Breaking into IT: From first job to advanced certs with CompTIA

Chris Sienko: Hello and welcome to another episode of the CyberSpeak with Infosec Institute podcast. For today's episode, we'll be rebroadcasting a recent webinar entitled Breaking into IT: From First Job to Advanced Certs with CompTIA. Today's presenter is Teresa Sears, senior director of certification products for CompTIA skills certification. Later in the program, she'll be joined by Christine Tuttleman, a business information security officer, CompTIA subject matter expert and member of the CompTIA advisory committee. They'll discuss job opportunities in the IT sector, CompTIA certifications, and career pathways, and landing your first IT job and transitioning into new roles. Just as a reminder if you'd also like to see this webinar as it unfolds including presentation slides you can find it on our YouTube page by searching InfoSec Institute and visiting our YouTube channel. This webinar is about an hour-long so without further ado here are along with moderator Camille Dupuis, CompTIA's Teresa Sears, and Christine Tuttleman.

Teresa Sears: So the way this will work is I'll talk a little bit about some of what CompTIA sees as ways to think about IT careers and to enter into the field and then we'll take a few minutes at the end to talk with Christine about what this actually looks like on the ground. How she started her career and got to the point where she is now. So we'll have a little bit of a presentation and then wrap it up in more of a more informal chat if you will with Christine.

Christine Tuttleman: So to get us started, one comment that we often hear at CompTIA is from folks who tell us something or who ask us something along the lines of I want to get into IT but I'm not sure where to start. Maybe I should look at a networking class or take part in a hack-a-thon. What are these coding classes and boot camps that I keep hearing about? Is that the place to start? Should I just sign up and take CompTIA certification? Do I have the right background for that? Help! Where should I start? What kind of resources do you have available for helping me tackle this question about how do I get into an IT career? How do I start? How do I separate the signals from the noise?

One revealing I think aspect about these questions is that there are so many different types of roles that fall under the umbrella of IT. You've got database administrators, software developers, network engineers, storage administrators, IT support, data scientists. The titles and roles go on and on literally for pages when you look at it on a printed list. So I think it can be especially challenging if not impossible to narrow down what your own scope of interest is without knowing and having some way of thinking about the different options. Now sure you can research and read and Google until you're blue in the face. Hundreds of different types of job roles but I think sometimes at least speaking from personal experience when it comes to Googling you just end up with this pile of information and even more questions about whether or not you have the complete picture.

How these things from disparate sources can fit together and that's where this concept of an IT framework can really come in handy. This framework is something that CompTIA's research group conceptualized and they did it in order to help us. Us being our members as well as CompTIA internally or the staff, to really help us get our arms around what is IT? What do we mean when we say that? What are the core functions provided by an IT group? For the purposes of today, I thought let's use this framework to talk about what and where the jobs are.

So let's take a look at these four pillars or functions of IT. You see here on the slide infrastructure development security and data. So infrastructure really refers to the systems that provide the foundation for business operations. It's really the technology equivalent of an organization's plumbing, heating and cooling, electricity. That sort of thing. So things like networking, core applications support, systems administration. Those are all functions that fall within this idea of infrastructure.

The next big pillar is development. Development is really it's the creation of software that enables workflow and drives automation. So what does that mean? It's not just something that happens at your Microsofts and your Googles. This function exists across most if not all organizations large and small and in a number of different industries. Website development, for example, would fall within this pillar and the support of that website. If you think about even some of the smallest organizations that are out there would have that and they need this development function to manage that.

Security is the third pillar that we are going to look at and this is really the technology but in addition to the technology is the processes and the people and the education that they needed for safe operations. Security roles I know we'll talk a little bit more about this when I chat with Christine in a little while here but security roles often touch on all three of those three legs of the security stool of technology processes and people. Now different roles might emphasize one of those three more than the other depending on the role. For example, someone in a compliance-focused role is thinking a lot about the process but they're also thinking about technology and people but the emphasis might be on one of those three pieces of security.

