this short paper we discuss the shortcomings of on-the-job training and
conventional classroom instruction for cybersecurity, review the characteristics
of successful security simulation programs, and take a brief look at the
Symantec Cyber Security Services: Security Simulation program.
Classroom instruction or conventional online courses would seem to be natural ways to keep IT professionals up to date on the latest threats. However, most cybersecurity classes are far from ideal for experienced IT professionals. Typical shortcomings include:··
- A passive learning style, based on lectures and rigidly structured lab exercises.
- An academic orientation that puts theory above practical advice.
- A focus on tools like firewalls and SIEMs, rather than on how attackers operate.
- Teaching one “right answer” to each question, instead of showing multiple ways to address a problem.
- A single level of difficulty, either baffling for beginners or boring for experienced staff.
- Out-of-date content, in an era when major new threats emerge every month.
Download paper (PDF)
Source: IT White Papers Library