The Importance of Practical Experience
One of the most interesting scenes to watch – if you are fortunate enough to time it right – is a full-scale emergency drill conducted by joint teams of firefighters, police and paramedics. These can involve hundreds of people, including volunteers who are given realistic wounds by skilled makeup artists, and who play the roles of the wounded in a mass-casualty situation. They usually take place at an actual office building or other public structure, and everything is made up to be as real as possible. So real, in fact, that neighboring businesses and residents are often warned repeatedly about the event in order to avoid panic.
The question arises, with so much great virtual reality available, and with so much information retrievable from the Internet, why go to the expense of a full-scale mock-up in the physical world? What more could someone learn in such a setting that they could not obtain through research? Any fire chief or triage specialist will tell you: there is no online learning equivalent to real-world experience.
In emergencies, a number of physical experiences contribute to increasing the chances of a successful and safe conclusion. Touch, sight, smell, sounds, muscle memory and intuition – all of these represent proficiency that cannot be satisfactorily reproduced simply by reading or watching a video. This is why disaster exercises are held, from large-scale mock-ups through to the tedious office fire drill. Nothing beats practical experience.
Learning To Adapt
The same rule applies for information security professionals. This is an industry that gets more complex by the day, especially as more data and operations move to the cloud. Many traditional IT security practices no longer apply in cloud computing environments, and a broader range of IT experts are required to have the knowledge, skills and abilities to ensure data and systems are protected across the entire IT ecosystem. Learning and staying up-to-date with these changes is vital. But validating that knowledge is just as important, so that organizations can confirm IT staff have both the insight and problem-solving skills necessary to manage threats, proactively and reactively.
A significant benefit of experience is the capacity for cloud security professionals to communicate clearly and effectively to various operational levels within a department, from the most junior to the most senior. Very often, a simple problem-solving exercise can be delayed or even sabotaged due to inadequate understanding, talking to the wrong people or sheer resistance from stakeholders. The skills required to manage a conflict and defuse situations filled with tension or panic are as much part of the job as is technical know-how. When it comes to dealing with people, prior experience is an absolute must.
When describing hindsight as being 20/20, people often say if they knew “then” what they know now, they would have done things differently. This is why an extensive working background is so vital. Similarly, this is one of the reasons why (ISC)² and the Cloud Security Alliance (CSA), two of the leading non-profits focused on information and cloud security, developed the Certified Cloud Security Professional (CCSP℠) certification – to ensure that cloud specialists have the knowledge, skills and abilities to audit, assess and secure cloud infrastructures. Their requirement for candidates to demonstrate experience, specifically five years in IT, three years in IT security, and one year in cloud security, represents a well-rounded awareness of the situations that can happen on either side of a computer screen. CCSP certified professionals are able to demonstrate how they have gained a deeper knowledge of cloud security through hands-on experience and practical know-how. This gives information security and IT staff the skills and credibility to get the job done, and gives organizations greater comfort in granting the freedom and authority needed to confidently move IT infrastructure to the cloud.
For more on the CCSP certification from (ISC)², please visit www.isc2.org/ccsp. Sponsored by (ISC)².
By Steve Prentice