Story image

Expert says effective IT security starts with effective training

07 Nov 17

Tony Glass, GM & VP EMEA at Skillsoft, discusses why effective training holds the key to robust IT security in an increasingly challenging business environment

With the business world embracing mobile applications, cloud computing and other high-value innovations at an ever-growing rate, the rise in new security vulnerabilities has also increased rapidly. Now more than ever, uninformed, careless, or disgruntled employees can quickly create profound security problems for an organisation of any size.

While the brunt of this threat has historically been dealt with by in-house IT security teams, the growing shortage of skilled security experts across the IT industry has led many organisations to look for other ways to tighten up security operations.

A challenging security landscape

Mobile platforms, Big Data and cloud-based architectures are creating significant challenges for the entire IT ecosystem, but no challenge is higher up the corporate agenda than IT security. Even the most careful organisation is vulnerable. A smartphone or laptop inadvertently left on a train, or a well-intentioned lending of access privileges to an unauthorised user can have far-reaching consequences. Never before have IT security experts been in such high demand, and therein lies a major problem; there simply aren’t enough to go around.

For years, corporate organisations viewed IT departments as cost centres, steadily outsourcing as many IT functions as they could. As a result, the IT industry shed thousands of jobs and large amounts of brain power. Fast forward to the present and the same organisations are now realising their IT services and functions can be a rich source of differentiation, innovation, and competitive advantage; the exact areas that outsourced IT resources have trouble addressing and improving.

Now they are once again scrambling to hire talented IT personnel. Unfortunately, the actions of the past mean that current demand far outstrips supply. Nowhere is this more apparent than in cybersecurity, where freelancers and contractors are commanding hundreds of pounds per hour for their services.

Increase security from within through effective training

In the face of this critical skills shortage, many organisations have decided to take their existing team’s security skills to higher levels through training.

Comprehensive training and certifications can significantly reduce risks by helping employees stay on top of the changing IT security landscape while validating their skills and knowledge. Furthermore, many employees view training as a reward or perk, making it a valuable tool for recruitment and retention.

Effective use of training can not only help to avoid the time, costs, and headaches of replacing scarce resources, it also helps maintain the subtleties and nuances of IT security within a specific organisation, providing both continuity and consistency.

What does an effective training programme look like?

While the training needs of every organisation are different, a number of key elements should always be considered when looking for an effective programme:

  • Expert-led instruction: Authenticity and credibility matter, especially with critical topics like IT security. Trainees want to hear from engaging subject-matter experts, not paid actors or professional voiceover talent.
  • On-demand video: While many Baby Boomers prefer book-based learning, it’s a different story for later generations. For a growing number of IT workers, video is the most requested learning mode.
  • Hands-on learning: Trainees often report that they value the content of videos, classes, and books, but they want to put those lessons to work with practical application. Hands-on learning creates excellent retention and is a learning style that has particular appeal to IT professionals.
  • Brevity: No matter the content or modality, there’s one thing virtually all trainees agree on: digestible brevity, short, targeted lessons that align with their goals and their current (often urgent) needs. Even if a complex topic requires several hours to learn, most prefer to consume the training in short bite-sized portions that can fit around busy schedules.
  • Accessibility: Make the resources easy to access and search. Content must be available on any device desktop, laptop, smartphone, or tablet and at any time or location.
  • Frequency: The IT domain – and security, in particular – is a discipline that requires a commitment to continuous learning. With the issues, innovations, threats, and underlying technologies all in a constant state of change, organisations must dedicate the time and resources to keeping all key employees abreast of new developments as and when they arise.

Security is the number one IT priority in nearly every business sector today, but the scarcity of security-savvy IT experts means many companies can no longer rely on hiring their way to a robust solution. Fortunately, there are a wealth of sophisticated education and training strategies now available that allow organisations to reward and retain employees whilst simultaneously improving corporate security from within.

From expert-led instruction to continuous hands-on experiential learning, organisations are putting in place complete frameworks for training and certification that can tighten corporate IT security, making them less vulnerable to both external attacks and insider threats.

Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.