Could someone recommend foundation security training ideas for IT staff who is looking to train-up into a security operations analyst or engineer role.  NIST CSF foundations? ISC2? CompTIA?

16.9k views5 Upvotes6 Comments

VPInternational Operations and IT and CIO in Education, 1,001 - 5,000 employees
We use SANS and their curriculum
CIO in Consumer Goods, 11 - 50 employees
We have used a customised training program and that helped us to align with our organisation security strategy and on other hand it also prepared our employees to prepare for role they desired.
Assistant Director IT Auditor in Education, 10,001+ employees
ISACA International has a CSX (Cyber Security) subscription program that is very good, but pricey (~$2500 for a year subscription). You work at your own pace in a lab environment.
Director in Finance (non-banking), 10,001+ employees
Huge fan of SANS for security professionals, but for general entry level security or advanced awareness for non-InfoSec we recommend having folks work through CompTIA Security+.  If they have trouble with the networking part we usually recommend Network_ as an optional precursor 

Director of IT in Education, 501 - 1,000 employees
I recommend ISC2, start from Certified Seurity CC, and then move to CISSP. 
Director of IT, Self-employed
CompTIA Security+ (SY0-601): This is an excellent entry-level certification that covers foundational cybersecurity concepts. It's vendor-neutral and provides a good understanding of security practices, risk management, and threat detection. It's often recommended as a first step in a cybersecurity career.

Certified Information Systems Security Professional (CISSP): CISSP is a more advanced certification that's well-respected in the industry. It's suitable for individuals with a few years of experience and covers a wide range of security topics, including access control, cryptography, and security architecture.

Certified Information Security Manager (CISM): CISM is ideal for those who want to focus on security management and governance. It's particularly valuable if you're interested in roles related to security operations, risk management, and compliance.

Certified Information Systems Auditor (CISA): CISA is another ISACA certification that's focused on auditing, control, and assurance. It's suitable for individuals who want to specialize in auditing IT systems and processes.

Content you might like

Slow recovery response times34%

Data availability is limited49%

Too expensive to scale effectively52%

Difficult to manage for widespread use37%

Prone to misconfiguration12%

No - There are no drawbacks7%


1.7k views3 Upvotes

Lack of risk management strategy/decision-making structure21%

Lack of standardized metrics to measure our org's progress44%

Lack of visibility into the risks affecting the organization23%

Inability to use standard risk frameworks6%

Lack of visibility/control over new technology adoption3%

Other (comment below)1%


1.9k views1 Upvote

CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
Read More Comments
48.6k views133 Upvotes326 Comments