Self-training programs for IT staff, execs effectively boost cybersecurity
Video courses arm employees with skills to better protect organizations, customers from attack
By Byron Acohido, ThirdCertainty
Training IT staffers on the intricacies of protecting a company network traditionally has taken a couple of forms: look over the shoulder of a savvy colleague or ship the staffer out to attend a classroom session.
“Traditionally, security training has been mainly delivered as a social component,” says Gary Eimerman, vice president of IT ops content at Pluralsight. “You learn from the other members on your team or in an instructor-led classroom.”
Pluralsight, a Farmington, Utah-based technology training services supplier, has come up with an alternative approach, one it is betting will be much better suited to the current business environment. It revolves around employees going online to access professional-grade training videos—to self-train themselves and one another.
Related Q&A: Insider threats pose major exposure
Taking an online, on-your-own approach enables IT staffers to schedule training as needed and in sync with their operational duties. And when a refresher course is needed, he or she can log in and get it immediately.
“You search for what the challenge is, pull up a lesson, and continue the evolution,” Eimerman says. “You don’t have to go from beginner to advanced all in one sitting. It’s an as-you-need-it model.”
Training market a growing sector
Pluralsight’s pivot to the cybersecurity training market is noteworthy, if only because this is a red-hot, fast-growing vendor. The company’s annual revenue reportedly has topped $100 million, and its market valuation is in the $1 billion neighborhood, based on the mountain of venture capital cash it has attracted.
The company’s rapid growth has come via completing eight acquisitions in three years, including spending $36 million to swallow up Code School, a training platform for beginning coders, and shelling out $75 million to acquire Boston-based Smarterer, an innovative skills assessment vendor.
This past July, Pluralsight arrived at the Black Hat cybersecurity trade show in Las Vegas with an announcement that it has added more than 110 cybersecurity video courses to its library of 5,000 IT training modules. The security coursework covers topics ranging from driving toward security maturity to locking down custom business applications. Other topics include penetration testing, vulnerability management, incident response, digital forensics, ethical hacking, security auditing and even security risk management.
Depth of offerings
“In building our cybersecurity content, we assembled the industry’s best talent, and we sought to provide IT professionals with the knowledge and skills they need to keep their organizations running safe and secure amid today’s most destructive digital attacks,” Eimerman says.
This wealth of coursework is being made available for $29 per month, per employee. For more intensive training, Pluralsight offers personal instruction for $1 to $5 per minute. Business plans for large groups of employees also are available.
Pluralsight has a couple of target audiences in mind: first, hands-on techies, such as systems administrators or in-house software developers. Both need to understand, and be able to account for, the wider security implications of, say, managing a sub-tier of a company network or introducing a new, customized business application.
Another key audience: senior managers for whom a full grasp of how security issues intersect with all aspects of modern business networks has become vital. “The C-level or VP-level executives are trying to set a strategy for going forward,” Eimerman says. “We are try to help them understand why security is so important and why it isn’t something you can just bolt on after the fact. Security truly has become core to the entire technology stack.”
Help where compromises occur
Pluralsight is reacting to rising demand for truly helpful security training, in a landscape where cyber attackers continually innovate. PriceWaterhouse Cooper’s 2016 global information security survey showed that employees remain the most cited source of network compromises, even as security incidents rise on the order of some 40 percent year-over-year.
PwC surveyed 10,000 CEOs, CFOs, CIOs, CSOs and other employees of IT and security practices in more than 127 countries. Respondents indicated that current employees were the source of 34 percent of security incidents last year, and former employees accounted for 29 percent of the incidents.
Better-trained employees, backed by security-conscious senior executives, ought to help reduce the soft spots within business networks. And that would make it more difficult for network intruders out to steal data, disrupt operations and generally cause chaos.
“The core component of security in any enterprise is knowledge,” Eimerman says. “If you don’t know what to test and look for, you don’t know what systems are secure and what systems are not secure.”
Gary Stoller contributed to this article.
More stories related to cybersecurity training:
More organizations find security awareness training is becoming a vital security tool
When it comes to security, don’t give employee education short shrift
As threats multiply, cyber insurance and tech security industries start to merge