What to look for in a cyber security training provider

Graham Thompson   ·   Wednesday, February 10th, 2021

You have many options when it comes to cyber security training. Providers range from rather expensive authorized training providers through to cheap fly-by-night providers.

Here’s the thing – the registration cost is just a fraction of the total cost of up-skilling your staff.

Every day that your staff is in the class is a day of zero productivity on the many projects they are working on.

Now imagine that not only did your staff spend a week “offline”, but on top of that, the class they attend is terrible?

Talk about a double whammy.

If you’re going to invest in your staff, then invest in your staff.

Don’t take the cheapest option because quite simply there’s a good chance it will be a waste of your time and money.

Here’s a personal example (not naming names here because that’s just slimy).

My own, not-so excellent adventure

A number of years ago, I took a cheap TOGAF course that a friend of mine got a “great deal” on. The list price of the course was about $2000, but we wound up paying $500 for a 3 day course that was supposed to run between Tuesday through Thursday.

We showed up at the training location on Tuesday morning, ready to learn. There were a total of 5 students waiting in the lobby at 8:45AM. 9:00 rolls around…where’s our instructor?

9:30 comes and goes, still no instructor and nobody at the site has a clue what’s going on, so someone finally decided to call the provider.

After a while (the provider was based in India, so it took some time to find someone who was at work that could tell us what was going on) we came to learn that our instructor was stopped at the border and wasn’t going to be able to teach the class.

“Stay tuned”, we’re told – they’re going to find a replacement, but the course will now run from Wednesday through Friday.

Gee, good thing I didn’t have plans for Friday!

How did this happen you ask?

Why would they have the trainer travel the morning of the course?

Because they’re cheap, that’s why.

You start day 1 with an exhausted trainer – great way to start!

Of note, I have had trainers sheepishly ask us if they could travel the day before.

For us that’s a given as we want the best to be at their best.

Our trainers (when they travel) don’t stay at a Super 8 or some other hotel that may rent rooms by the hour. There’s nothing wrong with these places, but it’s hard for anyone to be energetic when you are kept awake by highway traffic and other “interesting” noises all night.

Anyways, our instructor shows up the next day. We asked what happened and he said he had no clue. He was solicited on LinkedIn the day before and jumped on a plane that night to fly about 2000 miles on a red eye.

He was a nice guy. Didn’t really know the material itself, but had some experience in the field at least.

I can only really recall him answering questions with “that’s an interesting question. Does anyone have anything to say on that?” If another student didn’t have the answer, I didn’t get an answer. Thanks, Teach! No “parking lot”, no “I’ll research that and get back to you”, just move forward because we’ve got a lot more to cover.

Now, let’s talk about the “courseware” that was handed out.

Ever seen a photocopy of a poor photocopy? That’s what I got.

The courseware was quite literally a binder of hard to read faded photocopy printouts. Completely disjointed and useless. I’m talking about screenshots of text on a webpage in some cases.

As for the training venue, no complaints. It was a standard Regus (short term rental space) location.

Well, kind of.

The course venue was switched on the Friday before the course run itself. It worked out well for me because they moved it out of the downtown core, about 15 minutes closer to my home. This was likely a last-minute change for cost savings I suppose.

So, back to the question: What should you look for in a cyber security training provider when setting up a training program for your staff?

It starts with customer service

Customer service is an often overlooked component of a successful training program, but great customer service from your training provider can make or break your up-skill strategy.

You need a provider that is flexible and will take the logistics of the course run off your plate. The provider should work with your staff and address any learner questions on your behalf (as much as you’re comfortable with of course). Issues will arise such as shipping issues, students swapping out due to last minute emergencies, etc.

Your provider should also work with you to come up with innovative ideas to entice your employees to take a certification exam (if that’s a desired outcome – some companies care about certification, others don’t).

Your provider should help you succeed against any metric you choose. White glove customer service is very critical for a successful upskilling program.

Course location is likely a non-issue for corporations (or during a pandemic of course).

As a trainer, I think it’s best to run a course off-site so there are limited distractions, but I suppose it comes down to company and employee preference.

Next up: the courseware

Authorized providers will only use authorized course material. This includes the student courseware as well as the presentation material, exercises, etc.

This isn’t material just sourced from some YouTube video or blog on a topic somewhere. Leading companies (ISC2, EC-Council, ISACA, etc) spend significant amounts of money and time developing their proprietary material.

You’ll want to work with your provider to determine if physical books are desirable or not.

You never want to fall in a position where some employees get digital versions and others get physical copies. Your provider should be able to offer either version (assuming the course is available in both formats).

What should you think of a provider that uses “grey market” material? They’re stealing from someone to maximize profit. As Maya Angelou said, “When someone shows you who they are, believe them the first time”.

And now we introduce: the trainer

This is as important as you would assume it to be.

I can’t count the amount of times I’ve received unsolicited offers to teach for non-authorized providers.

I’m going to share some general numbers here.

I don’t think it’s a surprise for anyone when I say that highly qualified people in the cyber security field make quite a bit. Ask a seasoned consultant how much they charge on a daily basis and chances are very good they’ll say more than $1000 a day.

Trainers are no different, but like consultants, juniors will make less than seniors. This said, you must admit that a provider that pays $200/day (or less) is going to get what they pay for (well, you ultimately pay the price).

Oh, and as far as qualifications go: Got a pulse and a certification (don’t worry, we’ll take your word for that)? You’re our new trainer!

Another note on trainers is a little secret that takes place behind the scenes.

I can tell you there are many trainers who will teach a course on Microsoft Server one week, business analytics the next week and then cloud security the week after that.

This is pretty standard fare, and a main reason why I started Intrinsec.

I hated it back in the 90’s and I still hate it today.

Of course, a trainer who delivers a CISSP one week should be able to pivot to deliver a SSCP course a couple of weeks later pretty quickly because they’re fairly close, but the reality is that many full-time trainers are forced to be “jack of all trades, masters of none”.

Ideally, you want a trainer who trains a particular subject. This is why we only use trainers with demonstrable experience in both training and “hands-on” in their field. This means contract trainers with more than 10 years of experience for our advanced offerings.

The reality, especially for more technical classes, is that if an instructor is perceived to be a talking head without actual experience, they won’t gain the respect of the learners.

In a worst-case scenario, this can become a game of “stump the chump” where students will purposefully ask questions they know the instructor can’t handle.

This becomes a downward spiral and the class is a lost cause.

Finally, there’s post-course support

You should have support from your training provider to ensure that you maximize certifications if your program calls for it. Students should be able to reach out for support on technical questions and customer support for exam related questions, such as exam booking recommendations.

So, to recap:

Training fees are just part of the equation.

You need support, your employees need support.

You need great material and an even better instructor.

If you go cheap, you get cheap and a waste of money at the end of the day.

If you’re serious about running a training session as part of an up-skilling program, feel free to reach out to us. We would love the opportunity to discuss your program and help you succeed.