Cybersecurity – What is the right training approach for my organisation?

Tuesday, 24 March, 2020 - 00:00

Around the world one can find numerous players delivering training in cybersecurity, but the training methodologies can broadly be classified as “academic” (or “systematic”) or “targeted” (or “customisable”).

According to a stock taking of existing training initiatives on offer issued by ENISA, most training initiatives, driven by a traditional “academic” approach use classic classroom-based learning. This approach generally is not dedicated to specific sectorial needs but is a one size fits all methodology. It sees students learning more theoretical information with no clear specificity as to target audience or scope being offered, rather focusing on acquiring as much competences in the field as possible. From the viewpoint of an “ICT-intensive” organisation that aims to train a robust number of its resources, this is clearly a substantial investment. For an SME it can sometimes be simply beyond budget.

This is where a “targeted” training approach can turn out to be an effective solution. An EU report on the ‘Challenges to effective EU cybersecurity policy’ from the European Court of Auditors  (2019) states that since 2010 there has been a “doubling in more practical, real world training initiatives” being used. This is where decided to dedicate its efforts, to deliver a customisable approach to training and to maximise return of investment in training for organisations of all size, from large companies to SMEs which are highly dependent on digital solutions and services.

The customisable approach, which in practical terms consists in providing some foundation to each trainee and to build capacities that are targeted to the specific needs of the company that trainee works for, is what is founded on.

The approach that promotes is motivated by the growth of more advanced cyber-attacks and is based on recommendations from global and European bodies. Both of the European cyber security organisations (ECSO and ENISA) have recommended moving away from the traditional training methods to that of the more tailored and practical ones. In particular, ENISA called for greater use in cyber-ranges, such as the one embedded in the platform. Also, the ECSO (European Cyber Security Organisation) report on ‘Gaps in European Cyber Education and Professional Training’ (2018) states that training needs to move to more innovative forms such as a flipped classroom style and the greater usage of online tools.

In conclusion, this sort of “customisable, blended approach” to cyber security training suggested by, one that is not just a ‘one size fits all’ method, is our suggestion for democratising cybersecurity among SMEs.
It is a training initiative with customisable learning pathways using a combination of e-learning platform, as well as cyber ranges and even interactive sessions that are currently available for organisations that are willing to enjoy a fully-paid-for pilot, owing to the Innovation Action currently co-funded by the European Commission . For more information on these freely available “Open Pilots”, click here.