Eric Magidson is a professor of Computer Information Systems at Central Oregon Community College who specializes in cybersecurity, networking, and teaching methodologies.
A summary of the episode
Magidson discusses the benefits of stackable credentials and degrees in cybersecurity, which allow students to quickly earn industry certifications like CompTIA A+, Network+, and Security+ while building a flexible, career-focused skillset.
He emphasizes the importance of hands-on learning and developing employability skills like communication, teamwork, and time management alongside technical skills.
He also highlights emerging trends in cybersecurity, particularly the growing role of artificial intelligence, and recommends his open-source textbook, The Password is Not “P@ssw0rd123” as a resource for students and prospective students interested in the field.
Listen to the episode
A full transcript of the interview
Steve Bowcut:
Thank you for joining us today for the Cybersecurity Guide Podcast. My name is Steve Bowcut. I am a writer and an editor for Cybersecurity Guide and the podcast’s host. We appreciate your listening.
Today, our guest is Eric Magidson, professor of Computer Information Systems at Central Oregon Community College. We’re going to be discussing building your cybersecurity career, practical skills, industry insights, and academic pathways.
Before we bring Eric in, let me tell you a little bit about him. Eric Magson is a professor of Computer Information Systems at Central Oregon Community College where he specializes in cybersecurity, networking, and innovative teaching methodologies.
With over 25 years of experience in IT leadership, workforce training, and higher education, Eric has successfully integrated, industry aligned certifications and hands-on learning into the classroom.
He is also the author of the cybersecurity textbook. The password is Not Password 1, 2, 3, and as you might expect, spelt with an AT sign and a zero for an O, and we’ll talk about that a little bit. And this book is dedicated to equipping students with practical skills essential for cybersecurity careers.
Eric holds multiple professional certifications and actively collaborates with industry partners to ensure students thrive in today’s rapidly evolving tech landscape. With that, welcome Eric. Thank you for joining me today.
Eric Magidson:
Thank you for having me, and good morning.
Steve Bowcut:
Yes, this is going to be fun. This is going to be interesting and I appreciate your time. I’m sure that our audience is going to learn a lot from this discussion. So as we like to do on this show, before we get into the topic, let’s talk a little bit more.
Let’s help our audience understand a little bit more about who you are and how you got to where you’re at. So your academic journey and or professional journey that got to you to where you’re at.
Eric Magidson:
Well, I think it’s important to actually go way, way back. This is if you would, the family business. My dad was in tech in Silicon Valley during the .com boom. He was a founder of a company called ZerCom that made the first network interface device using the parallel port computers.
And so between that playing zork on his computer learning basic programming, that’s really what started the love for this advancing. Anywhere I worked, I was always the computer person. I just had that natural knack for fixing things as computers entered industry and took that all the way into recording and utilizing pro tools in the studio, fixing pro tools or fixing the Mac that it worked.
But probably most important was I was a professional musician. I then wanted to solidify my career in tech and I knew that that was going to require a college diploma and some certifications.
Steve Bowcut:
Okay. So now this show is going to focus on your career as it relates to cybersecurity, but it sounds like your background is much broader than that. At what point did cybersecurity become an important element in what you teach or do?
Eric Magidson:
Well actually when I first started teaching, it was part-time in 2007 at Central Oregon Community College where I actually earned my first associate’s degree in computer information systems. And back then cybersecurity really wasn’t the focus. It wasn’t until early on 2010 that focus on security, right?
Starting with network security. And then of course we gave this title to its cybersecurity when viruses started impacting computers impacting businesses. So my focus really went there probably because I have a love for criminology and this was an option to thwart the bad guys without having to carry a gun, if you will.
Steve Bowcut:
Very good. I like that description. Alright, so thank you for that little background. So one of the things that I wanted to make sure that we talked about that I find interesting is this idea of stackable certificates and degrees. And this doesn’t just relate to cybersecurity, but speaking about cybersecurity and IT, tell us how that works at COCC, how do these programs help students build a flexible career- focused skillset?
Eric Magidson:
Well, actually it really works well, especially as you said, from a flexibility standpoint, because we have students that might come in and out of the educational arena, right? Become students at COCC then either want to go to work or need to go to work right before continuing that educational career.
