Bill Rosenthal from Logical Operations chats with CSO Editor-in-Chief Joan Goodchild about the difference in training for IT staff members and the IT security team.
In an earlier post discussing security awareness training, I discussed the failings of general security awareness training for end users at companies. When it comes to training the IT staff about security, there are also some gaps. A lot of effort goes into certification and advanced training for specified security team members, but that leaves out a lot of other IT staff members (the help desk, for example), often the front-line team when it comes to dealing with cyber-attacks on end users.
In this episode of Security Sessions, I spoke once again with Bill Rosenthal, CEO of Logical Operations, about the difference in training methods for IT staff members and IT security team, as well as the need for multi-vendor certification training.
Among the highlights of the video are the following sections:
- 0:43 The distinction between security awareness training and security training
- 2:00 How IT staff security training differs from general employee awareness training.
- 03:08 Why do most companies feel that cyber-security training is a specialized function?
- 4:11 Certifications: Why most training is limited to one piece of software or hardware, and not multi-vendor.
- 5:43 The need for going beyond theoretical security training.
- 7:19 Why there needs to be more active threat analysis training at companies.
- 8:19 Advice for CSOs on how to reduce costs for security training.
Read the article on CSO's website: http://www.csoonline.com/article/3118675/security/why-you-need-tiered-security-training-for-it-staff.html.
To learn more about how to help your employees recognize security risks in order to protect themselves and your organization from cyber threats, visit www.cybersafecertified.com.
If you'd like to learn more about how to prepare your IT teams to defend your organization's network, visit www.cfrcertified.com.