Elite Cyber Security Teams: Why They Matter and How to Train Them

Posted on by Juan Bocanegra

security teamsThe average U.S. company of 1,000 employees or more spends $15 million a year fighting cyber crime, a 20% increase over last year, according to the Ponemon Institute. Hacking attacks cost the average U.S. organization $15.4 million per year—more than double the global average of $7.7 million.

One of the reasons for the exorbitant costs of fighting cyber crime is that it now takes an average of 46 days to contain a successful attack once it has been detected. Many companies spend as much as $43,000 a day, on average, for containment costs.

These figures are significant, however cyber crime is becoming more sophisticated and attackers more omnipresent with each passing day. Simply spending exorbitant amounts of money on the problem might have helped a few years ago, but today it’s no longer enough. Case in point: Despite our substantial global efforts to combat cyber crime, PwC found there were 38 percent more security incidents detected in 2015 than in 2014.

It’s time for companies to take a more proactive and aggressive approach to cybersecurity and to learn to think like the hackers themselves. This requires hiring and training internal security teams, which involves significant commitment and capital. However, to protect current business health and future goals, companies need to widen their focus from (almost) exclusively looking at technological solutions, to one that includes more emphasis on people and processes. 

Best practices for hiring and training elite cybersecurity teams are still emerging, however the overall focus needs to be on continuously educating and investing in these individuals. The first important step is to clearly outline the specific learning outcomes your organization wants to achieve—and make sure these goals are recognized, agreed, and supported by key stakeholders. Even more importantly, while it may prove difficult at times, is to ensure that company politics and funding matters don’t cloud your efforts here.

Below are five key tips for companies looking to thwart nefarious hackers by implementing elite cybersecurity teams in-house: 

1. Reverse engineer the process.

Begin the training process with the end in mind. In other words, start by determining which cybersecurity job roles you want to target with world-class talent, and then backtrack in order to outline a training curriculum that includes learning paths for the most relevant knowledge and tasks for those particular roles. Design each learning path as its own specific journey, ending in the particular job role your company requires. Along the way, continuously challenge your trainees with an Assess-Train-Certify model in an effort to build on trainees’ existing, foundational knowledge and help them grow into becoming expert performers.

2. Emulate the medical training approach.

In medical school, students participate in a variety of educational activities. They study basic sciences in classroom settings; conduct clerkships in professional settings; and eventually go on to participate in residencies and fellowships. In the cyber world, a similar training approach works well. Start with knowledge-based training in classroom-like settings, and then advance trainees to more hands-on, performance-based training, where they can shadow experienced professionals. Finally, establish a capstone program with mentored secondment periods towards one or more cyber specialties that incorporates continuous learning and student assessment throughout this period.

3. Test intelligently.

To best identify trainee candidates for your elite cybersecurity team, refrain from exclusively using academic or traditional testing, as such techniques are often insufficient for accurately identifying quality candidates. Instead, add in qualitative testing techniques. Evaluate key trainee attributes such as abstract reasoning skills and/or aptitude for assimilating and managing new ideas, concepts or information. Ideally, include techniques to measure correlations between student’s test answer accuracy; and time and confidence in answering. This set of metrics can serve as a key differentiator in the testing phase and help create individualized learning paths, so students focus less on what they already know and more on what they don’t. 

4. Go beyond the basics.

Successful cybersecurity training programs go beyond purely technical subject matter. For instance, it’s often said that hacking is an art and science. Incorporate a variety of subject matters into your training process so that trainees are able to respond to any and all future scenarios—both from a technical and lateral thinking perspective. Also, design your curriculum to match the unique and changing needs of your business and respective industry. Cybersecurity is an intricate and arduous area of study, so make sure your training program is tailored to support its complexities, all the while providing world-class technical expertise, as well. 

5. Be patient.

Training elite cybersecurity teams isn’t always a straightforward task, and it takes time. Typically, the most successful programs last more than a few years, so it’s crucial that trainers, trainees, and all stakeholders are patient and remain committed for the entire duration of the process.

Like it or not, cyber crime is a very real threat to our digital way of life. And companies are finding it increasingly difficult to fight it off on their own, especially as hackers become faster, sneakier, more creative and much more prolific. According to the 2016 Ponemon Institute Data Breach Study, 1.5 million cyber attacks occurred last year—which translates into 4,000 cyber attacks happening every day and 170 attacks per hour. Given this upward trend, companies must take a more strategic and actionable approach to fighting cyber crime.

To that end, organizations must develop an internal cybersecurity team that’s trained to continually defend your company and outsmart any lurking hackers. Such an endeavor takes time and requires thorough planning, however it’s entirely feasible. Plus, having an elite group of cybersecurity experts at your disposal could literally save your business someday.

About the author: Juan Bocanegra is Executive Director of Cyber Training Academy at DarkMatter. He has over 12 years of leadership experience in information security across various industries, and was previously the Director of WW Education Services at Intel Security in Virginia, USA. In that role, Juan was responsible for leading Intel Security’s global training vision, strategy and go-to-market strategy.

Juan Bocanegra

Executive Director, Cyber Training Academy , DarkMatter

professional development & workforce

Blogs posted to the RSAConference.com website are intended for educational purposes only and do not replace independent professional judgment.  Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA® Conference, RSA Security LLC or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community