Some underestimate the value of cyber
security training as a key part of recruiting and retaining a high performing
cyber team.
It’s all on the internet.
We should be hiring for self
learning.
Let them pay for training
themselves.
But, managed correctly, there is
real value beyond the cost of training. How do you manage it?
At a large conference like BlackHat,
there is no shortage of training or topics to attend. That said, not all of the training
applies to your cyber security program.
Know what your goal is: you can
simply “send someone to a conference” or send them with the job of bringing specific
knowledge back to the organization. If
the former, treat the conference as a retention bonus. If the latter, pay only
for training that brings value to your organization.
If you want to bring back specific knowledge for
the organization, have a standard method for reporting that knowledge back to
the organization. Trip report, internal web page, email of learning, anything.
We store ours in a format that lets me point to specific value whenever
questions arise about the training budget.
Someone has given you some amount
of resources. Uderestimation can go both ways. Why not have a way to show
the execs their tangible return for that investment?
Follow me on Twitter for discussion and the latest blog updates: @Opinionatedsec1
SEE ALSO
No comments:
Post a Comment