What’s your approach to training up new hires?

1.3k views1 Upvote5 Comments

VP, Director of Cyber Incident Response in Finance (non-banking), 10,001+ employees
I'm using a third-party vendor for training called Immersive Labs. If you want to be a tier one analyst, they’ll tell you the skillset that they think you need to have. If you want to be a tier two analyst or a SEI CERT person, you get the skillset and the training classes to go along with it. Folks can add these training classes and labs to their repertoire, so we found them to be really compelling.

I’m on an insourcing journey so I also have a consulting firm to help me make sure that I'm doing it right. And hopefully I have the right staging levels to ramp them up so that I'm not double dipping on the money. I have funding for the outsourcing through sometime next year, so the hard part will be ensuring that my new insource people are ready to go by the time that funding runs out.
Global CIO & CISO in Manufacturing, 201 - 500 employees
There was Linux Academy and now there’s A Cloud Guru, which bought them. There have always been toolsets out there but it's been hard to get that budget quantified and qualified, especially with retention being such an issue. If it's a one-year program, the business says, “How do you know that they're not going to leave?” Hopefully they love working with me enough that they'll stay, but that's a pipe dream. That's where it becomes a battle, because everybody's realized that cybersecurity is critical and wants more money if they have the skills. The “Great Resignation” has made everybody realize they can be in Timbuktu, Canada or Argentina if they really wanted to. 
CISO in Software, 501 - 1,000 employees
We are looking at all our security learning across the business and mapping out learning pathways for our people depending on what their role is, or in what direction they want to take their role. For example, what is the standard training for a security analyst, a PenTester, a GRC person, a security architect? We are looking for commonalities across the lot and tying it into our vendor certification programme. 
Senior Director, Business Systems, Integration & Corporate Eng. in Software, 1,001 - 5,000 employees
For new hires there are a few training or getting up to speed routes:

1. Company and mandatory training: This is generally something that the companies learning team have lined up in the LMS. I normally advise them to start off with the mandatory trainings such as security and policy review and attend any onboarding zooms set up by learning team. It gives them insights into the company, culture and they get to virtually meet other new hires.

2a. Team Onboarding:  Learn the culture and ways of working- Have a quick session with them to walk through the culture of the company, the team, partners and how we operate. These are sometimes written and unwritten ways of working so that they can integrate easier and tailor their approach as needed to meet with some initial success. Nothing like knowledge upfront to help them lay a great first impression.

2b Team Onboarding: Tasks for 30-60-90 -  I hand out a 30-60-90 days to the person that outlines what they should have learnt and who they should have met for each of these milestones. This sets them up for success till they start working with autonomy and identify their priorities also helps them know who to meet and build relations with for their own success in the coming days

3. Ongoing training: Learning and training is always ongoing and situational. As some time passes, I arrange some more team learning like Speed of Trust or Five dysfunctions of a team.. very dependent on the team and issues we need to work on.
Secure Facilities Information Technology Manager in Manufacturing, Self-employed
We have a core training program, but after that real hands on training comes in the form of partnering.

Content you might like

Create communities of practice28%

Set performance goals related to practice/learning58%

Host learning events53%

Offer mentorships32%

Offer 1:1 coaching as needed34%

Reimburse class/training costs24%

Send them to conferences22%

Maintain an internal knowledge base15%

Another tactic (share in a comment if you like)7%

They handle this themselves4%



Yes, for every cybersecurity role23%

Yes, but not for all roles62%


I'm not sure2%


1k views1 Comment