Security Training Through Practical Experience

The Importance of Practical Experience

One of the most interesting scenes to watch – if you are fortunate enough to time it right – is a full-scale emergency drill conducted by joint teams of firefighters, police and paramedics. These can involve hundreds of people, including volunteers who are given realistic wounds by skilled makeup artists, and who play the roles of the wounded in a mass-casualty situation. They usually take place at an actual office building or other public structure, and everything is made up to be as real as possible. So real, in fact, that neighbouring businesses and residents are often warned repeatedly about the event in order to avoid panic.

The question arises, with so much great virtual reality available, and with so much information retrievable from the Internet, why go to the expense of a full-scale mock-up in the physical world? What more could someone learn in such a setting that they could not obtain through research? Any fire chief or triage specialist will tell you: there is no online learning equivalent to real-world experience.

In emergencies, a number of physical experiences contribute to increasing the chances of a successful and safe conclusion. Touch, sight, smell, sounds, muscle memory and intuition – all of these represent proficiency that cannot be satisfactorily reproduced simply by reading or watching a video. This is why disaster exercises are held, from large-scale mock-ups through to the tedious office fire drill. Nothing beats practical experience.

Learning To Adapt

The same rule applies for information security professionals. This is an industry that gets more complex by the day, especially as more data and operations move to the cloud. Many traditional IT security practices no longer apply in cloud computing environments, and a broader range of IT experts are required to have the knowledge, skills and abilities to ensure data and systems are protected across the entire IT ecosystem. Learning and staying up-to-date with these changes is vital. But validating that knowledge is just as important, so that organizations can confirm IT staff have both the insight and problem-solving skills necessary to manage threats, proactively and reactively.

A significant benefit of experience is the capacity for cloud security professionals to communicate clearly and effectively to various operational levels within a department, from the most junior to the most senior. Very often, a simple problem-solving exercise can be delayed or even sabotaged due to inadequate understanding, talking to the wrong people or sheer resistance from stakeholders. The skills required to manage a conflict and defuse situations filled with tension or panic are as much part of the job as is technical know-how. When it comes to dealing with people, prior experience is an absolute must.

Deeper Knowledge

When describing hindsight as being 20/20, people often say if they knew “then” what they know now, they would have done things differently. This is why an extensive working background is so vital. Similarly, this is one of the reasons why (ISC)² and the Cloud Security Alliance (CSA), two of the leading non-profits focused on information and cloud security, developed the Certified Cloud Security Professional (CCSP℠) certification – to ensure that cloud specialists have the knowledge, skills and abilities to audit, assess and secure cloud infrastructures. Their requirement for candidates to demonstrate experience, specifically five years in IT, three years in IT security, and one year in cloud security, represents a well-rounded awareness of the situations that can happen on either side of a computer screen. CCSP certified professionals are able to demonstrate how they have gained a deeper knowledge of cloud security through hands-on experience and practical know-how. This gives information security and IT staff the skills and credibility to get the job done, and gives organizations greater comfort in granting the freedom and authority needed to confidently move IT infrastructure to the cloud.

For more on the CCSP certification from (ISC)², please visit www.isc2.org/ccsp. Sponsored by (ISC)².

By Steve Prentice

Future Fintech

What’s the cloud forecast for 2020?

Tech Agnosticism In 2019, we saw how cloud computing transformed the way data is managed, the way applications are developed and deployed, and also the way IT teams operate. Organizations are starting to experience the ...
Peter Tsai

Infrastructure-as-a-Service Security Responsibilities

Infrastructure-as-a-Service Updated: 11.19.2020 What is IaaS? Infrastructure as a Service (IaaS) allows you to rent computing resources from a third party that you then access through the web. You essentially outsource having to set up ...
Business Virtual

Open Virtual Exchange (OVX) – Helping DSPs Fast Track the Monetization of SDWAN

Open Virtual Exchange (OVX) Bring agility and speed to market with intelligent network automation Digital Service Providers (DSPs) do have high expectations from virtual network services such as Software-Defined WAN (SD-WAN), as it promises to ...
Bigcommerce

Magento 1 Is Nearing Its End – Is It Time To Migrate To BigCommerce?

Time To Migrate To BigCommerce? Nearly three years ago, Magento declared that they would be ending support for their Magento 1 software. All versions of Magento from 1.1 – 1.9 would then work without maintenance, ...
Tesla Twitter

The Tesla Story The World Is Ignoring

The Tesla Story The World Is Ignoring Bugatti is one of the most recognized names among luxury supercars. After the founder Ettore Bugatti died, the company nearly disappeared in 1952. Until Italian businessman Romano Artioli ...
Bruce Guptill

Resolving IT-Finance Asynchronization on Cloud Improvements

Resolving IT-Finance Asynchronization While CIO-CFO communications and alignment may never seem better, what is considered to be C-level, strategic “alignment” increasingly obscures realities that keep IT and Finance from synchronizing their thinking and activity. This ...