#CybersecurityAwarenessMonth – Past, Present and Future of Cyber Training

By /

n

n

nThis October we discussed thennevolution of cybersecurity educationnnand explored the four key themes of Cybersecurity Awareness Monthnthrough member voices on ISC2 Insights:

n n
n
n
n
n

nAs we close out the month, we asked ournnISC2 Volunteersnnto reflect on the expansions they have witnessed in cybersecurityneducation, their greatest training experiences and to weigh in hownthe cyber training experience can advance to inspire the nextngeneration.n

n
n
n

nCybersecurity Changes & Trendsn

n
n
n
n
n

nThere have been many progressive changes to cybersecurity educationnin the 15 years Desmond Israel, CC has been in the industry. Henhighlighted a few for us:

n
    n
  • Increased demand for specialization: There is a growing needn for specialized training in areas like threat hunting,n incident response and cloud security.
    • n
  • Shift towards remote learning: The COVID-19 pandemicn accelerated the adoption of online learning platforms andn virtual training environments.
    • n
  • Integration of ethical hacking and offensive security:n Ethical hacking training has gained prominence asn organizations recognize the value of offensive securityn measures in identifying and mitigating vulnerabilities.
    • n
  • Compliance and regulatory training: With the introduction ofn new data protection laws (e.g., GDPR, PIPL, CCPA),n compliance-focused training has become a crucial aspect ofn cybersecurity education.
    • n
n
n
n
n
n

nCyber training for all has become an everyday practice in manynorganizations. Users are given much more information on what to looknfor in regard to scams, malware, etc. Organizations have learnednthat the weakest link in the systems is usually the users in annotherwise secure network. There is still more to be done, innparticular to secure healthcare and infrastructure as they arencritical for our society. – Jean Tam, CISSPn

n
n
n
n

nOver the years, we’ve seen a shift towards more practical andnscenario-based training. There’s also a growing emphasis on threatnintelligence, cloud security, and the integration of emergingntechnologies like AI and blockchain into cyber education. – AbdullahnAfzal Raja, CC.n

n
n
n

nOutside of the educational space, Fred Dais, CISSP shared that to him, anbig progression in recent years is cyber-supply chain risk managementnand governance becoming a part of the C-suite conversation. In additionnto this, Babatunde Ojo, SSCP, CC mentioned BYOD (bring your own device),nAI and machine learning, Zero Trust architecture and an increase inncyberattacks have all had large impacts on the industry.n

n
n
n

nMoving forward, Chinyelu Udeagwu Karibi-Whyte, CISSP, CCSP noted a trendntowards vendor-neutral certifications and training that provide anbroader understanding of cybersecurity concepts. Also, regulations likenGDPR, CCPA and HIPAA have specific mandates for cybersecurity awarenessnand training, influencing the curriculum.

n
n
n

nImpactful Cybersecurity Trainingn

n
n
n
n
n

nWhile we may each have individual preferred methods of learning, ancommon theme stood out among our respondents; memorable trainings areninteractive and engaging.n

n
n
n
n
n

nJean Tam, CISSP provided a good example of this, reflecting on how muchnfun she had when memorizing the periodic table, all because of her highnschool chemistry teacher. This experience remains a valuable part of herneducational journey today, Jean still learns best in a lab environment.nShe has a lot of her own equipment at home, just to stay up to date onnthe latest tools and techniques used in the industry. Abdullah AfzalnRaja, CC seconds this approach saying, “My best experience was anhands-on workshop addressing real forensic challenges. Practical,ninteractive sessions like these are invaluable because they simulatenactual scenarios, enhancing critical thinking and problem-solvingnskills. This approach makes learning engaging and effective.”n

n
n
n
n
n

nSome, like Fred Dais, CISSP, prefer attending live conferences andnnetworking with peers. While Hina Jabeen, CC says online trainings arenmore efficient, economical and interesting. Through these onlineninteractive cyber trainings, she mentions, learners can acquire usefulncybersecurity skills through simulations, real-world situations andnactive engagement. This virtual method encourages effective learning andnequips students to take on the always-changing problems of the digitalnsecurity ecosystem.n

n
n
n
n
n

nBabatunde Ojo, SSCP, CC noted that he prefers self-paced training fromnhome because it gives the opportunity to set personal goals in anflexible environment. Philips Oke, CC agreed that his best cybersecurityntraining experience was with self-study materials.n

