sb-nz logo
Story image

Expert says effective IT security starts with effective training

07 Nov 2017

Tony Glass, GM & VP EMEA at Skillsoft, discusses why effective training holds the key to robust IT security in an increasingly challenging business environment

With the business world embracing mobile applications, cloud computing and other high-value innovations at an ever-growing rate, the rise in new security vulnerabilities has also increased rapidly. Now more than ever, uninformed, careless, or disgruntled employees can quickly create profound security problems for an organisation of any size.

While the brunt of this threat has historically been dealt with by in-house IT security teams, the growing shortage of skilled security experts across the IT industry has led many organisations to look for other ways to tighten up security operations.

A challenging security landscape

Mobile platforms, Big Data and cloud-based architectures are creating significant challenges for the entire IT ecosystem, but no challenge is higher up the corporate agenda than IT security. Even the most careful organisation is vulnerable. A smartphone or laptop inadvertently left on a train, or a well-intentioned lending of access privileges to an unauthorised user can have far-reaching consequences. Never before have IT security experts been in such high demand, and therein lies a major problem; there simply aren’t enough to go around.

For years, corporate organisations viewed IT departments as cost centres, steadily outsourcing as many IT functions as they could. As a result, the IT industry shed thousands of jobs and large amounts of brain power. Fast forward to the present and the same organisations are now realising their IT services and functions can be a rich source of differentiation, innovation, and competitive advantage; the exact areas that outsourced IT resources have trouble addressing and improving.

Now they are once again scrambling to hire talented IT personnel. Unfortunately, the actions of the past mean that current demand far outstrips supply. Nowhere is this more apparent than in cybersecurity, where freelancers and contractors are commanding hundreds of pounds per hour for their services.

Increase security from within through effective training

In the face of this critical skills shortage, many organisations have decided to take their existing team’s security skills to higher levels through training.

Comprehensive training and certifications can significantly reduce risks by helping employees stay on top of the changing IT security landscape while validating their skills and knowledge. Furthermore, many employees view training as a reward or perk, making it a valuable tool for recruitment and retention.

Effective use of training can not only help to avoid the time, costs, and headaches of replacing scarce resources, it also helps maintain the subtleties and nuances of IT security within a specific organisation, providing both continuity and consistency.

What does an effective training programme look like?

While the training needs of every organisation are different, a number of key elements should always be considered when looking for an effective programme:

  • Expert-led instruction: Authenticity and credibility matter, especially with critical topics like IT security. Trainees want to hear from engaging subject-matter experts, not paid actors or professional voiceover talent.
  • On-demand video: While many Baby Boomers prefer book-based learning, it’s a different story for later generations. For a growing number of IT workers, video is the most requested learning mode.
  • Hands-on learning: Trainees often report that they value the content of videos, classes, and books, but they want to put those lessons to work with practical application. Hands-on learning creates excellent retention and is a learning style that has particular appeal to IT professionals.
  • Brevity: No matter the content or modality, there’s one thing virtually all trainees agree on: digestible brevity, short, targeted lessons that align with their goals and their current (often urgent) needs. Even if a complex topic requires several hours to learn, most prefer to consume the training in short bite-sized portions that can fit around busy schedules.
  • Accessibility: Make the resources easy to access and search. Content must be available on any device desktop, laptop, smartphone, or tablet and at any time or location.
  • Frequency: The IT domain – and security, in particular – is a discipline that requires a commitment to continuous learning. With the issues, innovations, threats, and underlying technologies all in a constant state of change, organisations must dedicate the time and resources to keeping all key employees abreast of new developments as and when they arise.

Security is the number one IT priority in nearly every business sector today, but the scarcity of security-savvy IT experts means many companies can no longer rely on hiring their way to a robust solution. Fortunately, there are a wealth of sophisticated education and training strategies now available that allow organisations to reward and retain employees whilst simultaneously improving corporate security from within.

From expert-led instruction to continuous hands-on experiential learning, organisations are putting in place complete frameworks for training and certification that can tighten corporate IT security, making them less vulnerable to both external attacks and insider threats.

Link image
Webcast series: The necessary tools to secure a remote workforce
Experts from across the A/NZ region discuss the best security practices in a remote working world - with sessions available on the first Thursday of every month.More
Story image
Plugging the gaps: Australian organisations are leaving their defence barriers wide open
Cybercriminals are are walking through the gaping holes in Australia’s organisational defences – gaps that leadership teams don’t even realise are there.More
Link image
DevOps teams struggling to achieve enterprise scale - tips for enablement
Christian Oestreich, a senior software engineering leader with experience at multiple Fortune 500 companies, shares how a metrics-driven mindset can dramatically improve software quality and enable DevOps at enterprise scale.More
Story image
InternetNZ tackles increased cyberattacks with new partnership
"We want to arm our customers with the best possible defence against known threats on the Internet."More
Story image
5 ways to use data science to predict security issues - Forcepoint
Data science enables people to respond to problems in a better way, and to also understand those problems in a way that would not have been possible 50 years ago.More
Story image
Check Point acquires Odo Security to bolster remote security offering
The deal will integrate Odo’s remote access software with Check Point’s Inifinity architecture, bolstering the latter company’s remote security capabilities in a time where working and learning from home has become the norm, and looks to largely remain that way in the near future.More