Why you need tiered security training for IT staff

In an earlier post discussing security awareness training, I discussed the failings of general security awareness training for end users at companies. When it comes to training the IT staff about security, there are also some gaps. A lot of effort goes into certification and advanced training for specified security team members, but that leaves out a lot of other IT staff members (the help desk, for example), often the front-line team when it comes to dealing with cyber-attacks on end users.

In this episode of Security Sessions, I spoke once again with Bill Rosenthal, CEO of Logical Operations, about the difference in training methods for IT staff members and IT security team, as well as the need for multi-vendor certification training.

Among the highlights of the video are the following sections:

0:43 The distinction between security awareness training and security training

2:00 How IT staff security training differs from general employee awareness training.

03:08 Why do most companies feel that cyber-security training is a specialized function?

4:11 Certifications: Why most training is limited to one piece of software or hardware, and not multi-vendor.

5:43 The need for going beyond theoretical security training.

7:19 Why there needs to be more active threat analysis training at companies.

8:19 Advice for CSOs on how to reduce costs for security training.