Then the final pillar in our IT framework is data and this refers to the management and analysis of information to provide insights. Within the data function, something like a database administrator might sit on the overlap almost between data and infrastructure but that's a role that is in that bucket. Storage administration is another one. Folks really focused on how to collect, store and access data, but it also includes data analysts, data scientists. Those analyst kind of data crunching roles which have a long history but I think in recent years with the explosion of data available to crunch those have been getting a lot more attention in the media. We're seeing a lot more programs focused around those types of roles. Security, together with security I think those data analytics roles are some that you've likely read about as being real challenges for employers to fill. Both of those areas I think have well-documented demand for them that it frankly exceed the available supply.

Looking within some of these roles and I mentioned a little bit of this within the data you have database administrators and analysts. You've got folks specializing in visualization. Those are some of the roles you'll hear about that fall within this pillar. In the security area, I mentioned a compliance person. Someone focused on process management are some of the roles you'll see in there. Penetration testers, security analysts fall within that pillar. Within development, you've got web development, application development, business systems types of people fall within these development roles. Then within infrastructure system admins, network admins, help desk, IT support. I think within this framework and the framework does offer a convenient way to think about IT functions and the job roles that are part of those functions. It gives us some idea of the what but it doesn't other than me saying there's a lot of demand for that, it doesn't really... The framework itself doesn't really address the need. That's really the demand, the need for the job role. That is what's related to the opportunity.

So for example, are there some areas within the four functions where there might be more opportunity than others? Are any of them better future-proofed against things like rising automation? Where does the most opportunity exist if I'm interested in entering into an IT career? So let's take a quick step back and then talk about the opportunity within the IT field. You've got a few quick factoids here about IT in the United States. There's a huge number of people employed in technology 11.5 million and that number includes people directly in technology roles but it also counts those in non-technology roles working for tech companies. So if I'm in marketing at Google it is counted in that number but we're really going to I think zero in on those technology roles for the most part when we're talking today.

A couple of other factoids 2.8 million postings, technical occupation job postings last year. So lots of people hiring into these roles and it's increasing about 2% a year over the last year. If we look at this and layer over our idea of the framework let's look first at development. So when we're looking at development let's talk a little bit about software and web developers. Software developers and web developers account for 1.3 million jobs in 2017 with an expected growth rate of 3%. This is by far the largest single group within that 11.5 million number. Software there's that famous quote from Mark Andreessen about software eating the world. It really is a driving force in both the tech sector and within the broader economy. CompTIA in our research group doesn't really see that trend changing any time soon and because of that this demand for the software development skillset it's going to continue to grow and will continue to be one that is in significant demand.

Now beyond software, the next two largest areas for jobs fall within the infrastructure and cybersecurity areas. You can think about core infrastructure jobs liking network architects and administrators and IT support those represent 742,000 jobs with growth close to 2% expected. So another I guess large opportunity offered by jobs within that pillar and then another pillar, of course, is security and we hear a lot about the need for security skills and that is that grouping represents the third biggest area of opportunity within that 11.5 million folks employed in technology. Just looking at security analysts as an example there's 690,000 jobs for security analysts and that's also expected to grow at a rate 3% and I think that's over the next five years.

If you are curious about what some of the opportunities are by job role and actually for that might be specific to your states CompTIA does publish a Cyberstates report. It's referenced at the bottom of your screen here www.cyberstates.org. It is free for anyone to access and check out what things look like in their state. So if you are concerned about that or maybe if you're working somewhere where some of that information might be useful please I invite you to take advantage of it. So I think there are definitely some jobs out there, are they worth having? Is there any future in them? Addressing the question about are these all going to be automated sometime in the very near future.

So let's talk about a few things that might make them worth pursuing I think one key thing might be good pay. You look here on this graphic and there's a pretty decent premium paid within the tech industry and again when we're talking about the tech industry we're talking both about tech jobs across industries as well as non-technical jobs within a technical company. Now would someone entry-level be walking into a job and making $113,000? No. And there's really no standard payments for every single tech job. It's going to depend on the demand for that particular skill set. It's going to depend on the level of experience. Entry-level folks are not going to make Mark Zuckerberg money. Most of us don't make Mark Zuckerberg money. We would love to make Mark Zuckerberg but I think no matter how well funded a startup might be an entry-level job role is going to make a nice healthy salary but it's going to be I think depending on the role somewhere between where this blue line starts and where this yellow line ends.

