informa
Commentary

Bridging The Gap Between Training And Operations

The EDUCAUSE Security Professionals Conference is a great conference for IT staff from higher education to meet and learn about deploying and managing security tools like OSSEC and Bro IDS, hear how others are dealing with compliance issues, and network with other professionals interested in security.
The EDUCAUSE Security Professionals Conference is a great conference for IT staff from higher education to meet and learn about deploying and managing security tools like OSSEC and Bro IDS, hear how others are dealing with compliance issues, and network with other professionals interested in security.Last night during some post-conference conversations, someone was making the argument that organizations don't have problems securing their IT resources because their staff is stupid, but because they simply don't know how. That's contrary to a mindset that we security professionals sometimes fall victim to. We often assume the admins are stupid because their systems are getting hacked. Likewise, we often think the same thing about users. Obviously, they must be dumb if their systems are getting infected, right?

Wrong. It's easy to jump up and say these things happen because of stupidity, but often, the root cause is that we aren't educating our first line of defense properly. I've written about this in regards to users, but what about the sysadmins and help desk technicians? How often do they actually get included in security training?

That last question is a very important one that is often overlooked, and can turn into a critical issue considering that sysadmins are the ones standing systems up in the enterprise. And, don't forget that while the first tier of support to users, the help desk are often the last to know about the latest threats that could be affecting those they service.

Naturally, the discussion progressed to training and whether or not what was available would really get these people up to where they needed to be to effectively secure their systems and networks. The common complaint came up about how most training is geared for the trainee get a certification that does little more than line the pockets of the training companies.

So with that in mind, what's the likelihood that the trainee can really apply the course content when they return to work? Maybe I was surrounded by a few cynics, but they seemed to be skeptical of the applicability of most of the training they've seen. Personally, I have had the opposite experience where I've spent a few days learning to tear apart packets with tcpdump and Snort, which I then leveraged the day I returned to work.

So I'm left wondering if I'm part of the minority who've actually attended training that left me better prepared to defend my networks. Or, were the folks I was talking to just voicing their frustrations and applying it to the security training industry as a whole?

As the saying goes, "Inquiring minds want to know." Shoot me an e-mail or leave a comment below and let me know your experiences. I'm very curious to see if this comes down to a lack of funding and accessibility to the right training, or if it's a common issue plaguing the IT industry.

John H. Sawyer is a senior security engineer on the IT Security Team at the University of Florida. The views and opinions expressed in this blog are his own and do not represent the views and opinions of the UF IT Security Team or the University of Florida. When John's not fighting flaming, malware-infested machines or performing autopsies on blitzed boxes, he can usually be found hanging with his family, bouncing a baby on one knee and balancing a laptop on the other. Special to Dark Reading.

Recommended Reading: