Security Training Through Practical Experience

The Importance of Practical Experience

One of the most interesting scenes to watch – if you are fortunate enough to time it right – is a full-scale emergency drill conducted by joint teams of firefighters, police and paramedics. These can involve hundreds of people, including volunteers who are given realistic wounds by skilled makeup artists, and who play the roles of the wounded in a mass-casualty situation. They usually take place at an actual office building or other public structure, and everything is made up to be as real as possible. So real, in fact, that neighbouring businesses and residents are often warned repeatedly about the event in order to avoid panic.

The question arises, with so much great virtual reality available, and with so much information retrievable from the Internet, why go to the expense of a full-scale mock-up in the physical world? What more could someone learn in such a setting that they could not obtain through research? Any fire chief or triage specialist will tell you: there is no online learning equivalent to real-world experience.

In emergencies, a number of physical experiences contribute to increasing the chances of a successful and safe conclusion. Touch, sight, smell, sounds, muscle memory and intuition – all of these represent proficiency that cannot be satisfactorily reproduced simply by reading or watching a video. This is why disaster exercises are held, from large-scale mock-ups through to the tedious office fire drill. Nothing beats practical experience.

Learning To Adapt

The same rule applies for information security professionals. This is an industry that gets more complex by the day, especially as more data and operations move to the cloud. Many traditional IT security practices no longer apply in cloud computing environments, and a broader range of IT experts are required to have the knowledge, skills and abilities to ensure data and systems are protected across the entire IT ecosystem. Learning and staying up-to-date with these changes is vital. But validating that knowledge is just as important, so that organizations can confirm IT staff have both the insight and problem-solving skills necessary to manage threats, proactively and reactively.

A significant benefit of experience is the capacity for cloud security professionals to communicate clearly and effectively to various operational levels within a department, from the most junior to the most senior. Very often, a simple problem-solving exercise can be delayed or even sabotaged due to inadequate understanding, talking to the wrong people or sheer resistance from stakeholders. The skills required to manage a conflict and defuse situations filled with tension or panic are as much part of the job as is technical know-how. When it comes to dealing with people, prior experience is an absolute must.

Deeper Knowledge

When describing hindsight as being 20/20, people often say if they knew “then” what they know now, they would have done things differently. This is why an extensive working background is so vital. Similarly, this is one of the reasons why (ISC)² and the Cloud Security Alliance (CSA), two of the leading non-profits focused on information and cloud security, developed the Certified Cloud Security Professional (CCSP℠) certification – to ensure that cloud specialists have the knowledge, skills and abilities to audit, assess and secure cloud infrastructures. Their requirement for candidates to demonstrate experience, specifically five years in IT, three years in IT security, and one year in cloud security, represents a well-rounded awareness of the situations that can happen on either side of a computer screen. CCSP certified professionals are able to demonstrate how they have gained a deeper knowledge of cloud security through hands-on experience and practical know-how. This gives information security and IT staff the skills and credibility to get the job done, and gives organizations greater comfort in granting the freedom and authority needed to confidently move IT infrastructure to the cloud.

For more on the CCSP certification from (ISC)², please visit www.isc2.org/ccsp. Sponsored by (ISC)².

By Steve Prentice

Recovery Experts.png
David Fletcher Blown Image
Growing Up.png
Byod.png
Jen
VoIP and PBX Phone Systems The cloud is already providing businesses with such a range of advanced tools and services, optimizing communication across channels, improving global cooperation, and supporting collaboration between teammates and partners both ...
Mark Ardito
‘Legacy systems’ often get a bit of a rough time in the IT community. But perhaps this is unfair. After all, in many cases you’re talking about software platforms that have lasted and been effective ...
Alex Dean
Enabling Privacy and Personalization Most businesses today rely on data collected online to better understand their customers and deliver more personalized products, services and experiences. These insights can be transformative for an organization, especially when ...
Gilad David Maayan
What Is SSPM? SaaS Security Posture Management (SSPM) is a set of security tools that an organization’s security team can use to gain visibility and manage security for their Software as a Service (SaaS) applications ...
Ray Meiring
Proposal Management Software Benefits Amid the COVID-19 pandemic-induced supply chain and market challenges, 2021 started to course correct, allowing many companies to resume business operations. As a result, request for proposals (RFPs), sales proposals, and ...
  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.