In this article, we cover the most important classes (from our point of view) that should be in any good cybersecurity training or college program. To see our article on the difficulty of cybersecurity degrees, go here. You can also take a look at our article on whether you need a degree for cyber here.
In every study curriculum, some classes are more important than others. That’s not to say that all of them aren’t important. One of the interesting things about getting a degree is that, the deeper you go, the more you begin to realize how much everything you’ve learned sticks together.
Ready to Start Your Cybersecurity Career?
Get my FREE 5-part series "Strategies for New Cyber Careers". These strategies can help you get your cyber career started. I'll also send you my weekly newsletter every Wednesday with resources that every cyber professional needs to know.
Depending on what university or college you attend, an overall curriculum can vary—some schools require ethics, cyber policy, operating systems, and intense networking classes. But there are a few courses you’ll have to take no matter where you go.
These are the foundation courses that you’re probably going to be building on for the rest of your career.
What are the most important classes in cybersecurity? The most important classes in any cybersecurity program are almost always focused on the topics of Linux, Python, networking and network defense, ethics, and communication. Prospective students looking at college cybersecurity programs should verify that their intended program has coursework in all or most of these areas.
Let’s take a look at the five classes that are the most critical in your future career.
Most Important Course #1: Linux
Every cybersecurity program should require students to complete at least an introductory course in Linux. If your program doesn’t, there’s something very odd going on. Linux is just too powerful a tool for cyber professionals to not understand (we cover how hard it is to learn Linux in our article here.)
For instance, if you can use Linux you have access to Kali, a Linux distribution designed specifically for cyber professionals (we have an article on the 7 things you need to know about Kali here). Kali includes some very useful programs for pen testers and security analysts, including:
- Cisco Global Exploiter – a program that allows you to attempt hacking Cisco-based networks (with the caveat that you are legally attempting to hack the system)
- John the Ripper – edgy name aside, this is a pretty cool tool for hacking passwords
- Burp suite – tests vulnerabilities in web-based applications
- Metasploit – a useful framework for pen testers and security analysts, allowing users to configure their own exploits
While many of the tools Kali provides can be run on other operating systems, the advantage of using Kali Linux (aside from the fact that it’s running Linux and is consequently less vulnerable to cyber attacks than a more popular OS like Windows) is that all these security tools are already installed and ready for use.
According to comptia.org’s article “5 Linux Skills You Must Master to Be a Cybersecurity Professional,” Linux “is the operating system used on most network devices and security appliances, including routers, firewalls, next-generation firewall (NGFW) devices, unified threat management (UTM) gateways.”
Summarily, if you’re going to be working in cybersecurity, you need to have more than a good grasp on how to work your way around a Linux terminal.
Most Important Course #1: Python
If you thought that getting into cybersecurity instead of computer science was going to save you from the wonderful world of programming, think again! (Although honestly, programming is amazing and you have no right to complain).
For a student with no experience in programming or scripting, Python is a great place to begin. Python is one of the few scripting languages whose syntax is user-friendly, meaning that instead of mysterious and seemingly alien keywords and formatting rules, you’re as close to writing in actual English as you’re ever going to get.
Whenever you start out in a programming or scripting language, usually the first program you’ll be taught is a simple output program, “Hello World.” All the “Hello World” program does is display the text, “Hello World.”
This is the “Hello World” program in Python:
Run the program and you’ll get:
Now look up that program in any other language and see just how user friendly Python is.
But, you’re not learning Python just for its accessibility. Python is pivotal in professional cyber use. Python is a cross-platform language, meaning any cyber programs designed using Python can be run across multiple operating systems, whether you’re using a Mac, Windows, or Linux.
Python can be used in port scanning, packet sniffing, forensics, and other cyber-related areas. Because of its recognizability across platforms and its ability to develop powerful cyber tools, it’s quickly becoming one of the most in-demand scripting languages for cyber professionals. See our article on the usefulness of Python in cybersecurity here.
Most Important Course #1: Networking
If you’re serious about cybersecurity, you need to know computer networking. Why? Because most of the cyber attacks you’ll be facing will be over a network system.
Malware is downloaded from the internet, the internet is only available through a working network with access to an ISP. Denial of Service attacks are only possible because a network is reachable and not designed for a lot of heavy traffic. And hackers can only directly hack into a system if that system is available over a network.
Not having any internet access is the ultimate cyber defense, but for obvious reasons no internet isn’t always a practical solution. Especially for cloud-based networks, you need access to the internet at all times. For this reason, cyber professionals need to understand networks in order to defend them.
Arguably, a network is an organization’s greatest cyber vulnerability. Before you can defend a vulnerability, you have to understand it. You can’t fix something unless you know how it works. The networking class you take may seem irrelevant at the time if you don’t intend to be a network administrator, but believe me, you’ll soon discover just how much you needed it.
Most Important Course #1: Network Defense
Alright, alright, you probably think this was already covered in networking. It wasn’t. Just because you understand how a network functions doesn’t mean you’re at all prepared for the constantly evolving ways that your network can be attacked.
You need to be able to recognize irregular patterns in network traffic and know how to prevent users from accessing risky sites or downloading compromised applications. You also need to know what to do during a network-based cyber attack.
A network defense class covers a variety of cyber threats. Although it’s impossible for one class to review all types of cyber attacks, particularly since threats are constantly evolving and what might be the latest type today will probably be new and improved tomorrow, network defense classes offer a limited survey that will at least prepare you for what’s ahead.
The most thorough defense classes don’t just cover types of attack that are network-based. They also review social engineering attacks. Besides phishing, vhishing, and whaling, you need to be aware of the attacks that employees in an organization are vulnerable to, including tailgating and impersonation.
If you are aware of these types of attack, you can effectively protect an organization by educating non-cyber employees on what to watch out for.
Most Important Course #1: Ethics
With cyber defense comes a lot of responsibility. As a cyber professional, you not only have the ability to defend vulnerable systems but to attack them.
Sometimes, what others perceive as a cyber attack may only be a careless mistake on your part. Say you’re in a network class and you suddenly decide to take a closer look at a wireless access point. Maybe you see someone connected to the access point who hasn’t secured their device. You might be curious, but if you decide to see just how far you can go in accessing their device, you’re breaking the law.
It’s important to know what your limits are. If you’re interested in pen testing, you need written permission from your employer allowing you to try to hack their system. With that written permission you need to know what you are allowed to do, where you can attempt to go, etc.. If you do anything that hasn’t been agreed on, you could be in serious trouble.
In other words, you have all the skills of a professional hacker but you need to know when and where to use them. Respect other peoples’ property and make certain your role as a cyber professional is understood, and you’ll be fine.
Other Important Classes – Written or Verbal Communications
Your curriculum is going to be different depending on where you study. Another class that is often considered equally important to the choices mentioned above is a communications class, but communications isn’t always required. Communications in cybersecurity, while not a technical course, is very useful because of the high value that cybersecurity employers place on the value of the ability to communicate effectively. If your program requires a communications class or two, consider that a good thing.
Other Important Classes – Digital Forensics
Forensics is a slightly different discipline from the standard cybersecurity roles, such as cybersecurity analyst, but it is an intriguing field, and one that uses really cool and effective tools to capture and verify the validity of data. Digital forensics plays a huge role in our law enforcement community, especially related to computer crimes.
Many college programs will have an entire degree program just for forensics, but taking a single introductory course in forensics can certainly help you understand the other areas of cybersecurity.
Whatever classes you take, all are useful in your future cyber career. The classes listed above are only the tip of the iceberg in the skills and knowledge you will need in order to be an effective cyber professional.