So this means we’re going to be able to offer an associate’s degree statewide at 17 community colleges even if those colleges don’t have instructors. And stackable credentials are a key part of that in the fact that a student can come and take the first five classes within the degree and earn what’s called an IT support technician.
So they’re going to take those classes that’s going to lead to the CompTIA A+ certification and the start of the Cisco networking. And between those two classes, they’re now qualified for help desk jobs. So we see that students come in and out of the degree they may, like I said, maybe go get a help desk job so that they’re garnering that experience while they continue the degree.
So our whole degree accumulates into six stackable credentials, those being the IT support technician into the data center technician, a network specialist, a security operations center technician, security penetration tester, and then finally what we call the cybersecurity career professional.
And at that point, when you finish all those credentials, you’re also earning the associates in cybersecurity and networking.
Steve Bowcut:
Well see. I find that fascinating because of course on this show we oftentimes talk about the advantage of having these professional certifications and whether students should focus on that or if they should just focus on their more formal education and then worry about maybe getting some professional certifications later to fit a certain job.
But you’ve kind of flipped that on its head. So the two-year degree is really built around the students obtaining these professional certifications. Correct. Are you teaching to the test and that kind of thing, or how much support can the student expect to get in the classroom for the testing for these certifications?
Eric Magidson:
Well, from my instructional standpoint, I’m never teaching to the test. I’m teaching to the skills, right? Because you can take, say the CompTIA A+ certification, you can go out to YouTube and take Professor Messer’s course in a plus, which is absolutely wonderful video series, but it doesn’t come with that hands-on experience.
So I really am always trying to, even teaching online, providing that opportunity and requirements for grades to do hands-on work that aligns with what you’re learning. And as we know in this industry, especially in cybersecurity, it’s all about those certifications.
Steve Bowcut:
Yeah, yeah. It really is. When you’re looking for a job, that’s the first thing we’re going to want to know is what certifications do you have and do those align with what we’re looking for? So I like that idea that you mentioned so that you could be working on these certifications, which would qualify students who needed to actually work while they’re finishing their degree.
We’re talking about an associate degree here. Let’s talk about, maybe expand that idea a little bit. Some of the advantages of getting an associate’s degree in cybersecurity, even for those students who may want to go on and get a four-year degree or even an advanced degree.
Eric Magidson:
Well, one of the that I see is students tend to start out depending on are they looking to get a job or are they looking to get a degree? And so students who are really looking to enter the workforce quickly will look at a two year degree in cybersecurity is a starting point. And so our degree is heavily aligned with Mount Hood Community College that also now offers a baccalaureate degree.
So as I talked about previously, that statewide degree that we’re working on that we can offer at the community colleges is that core foundation of technology, right? A plus network plus CCNA security+, if you will. And then students can go to work with that.
They’re prepared to work in security operations centers, do those basic introductory jobs within cybersecurity, and then should they choose, they can walk right into the bachelor’s of information technology that Mountain Hood Community College offers.
Steve Bowcut:
Okay. I really like that concept because it works for both, as you pointed out, the student who wants to get a job as quickly as he can, an entry level job as quickly as he can, but you’re really not losing anything because the fear with some people, if I get a two year degree and then I want to go on and get a four year degree, there’s going to be some overlap there that’s really not going to benefit me.
So I, it’d be more streamlined to go directly for the four year degree, but I’m not sure that that’s true in this case because you’re going to come out of the two year degree with these professional certifications that you would’ve needed to do anyway after your four year degree or at some point along that path. And so you’re going to already be equipped with those, which really is going to put you a step ahead. It seems to me like
Eric Magidson:
You’re absolutely correct. No matter what degree pathway you take, you have to have those certifications. I recently worked with a student, a top student, one of my top 10 all-time students who was working full-time taking classes, have the opportunity to get to earn those certifications, was trying to find jobs, spent three months really working hard to try to find a job.
And it wasn’t until he earned his A+ his network, plus his security+, and in his case, his CYSA, as soon as he earned those first three through the security plus job offers started coming.
Steve Bowcut:
Right? Yep. I know that it makes a difference, and some would argue it makes more of a difference than it should, but the fact still remains. It makes a difference.
