Training for Security Pros: Things Change Constantly

Training is one of those interesting areas that everyone believes they can do. Not everyone can do marketing, coding or analysis, but everyone typically believes they can train someone else. This is only partially true. Here are a few of the traps people tend to fall into when it comes to managing risk and working in the cybersecurity industry. And, yes, don’t worry, we have some solutions that can help you deal with these challenges. More on that later! The traps:

Trap 1: “The Comfort Trap”

There is a human tendency to not see things objectively, but to instead actively find things to fit their own views. This occurs often in the learning process. The security industry is composed of very highly trained and skilled professionals. Sometimes this works at a disadvantage. There is a danger of being comfortable to the point where any research or educational pursuit is done just to confirm that already acquired knowledge or skillsets.

Meanwhile, the “bad guys” are using creative techniques, some not terribly technical, to bypass legacy thinking. Signature-based technologies, the addiction to the “reactive security” mindset, and security solutions that require an entire intrusive separate infrastructure are, surprisingly, concepts a lot of security professionals are used to and defend. Anything that runs contrary to that knowledge that challenges their core belief and prevents the reception of new knowledge.

The danger is that learning stops because many security professionals believe that they have a handle on how attacks work and that they’ll be breached at some point anyway. Prevention has almost gone by the wayside. We do not have to rely on have a recovery play in order to react to a breach that could have been prevented in the first plan.

The fix:

Keep learning! Read forums where people are sharing their (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Douglas Rivers. Read the original post at: Cylance Blog