blog post
The Most Critical Characteristic of Learning
Many years ago, when I was in the business of building and running IT organizations, we had the same skills gap then that we have now. For security, my best results always came from hiring really good network engineers and training them in information security.
I always wanted these entry level folks to be skilled at Unix and C, because they would need a way to extract data from distributed systems which at the time were rapidly expanding and I thought the more they knew, the better network engineers they would become.
So, off to Unix and C school.
The Three Security Tribes
Sustaining Engineers
Depending on their personality and macro-interests, some became sustaining engineers, those folks responsible for getting updates and patches in, configurations and new features tested, building a new network location, increasing capacity, all without anything breaking.
Design Engineers
Or, they migrated toward building new features, new capabilities and engineering design. That engineering personality takes requirements and creates systems that do stuff and they are usually thinking about how to make the network do something new, or get better throughout with what we have.
Network Architects
The third tribe are network architects – folks who are focused more on how the overall system and all the various components work together and how we can think about the next things and a better architecture for distributed systems.
As our networks became more complex, we recognized we needed folks from all three tribes, because we had an expanding distributed network we could barely wrap our hands around and all three roles were crucial to survival.
The information security training went well and when the internet showed up to add a complexity layer no one was ready for, we sucked it up and learned more.
The Most Critical Characteristic of Learning
But, along the way, we saw that the single most critical characteristic of active learning was the drive to understand why things worked the way they did, and fortunately for our company, all of our new security engineers shared that one quirk. “Why?” they asked.
“Why was it designed that way and what would happen if I tore it apart and started over?”
I think that the folks in HR could serve our recruitment challenges best if we dropped the impossible requirements of certifications and experience and focused instead on personality, current job role complexity and education.
If a network engineer understands packet switching protocols, there is no doubt in my mind that they can understand a threat-informed defense.
Our Approach to Training
That experience in the way-back machine informed the design of our CyberEd.io online education and training platform, based on the principles of engineering rigor – our Delta Warrior training and learning paths will test even the best network engineers with their A game in hand.
All we ask is that you keep asking questions and forcing new thinking.
That’s how we’ll get better.
Join now and get cool swag and insider news before it’s public.
Author
Steve King
Managing Director, CyberEd
King, an experienced cybersecurity professional, has served in senior leadership roles in technology development for the past 20 years. He has founded nine startups, including Endymion Systems and seeCommerce. He has held leadership roles in marketing and product development, operating as CEO, CTO and CISO for several startups, including Netswitch Technology Management. He also served as CIO for Memorex and was the co-founder of the Cambridge Systems Group.
