Translate into a different language

Tuesday, September 22, 2015

When On- the-Job training Is a Recipe for Disaster

In this short paper we discuss the shortcomings of on-the-job training and conventional classroom instruction for cybersecurity, review the characteristics of successful security simulation programs, and take a brief look at the Symantec Cyber Security Services: Security Simulation program.

Classroom instruction or conventional online courses would seem to be natural ways to keep IT professionals up to date on the latest threats. However, most cybersecurity classes are far from ideal for experienced IT professionals. Typical shortcomings include:··
  • A passive learning style, based on lectures and rigidly structured lab exercises.
  • An academic orientation that puts theory above practical advice.
  • A focus on tools like firewalls and SIEMs, rather than on how attackers operate.
  • Teaching one “right answer” to each question, instead of showing multiple ways to address a problem.
  • A single level of difficulty, either baffling for beginners or boring for experienced staff.
  • Out-of-date content, in an era when major new threats emerge every month.
Anyone familiar with the personality styles of most IT professionals will not be surprised that most regard conventional classroom instruction and online courses as unhelpful—or much worse.
Download paper (PDF)

IT White Papers Library 

If you enjoyed this post, make sure you subscribe to my Email Updates!