Story image

Expert says effective IT security starts with effective training

07 Nov 17

Tony Glass, GM & VP EMEA at Skillsoft, discusses why effective training holds the key to robust IT security in an increasingly challenging business environment

With the business world embracing mobile applications, cloud computing and other high-value innovations at an ever-growing rate, the rise in new security vulnerabilities has also increased rapidly. Now more than ever, uninformed, careless, or disgruntled employees can quickly create profound security problems for an organisation of any size.

While the brunt of this threat has historically been dealt with by in-house IT security teams, the growing shortage of skilled security experts across the IT industry has led many organisations to look for other ways to tighten up security operations.

A challenging security landscape

Mobile platforms, Big Data and cloud-based architectures are creating significant challenges for the entire IT ecosystem, but no challenge is higher up the corporate agenda than IT security. Even the most careful organisation is vulnerable. A smartphone or laptop inadvertently left on a train, or a well-intentioned lending of access privileges to an unauthorised user can have far-reaching consequences. Never before have IT security experts been in such high demand, and therein lies a major problem; there simply aren’t enough to go around.

For years, corporate organisations viewed IT departments as cost centres, steadily outsourcing as many IT functions as they could. As a result, the IT industry shed thousands of jobs and large amounts of brain power. Fast forward to the present and the same organisations are now realising their IT services and functions can be a rich source of differentiation, innovation, and competitive advantage; the exact areas that outsourced IT resources have trouble addressing and improving.

Now they are once again scrambling to hire talented IT personnel. Unfortunately, the actions of the past mean that current demand far outstrips supply. Nowhere is this more apparent than in cybersecurity, where freelancers and contractors are commanding hundreds of pounds per hour for their services.

Increase security from within through effective training

In the face of this critical skills shortage, many organisations have decided to take their existing team’s security skills to higher levels through training.

Comprehensive training and certifications can significantly reduce risks by helping employees stay on top of the changing IT security landscape while validating their skills and knowledge. Furthermore, many employees view training as a reward or perk, making it a valuable tool for recruitment and retention.

Effective use of training can not only help to avoid the time, costs, and headaches of replacing scarce resources, it also helps maintain the subtleties and nuances of IT security within a specific organisation, providing both continuity and consistency.

What does an effective training programme look like?

While the training needs of every organisation are different, a number of key elements should always be considered when looking for an effective programme:

  • Expert-led instruction: Authenticity and credibility matter, especially with critical topics like IT security. Trainees want to hear from engaging subject-matter experts, not paid actors or professional voiceover talent.
  • On-demand video: While many Baby Boomers prefer book-based learning, it’s a different story for later generations. For a growing number of IT workers, video is the most requested learning mode.
  • Hands-on learning: Trainees often report that they value the content of videos, classes, and books, but they want to put those lessons to work with practical application. Hands-on learning creates excellent retention and is a learning style that has particular appeal to IT professionals.
  • Brevity: No matter the content or modality, there’s one thing virtually all trainees agree on: digestible brevity, short, targeted lessons that align with their goals and their current (often urgent) needs. Even if a complex topic requires several hours to learn, most prefer to consume the training in short bite-sized portions that can fit around busy schedules.
  • Accessibility: Make the resources easy to access and search. Content must be available on any device desktop, laptop, smartphone, or tablet and at any time or location.
  • Frequency: The IT domain – and security, in particular – is a discipline that requires a commitment to continuous learning. With the issues, innovations, threats, and underlying technologies all in a constant state of change, organisations must dedicate the time and resources to keeping all key employees abreast of new developments as and when they arise.

Security is the number one IT priority in nearly every business sector today, but the scarcity of security-savvy IT experts means many companies can no longer rely on hiring their way to a robust solution. Fortunately, there are a wealth of sophisticated education and training strategies now available that allow organisations to reward and retain employees whilst simultaneously improving corporate security from within.

From expert-led instruction to continuous hands-on experiential learning, organisations are putting in place complete frameworks for training and certification that can tighten corporate IT security, making them less vulnerable to both external attacks and insider threats.

Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
25% of malicious emails still make it through to recipients
Popular email security programmes may fail to detect as much as 25% of all emails with malicious or dangerous attachments, a study from Mimecast says.
Google Cloud, Palo Alto Networks extend partnership
Google Cloud and Palo Alto Networks have extended their partnership to include more security features and customer support for all major public clouds.
Using blockchain to ensure regulatory compliance
“Data privacy regulations such as the GDPR require you to put better safeguards in place to protect customer data, and to prove you’ve done it."
A10 aims to secure Kubernetes container environments
The solution aims to provide teams deploying microservices applications with an automated way to integrate enterprise-grade security with comprehensive application visibility and analytics.
DigiCert conquers Google's distrust of Symantec certs
“This could have been an extremely disruptive event to online commerce," comments DigiCert CEO John Merrill. 
One Identity a Visionary in Magic Quad for PAM
One Identity was recognised in the Gartner Magic Quadrant for Privileged Access Management for completeness of vision and ability to execute.