No one knows everything (well unless you’re a teenager) and for this reason, training is a part of everyone’s professional engagement. We attend conferences, symposiums, and classes to learn about the new and to reinforce the knowledge already in place. Many professions require a certain amount of Continuing Professional Education (CPE) or CEU (Continued Education Units) per annum to remain certified in their profession. Yet we hear, often, that training isn’t important unless it is a prerequisite for a contract or engagement.
Such an attitude is foolish as the world changes daily and technological advances by the second. No one can simply assimilate the information they need, and all need to assimilate information on the continuum.
Why training is important
Clearance Jobs spoke to Candid Wüest vice president of Acronis Research on the efficacy of training, and he shared, “Training, or rather constant education, is very important in the cyber security environment. Depending on the activity, this includes further training on new tools and products, certification for new cloud services, learning about new regulatory guidelines such as privacy and of course staying up to date with attack techniques. This is important to keep track of the constantly changing attack environment, but also to keep the employee motivated.” Wüest noted pragmatically how, “On the other hand, there are certain certifications which are expensive and bring little added value for the company, with such it can happen that only the minimum for the compliance level is invested.”
We also spoke with Malcolm Harkins, who noted, “Training is important. Is training your end user important (maybe). If you want to move the needle on risk you need to invest in the training of your technologists, administrators, and developers.
Cybersecurity Training
For those interested in cybersecurity training opportunities resources are plentiful, some proprietary others coming from the government.
Under the proprietary heading we point to CybeReady who offers to the community (gratis) their case studies, white papers on cybersecurity awareness and their “Ultimate Guide of Security Awareness Training.”
Joining the chorus of those who are providing training and certifications is Google, who recently launched their “Cybersecurity Career Certificate Program” which is presented via a number of modules using the Coursera Platform (fees) which, per Google, is “training to help build a safer world.”
While the government, via the Cybersecurity Infrastructure & Security Agency (CISA) offers up a plethora of training resources via their web portal. Within their corpus are items specifically designed for the Federal Employees and for professionals from all sectors, to include critical infrastructure.
Counterintelligence – Insider Risk Management
For those interested in counterintelligence and insider risk management training, again, there are proprietary courses, as well as government (both restricted and unrestricted) training available.
Wearing the proprietary label is the training available from Carnegie Mellon, whose “CERT Insider Threat Program Manager Certificate” is designed to fulfil the requirements of E.O 13587. The course modules range vary in price.
The government, via the Defense Counterintelligence and Security Agency’s (DCSA), Center for Development of Security Excellence (CDSE) offers a variety of learning tools which include case studies, certifications, eLearning courses, job aids and more all centered on addressing insider risk management programs. These items are designed and hosted by “The Threat Lab” and “Defense Personnel and Security Research Center” (PERSEREC). These courses are not available to the general public and are intended, per CDSE, “or use by Department of Defense and other U.S. Government personnel and contractors within the National Industrial Security Program.”
Don’t throw in the towel on obtaining training, research and review the resources available to obtain training that is both meaningful and timely from a wide variety of resources.