Training Impact on Teams

Understanding the Impact of Cyber Security Training

You might have heard the saying, “An ounce of prevention is worth a pound of cure,” and cyber security is no different. When responsible for system security, it is better to learn in a training environment than during a live incident

The real power of training from an organisation’s perspective is that it increases the team’s capacity without hiring additional team members. The main reason is that it prepares the team to handle what will come their way. Instead of learning new concepts, techniques, and tools in the middle of a cyber attack, they have come prepared.

Centralised training creates a common baseline within an organisation to assess skills, knowledge, and their development. Instead of vague terms like “junior” or “senior,” employees’ skills can be described more specifically. This makes it easier to make informed decisions when assigning tasks to an employee or a team. Insights into an employee’s current skills also clarify the path they must follow to take the next step.

Questions

Q: What is the most efficient way to ramp up the skills of a junior hire in cyber security?

A: Training

Cyber Security Training for Large Organisations

For smaller teams, off-the-shelf training would be the most logical choice. However, if your team exceeds a certain size, typically beyond twenty employees, or if your training needs are very specific, it makes sense to customise existing training to your organisation’s needs.

Large corporations don’t want a standalone solution but need it integrated into their existing software landscape. They usually look for a training solution that supports SSO (Single Sign-On) and has well-documented APIs. Such functionalities ensure training with existing systems seamlessly.

Questions

Q: What is the name of the dashboard that TryHackMe offers for companies to create customised training paths?

A: Content Studio

Write a Cyber Security Training Investment Proposal

Companies invest in their employees as any intelligent, wealthy person invests in their assets. Although you expect your company to realise the importance of training and encourage or even require employees to undergo specific training routes, sometimes you must make a case to convince them

To calculate the financial impact of training, we will consider the following case:

Situation: A cyber security team has ten employees
Cost: Each employee costs $80,000 annually
Assumption: Training increases productivity by 4%

Knowing that one employee costs $80,000 annually and that we have ten employees, then the savings (gains) due to the training of ten employees are $32,000 (10 × 4% × $80,000).

Assuming that the cost of training is $500 per employee, the total cost is $5,000 (10 × $500 = $5,000).

It is easy now to show that the Return On Investment (ROI) is 640% ($32,000/$5,000 = 640%

Questions

Q: Consider the following scenario and answer the following questions.

Situation: A cyber security team has 20 employees
Cost: Each employee costs $50,000 annually
Assumption: Training increases productivity by 4%

What would be the savings due to the increased productivity?

A: 40000

Q: Assuming that training costs $500 per employee, what is the Return on Investment?

A: 400%

Vendor Selection

We list the following questions that those responsible for vendor selection should ask:

Who are you buying the training for?
What are the experience, background, role, and topics relevant to your employees?
Has the vendor experience with similar organisations?
What is the content’s breadth, depth, and quality for the topics you care about?
Can users learn, train, and practice on a single platform?
The cost of training is important for the CFO (Chief Financial Officer); however, given the cost of cyber security employees, the cost of training is typically dwarfed by the benefits of making the team more productive.

Thinking about and answering these questions is a critical step for making the optimal vendor selection that suits the needs of your company and your team.