Checkbox Enablement and the Expert Myth in Security

“I would like to measure their expertise before and after the training session. When you do the survey, use a five-point scale from Novice to Expert…”

Those were the orders, and the training team did what was asked. All of the respondents to the survey replied that after the session they considered themselves “experts.” It was all an understandable, but undeniable, lie.

This lie was not a sinister act. It was one of self-preservation. After all, if your organization invests money and resources to send you to a class to become an “expert,” there is an expectation that an expertise transformation will occur, even when it’s not realistic.

What is the Expert Myth?

The “Expert Myth” may exist in other fields, but it is most prevalent in the Information Technology industry. Training resources claim to create expertise in student attendees. Bootcamps turn out scores of ethical hackers, administrators and security analysts after a simple investment of 3-5 days, hands-on labs and “deep dive” content.

The unfortunate truth is that expertise is not so easily obtained. At most, the effectiveness of boot camps, instructor led courses and virtual instruction depend on what experience the student brought with them, how much information they understood and retained and, more importantly, what they do AFTER the course.

Studies have shown that regardless of the level of instruction, if there is no practical application of those learned skills, they will fade and atrophy – usually in as little as 2 weeks.

Expertise cannot be taught. Expertise and competency can be acquired only through actually doing the work, and doing it often. This includes making mistakes, adjusting and adapting. The aforementioned courses, classes, and bootcamps are not worthless, they just need to be framed realistically as a foundation on which to build.

The False Security (Read more...)

This is a Security Bloggers Network syndicated blog post authored by Cylance Blog. Read the original post at: Cylance Blog