That's because there is such within organizations there is such an incredible need for technology and because of that corporations, governments, they're willing to pay for the talents if the talent is out there. I think that kind of pulls the scarcer resources, the more money it can command and we see that with job skills frankly. So good pay is one reason to... If you're still on the fence about an IT career. I think another one that I would put out there is IT careers aren't tied too strongly to geography. Now you could argue well what about all those people in Silicon Valley in the big metro areas on the East coast but part of the beauty I think of a technology career is we're really spoiled when it comes to identifying the type of business you might want to work in because every industry consumes IT services. It's true of healthcare. It's true of automotive, travel, education. You name it we are consuming IT services across every industry.

So I think that makes it much less tied to geography than many other careers. Every industry needs tech workers so there are going to be IT careers of different sorts which opens up I think the possibility for career mobility as well as lateral moves across those four functions. The field keeps changing. That's probably another thing I think that makes an IT career pretty appealing because it keeps changing new opportunities arise. New technology creates new job roles and transforms existing ones. So some emerging job roles I swear it seems like sometimes they've taken words and combined them in new ways to make new job titles. I like machine learning trainer that's one of my favorite new ones. Turns out machines need to be taught too. Maybe not quite like the way people do but they do need that input and there are some others on this list of emerging job roles that you probably recognize already. Full-stack developers have been around for a few years now but some other ones on here are coming up in terms of being referenced on job ads a little more frequently.

So I think if you look at those three things that can make an IT career pretty appealing the good pay, the lack of being tied to a specific geography, and then just the fact that the field keeps changing which can be both a positive and a negative but I think in the sense that there's always a new avenue for growth I think and for learning and taking on new responsibilities makes it appealing. If we think about these trends too and overlay the idea of again back to our framework with our four pillars you look at something like cloud and how that changes jobs. I think sometimes the knee jerk reaction is to think, "Oh, there's a new technology it's going to create a new job role." That's not what we see playing out typically when we look at the job roles and how they're created. Looking at something like cloud six, seven years ago cloud wasn't really a factor in most of our certifications as an example. Now you see it in A+, you see it Network+, you see it in Security+. We now have a Cloud+ and the reason for that isn't because we got on the hype train it's because as these technologies like cloud were adopted by organizations it transformed the job role.

So just looking at something like if I'm in an infrastructure career this would be someone who is a network admin who is a systems admin, an architect something like that. Having cloud brought in as a technology or wanting to use cloud might make someone in that role think about or take on responsibility for workload balancing. Most folks, most organizations are using some kind of hybrid environment where some of their workloads are on cloud systems be they public or private. Some are on-prem. How are we balancing that? What skills as someone who's responsible for making sure that we've got the compute power necessary to run our business, what do I need to know about cloud and how to balance the workloads across our different systems?

Similar thing in the other pillars, if I'm in security if I've got things in the cloud how are the applications and data secured? What does it give us if we're in development can we do things faster? Can we get tests and production environments up faster than we could without the cloud? In data does having these resources help with consolidation and analysis? It's really not in many cases the creation of new job roles. Those come along much more slowly but its in the transformation of some existing job roles.

Same thing I think can be said for the internet of things just as another example similar to cloud. In the infrastructure sphere of influences, you've now got one of our subject matter experts called them dongles. These things now hanging off your network that you have to be concerned about. How am I going to support those? How am I going to secure them? From the development side, it's how can I make sure that they can communicate with one another. Within the data pillar, a similar thing of how does the data from these devices flow into existing data sets? Do we have enough storage and can we make sense of all this data with the tools and the skillsets that we have in place now?

So these are some of the ways that new technology is transforming existing technical roles. I talked about some of the new roles that were emerging there is still yet believe it or not a third category and that is existing non-IT roles that haven't traditionally required technical skills now do. 82% of these so-called middle-skilled jobs now require technical or digital skills and I think not to belabor the point more than I already have but the bottom line point is really the bottom line on this slide is technical skills are the gateway to career advancement.

