In an article on Sophos, the question was posed “Is security training a waste of time?” There were some examples of training with poor outcomes. 80% of West Point cadets given 4 hours of computer security immediately fell for a test phishing scam. Employees at internet security firm RSA opened an infected XML attachment to an email that allowed their “secure” network to be breached by real-life hackers. At the end of the article, it is suggested that training can only do so much, and that those of us who are making our living setting up network security need to be doing more ourselves.
There are times when I wonder if the efforts that I am making, through my blog and my community education classes, are helping. But some many of my clients are asking before pulling the trigger on a suspicious email, that I have to say that it is helping overall.
Those of you who have taken my classes, or are following my blog, what are your thoughts? Your comments are appreciated.Share
About the Author:I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at http://wyzguyscybersecurity.com