Computer Security Training Topics

Computer security training comes in many varieties and approaches. The following sections examine some of the topics that people interested in computer security training can avail themselves of.

End-User/Security Awareness Training
This type of training typically prepares end-users for using their computers and devices more safely. It shares with them common forms of hacking they may be exposed to and how to detect, prevent, and report attacks. Everyone should get this form of security education, whether at home, going to school, or in an office. It should be taken at least once a year, if not more frequently, and should cover recent and most likely threats. This sort of training typically only requires dedicating 15 minutes to a few hours each year.

General IT Security Training
This is for IT and computer security staff members. It should provide a general overview of all types of hacking and malware and go into more detail on the most common and likely-to-happen threats. Typically, this type of training happens over many days or weeks and can recur with increasing maturation over time.

Incident Response
Computer security staff and particularly members of incident response teams should be trained in how to correctly respond to and manage computer security incidents. This should be required training for all personnel who share these responsibilities. This sort of training usually lasts several days and should be repeated as needed.

OS and Application-Specific Training
Many popular OS and application vendors offer general and product-specific security training. Vendor-specific training can supplement your general security knowledge, and if tested and/or used as part of a certification, it can attest to your knowledge of a particular product.

Technical Skills
Many training and certification entities offer security technical training. This includes learning skills around particular types of security products, such as firewalls, intrusion detection, malware analysis, cryptography, patching, backing up, and so on.

Certifications
There are dozens of computer security–related certifications. Every computer certification that a certification candidate studies for and/or takes a test for will contribute to their overall education. There are no right or wrong certifications. However, there are certainly some certifications that are more respected in the industry than others as a measure of computer security fitness. In general, any of the certifications from the following organizations are widely respected (in no particular order):

■ International Information Systems Security Certifications Consortium (ISC)2 ( https://www.isc2.org/ )
■ International Council of Electronic Commerce Consultants (EC-Council) ( https://www.eccouncil.org/ )
■ SysAdmin, Networking, and Security (SANS) Institute ( http://www.sans.org )
■ Computing Technology Industry Association (CompTIA) ( https://certification.comptia.org/ )
■ Information Systems Audit and Control Association (ISACA) ( https://www.isaca.org )

Well-respected, vendor-specific exams are also offered by Microsoft, Cisco, and RedHat. This list is not exhaustive, and there are certainly many other vendors that offer great exams and education.

Training Methods
There are as many ways to learn as there are things to learn. The following sections explore some of the common ways.
Online Training. There is almost no test, certification, or topic that you can’t master using online training. Online training can simply be teacher videos, or it can be fully immersive teaching experiences with text, videos, chapter reviews, and competency testing. Many have real-time teachers to whom you can raise a digital hand and ask questions. Some people prefer in-person teachers in a real classroom, but it is becoming more common for online training to give you nearly the same experience, usually for a far cheaper price.

Schools and Training Centers
Today, there aren’t many major universities, colleges, technical colleges, or formal training schools that do not have a computer security curriculum. Although these are usually more expensive than other training options, and you do need to make sure that you are not just getting talked out of your hard-earned dollars (by diploma mills that don’t really prepare you for good jobs), they can often give very a thorough and comprehensive security education. Many computer security professionals start off at technical schools or local community colleges and then eventually progress to full four-year college degrees or even further.

Boot Camps
Boot camps are places that offer accelerated training, usually focused on obtaining a specific certification. For example, a two-week boot camp could help you get the same certifications you could otherwise get in a one- to two-year technical school. I love boot camps and for two years even taught at some. If you’re attending a boot camp, you have to be ready for intense study and should be the type of individual who can cram a lot of information into a short period of time. For many people with busy lives, boot camps are their best alternative for getting their education. Just make sure your boot camp offers money-back guarantees or multiple test-taking when going for a certification.

Corporate Training
As covered in the “Computer Security Training Topics” section in this chapter, many organizations offer and even require mandatory computer security education. Many large companies offer partial or full tuition reimbursement programs and have employee-led group meetings around particular security topics or certifications. Many employees consider the corporate-offered educational benefits to be one of the best benefits of working for a particular company.

Books
Of course, my book’s chapter on education would not be complete without mentioning that books are a great way to learn about a topic at your own place and pace. Computer books are generally more inclusive around their topic, offer longer introductions to new material, and are usually professionally edited for technical detail and grammar. Continuing, relevant education is essential for end-users, IT staff, and computer security experts alike. One of the most common threads I learned from interviewing all the people profiled in this website is that most of them are continuous learners, and the cream of the crop even reserve a specific time period each day dedicated to learning something new.

No comments

Upnextskills
Powered by Blogger.