Home

What’s your approach to training up new hires?

I'm using a third-party vendor for training called Immersive Labs. If you want to be a tier one analyst, they’ll tell you the skillset that they think you need to have. If you want to be a tier two analyst or a SEI CERT person, you get the skillset and the training classes to go along with it. Folks can add these training classes and labs to their repertoire, so we found them to be really compelling. I’m on an insourcing journey so I also have a consulting firm to help me make sure that I'm doing it right. And hopefully I have the right staging levels to ramp them up so that I'm not double dipping on the money. I have funding for the outsourcing through sometime next year, so the hard part will be ensuring that my new insource people are ready to go by the time that funding runs out.

Anonymous Author
I'm using a third-party vendor for training called Immersive Labs. If you want to be a tier one analyst, they’ll tell you the skillset that they think you need to have. If you want to be a tier two analyst or a SEI CERT person, you get the skillset and the training classes to go along with it. Folks can add these training classes and labs to their repertoire, so we found them to be really compelling. I’m on an insourcing journey so I also have a consulting firm to help me make sure that I'm doing it right. And hopefully I have the right staging levels to ramp them up so that I'm not double dipping on the money. I have funding for the outsourcing through sometime next year, so the hard part will be ensuring that my new insource people are ready to go by the time that funding runs out.
0 upvotes
Anonymous Author
There was Linux Academy and now there’s A Cloud Guru, which bought them. There have always been toolsets out there but it's been hard to get that budget quantified and qualified, especially with retention being such an issue. If it's a one-year program, the business says, “How do you know that they're not going to leave?” Hopefully they love working with me enough that they'll stay, but that's a pipe dream. That's where it becomes a battle, because everybody's realized that cybersecurity is critical and wants more money if they have the skills. The “Great Resignation” has made everybody realize they can be in Timbuktu, Canada or Argentina if they really wanted to. 
0 upvotes
Anonymous Author
We are looking at all our security learning across the business and mapping out learning pathways for our people depending on what their role is, or in what direction they want to take their role. For example, what is the standard training for a security analyst, a PenTester, a GRC person, a security architect? We are looking for commonalities across the lot and tying it into our vendor certification programme. 
0 upvotes
Anonymous Author
For new hires there are a few training or getting up to speed routes: 1. Company and mandatory training: This is generally something that the companies learning team have lined up in the LMS. I normally advise them to start off with the mandatory trainings such as security and policy review and attend any onboarding zooms set up by learning team. It gives them insights into the company, culture and they get to virtually meet other new hires. 2a. Team Onboarding:  Learn the culture and ways of working- Have a quick session with them to walk through the culture of the company, the team, partners and how we operate. These are sometimes written and unwritten ways of working so that they can integrate easier and tailor their approach as needed to meet with some initial success. Nothing like knowledge upfront to help them lay a great first impression. 2b Team Onboarding: Tasks for 30-60-90 -  I hand out a 30-60-90 days to the person that outlines what they should have learnt and who they should have met for each of these milestones. This sets them up for success till they start working with autonomy and identify their priorities also helps them know who to meet and build relations with for their own success in the coming days 3. Ongoing training: Learning and training is always ongoing and situational. As some time passes, I arrange some more team learning like Speed of Trust or Five dysfunctions of a team.. very dependent on the team and issues we need to work on.
0 upvotes
Anonymous Author
We have a core training program, but after that real hands on training comes in the form of partnering.
0 upvotes