In the end, the bottom line for an IT professional is to keep the system safe from harm. It’s a tall order to maintain security when you consider the size and speed of change in the field and the overwhelming enthusiasm and commitment of those who seek to do harm to it. And security and protection seem counterintuitive to a system that was built to be open and accessible. So how do IT trainers best prepare their IT people for the demands of system protection when black hat hackers are infiltrating at unprecedented rates, it is impossible to keep up with the whirl of new technologies, and the work they do is in an environment that decries secret codes, locks, and keys? Three words: education, specialization, and experience. This is a unique combination of skills to meet the demands of a growing field, and not suited to everyone. It won’t likely come fast or easy, but if you can commit your IT professionals to an ongoing learning process, they will be best prepared to meet the demands of your network.

Education is key. As technology becomes increasingly complex, it is no longer possible to work your way from the ground up, unless you start with a good degree in the computer science area. What you choose is not so important as learning as much as you can while you study. Be sure your IT professionals have appropriate training, even if you intend to train them further, once hired (and that should be your plan—and a generous budget line). Consider some of the certifications that are available that might be useful for your IT team. The list of choices includes Certified Penetration Test (CPT) or Certified Expert Penetration Test (CEPT), big picture areas to teach your IT professional about potential attacks that can occur to networks as well as software and computer systems. Courses such as these ones are often offered boot camp style as focused training sessions over a short period of time. These courses and programs often offer real-life simulations to teach applied knowledge as well as theoretical applications and ensure your IT professionals hit the ground running when they return from training.

Specialize your team. Today’s technology is complex, so specialize your team. No single person can fully understand all the aspects and issues of such a large and fluid system. Have your IT professionals each master one or a few aspects of IT really well, whether it is penetration testing, policies relating to internet security or some other area that affects your organization (all of them likely do). You can build on this beginning as you and your IT team get experience. Is your business engaging wireless technology? Prepare your IT professional in a wireless system such as GIAC or GIAC GAWN, to learn how to think through and evaluate weaknesses that affect the network system. Sometimes you can piggyback specialties, having your people gain expertise in areas that complement each other, and that means better protection for your network system.

Get experienced help and get your help experience. The thing about being a ninja warrior in cyber-security is that they need both education and extensive experience. Be sure you get your IT people both. Look for opportunities that help them develop good analytical and policy skills as well as more technical knowledge. You need your people thinking about policies that support your network security and do not hinder your capacity to do business.

Think system wide. Today, infiltrators are only improving in the quality as well as the quantity of their handiwork, with attacks on network systems the biggest threat to security about 80 percent of the time. [3] So your IT people must be able to think broadly about network issues, and this only comes with education, great focused training as well as experience.

There are also still surprisingly few international protocols or policies to guide cyber-security professionals even as attacks increase in their impact. Good IT professionals need to develop a sixth sense for the problems they may encounter and work to create organizational policies as well as practical tactics to meet them. You also need to ensure that your IT people are plugged into government departments, roundtables, and other discussion groups that develop policy and legislation that can affect your bottom line. The capacity of your network to provide secure yet flexible services is a balancing act of policy and legislation, applied technologies, and old-fashioned know-how. Preparing your IT people to understand network complexities that include theory, policy, and application means ensuring they are excellent critical thinkers, aware of the legislative and legal issues, supported by plenty of IT training to anticipate, detect and resolve network security challenges.


[1] Alexander Moens, Seychelle Cushing, Alan W. Dowd, “Cybersecurity Challenges for Canada and the United States”, Fraser Institute, March, 2015, https://www.fraserinstitute.org/sites/default/files/cybersecurity-challenges-for-canada-and-the-united-states.pdf. [2] Eric DuVall, “John Podesta’s Gmail was hacked by Russians, security researchers say,” UPI.com, updated Oct. 20, 2016, http://www.upi.com/Top_News/ US/2016/10/20/ John-Podestas-Gmail-was-hacked-by-Russians-security-researchers-say/5351476986068/ . [3] Upasana Gupta, “Cybersecurity: What it Takes to Make a Career. Government, Private Sector Both Have Needs for Trained Professionals”, bankinfosecurity.com, March 19, 2009, http://www.bankinfosecurity.com/cybersecurity-what-takes-to-make-career-a-1289 .