Training

now browsing by tag

 
 

Modernizing #cybersecurity #training for the next #generation

Source: National Cyber Security – Produced By Gregory Evans

Modernizing #cybersecurity #training for the next #generation

Equifax, Verizon, Molina Healthcare, Deloitte, Whole Foods, Wendy’s… it seems like every time we turn on the television another high-profile data breach is being reported. Despite an unprecedented number of security tools on the market, breaches are occurring at a record pace. According to the Identity Theft Research Center, the number of breaches for the first half of 2017 increased by 29 percent from the same time period during 2016.

If we have more tools available than ever, why does is seem that security practices are consistently failing? All signs point to one clear industry-wide problem — the growing cybersecurity workforce shortage. Security teams are understaffed, overwhelmed by alerts and challenged with managing growing security stacks without the time to adequately prepare for emerging threats.

According to the Center for Strategic and International Studies (CSIS) report, “Hacking the Skills Shortage,” 82 percent of respondents reported a shortage of cybersecurity skills within their organizations and one in four respondents stated their organizations were victims of cyber thefts of proprietary data due to a lack of qualified workers.

What is needed to address this shortage and better prepare teams for the rapidly evolving threat landscape? Industry analysts, such as Gartner, advocate moving toward “people-centric security,” which lessens organizations’ reliance on a massive stack of tools and a compliance checkbox mentality in favor of a more powerful human element in fending off attacks and reducing security errors.

With networks growing in complexity and new threats emerging at an unthinkable pace, it is imperative that organizations focus on core skills and address cybersecurity training as more than a compliance checkbox. It has become a business-critical investment.

Traditional versus next generation cybersecurity training

For most organizations, the training budget is generally allocated per person and used by individuals to attend a conference or classroom training event in order to learn about new threats and expand their skill sets. This frequently requires travel, which takes vital team members off the front lines for days at a time. Traditional training course updates are cumbersome and take time to publish. Other shortcomings involve retention and effectiveness. Research shows that individuals lose 90 percent of information within one week of traditional classroom training.

If we are to follow the guidance of industry experts and embrace people-centric security, a paradigm shift is required. The next generation of cybersecurity training must be agile enough to adapt to emerging threats. It should engage users in realistic environments through repetition and active learning principles, while utilizing features such as machine learning and artificial intelligence (AI) to quickly adapt content.

With the Internet of Things, hybrid cloud infrastructure and a growing demand for mobile enterprise applications creating more complex technology stacks, the element of realism is critical to preparing security teams. We would not expect a gold medal to be awarded to a swimmer who learns merely from videos and classroom conversation about the newest butterfly technique.

Olympians must practice those skills repetitively in a competition pool in order to be at peak condition for a race. Similarly, we cannot expect our cyber defense teams to learn only from traditional lecture-based training. Training with real-world tools in high-fidelity virtual environments against actual threat adversary malware is the future of cybersecurity training.

Next generation cybersecurity training utilizes a team approach

Training and workforce development must also be approached with a team perspective in mind. A soccer coach does not send players home individually to practice alone. The result would be a group of players with overlapping skills and no real understanding of plays or team strategy—in this case, the opponent would most certainly win.

Likewise, it is important for cyber teams to train together to defend against the top threats. Teams that consistently practice their skills, particularly incident response tactics and event handover, as an integrated team are more confident, quick and effective in their response to cyberattacks. Training as a team is further enhanced when using training platforms that replicate the organization’s environment, including realistic threat scenarios, network traffic and the tools cyber teams have each day at their disposal.

The team approach will also better engage team members when including the concept of gamification. Consider challenges that replicate real world attack scenarios with rewards for completion and improvement, or enable your red and blue teams to “face off” in order to spark excitement and make training more enjoyable. Earning skill points also serves as a mechanism to demonstrate proficiency that leads to better retention of these scarce professionals.

Training as a team also gives cyber team leaders a more thorough understanding of cyber readiness, including any skills gaps, which helps to guide future training efforts. This holistic view of readiness can help to identify areas of vulnerability as well as help guide strategic workforce development and technology purchases.

Introducing next generation cybersecurity training

As we move to the people-centric approach to security, chief information security officers (CISOs) should first look at the way their cyber team or teams are structured. Are they meeting all the important tasks/skills/roles recommended by the National Institute for Cybersecurity Training (NICE) Cybersecurity Workforce Framework and National Institute of Standards and Technology (NIST) Cybersecurity Framework? Where are there gaps and how can these gaps be addressed through cross-training existing team members? Look at existing training programs to determine if you are taking the team approach because now is the time to make the necessary changes to embrace the next generation of training.

Often times, training budgets can be reallocated to allow for investments in technology that enable next generation cybersecurity training. When approaching senior leadership for additional funding, CISOs should use cyber readiness assessments to position training as a critical investment.

Final thoughts

Adversaries are well funded with time to develop threats that cripple unprepared organizations. The attacker only has to be right once, while understaffed security teams work tirelessly to protect their networks every day. As an industry, we must arm these cyber defenders with the skills they need to be successful.

