Keeping technical talent honed is the best way to maintain an accurate picture of the state of the hack. Allocating an appropriate amount of time and money for training is all too often overlooked as a requirement for preventing stagnation of staff expertise. Training is commonly viewed as too expensive, time consuming, or even not necessary for key technical staff members. Aside from the benefit of keeping technical staff happy and remaining in your employ, training is absolutely essential for keeping those skills current with technology issues. Simply subscribing to dozens of trade magazines and purchasing books is insufficient.
That being said, training does not need to be prohibitively expensive in order to be effective and worthwhile. Some of the most useful training exercises that we’ve seen have been internal ones -- not to be confused with on the job training.
But, before you decide what training to invest time and money in, it is necessary to understand what your training requirements are. The following is a list of ideas to consider in determining your training requirements:
While there is no shortage of security and security administration courses available, it is worthwhile balancing them with more general IT topics such as system and network design and administration. Although your incident response team is a security organization per se, it has been our experience that the most successful security technologists are the ones that ...