What They Want to Learn
Most security pros are keen to ramp up their hacking practice. "They all want to be spending their time on penetration testing skills," says Corey, who calls this area "the fun, cooler" part of cybersecurity. It's helpful to companies, too. The skills workers want most are also handy in the SOC.
The challenge, says Lee, is when new, niche skill sets aren't widely recognized and therefore not required of employees. Organizations sometimes fail to recognize the value of training that could prove essential in the future. He uses threat hunting as an example. At some point, nobody knew about this area of expertise, but now most businesses rely on it.
What's that "mystery" skill now? "The biggest thing I'm seeing right now in terms of usefulness in new training courses is 'purple teaming,'" Lee says. As the name suggests, purple teaming combines the offensive mindset of red teaming with the defensive mindset of blue teaming to teach employees both approaches. Students in these courses learn what attackers do and how they do it, followed by training in how to defend against those threats.
"It's helpful to add perspective," Lee says. "Here, it's a little bit of all things in the same class."
(Image: Spainter_vfx – stock.adobe.com)