, you’ll receive access to the SANS self-study .mp3s with Dr. Eric Cole teaching the Security Essentials class.  I found having sat through the live class with Keith and then listening to Dr. Cole provided two different perspectives on the materials and assisted in learning the core concepts.  After successfully obtaining the GIAC GSEC certification, you then proceed to the SEC504 course.

The second required course is SEC504: Hacker Techniques, Exploits & Incident Handling. The SANS On-Demand platform provides this class and the instructor was John Strand from Black Hills Information Security.  Not only is John a leader in the information security field, but he is also a phenomenal instructor.  John relies on his extensive industry experience to inform the student about historical attack trends, present day attack techniques, and his future attacks outlook.  John’s instruction provides in-depth insight into the incident handling process and future employment expectations.  Another fantastic aspect of SEC504 is the course USB, which contains recorded live demos of every hands-on lab listed in the course books.  The live demos are invaluable for someone working at home that may not know what to do. Additionally, John maintains a mailing list for students of this course to update them as the material changes.

The SANS On-Demand platform provides world-class training content.  John recorded portions of his material in the SANS On-Demand studio and the remainder during a live class.   Although you lose the ability to ask John questions directly while taking the on-demand training, SANS makes up for that by providing Subject Matter Experts (SME) to chat with at specified times, during which you can ask them any questions about the material, VMs, or CTF events.  They will go out of their way to help you without giving away the exact answers, much like an instructor would in class.  The SMEs bridge the gap between online learning and live classroom training.  I used them more than a few times, especially when working through the SEC560 final CTF problem.

After passing the two required courses, you can choose a third course as an elective. The following courses are available as:

• FOR500 : Windows Forensic Analysis
• ICS410: ICS/SCADA Security Essentials
• SEC501 : Advanced Security Essentials, Enterprise Defender
• SEC503 : Intrusion Detection In-Depth GCIA GIAC Certified Intrusion Analyst
• SEC511: Continuous Monitoring and Security Operations
• SEC542 : Web App Penetration Testing and Ethical Hacking
• SEC560 : Network Penetration Testing and Ethical Hacking

I choose SEC560: Network Penetration Testing and Ethical Hacking taught by the one and only Ed Skoudis.  Ed is a titan in the industry and if you are looking for an example of someone passionate about information security, then look no further than Ed.  This course takes all of the critical tools from SEC504 and exposes the student to a more in-depth knowledge of how each tool functions, how it’s configured, and some of their real-world practical applications.  It will take you from a fundamental understanding of these tools to an intermediate-level knowledge of them.  Not only are there 30 hands-on labs for this course, but there is a hidden CTF, and a final in-depth penetration test CTF to complete.  The final CTF is worth the price of admission.  It tests all of the skills and tools you have learned throughout this course.  The skills developed on the hands-on capture the flag event are paramount for passing the certification exam. At this point, the student has moved past theoretical knowledge of these tools and into practical application.  To achieve the GPEN certification, you’ll need to understand how a tool works, how it’s configured, and in what way you would use it to be successful in a real penetration test.

Time Commitment

The Academy is fast paced and students are expected to complete all of the course work and certifications in approximately four months.  We were allotted five weeks per course to complete it and take the corresponding certification exam.  The majority of my cohort were still on active duty or currently working and I was on terminal leave. During most of the academy, I was able to commit five to eight hours a day. However, during SEC401, I was enrolled in three online college classes plus a single parent to three kids while my spouse was deployed. According to the VetSucces website, it takes most students 80 hours to prepare for one GIAC certification attempt. Moreover, the Academy’s requirements are challenging, but the students success is achievable with proper time management.

Cohort

Each VetSuccess student is assigned to a cohort for the duration of the academy.  SANS provides each cohort with a mentor.  Your mentor schedules weekly conference calls to discuss your progress, any issues understanding material, and advice on future courses or industry topics.  Additionally, SANS generously provides a career placement specialist to assist in your transition.  The career placement specialist will critique your resume, help with your interviewing skills, and reach out to industry contacts for jobs in your area.

Final Thoughts

The SANS VetSuccess Academy is a phenomenal program for transitioning veterans looking to break into the cybersecurity field.  This immersion academy exposes you to the latest tools, trends, and information, as well as provides access to current and relevant leaders in information security.  In the end, this academy has provided endless opportunities, and I can not say enough positive things about it.  SANS goes above and beyond to assist veterans, and I highly recommend this program to any veteran looking to transition into the cybersecurity field.

https://www.sans.org/cybertalent/seekers

If you’re a veteran interested in Cyber Security, consider joining our Slack channel.