What tools or platforms are you currently using to support continuous learning for your security team?
Sort by:
With my mentees, the first step is understanding what they want to do and learn, and where they want to grow. Sometimes, helping them figure this out is crucial. I've met people who initially wanted to be hackers because it seemed appealing, but after discussion, they realized they were more interested in other aspects of security.
As mentors, guiding them through the vast ocean of information is essential. Providing a compass, so to speak, can be very helpful. Recommending books like "The Unicorn Project" or courses on platforms like Udemy can be beneficial. Thousands of training sources are available, and the biggest help we can provide is guiding them on what is worthwhile based on our experience, thereby preventing them from wasting their time.
I don’t necessarily focus on a specific tool, but I always encourage my team to understand their long-term career goals. For instance, if someone wants to grow in a leadership track or a risk management track, I help them identify what they need and create a plan for learning core competencies. This could involve recommending specific courses, whether from platforms like Coursera or free YouTube trainings by reputable trainers.
As a leader, it's crucial to understand what skills they want to develop and what new experiences they want to gain. Tailoring the information to meet their needs is key. It could be as simple as recommending executive leadership training or more specific training related to
product security.
There isn't a single tool or training platform that meets all the needs of cybersecurity engineers. With so much information available, it can be overwhelming. Leaders need to help curate this information, especially for newcomers to the industry. Providing structured guidance is more effective than just offering a learning management tool and saying, "grab whatever you want."
Sometimes, team members might not even know what's next for them. Offering them options and helping them research can be beneficial. In summary, while there's a wealth of information available in the cybersecurity space, consuming it in a structured manner is essential.
I agree with Kenneth. There's no single tool or subject that fits all needs. I'm inclined towards understanding the product itself, especially in a DevSecOps scenario with a CI/CD pipeline. Identifying security checkpoints and deploying the right tools to highlight key risk indicators is crucial.<br><br>Engaging with product vendors to provide relevant training and certifications is becoming more important than generic courses on platforms like LinkedIn. The focus is shifting towards what we need to demonstrate to executives and board members. Additionally, understanding the business processes we serve as an information security service provider is essential.<br><br>
For continuous learning in security, we use a mix of tools across different areas. Recorded Future and MISP keep our team updated on threat intelligence, while Tenable and Exploit Database support vulnerability management skills. For hands-on practice, RangeForce and Immersive Labs offer realistic incident response simulations. Platforms like Pluralsight and SANS Institute help with broader cybersecurity knowledge and certification training. Finally, we use Slack or Microsoft Teams for real-time knowledge sharing and Confluence to document key learnings and playbooks. This combination keeps the team skilled and informed across all aspects of security.