So what are some of the ways you can get on this pathway to an IT career that has these options and opportunities for advancement? This is one way I think of looking at an important I think and well-known entry point into an IT career and that's really looking at a tech support role. So tech support can be a launching pad to a variety of IT specializations and full disclosure here in addition to leading CompTIA's product management team I am also the A+ product manager and have had that role for the last five years. So this one is an entry point that's kind of near and dear to my heart but I do feel strongly that technical supports opens up pathways to other roles based on what team is being supported. This graphic here if you think about this foundation level being a tech support role and you get into that role by acquiring the skills that are consistent with the A+ certification. Getting them validated with A+ but then you could be in a role supporting any number of different teams.

Maybe you're supporting a security operations center. That opens up this pathway to these other uniques roles. I think it bears mentioning that tech support is often the first line of defense. Tech support people are often triaging different things that come across their screens so to speak. Think about it even from a user perspective you have something that you think might be a phishing email you typically don't go to your senior-level security analyst with it. You go to your help desk. You go to your tech support people and ask should I be worried about this? It's that tech support person who needs to be able to evaluate that and figure out what to do with it. So there is the opportunity there to go along that path.

A similar thing with network operations. You're supporting a network admin team or a system admin and that opens up pathways to advancement in those areas to further specialization in those areas. Then even in applications support maybe you are supporting some kind of ERP, enterprise resource planning system like an SAP or something like that and that could open up frankly some pathways you might not necessarily think of as pathways from A+. Things like a systems analyst or an operations specialist could be a pathway to that type of role could be charted from a technical support role. You see this I think playing out within the industry frankly and as a reflection of that within the CompTIA certification portfolio. Looking at something like A+ we do cover, yeah, of course, we still cover hardware and have for a long time but the focus there is on infrastructure support and that includes endpoint management.

You can't support the endpoints without understanding them. So know endpoint management device connectivity, basic networking, that tech support role too if you're looking in a machine and you find something with a dotPY. You have to know a little something about scripting because you don't know is that's something I need to worry about as something that might do damage to this machine and to these systems I'm supporting. Or maybe it's just a login script of some sort. So a little bit of understanding around scripting is something that surprises most people that its included in A+. Looking at data storage, looking at log files frankly is another skill needed in tech support and that's really a gateway to understanding data analytics. Security, of course, is a key part of that role and as is understanding software, supporting software. A number of different... You might have to support phones, tablets, Macs, PCs. So a grounding and the ability to understand and find and troubleshoot I guess issues in any number of different systems is an important skill in that tech support role.

So looking at it from the perspective of CompTIA certifications as well we really have... Our certifications are set up to help guide career advancement through these different pathways whatever they might be. From establishing core IT skills with A+, Network+, and Security+ to specialized pathways in infrastructure whether you're wanting to focus a little bit more on systems administration with a combination of Linux and server. Then advancing up through Cloud+ these are ways that you can further your career once you of course with these once you have added on some experience in real-world expertise. Cybersecurity is similar in that there is a pathway of progression here from these core set of skills. That's really these two areas, in particular, going back to our four pillars. CompTIA certifications are really focused on that infrastructure pathway and that cybersecurity pathway. There are overlapping areas I think in data and development but we're really looking at that support role as the entry-level role and then moving up perhaps into network administration, systems administration, security specialists types of roles.

I think with these core certifications in particular thousands of CompTIA alumni have followed this pathway of A+, Network+ and Security+. They have followed that route and found significant success in their IT careers and fortunately one of those alumna, alumnae I'm never quite sure how to make that singular. One of those alums, how's that, has graciously agreed to talk with us about her career journey. So joining us today is Christine Tuttleman. She can talk about... So much of what I've mentioned over the last half hour or so is kind of the how's and why's of establishing a career in IT. I hope all of you on the phone have found some useful tidbits in there but what I've talked about has been somewhat abstract. It's what it's like at most companies for most people. In contrast Christine I think is going to talk to us a little bit about how it has really played out for her. So first I would encourage all of you on the phone if you have a question that you'd like to ask or please post it in the Q&A window and we'll try and get those as well. So Christine welcome and thank you so much for joining us today.

Christine: Thank you I'm happy to be here.

Teresa: Great and I should mention Christine is a real trooper today. She has got one of those awful fall colds so thank you again for coming to join us even with the nasty cold.

