An employee improvement strategy should include scalable and practical training, an understanding of the employee’s skill set and certifications to validate that practical training.
Speaking as part of the Infosecurity Online event, Hack the Box technical account manager Sam Nye, and business development manager Katerina Tasiopoulou, said there are “major shifts rippling through the cybersecurity training sector,” especially as training has forced a move to online learning. Nye said some businesses and users are “suited to handle this” and while online training is not new, the way in which content is presented and interacted with has changed.
“Also the way we deliver training is important,” added Tasiopoulou. “In our industry, experience is useful in hardening skill set and learning skills like coding.”
Both speakers agreed that the pace of change of cybersecurity, especially in how exploits and vulnerabilities are introduced, demonstrates the need for adaptability, and that comes from ongoing training and for practical skills “throughout the year, and not just on a short course,” said Nye.
Tasiopoulou said there can be no such thing as “one size fits all” training, as all businesses have diverse skill sets and experience among their employees. “How can training be the same? It cannot, so understand that you need to give appropriate training to get the most out of your employees,” she stated.
“Although security can be consistent as a topic and some organizations have hundreds of employees and some have a handful, some are defensive, some offensive and some more consultative “so there is no training that can be beneficial to all of these use cases simultaneously.”
Tasiopoulou said training needs to be tailored, and also that certifications are important as a baseline for validating skills and for employees. However, the speakers acknowledged that certifications can become outdated. Therefore, the ideal scenario is to implement training that combines hands-on experience, acknowledges the varied skill set of your workforce and recognizes their certifications “to validate practical training.”