So, all right, so let’s change our focus a little bit here. And you’ve touched on this, and this is something that I always like to focus on, is what you’re doing in the classroom to help your students be technically proficient and workplace ready.
So employers want somebody that comes out of school either with a two-year degree or a four-year degree, or in this case maybe they’re still working on their two-year degree and ready to go to work. So how do you do that?
Eric Magidson:
Well, I’ve been really fortunate over the last two years to work on a Department of Labor grant in cooperation with a bunch of community colleges in Oregon. Then the first thing that we worked on was employability skills badging.
So employers today want you to have those technical skills, and that’s where the certification come in is employers don’t want to have to test those technical skills. They do that by knowing that you’ve earned that certification and industry says you meet a certain standard.
But then when we went out to employers and said, what are you looking for? There’s been a shift, and employers today are looking for those employability skills. They’re looking for emotional intelligence, professional communication, time management initiative, the ability to manage yourself, self-directed work, if you will. And so we’ve incorporated that into the curriculum.
So for example, in my classes, a deadline is a deadline, and I let students know ahead of time because a lot of times we get students that are coming out of high school that really didn’t, they might have had due dates, but they really weren’t if they wanted to turn it in late.
And that’s just not a practice that is going to be beneficial in your professional career. When a boss says, I need this by Friday, they don’t mean next Monday, they don’t mean next Wednesday. So we’ve added in these professional skills students in our classes, work in teams so that they can get that experience of working on a project within a team environment, which you’re going to do today in any information technology career, especially in cybersecurity, and if you’re working in a SOC.
Steve Bowcut:
Yeah, no, I love that idea. I know a lot of, in my mind, I can hear employers listening to this going, thank you for saying that. Because many of them, many employers that I’ve talked with, they take the attitude that, look, I can teach the specific software that we use, the programs and processes that we use in our SOC, for example.
But what I have a hard time teaching are these life skills. So they want students that are coming out of college that have developed some of these life skills, they’re going to get there on time, consistently following the rules, being respectful, understanding their role in the larger organization and those kinds of things. So thank you for pointing that out.
And along with that kind of hand in hand with that is the idea of incorporating some hands-on learning into the education. It is great to learn it in theory and you need to do that, but if you go in for a job interview and you’ve never actually touched the software that you’re going to be using or anything similar to it, that might be a disadvantage.
How do you incorporate hands-on learning?
Eric Magidson:
We know it’s interesting. A lot of our students, because we have a large service area and a lot of that service area is rural, and this means we teach online now, online does not mean you’re completely self-directed.
So in our courses, you’re going to get that opportunity to remote into our data center, work inside of a server, build an active directory, infrastructure file server, implement SCCM, those kinds of things to gain that hands-on experience.
So understanding, this is my personal opinion, we see with the popularity of cybersecurity, we see all these bootcamps popping up within eight weeks, you’re going to be a cybersecurity professional. And I’ve just got to say, I don’t believe it.
I don’t see people really getting jobs when they’ve completed a 16-week and they’ve got that security+ certification, because those bootcamps camps tend to be teaching right to the certification as we talked about previously.
They’re not necessarily teaching the hands-on and the job skills that you need. So we’re always trying to implement that into our coursework. I know we’re going to talk about, and so I’ll leave this for that.
We’re going to talk about the textbook, the open-source textbook that I wrote, and when we do that, I’ll talk about the associated class and the hands-on experience that students get.
Steve Bowcut:
Okay, perfect. Cool. And as you were saying that, I thought it was worth mentioning, and I know that most students have probably already thought about this, but a degree in something like cybersecurity is you couldn’t get a better fit for remote learning.
So if you wanted to get a degree, oh, let’s say in auto mechanics or something, you’d have a hard time with remote learning. You need to get your hands dirty and be touching some stuff that’s not on a keyboard, but that’s not necessarily the case.
Or much less so with a degree in something like cybersecurity or information systems, that kind of thing where you can actually go in and do everything you would be doing in the classroom remotely or most of it I would think.
Eric Magidson:
Well, yeah. And it’s not just remote education, but it’s remote opportunities. A lot of jobs within cybersecurity can be done successfully remote, especially if you have those job skills and those employability skills for effective communication online, being part of a team online, you could live pretty much anywhere and work for a company across the country in another country doing cybersecurity.