Christine: No problem.

Teresa: I know Christine because she serves on the CompTIA subject matter expert technical advisory committee which is quite a mouthful. So internally we just call this group our super SMEs and we call it that because they're really the best of the best in terms of the depth of their expertise and their willingness and ability to share it with us in shaping our certification exams. Christine's just a fabulous example of that. She's got numerous certifications from CompTIA and others. She's got her mastery level CASP or CompTIA advanced security practitioner certification which is the highest level certification that we offer. She also holds a CISSP. So Christine for those who are madly Googling your LinkedIn profile right now you identify on LinkedIn as a business information security officer for DST Systems. Would you mind sharing with us a little bit about what that means and what your day to day these days looks like?

Christine: I have a very broad range of responsibilities, one of my core responsibilities is policy write and review. I also ensure that the annual security training is appropriate and it gets launched on time, it meets the requirement for our company for both regulatory and compliance needs. I coordinate all of our phishing exercises. I serve as a liaison between the security department and the business units. Our business units' comprised of everything from the network team, developers to client relation teams. On top of that, I have to take our security initiatives, our projects, our goals, our audit findings and I have to be able to translate those into a language that our non-security people can understand and they understand why it's important and why they need to get these things done.

Teresa: So it sounds like you really cross those three... I don't know if you can cross three pillars but you really have responsibility for the people, the processes, and the technologies when you're thinking about your role in security.

Christine: That is completely correct. I interact with everyone from people who are on our help desk to our senior directors of networking to our compliance and legal teams then.

Teresa: Okay. So it's an interesting role and I always... The security roles are fascinating to me. One of the things that we struggle with at CompTIA is people hear so much about security and they know that these jobs are out there and they want to get into it right away. We look at that our core skills the A+, Network+, and Security+ and people oftentimes want to jump right into Security+ and we always try and council people, well, you want to know what you're securing before you enter into that security role. How has that really played out over the course of your career? How did you get to this point? Are we off the reservation in suggesting that it's difficult to walk right into a security career?

Christine: No, I think that's entirely accurate and the most respected security people that I know, that I've interacted with they are all the ones that have the technical background before they go into security. They understand how systems work, how things inter-operate and that really gives them that solid bases that they need to build upon to be able to secure those items.

Teresa: What about from your own personal journey how did you get started in this area and what kind of pivots within your career did you... How did you navigate that? How did you manage to do that?

Christine: Well, I got started before you guys had the CompTIA framework. So unknowingly I actually followed your exact framework that you just laid out. I started my A+. I started with a help desk job doing the grunt work down in the trenches dealing with angry people who... The entire Internet's broken and from there I went to a network role. I did that for several years and from there it was a natural transition into security because a lot of security and networks ideals overlapped. So security you're locking things down. You're making sure everything is secured. With networking, you're enabling that flow of data back and forth. So knowing how those both interact that really forms a solid basis.

Teresa: So you kind of made that... You're kind of the textbook example of really understanding what it is that you're securing before moving into that security role and mastering those skills first and then moving into it.

Christine: Yeah. That's correct. If you don't understand the basic stuff that you learn with the A+ and Network+ type of thing it becomes really hard to be effective as a security person because security has to walk that fine line between secure and accessible. You get great ideas about locking stuff down and making it super secure but if you stop operations you're definitely getting more [inaudible 00:41:39].

Teresa: Sure. Yeah. You don't want to become the department of no. So switching gears here a little over the course of your career you've earned quite a few certifications. I won't try and peg the number of them but I know that you've got quite a few of them. Can you talk a little bit about what motivated you? So once you had your A+ why not just stop there? What motivated you to continue to earn some more and continue to pick up additional certifications over the course of your career?

Christine: In the IT field, it's very apparent that you have to keep learning, you have to keep developing new skills, you have to keep expanding your knowledge for that to be effective and over time I found that getting new certifications that have been an excellent way to do that. If you get exposed to new subject matter and then you get that piece of paper that shows hey, not only do I know this but I can demonstrate it and that certification always gives more value to you as a person. I've never had anyone look at my certifications and say, "Oh." It's always been, "Oh, wow!" It's always been value-added.

