WHY FOCUS ON TRANING?
Cyber health is similar to your personal health in that it is more of a lifestyle than a singular event. While training for a marathon may prove a level of fitness at a given time, it doesn’t insure fitness for the rest of your life. Neither does doing one security audit insure that the company is secure in the future.
Cybersecurity is only as good as the team managing it at any given time. A primary goal of our engagements is to offer clients the ability to self manage their own security. This is why we have developed training and mentoring programs to help internal IT staff understand and manage cyber risk.
Over time, individuals acquire different roles relative to their use of information and information systems and applications within their organization or as they move within various Federal organizations. Roles can expand or change as an individual progress through their career, either within ne organization, or as they make career moves to different organizations. Sometimes they will be users of systems and applications; in other instances, they may be involved in developing a new system; and in some situations they may serve on a source selection board to evaluate vendor proposals for information systems. The IT/cybersecurity responsibilities that an individual has will also change over time, and will correlate to the role that the individual has, relative to information and information systems and applications. Training must be available – whether developed within the organization, borrowed or purchased from another organization, or developed by a training company – for people in each role who have been identified as having significant IT/cybersecurity responsibilities.
— NIST 800-16