Steve Bowcut:
That’s really a good point. I hadn’t thought of it that, but that’s really a good point, Eric. So if your education could be remote, you’re really better equipped for your employment to be remote as well. You’re used to that environment, you’re self-driven, you’re going to do the things you need to do without someone looking over your shoulder.
Alright, so we’ve mentioned several certifications or skills. Is there any way, and maybe this is not a fair question, but is there any way you could talk about which of these are most valued by employers?
Are you getting enough feedback that you could say, well, here’s kind of a hierarchy of these certifications and or skills that the employers are looking for?
Eric Magidson:
Yeah, absolutely. You know, no matter where you go, there’s these base certifications, if you will, and those start with CompTIA certifications.
And when we’re talking cybersecurity, we’re talking information technology. So in order to be a cybersecurity specialist, you have to have this basic foundation that you demonstrate through successful completion of the CompTIA A+ certification, the CompTIA network+ certification or doing the Cisco CCST certification.
So you’ve got the basic computing basic software. Now you’ve got some basic networking because let’s face it, if you don’t understand what an IPV6 address is, how are you going to look at packets in a packet capture and do your job as a cybersecurity professional? So those really are the basics.
We’ve added an additional basic, which is the ISC2-certified in cybersecurity certification because there’s an opportunity now to earn that for free. So I’ve actually aligned my textbook with those outcomes. And what we find is that a lot of students get that test-taking anxiety when it comes to those certification exams.
They know what they mean, they know how important it is. We start ’em out with the A+ and then the ISC2 because the ISC2 is a multiple-choice, a hundred-question two-hour. If you’ve done the work and you’ve done the skill practice, you’re going to be able to successfully past that.
And that’s going to lead to success and confidence in other certifications in cybersecurity. You’ve got to get all the way up to the security+ that’s going to be the key, especially in a two-year degree.
Steve Bowcut:
So you really need to have that one before you go looking for a job or that’s probably something that you need to have. So let’s talk about emerging technologies and trends. Cybersecurity is in the industry, we always talk about how dynamic it is. It’s always changing.
And so you have to be looking down the road a little bit, particularly as an educator, you have to be looking down the road, what are my students going to need to know? If they’re starting now and they’re not going to have their degree for at least two years, and then they may go on for a four-year degree, what do you need to be teaching them?
So from your perspective, what are you seeing as far as emerging technologies and trends that you either teach to or want to teach to?
Eric Magidson:
That’s really easy. It’s artificial intelligence.
Steve Bowcut:
Okay. And I kind have thought that might be the answer.
Eric Magidson:
Yeah, that is the case. I mean, we’re seeing, first of all, let’s look at the positive side of artificial intelligence from a learning standpoint. And that is, if you’re using it to learn and not to earn, you have this 24/7, 365 technical expert who you can ask questions of who you can have quiz you on security+ questions dynamically as you’re studying. So from that aspect, it’s amazing.
As we look at it from a benefit of being in a career as cybersecurity, we can now leverage that to more quickly write Secure Shell and PowerShell, Bash shell scripts, etc, automation, packet capture, you name it.
However, the other side is the risk. And that’s where we see bad actors using AI for advancing their email phishing. Now it reads better. It reads to your demographic, you’re more apt to click on that link deep fakes, people calling in saying, Hey, I’m the CIO of the company.
I need a report of everyone’s W-2s when in fact it’s not the CIO. So it’s both a benefit in technology and it’s bringing exponential risk as bad actors are utilizing AI to complete their hacks in a more efficient and quick manner.
Steve Bowcut:
Yeah and looking from both of those perspectives, the message is students need to understand AI, they need to be comfortable with it, they need to know how to use it for their own benefit, but they also need to understand what the adversary adversaries are doing using AI as well. And so that’s one end of the spectrum, the most advanced trends in emerging technologies.
So let’s look back at the importance of fundamentals. And I think this is probably where a good place to talk about this textbook that you published. So talk to us about that, what that book is, was designed to achieve and how it does that.
Eric Magidson:
So first of all that I was really fortunate again to write that textbook under a Department of Labor grant, which means I wrote it as an open education resource that means it’s publicly available to any educator, frankly, to any person that would like to consume that book.
