October 15, 2015

Security Training Through Practical Experience

By Steve Prentice

The Importance of Practical Experience

One of the most interesting scenes to watch – if you are fortunate enough to time it right – is a full-scale emergency drill conducted by joint teams of firefighters, police and paramedics. These can involve hundreds of people, including volunteers who are given realistic wounds by skilled makeup artists, and who play the roles of the wounded in a mass-casualty situation. They usually take place at an actual office building or other public structure, and everything is made up to be as real as possible. So real, in fact, that neighbouring businesses and residents are often warned repeatedly about the event in order to avoid panic.

The question arises, with so much great virtual reality available, and with so much information retrievable from the Internet, why go to the expense of a full-scale mock-up in the physical world? What more could someone learn in such a setting that they could not obtain through research? Any fire chief or triage specialist will tell you: there is no online learning equivalent to real-world experience.

In emergencies, a number of physical experiences contribute to increasing the chances of a successful and safe conclusion. Touch, sight, smell, sounds, muscle memory and intuition – all of these represent proficiency that cannot be satisfactorily reproduced simply by reading or watching a video. This is why disaster exercises are held, from large-scale mock-ups through to the tedious office fire drill. Nothing beats practical experience.

Learning To Adapt

The same rule applies for information security professionals. This is an industry that gets more complex by the day, especially as more data and operations move to the cloud. Many traditional IT security practices no longer apply in cloud computing environments, and a broader range of IT experts are required to have the knowledge, skills and abilities to ensure data and systems are protected across the entire IT ecosystem. Learning and staying up-to-date with these changes is vital. But validating that knowledge is just as important, so that organizations can confirm IT staff have both the insight and problem-solving skills necessary to manage threats, proactively and reactively.

A significant benefit of experience is the capacity for cloud security professionals to communicate clearly and effectively to various operational levels within a department, from the most junior to the most senior. Very often, a simple problem-solving exercise can be delayed or even sabotaged due to inadequate understanding, talking to the wrong people or sheer resistance from stakeholders. The skills required to manage a conflict and defuse situations filled with tension or panic are as much part of the job as is technical know-how. When it comes to dealing with people, prior experience is an absolute must.

Deeper Knowledge

When describing hindsight as being 20/20, people often say if they knew “then” what they know now, they would have done things differently. This is why an extensive working background is so vital. Similarly, this is one of the reasons why (ISC)² and the Cloud Security Alliance (CSA), two of the leading non-profits focused on information and cloud security, developed the Certified Cloud Security Professional (CCSP℠) certification – to ensure that cloud specialists have the knowledge, skills and abilities to audit, assess and secure cloud infrastructures. Their requirement for candidates to demonstrate experience, specifically five years in IT, three years in IT security, and one year in cloud security, represents a well-rounded awareness of the situations that can happen on either side of a computer screen. CCSP certified professionals are able to demonstrate how they have gained a deeper knowledge of cloud security through hands-on experience and practical know-how. This gives information security and IT staff the skills and credibility to get the job done, and gives organizations greater comfort in granting the freedom and authority needed to confidently move IT infrastructure to the cloud.

For more on the CCSP certification from (ISC)², please visit www.isc2.org/ccsp. Sponsored by (ISC)².

By Steve Prentice

Steve Prentice

Steve Prentice is a project manager, writer, speaker and expert on productivity in the workplace, specifically the juncture where people and technology intersect. He is a senior writer for CloudTweaks.
The Lighter Side Of The Cloud

Navigating M&A Waters: The Core Role of Active Directory Migrations

Navigating M&A Waters On the whole, 2023 was a slow year for mergers and acquisitions. [...]
Read more

Leading Container Security Services for Cloud-Native Environments

Leading Container Security Services In today’s rapidly evolving digital landscape, container security has become a [...]
Read more
Derek Pilling

Is My Data Architecture Multi-Cloud or Multiple Cloud?

Multi-Cloud or Multiple Cloud? In the post, What is Multi-Cloud?, we defined multi-cloud in the [...]
Read more
Aman Aggarwal

Top Cloud Cost Optimization Strategies for Multi-Cloud Environments

The age-old saying “Don’t put all your eggs in one basket” has found a new [...]
Read more
Alex Dean

Privacy in Personalization: Strategies for Trust & Compliance

Enabling Privacy and Personalization (Updated: 02.16.2024) Most businesses today rely on data collected online to [...]
Read more
Alex Fink, CEO of the Otherweb

AI is Eating the World: The Evolution of Content in the Age of AI

AI is Flooding The World In the constantly evolving landscape of technology, “AI is eating [...]
Read more
Unlock unparalleled exposure for your brand with CloudTweaks' premium sponsorship and advertising programs. Reach a global audience, amplify your message, and drive growth with our tailored solutions. Partner with us today and elevate your marketing strategy to new heights!
© 2024 CloudTweaks. All rights reserved.