Self-training programs for IT staff, execs effectively boost cybersecurity

Video courses arm employees with skills to better protect organizations, customers from attack

 
Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Train­ing IT staffers on the intri­ca­cies of pro­tect­ing a com­pa­ny net­work tra­di­tion­al­ly has tak­en a cou­ple of forms: look over the shoul­der of a savvy col­league or ship the staffer out to attend a class­room session.

Ed note_PluralsightTra­di­tion­al­ly, secu­ri­ty train­ing has been main­ly deliv­ered as a social com­po­nent,” says Gary Eimer­man, vice pres­i­dent of IT ops con­tent at Plu­ral­sight. “You learn from the oth­er mem­bers on your team or in an instruc­tor-led classroom.”

Plu­ral­sight, a Farm­ing­ton, Utah-based tech­nol­o­gy train­ing ser­vices sup­pli­er, has come up with an alter­na­tive approach, one it is bet­ting will be much bet­ter suit­ed to the cur­rent busi­ness envi­ron­ment. It revolves around employ­ees going online to access pro­fes­sion­al-grade train­ing videos—to self-train them­selves and one another.

Relat­ed Q&A: Insid­er threats pose major exposure

Tak­ing an online, on-your-own approach enables IT staffers to sched­ule train­ing as need­ed and in sync with their oper­a­tional duties. And when a refresh­er course is need­ed, he or she can log in and get it immediately.

You search for what the chal­lenge is, pull up a les­son, and con­tin­ue the evo­lu­tion,” Eimer­man says. “You don’t have to go from begin­ner to advanced all in one sit­ting. It’s an as-you-need-it model.”

Train­ing mar­ket a grow­ing sector

Pluralsight’s piv­ot to the cyber­se­cu­ri­ty train­ing mar­ket is note­wor­thy, if only because this is a red-hot, fast-grow­ing ven­dor. The company’s annu­al rev­enue report­ed­ly has topped $100 mil­lion, and its mar­ket val­u­a­tion is in the $1 bil­lion neigh­bor­hood, based on the moun­tain of ven­ture cap­i­tal cash it has attracted.

The company’s rapid growth has come via com­plet­ing eight acqui­si­tions in three years, includ­ing spend­ing $36 mil­lion to swal­low up Code School, a train­ing plat­form for begin­ning coders, and shelling out $75 mil­lion to acquire Boston-based Smarter­er, an inno­v­a­tive skills assess­ment vendor.

This past July, Plu­ral­sight arrived at the Black Hat cyber­se­cu­ri­ty trade show in Las Vegas with an announce­ment that it has added more than 110 cyber­se­cu­ri­ty video cours­es to its library of 5,000 IT train­ing mod­ules. The secu­ri­ty course­work cov­ers top­ics rang­ing from dri­ving toward secu­ri­ty matu­ri­ty to lock­ing down cus­tom busi­ness appli­ca­tions. Oth­er top­ics include pen­e­tra­tion test­ing, vul­ner­a­bil­i­ty man­age­ment, inci­dent response, dig­i­tal foren­sics, eth­i­cal hack­ing, secu­ri­ty audit­ing and even secu­ri­ty risk management.

Depth of offerings

Gary Eimerman, Pluralsight vice president of IT ops content
Gary Eimer­man, Plu­ral­sight vice pres­i­dent of IT ops content

In build­ing our cyber­se­cu­ri­ty con­tent, we assem­bled the industry’s best tal­ent, and we sought to pro­vide IT pro­fes­sion­als with the knowl­edge and skills they need to keep their orga­ni­za­tions run­ning safe and secure amid today’s most destruc­tive dig­i­tal attacks,” Eimer­man says.

This wealth of course­work is being made avail­able for $29 per month, per employ­ee. For more inten­sive train­ing, Plu­ral­sight offers per­son­al instruc­tion for $1 to $5 per minute. Busi­ness plans for large groups of employ­ees also are available.

Plu­ral­sight has a cou­ple of tar­get audi­ences in mind: first, hands-on techies, such as sys­tems admin­is­tra­tors or in-house soft­ware devel­op­ers. Both need to under­stand, and be able to account for, the wider secu­ri­ty impli­ca­tions of, say, man­ag­ing a sub-tier of a com­pa­ny net­work or intro­duc­ing a new, cus­tomized busi­ness application.

Anoth­er key audi­ence: senior man­agers for whom a full grasp of how secu­ri­ty issues inter­sect with all aspects of mod­ern busi­ness net­works has become vital. “The C-lev­el or VP-lev­el exec­u­tives are try­ing to set a strat­e­gy for going for­ward,” Eimer­man says. “We are try to help them under­stand why secu­ri­ty is so impor­tant and why it isn’t some­thing you can just bolt on after the fact. Secu­ri­ty tru­ly has become core to the entire tech­nol­o­gy stack.”

Help where com­pro­mis­es occur

Plu­ral­sight is react­ing to ris­ing demand for tru­ly help­ful secu­ri­ty train­ing, in a land­scape where cyber attack­ers con­tin­u­al­ly inno­vate. Price­Wa­ter­house Cooper’s 2016 glob­al infor­ma­tion secu­ri­ty sur­vey showed that employ­ees remain the most cit­ed source of net­work com­pro­mis­es, even as secu­ri­ty inci­dents rise on the order of some 40 per­cent year-over-year.

PwC sur­veyed 10,000 CEOs, CFOs, CIOs, CSOs and oth­er employ­ees of IT and secu­ri­ty prac­tices in more than 127 coun­tries. Respon­dents indi­cat­ed that cur­rent employ­ees were the source of 34 per­cent of secu­ri­ty inci­dents last year, and for­mer employ­ees account­ed for 29 per­cent of the incidents.

Bet­ter-trained employ­ees, backed by secu­ri­ty-con­scious senior exec­u­tives, ought to help reduce the soft spots with­in busi­ness net­works. And that would make it more dif­fi­cult for net­work intrud­ers out to steal data, dis­rupt oper­a­tions and gen­er­al­ly cause chaos.

The core com­po­nent of secu­ri­ty in any enter­prise is knowl­edge,” Eimer­man says. “If you don’t know what to test and look for, you don’t know what sys­tems are secure and what sys­tems are not secure.”

Gary Stoller con­tributed to this article.

More sto­ries relat­ed to cyber­se­cu­ri­ty training:
More orga­ni­za­tions find secu­ri­ty aware­ness train­ing is becom­ing a vital secu­ri­ty tool
When it comes to secu­ri­ty, don’t give employ­ee edu­ca­tion short shrift
As threats mul­ti­ply, cyber insur­ance and tech secu­ri­ty indus­tries start to merge