And as I wrote that book, interestingly enough, I wrote it in conjunction with AI. And so I actually used AI as I would write an outline on a chapter. I would give that to AI and say, okay, AI, am I missing anything in this chapter? And AI would come back and go, well, you’re not talking about this.
So I would add that to it. But the book is designed, first of all, again, aligned with the ISC2 certified in cybersecurity, sort of a really entry-level certification. We found that our students when taking the security+ class needed more of a foundation in cybersecurity to be comfortable in that class and then earning the certification.
So by adding this more entry-level certification, talking about the 10,000 foot level of everything within cybersecurity, we give our students an understanding of where they’re going all the way from careers, what specialized careers they could go into, salary levels to disaster recovery, being part of teams, etcetera.
Steve Bowcut:
Okay. And first of all, before I forget the name of the book again, is the Password is Not Password 1, 2, 3, and of course password is with an at symbol and a zero for an O, which we’ve all used. We’re all guilty of just making something maybe not quite that simple, but I think we get the point from the title of the book.
Do you recommend the book for our audience listening? So our audience is going to be primarily students or prospective students that are trying to decide whether they want to get into cybersecurity or not.
Is it a book that you would recommend for them to go out and find and acquire? Or is it designed more for those that will be teaching our audience or both? I don’t know.
Eric Magidson:
Well, it really can be both. First of all, the complete title is The Password Is Not Password at 0 1 2 3, A Hands-on Guide to Cybersecurity Fundamentals. This book could stand alone.
Anyone interested in cybersecurity could read this book. I’ve had a few people who own businesses who have read this book to get a foundation on how they can protect their company with in cybersecurity, but really it is written for a focus on education because it’s not just the textbook, it’s the full course that goes with that.
So part of that is students get hands-on experience learning some basic Linux utilizing Cali Linux. My students access raspberry pies remotely and complete work on raspberry pies. But that same work could be done with a virtual machine locally running Cali Linux.
So the idea behind the open source is eventually we want to bring this to the high school and use it as a career development course that meant high schools don’t have a lot of funds. That meant having a textbook, having a curriculum that was going to be free to high school instructors to use.
Steve Bowcut:
Very cool. Alright, thank you. I appreciate that explanation. Alright, so we are about out of time, but we do like to end the show with maybe some actionable advice for our audience.
Eric Magidson:
So what key advice would you offer to students and or early career professionals that are trying to differentiate themselves maybe in the cybersecurity job market? What could you tell them?
That’s easy. First of all, currently there’s a half a million unfilled jobs in the cybersecurity market in the United States. But that doesn’t mean just because you have a couple certifications and you have a degree that you’re going to suddenly magically get the job.
I’m often telling my students, you need to immerse in this career, and immersion means going to class, doing that work, passing the classes, demonstrating those employability skills, earning those certifications. But that’s just the start.
Even today as an instructor, I’m constantly reading one to two articles a day in regards to what’s going on in cybersecurity, what are the changes? Current focus is AI’s impact on cybersecurity, but most importantly, to set yourself aside is to do the work.
So today it is absolutely free to download virtual machines, Metasploit vulnerable Machines, building a home lab, securing firewalls, doing the work that sets you apart from students who have just done the work in the classroom.
So I’m constantly telling my students, as much time as you spend in the classroom, spend half of that in addition in your home lab, working on hacks using Hack the Box, gain those experiences, and then most importantly, develop a portfolio.
So when it comes to getting jobs, it’s about marketing and it’s about separating yourself from the competition. So today, it’s very easy to start up a website, to build a portfolio, to record a hack that you’ve done, to record vulnerabilities that you’ve found getting in helping nonprofits secure their networks.
We’re actually going to build in the MIT Berkeley Cybersecurity Consortium into this statewide degree so that we can offer even more experience to students to make them qualified for the workforce.
Steve Bowcut:
That’s awesome. Thank you so much for being with us today, and thanks for sharing part of your day with our audience. We really appreciate it.
Eric Magidson:
Thank you for having me.
Steve Bowcut:
And thanks to our listeners for being with us, and please remember to subscribe and review if you find this podcast interesting. And join us next time for another episode of the Cybersecurity Guide Podcast.