My name is Andrew Hay and I, like many of my colleagues, work for an organization in an information security function. If you recall from my previous article, I attempted to impress upon you the need for organizations to support the continuous learning of their employed security staff. This article builds on the first article by explaining the need to support your employees’ training and certification goals.
One way to think about the costs of training your employees is to consider how much the United States invests in training individuals in the various branches of the military. The average cost to train a soldier is roughly $40,000 USD (http://wiki.answers.com/Q/What_is_the_cost_of_training_a_soldier_in_the_military). This figure doesnâ€™t include the ongoing costs to learn new equipment, technologies, and to help them advance in their careers. That figure equates to roughly $400,000 USD for a career soldier serving in the most basic capacity. The United States military prides itself on is the competence of its personnel, which is fostered by training, training, and more training.
Allowing your employees to attend training does not need to cost $400,000, though. Some organizations, such as the SANS Institute, offer work-study programs that allow you to attend a 6-day course in exchange for assisting the instructor, working at the bookstore, or helping with other miscellaneous conference activities. A nominal fee is charged but it is far less expensive than paying the full fee.
The old adage states, â€œThose who canâ€™t do, teach.â€ But one of the best ways to ensure knowledge is kept current is to learn how to teach the concepts to another person. This forces the teacher to become more knowledgeable himself and, in most cases, learn the answers to questions or problems he himself might have had. One way to promote this skill is to support transfer of information sessions. Supporting employee transfer of information helps the business in several ways. It shows employees that their knowledge is valued and that you view them as an expert on particular topics. Interpersonal learning also lowers the overall cost of training for your organization and helps practitioners work on valuable communication and presentation skills â€“ something that most organizations agree is lacking in many security professionals today.
In subsequent articles in this series, I will help you understand the other options for supporting security practitioners within your organization. With this knowledge you can ensure that your employees are being equipped with the tools they need to effectively manage the overall security of your business.