Teresa: It seems like one of the things necessary for an IT career really is that love of learning and that interest in that pursuit of new skills would you agree?

Christine: I think that's completely true. I mean IT doesn't stand still you can't just learn one skill and think you're set for the rest of your career. You have to keep learning things, keep changing and you have to keep up with it.

Teresa: If that's one of the things that you like about IT what are some other things? Are there that kind of help you get out of bed and out the door even when you've got a terrible head cold?

Christine: Well, personally I enjoy working with people in my role. I get to work with an amazing cross-section of people. Like I said everything from the help desk to our legal team to compliance to... It's just wonderful being able to meet so many [inaudible 00:44:12] people and then being able to get them to work together to meet a common goal. Now because of information security a lot of times we are restricting the access, we are securing things. Sometimes initiatives aren't exactly met with open arms, sometimes there's resistance. People aren't too crazy about change but it's always a great feeling when you're able to work with them, you're able to [inaudible 00:44:39] and the person who was highly resistant at first is suddenly one of your greatest champions.

Teresa: Yeah. That would be very satisfying I would think.

Christine: Yeah. It is.

Teresa: So final question here before I turn it back over to Camille. Someone starting out in an IT career what kind of advice would you give them?

Christine: I think the best advice you could ever give is to never stop learning. Always be looking for something new to learn about. Always be looking for new skills to add. You can find stuff to do online. You could read blogs. You could read even Reddit and learn more about information securities. Learn more about technology but then you need to take that knowledge you get and you need to step outside of your comfort zone with it. Whether it's getting a new certification that demonstrates you've learned something or even finding a new job. You have to be willing to step outside and go to that next level.

Teresa: Great. Yeah. Just I think that's great advice for all of us no matter stage of the careers you've got to be willing to take that first step. That's often the hardest one to step outside and embrace the change so to speak. Great. Well, thank you so much, Christine. I am going to turn it over to Camille. I think there have been a few questions and maybe she can help us field some of those if we've got a little bit of time for questions.

Camille DuPuis: Yeah. Absolutely. Well, thank you ladies both so much. I know this was just really helpful for the audience to have someone who really knows a lot about CompTIA's content and their offerings. And then as well as someone who's really utilized it and involved in their career with it. So just want to thank you both again for helping us out here. We'll get to questions in just a minute. We have some great questions rolling in. My colleague Jeff and I are impressed by some of the cool stuff people are asking and if we don't get to all of these questions I know we're going to get a little short on time. We'll have someone follow up with you to make sure that we can help you all out today.

But if you are thinking about a course wanted to touch real quick on InfoSec Institute's offering. So we have a couple of different ways you can train and we offer the certifications discussed today from CompTIA. So we have some really great options. We have industry-leading pass rates and a variety of formats that can fit how you learn best and fit with your schedule and take award-winning training anywhere from your favorite device. Some really great options. Wanted to mention that we are an authorized CompTIA training partner and learning from us you'll have instruction from people with at least 10 years of industry experience and one of the really cool things we offer is the exam pass guarantee. So that means if you don't pass your certification exam on the first try we will go ahead and pay for that second attempt for you.

Then for October, we have a little bit of a cool special going on. So you'll get access to 90-day video replays of your lessons should you choose to train with us. So this is great for reviewing that material. I mean Christine just said, never stop learning. A great way to review some of that material and practice and go back on certain sections so a really nice offer but as I said let's move onto some questions while we still have our experts here. So some really interesting questions rolling in. I think the one I'd like to start with is thoughts on getting advice or thoughts and advice on getting experience before you take your certification. So I thought that was an interesting question.

Teresa: Yeah. That's one and Christine please chime in here having done this I think but some of the things that we have seen volunteer work is one of them. Also if you are at any kind of post-secondary situation, schools often run a help desk to offer support. Christine or was someone trying to chime in there? Did you have something you'd like to add on to that?

Christine: Well, what I can tell you what I've seen before is often people take an entry-level job and while they're doing the entry-level job they'll start studying for certifications. They'll use it to get their foot in the door for A+ or Network+ and it really helps to have that real-world experience alongside the certification.

