Thursday, April 15, 2021

Time to Train -

 "Excuse me, sir. How do I get to Carnegie Hall?"

"Practice, Practice, Practice."


I've always said that a poorly trained sysadmin is one of the greatest threats to any organization's infrastructure. The military training module may seem archaic and cumbersome but it is effective. There is a significant amount of investment in creating an effective training program. I believe the correct technical description is "it ain't cheap".  Organizations that fail to train their technical and general user staff in basic or advanced IT security practices are doomed to suffer multiple failures. 

I'm not going to dive into pedagogy (can't help but giggle everytime I hear that word) or the merits of a good training program. Too much has been said on those topics. Instead, I'm going to present my idea of a training roadmap here:




 Here we have 3 main training tracks:

  • Technical track - the target audiences are system administrators, developers, IT Security analysts/architects. These training programs are designed to enhance your staff's technical knowledge.
  • Awareness track - the target audiences are your general staff, management. These training programs are designed to make your workforce aware of the laws, regulations, best practices for handling your organization's sensitive data. In addition, these programs show your staff the different types of physical and cyber attacks they may see and how to respond to these threats.
  • User (How-to) track - this training program teaches your staff how to use the day to day tools of your business. It covers things like how to:
    • use Microsoft Office, Adobe Acrobat tools
    • use graphical design tools
    • use collaboration tools
    • use in-house tools
    • use external software or hardware products.
There needs to be a blend of externally developed training materials (SANS Secure the Human, Skillsetsonline, LinkedIn Learning, etc.) and "local" training for in-house applications.

Take a look at the above roadmap and I would like to hear your suggestions on how to improve or implement the roadmap.