n
n
n
n
n

nPhaustin Karani, CC and Neeraj Kumar Vijay, CISSP both shared thenviewpoint that learning on the job and with a team can lead to rapidngrowth through exposure compared to self-study or bootcamps. In additionnto this, Neeraj enjoys learning in a virtual space as well withninteractive videos with assessments.n

n
n
n

nChinyelu Udeagwu Karibi-Whyte, CISSP, CCSP advocates for scenario-basedntraining as one of the most effective methods for cyber education.nHere’s why:

n
    n
  • Scenario-based training mimics real-world cyber threats,n providing a practical understanding of how to respond ton different situations.
    • n
  • The interactive nature of scenarios keeps learners engaged,n making the training more impactful.
    • n
  • This method encourages critical thinking and decision-makingn skills, which are crucial in cybersecurity.
    • n
  • Learners receive instant feedback on their actions, allowingn them to understand the consequences and learn from theirn mistakes.
    • n
  • Scenario-based training often involves team exercises, whichn help improve communication and collaboration skills,n essential in handling cyber incidents.
    • n
  • Scenarios can be tailored to mimic threats that are mostn relevant to the organization or individual, making then training highly relevant.
    • n
  • Advanced scenario-based platforms offer analytics to gaugen the effectiveness of the training, identify areas forn improvement and measure ROI.
    • n
n
n
n
n
n
n

nOn this note, Lok Yi Lo, CISSP highlighted recent advancements likengamification of cybersecurity education can improve people’snmotivation to learn and update cyber security skills.n

n
n
n

nFuture of Cyber Educationn

n
n
n
n

nAlmost every day new technologies are coming out that directly send ansignal to us as cybersecurity professionals and experts to think ahead.nAdvanced cybersecurity training is essential in preparing cybersecuritynprofessionals to address the evolving and increasingly sophisticatednthreats in the digital landscape. Here are some of the keynconsiderations for advancing cybersecurity training: real-worldnscenarios, cloud-based labs, AI and automation, red and blue teamingnhands-on, specializations and threat intelligence. Cybersecurityntraining should be agile, responsive and adaptable to the adjustingnneeds of organizations and individuals. It should not only focus onntechnical skills but also encompass the broader aspects ofncybersecurity, including risk management, policy development and ethics.nRegularly updating training materials and methodologies is crucial tonstaying ahead of evolving cyber threats. – Babatunde Ojo, SSCP, CCn

n
n
n
n
n

nAdditional suggestions for advancements include Philips Oke, CCnencouraging cybersecurity training to begin with the youth offeringnsocial media awareness and free online training. Abdullah Afzal Raja, CCnshared that cybersecurity training should evolve by focusing onnreal-world scenarios and hands-on experience, bridging the gap betweenntheory and practice. remarking on Loki’s earlier suggestion thatngamified learning experience and continuous skill assessments can makenlearning skills engaging and skill retention easier.n

n
n
n
n
n

nThe group as a whole seems to be in line with the following fromnChinyelu Udeagwu Karibi-Whyte, CISSP, CCSP, cyber training should be:

n
    n
  • Continuous, real-time updates and training modules that cann be accessed anytime, anywhere.
    • n
  • Interactive, game-based learning to engage employees andn make the training more effective.
    • n
  • Specialized training modules for different departments liken HR, Finance, and IT, focusing on the specific risks theyn face.
    • n
  • AI-driven personalized training paths based on ann individual’s role, past performance, and areas forn improvement.
    • n
  • Mobile-friendly, accessible training modules that can ben accessed on various devices.
    • n
n
n
n
n
n

nIn closing, cybersecurity has evolved and met a new level of technologynera where for enterprise we talk about adopting the change like cloud,nAI/ML, Robotics, IoT’s etc. and for end-user understanding and adheringnto secure practice. While the end-user is always the weakest chain innthe security line, we should balance the technology adoption to make itneasier for the end user. An ideal training should balance both andnprovide interactive and more practical training material that sticks tonmemory and easily adaptable. – Neeraj Kumar Vijay, CISSPn

n
n
n
n
n

nFind your preferred training that fits your schedule and learning stylenwith thennISC2 Training Finder. This resource makes it easy to view and register for official trainingncourses from ISC2 and our Official Training Providers.n

n
]]>

Leave a Comment

Your email address will not be published. Required fields are marked *