Teresa: Yep. Yeah even taking on a role that maybe is more customer service focused can also be a big differentiator when you are looking for that first technical role. Sometimes there is that first line might be more of a customer service type of role and that can open up as Christine suggested some avenues to moving into a more technical role once you earn the certification.

Camille: Sure. Kind of piggybacking off of that we have some people asking what is the background or what is the experience that a lot of people have going into some of these certifications? Maybe they're looking to think make a career change or something on that order. What would you say is a knowledge you need to have to get into some of these certifications and understand them?

Teresa: Sure. It differs by certification when you look at something like an A+ and A+ really validates skills that are equivalent to someone with nine to 12 months of hands-on experience. That is our first certification that really is targeting people with not much on the job experience. So some folks do take that within a training or education setting and the hands-on experience is thing maybe they do with a lab setup at home or the hands-on is part of a lab requirement for a course that they're doing. As we move up or progress through the pathway of certifications the experience requirements get higher. So something with a Network+ you want to have some kind of on the job experience even if it's pretty early on if it is that entry-level role like Christine had mentioned. Once you get into things like cloud and our mid-tier security certifications you want to be an early career IT pro. You want to have some on the job experience to really get what I guess you're studying in the skills and that you're validating and to then use those certifications to move into these roles.

Camille: Sure. Perfect. I think that helps answer a few questions we've had of looking at... Since there's so many options looking at the courses and the certifications, excuse me, kind of as a pathway I think helps to build on that knowledge slowly but surely. So I think that answers a few of the questions we have coming in. Maybe, Teresa, you could talk a little bit and Christine a little bit too on what does the exam format look like for these? How does the exams work and how long are they? That kind of thing maybe.

Teresa: So each of the certifications differs in length. I want to say most of them are between one and two and a half hours but it will differ by certification. CompTIA does have a hybrid approach to examination meaning we have both closed response and performance-based components. So the performance-based component would be a simulation that asks you to complete a task. Closed response item would be like a multiple-choice or even some forms of drag and drop. The other thing that I would say about format is when you're looking at our certification objectives you'll note quite a few objective start out with the phrase given a scenario. What that really means is candidates are expected to be able to apply knowledge and skills within context. So problem-solving and the ability to troubleshoot I think those are skills demanded by employers and part of the reason for specifying the given a scenario format is a way to make sure that the problem-solving and that troubleshooting can be performed within the context of a technical problem. So I guess to wrap it up we've got performance-based and closed response and then across both of those we have this idea of scenario-based items and really applying your knowledge within the context of technical problems.

Camille: Sure. One question, we'll wrap up with real quick here. Thanks again for submitting questions, everyone. It really enriches the presentation when we're tailoring it to what our audience is interested in. So wrapping up here could you maybe give just a few more little examples of some entry-level roles besides maybe the help desk that we kind of touched on earlier? What roles is someone with an A+ or a Network+ certification, what kind of titles are they thinking about?

Teresa: I think help desk as you mentioned is a big one. Technical support is another job title. Some earlier career, earlier level network administration and system administration type of roles with those I think folks have to look at what experience level they're looking for because it will vary. Christine, did you want to add anything on there? Those are the big ones that we see within our certifications are the admin roles and then IT and network user support.

Christine: I will tell you that one of the security people that I have known that I'm most impressed with he actually started out as a security guard for a department store and he took that job role and he was able to pivot into an information security career from there. He had the right mindset down. He had people still... He is just one of the most impressive individuals I have known. So sometimes that-

Camille: I love that.

Teresa: Yeah. That's a great anecdote. Thank you for sharing that. He's got that physical security piece down for sure right?

Christine: Yeah. Yes. Definitely. And the people skills that's very important.

Chris: Thank you all for listening. Please visit infosecinstitute.com/cyberspeak for a full list of our other podcast episodes. If you'd like to qualify for a free pair of headphones with a class sign up, podcast listeners can go to infosecinstitute.com/podcast for a free offer. And if you'd like to try our free security IQ package which includes phishing simulators you can use to fake phish and then educate your colleagues and friends in the ways of security awareness visit infosecinstitute.com/securityIQ. Thanks once again to our guests Teresa Sears and Christine Tuttleman and thank you all again for watching and listening. We'll speak to you next week.