Posted by Synopsys Editorial Team on Tuesday, January 22nd, 2019
To give your team the latest cloud security training, you need a fixed core curriculum and the flexibility to customize cloud training to each person’s needs.
Whether you’re still developing your cloud adoption strategy or you’ve already completed your cloud migration, continuous cloud security training is an essential part of your security program. The cloud attack surface is vast and changes fast. As threat actors get more creative, your cloud team must keep up with the evolving threat landscape. Here are some tips for training your team on cloud trends.
Your team’s workflows, processes, and composition are unique, so a one-size-fits-all training curriculum isn’t going to work well. To maximize the return on your training investment, tailor your cloud security training curriculum to fit your team’s needs. Start by evaluating the types of instruction available.
Traditional education begins in the classroom, and many feel traditional instructor-led training is still the best way to learn. An immersive, real-time learning environment is highly engaging. Plus, the spontaneity of in-person social interaction livens up even a very technical learning experience. But in our always-online, ever-connected world, virtual instructor-led training (vILT) offers almost all the benefits of traditional instructor-led training. And because modern workforces are highly distributed, vILT comes with a bonus: It’s suitable for teams who work at different locations, even in different time zones.
Whether you attend a live course in person or on an online platform, you’ll benefit from these features of instructor-led training:
The cloud evolves fast; cloud security, even faster. Look for cloud training courses taught by certified instructors with recent real-world experience. Depending on your team’s needs, you might need classes with flexible scheduling. Especially in a virtual environment, learners often prefer shorter sessions spread over multiple days to help them stay engaged and focused. Look for courses that you can configure to fit your schedule.
The instructional mode of choice these days for many teams is asynchronous learning. This is any training that takes place at different times, but most people think of e-learning. E-learning differs from instructor-led training in some important ways. For example, an e-learner can’t always engage in real-time interaction with instructors or peers. And customized e-learning courses are very uncommon. But e-learning is a good option for teams that need extreme flexibility for learners with different schedules. Cloud e-learning also allows your team to supplement your core cloud training curriculum with additional courses based on their own roles, responsibilities, and interests.
A robust e-learning system will provide all the basic instructional benefits of instructor-led training, though they may appear in different forms.
Your team is unique. And each team member brings a combination of skills, knowledge, experiences, learning styles, interests, and goals unlike any other. You’ll want to start your team on a core cloud training program. But then you can maximize your continued training investment by offering each team member a customized curriculum. This is where e-learning really shines. Each person has different needs: refreshing knowledge, filling in gaps, learning new skills. With e-learning, they can choose the individual application and cloud security courses based on those needs.
But it’s not enough to throw the course catalog at your team and let them choose courses freely. There are so many courses available that your team needs guidance. First, clarify your cloud adoption strategy, your software security strategy, and your approach to skills coverage and cross-training. Then work closely with each person to figure out the courses that best fit their needs, interests, and schedule. That way, your team can maximize their e-learning experience and start applying what they learn immediately.
Wherever and however you deploy your applications, the foundation of software security is the same. Security must be built in from the beginning, rather than bolted on later. An app’s vulnerabilities will follow it wherever it goes; you can’t just configure away an application’s vulnerabilities by moving it to the cloud. Cloud security starts with software security, so your team should be well-versed in the principles of software security already. If they aren’t, start there.
After your team training curriculum covers software security basics, you can shift to the basics of cloud security. Maybe you’ve already finished your cloud migration and are now pursuing cloud-native development. But your cloud environment will continue to change as your organization’s needs change. So make sure your core cloud security training curriculum starts with general cloud security information. Your team should follow cloud security best practices for all deployment models, service models, and cloud providers.
With a strong foundation in software security and cloud security, your team can move on to your specific cloud environment. Look for courses that dive into different roles, responsibilities, features, functions, and threats related to different deployment models (public, private, and hybrid clouds), service models (infrastructure-, platform-, and software-as-a-service), and cloud service providers. Cloud security webinars are another winner in the environment-specific cloud training arena. The major cloud providers offer frequent webinars covering all aspects of their services, including cloud security.
Keeping up with cloud trends is exhausting, never mind making sure everyone on your team does too. Having a solid foundation in application security, cloud security, and cloud environment basics will help. But there’s no need to follow a formal training curriculum at all times. Here are some other ways you can make sure your team gets the latest cloud security training:
Get the latest AppSec news and trends sent directly to you.