By transforming the approach to training, we can more efficiently and effectively build a highly skilled cybersecurity workforce that is better prepared to address emerging threats in complex enterprise environments.

The post Modernizing #cybersecurity #training for the next #generation appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Why You Should Gamify Your Cybersecurity Training

Source: National Cyber Security – Produced By Gregory Evans

With big data breaches occurring almost weekly, companies are looking for ways to tighten up their cybersecurity training. Information security risks continue to evolve, and employees must be educated on the latest security vulnerabilities and encouraged to adapt their behaviors to address such exposures. The latest big data breach? Equifax….

The post Why You Should Gamify Your Cybersecurity Training appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber Crime Training Law Enforcement – Seminar

Source: National Cyber Security – Produced By Gregory Evans

Cyber Crime Training Law Enforcement – Seminar

Course description Law Enforcement Agents receive training every year from other law enforcement officers and outside consultants. In our technology driven world, technology is ever-changing and therefore is the driving force of the content of this course. For this reason …

The post Cyber Crime Training Law Enforcement – Seminar appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Study: Most Professional Training for Teachers Doesn’t Qualify as ‘High Quality’ – Teaching Now – Education Week Teacher

Only 20 percent of the professional development offered by districts meets the federal definition of “high quality” under the new Every Student Succeeds Act, according to researchers.

View full post on Education Week: Bullying







#pso #htcs #b4inc

Read More

The post Study: Most Professional Training for Teachers Doesn’t Qualify as ‘High Quality’ – Teaching Now – Education Week Teacher appeared first on Parent Security Online.

View full post on Parent Security Online

Cybersecurity Training and Policies Are Useless If Ignored

Protection concept: computer keyboard with Closed Padlock icon on enter button, 3d render

Source: National Cyber Security – Produced By Gregory Evans

Cybersecurity Training and Policies Are Useless If Ignored

There’s no question that there is a need for solid cybersecurity awareness training. Yet, how effective is it, really? A couple of studies I’ve seen recently make it seem like you can provide all of the cybersecurity education you want,

The post Cybersecurity Training and Policies Are Useless If Ignored appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

SANS Digital Forensics Summit & Training 2017

sans

Source: National Cyber Security – Produced By Gregory Evans

SANS Digital Forensics Summit & Training 2017

June 12 – 17, 2017 | Austin, Texas, USA
Cyber Conference Overview:
SANS events offer excellent training by highly experienced cybersecurity professionals. Their training courses have a reputation for being some of the best in the world.
Source:https://www.sans.org/event/digital-forensics-summit-2017?utm_medium=Referral&utm_source=Concise+Courses&utm_content=FEL_LS_DFIRAu17_Concise&utm_campaign=Digital+Forensics+Summit+Training
Read

The post SANS Digital Forensics Summit & Training 2017 appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cyber Crime Training Law Enforcement

892

Source: National Cyber Security – Produced By Gregory Evans

Cyber Crime Training Law Enforcement

Law Enforcement Agents receive training every year from other law enforcement officers and outside consultants. In our technology driven world, technology is ever-changing and therefore is the driving force of the content of this course. For this reason our course

The post Cyber Crime Training Law Enforcement appeared first on National Cyber Security.

View full post on National Cyber Security

North Korea’s Hodo Peninsula Training Area

Source: National Cyber Security – Produced By Gregory Evans

A 38 North exclusive with analysis by Joseph S. Bermudez Jr. and Sun Young Ahn. Located on the Hodo Peninsula, north of Wonsan, on North Korea’s east coast is what is commonly referred to as the Hodo Peninsula Training Area.[1] The Hodo Peninsula has been used as a training area for live-fire testing and training […]

The post North Korea’s Hodo Peninsula Training Area appeared first on National Cyber Security.

View full post on National Cyber Security

Cyber Security Training In London 2016

sans

Source: National Cyber Security – Produced By Gregory Evans

SANS’ London Training Event takes place on 14 – 19 November 2016, at the Grand Connaught Rooms. 12 IT security courses, several taught by SANS course authors and curriculum leads. Specialist courses on offer include: DEV522: Defending Web Applications Security Essentials and SEC505: Securing Windows and PowerShell Automation. Prepare for GSEC, GCED, GCIA, GCWN, GMON, […]

The post Cyber Security Training In London 2016 appeared first on National Cyber Security.

View full post on National Cyber Security

Healthcare Cyber Security Summit & Training 2016

sans

Source: National Cyber Security – Produced By Gregory Evans

Training Course Dates: November 16-21, 2016 Summit Dates: November 14-15, 2016 SANS will be hosting its 4th Annual Healthcare Cybersecurity Summit. Join us and hear top security experts from leading healthcare companies discuss proven approaches for securing and succeeding in the new healthcare environment. You’ll have the opportunity to meet with leaders from top organizations […]

The post Healthcare Cyber Security Summit & Training 2016 appeared first on National Cyber Security.

View full post on National Cyber Security