Friday, January 13, 2017

Customized In-house Training vs Market Training - Gaining the most of the limited budget

Training budgets are continuing to shrink but training needs continue to grow while the cost of training increases and technology vendors continue to produce new tools and products. Thus to ensure these tools and products are being fully maximize so as to achieve a full return on investment (ROI), the users of these tools need to be properly trained to use them. As a result, steps need to be taken to ensure all human resources are continuing to develop their skills. The solution lies in the fact that the training that is provided to an entry level is not the same training that you can or should provide to a "season" veteran. This means that, we can balance out the budget by sending those more seasoned resources for external training, while developing training sessions to grow the "rookies" in house.

How do we do this? From a simple perspective ...
... for starters, you are better off working with the rookies to better perform the tasks the do on a daily basis. Once they are comfortable with understanding the basics of what they do and learn to expand beyond their current responsibilities, then we can look at getting them to understand the real "internals". After a barrage of different internal training you may then get to the point where you believed the rookies may have out grown the home grown training. At this point consideration should be given to sending them to external training to broaden the knowledge.

Considering the Cyber Security perspectives and investigations, one can begin by teaching the rookies how to ensure they are addressing the basics. The basics being the "What", "When", "Where" if possible "How" and "Why" it happened. Answering the "Why" would be the most difficult if you are looking at it from an attackers perspective. However, you can also answer "Why" from your organization's perspective. An example of why from the organizations perspective may be, because we were unable to patch as a result of being able to take the device offline for a reboot. Thus while we installed the patch it was not fully applied. Business risks tolerance will dictate a lot of not only what we do but how we do it.

Another part of the puzzle that rookies would need to be aware of is the importance of timelines, as timelines help to answer the when. The when is extremely important as it helps to understand the duration of an intrusion or the "detection deficit" as stated by Verizon. The when starts with the first event which is seen as part of this incident to the last event recorded. This put things into perspective and add clarity.

My belief is this compromise of sending seasoned veterans on external training while developing the rookies in house, allows everybody to grow on a scale which best suit there learning ability. This also allows the training budget to be used more efficiently as you would not be sending individuals on training because there is a training budget to be utilized. This also gives the more seasoned veterans the opportunity to coach and or lead the rookies as for this to work, someone with the experience have to conduct the training.

What's your thoughts on gaining the most from the limited budget when it comes to training.

No comments:

Post a Comment