Training, Leadership

Eight ways to boost the results of cybersecurity training

September 28, 2021
Even in proportional dollars, few companies can afford to pay for top talent like the Los Angeles Dodgers did to get pitcher Max Scherzer for this year’s baseball pennant race – and that’s why today’s columnist, Jeff Orloff of RangeForce, offers an eight-point plan for ways to affordably attract, train, and keep cyber talent. (Photo by Dylan Buell/Getty Images)
  • Make the coursework relevant to real-world jobs. Don’t expect the staff to translate technical documents or abstract scenarios and relate them to their daily job functions. Give learners the sort of hands-on training that goes beyond theory to the day-to-day, and work in the technology tools they use every day. This way, the training can relate to the real world, and build the sort of muscle memory they need to leverage those tools at work. This kind of real-world training helps learners build the kind of job skills that are useful and will help them take on more responsibility.
  • Make team-building part of the training goals. Think of cybersecurity as a team effort that involves everyone in the organization, especially with short-staffed security departments amid the prevailing talent shortage. Make sure the training program emphasizes teamwork. Focus all team assignments on practical efforts that will demonstrate how to work in concert to maintain a safe enterprise environment.
  • Don’t overspend time and effort. It takes a lot to build and maintain environments with virtual machines and technology tools for training. Outsourcing this function to someone who has the experience and expertise to build a best-in-class teaching environment and handle the setup and maintenance of the tools can save a lot of time and expense at a time when both are at a premium for most enterprises. Don’t burden the staff with hardware and software maintenance when what they really need is  cybersecurity training.
  • Save investment for infrastructure at scale. Cybersecurity training tools can run into trouble when it comes to scaling up to meet the needs of the enterprise. If the company creates a dedicated training program, make sure tools can support learning at whatever scale the organization demands. Managers may need to shrink the class footprint to accommodate small groups, or deal with training classes or assessments that can include hundreds of employees. The plans need to be flexible in both class size and content.
  • Plug in the automation. Instructors can get stuck dealing with housekeeping that does not add to learning, from handling assignments to marking classwork. It helps if the teaching tools in a program are designed to automate some of those repetitive administration tasks. A cybersecurity training program should have the kind of automated scoring and grading features that lets trainers look at the overall performance of each student and raise issues for follow-up.
  • Streamline content design. Cybercrime evolves fast, and any security training in this area needs to keep up. Most class content has a short expiration date and needs frequent revision to stay current with new threats. The cost of creating original training content that keeps up with the times can add up to more than the price tag of maintaining hardware. Some training programs are forced to retool old exercises to keep down the costs, and wind up with content that is a pale reflection of the threats in the current landscape. A partnership with a trusted supplier that has its own threat analysts and can keep materials current can offer the flexibility of continuous updates and relevant information.
  • Keep learners up on the latest threats. The threat landscape constantly evolves, complicating all the administrative and operational workloads that security trainers have to handle. Training programs need to offer hands-on learning in dealing with new threats and vulnerabilities, rather than merely read threat reports in class. Training and simulation exercises should offer students a chance to practice the skills they will need to face those incidents in the wild, giving them a chance to model how to identify, contain and remediate those threats for real.
  • Get a hold of all training efforts. Open-source learning tools and free programs have their uses, but they are also limited. Cost advantages are often offset by offering little support or maintenance in setup and operation. Building a learning program from those components can look like a patchwork of solutions that undercuts the learning environment trainees need. Take control of the educational experience. It’s an investment worth making, especially if it results in a stronger security posture for the organization.
prestitial ad