cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
BrandonK
Viewer

team member training

not sure if this is the right area to post the question.

 

I'm a current CISSP but my staff isn't.  is there any free ISC2 provided training I can let my staff take?  similar to what us members get?

 

thanks

4 Replies
JKWiniger
Community Champion

To me your question is almost loaded and by no means of your own! Please think about things for a moment, the CISSP is a security management certification, are you looking to have all you people training as management or maybe more so as analysts and engineers. There are many different levels in a proper security structure. How big is your team and what do you want then to be doing? Depending on size of the team you have will dictate how focused or wide each person's duties need to be. It is great that you are reaching out to find ways to help your team but I think a little more detail it needed. For anyone here to say oh this is great training have them do this would be a disservice to you and your team. Let us understand your team and their different needs so we may be allowed to point you in a much better direction.

 

John- 

CraginS
Defender I


@JKWiniger wrote:

To me your question is almost loaded and by no means of your own! Please think about things for a moment, the CISSP is a security management certification, are you looking to have all you people training as management or maybe more so as analysts and engineers. There are many different levels in a proper security structure. How big is your team and what do you want then to be doing? Depending on size of the team you have will dictate how focused or wide each person's duties need to be. It is great that you are reaching out to find ways to help your team but I think a little more detail it needed. For anyone here to say oh this is great training have them do this would be a disservice to you and your team. Let us understand your team and their different needs so we may be allowed to point you in a much better direction.

 

John- 


As a management certification, I have for many years said you want a CISSP heading up a project or team so that person will know which SANS course grads (certificate holders) to employ to meet the tech needs of the activity. That is why we have the breadth of CISSP domains, and have to know when any of them need coverage in the work.

 

 

Craig

 

D. Cragin Shelton, DSc
Dr.Cragin@iCloud.com
My Blog
My LinkeDin Profile
My Community Posts
Early_Adopter
Community Champion

To add to John and Craig’s points I don’t think that CISSP as a cert says much more than you have broad awareness of the eight(Cryptography, how I miss you...) domains.

 

I’d look at a training needs assessment/analysis to light the way for you on this, and you might find that perhaps you need specific technical or organisational practices rather than free structured training... it’s not free really as folk need to put the time in. There are some good cert prep courses, CPE stuff out there, but just so many of them.

 

If they really need/ want to certify then Ross Anderson’s Security Engineering and the CISSP Study guides(the successor to the late great Shon Harris’s book) are super cost effective, and if they can handle the information density can’t be beaten IMHO.

 

 

Steve-Wilme
Advocate II

It really depends on what the team need to be able to do i.e. how do they need to apply security knowledge.  Practicing InfoSec is about application, not just understanding at a high level.  So to get them up to speed you could do a training needs analysis, which is essentially analysing the gap between their current competency level and where they need to be to do their job well.  Giving a team very broad training that they can't immediately apply may not be the best thing and you may be better looking at marginal gains from more targeted training.

 

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS