A Fortune 500 tech company strengthened its cybersecurity by supplementing skills through SANS Institute's training programs. This intentional approach addressed the diverse skill levels within their security teams. Nandita Bery, Director of Global Security Culture Training & User Engagement Programs at the company, explains how standardizing knowledge and building from a common foundation improved operations, risk mitigation, and overall team communication. The structured training improved consistency across teams, boosting stakeholder confidence, and enhancing readiness to combat emerging threats. This case study highlights the company’s journey from baselining to achieving cybersecurity excellence with SANS.
Q: What challenges led the organization to seek SANS training?
A: The challenges of managing a large, diverse security team are multi-faceted. With individuals entering the security field from various backgrounds, each one brings a unique set of skills and experiences with them. While this diversity is a strength for us, it also posed a significant challenge: How could we ensure that every team member possessed the essential knowledge needed to protect the organization?
Establishing a Baseline for Roles
Team members were highly experienced but lacked a common vocabulary or specific terminologies. Others were new to our organization but had undergone rigorous training elsewhere, leading to a wide range of expertise levels within the team. This disparity made it difficult to level the overall capability of our teams and, consequently, to set clear expectations for each role.
Targeted Training and Development
The absence of a baseline created inefficiencies in training and development. Without a clear starting point, designing targeted training programs to address specific gaps in knowledge was challenging. We wanted to avoid uneven skill development and situations where some team members received redundant training while others missed out on crucial information. SANS training helps us pinpoint the skill levels and fit of our employees for various roles. By utilizing SANS training, we can precisely gauge the expertise of our staff and match them to the most appropriate positions.
Instituting a Shared Vocabulary and Knowledge Base
We recognized the need to ensure clear lines of communication and proactively establish a shared technical language. Our goal was to avoid misunderstandings and the potential for critical information to fall through the cracks. During high-pressure situations, this type of vocabulary standardization is critical for coordinated responses. We aimed to establish a rigorous and in-depth training program that not only standardized vocabulary but also built up our existing knowledge base across our security teams.
Gauging Expertise Early and Continuously with Certifications
It was essential to ensure that all incoming staff met a known level of expertise, providing a clear baseline for the entire team. Additionally, we wanted to maintain a certain level of expertise among existing staff as they progressed in their work. SANS training and GIAC certifications provided a means of reliably understanding each individual’s expertise, facilitating better role assignments while enhancing job performance. Stakeholders gained greater confidence in the team's abilities, knowing that they adhered to standardized best practices and knowledge.
Q: How has SANS training directly impacted cybersecurity at the company?
A: SANS training has enhanced our cybersecurity operations at our organization by helping us streamline our procedures and strategies.
Risk Mitigation and Standardization
The frameworks provided in SANS training have helped to improve risk mitigation. With our team members equipped with foundational knowledge, we have increased efficiency and established a common vocabulary.
Enhanced Communication and Coordination
New ideas gleaned from SANS training have helped to improve communication and coordination during high-pressure situations. This ensures that team members are better aligned, reducing misunderstandings, and enhancing our collective capabilities.
Ongoing Benefits and Team Confidence
I feel a sense of comfort knowing that our team members have taken the SANS incident response and threat hunting courses. The training ensures we baseline previous experiences into a cohesive approach. It has been highly beneficial, and we continue our relationship with SANS because we think there's great value in it to us.
Q: What measurable outcomes have you seen from SANS training?
A: While we haven’t instituted a strict policy on outcomes, the high demand for SANS training clearly indicates its value. Our investment in SANS training has continued to increase due to this soaring demand. Employees’ willingness to undertake such intensive courses highlights the training's importance and effectiveness.
Q: Who participates in SANS training at the company?
A: The training is widely embraced across functions. Participants come from our incident response team, security operations center, forensics, red team, threat hunting, and vulnerability management teams. Additionally, staff from governance and compliance also benefit from the training. Overall, we see participation in SANS training across all departments involved in our cybersecurity efforts.
Q: What SANS courses address specific challenges at the company?
A: Several SANS courses have been instrumental in addressing our specific cybersecurity challenges. The FOR508: Advanced Incident Response, Threat Hunting, and Digital Forensics™ course is highly popular among our staff, helping them explore networks and systems to enhance our defense strategies. Additionally, the SEC504™: Hacker Tools, Techniques, Exploits, and Incident Handling™ course is frequently taken by various functions and groups within our organization. Many of our team members also benefit from the SEC595: Applied Data Science and AI/Machine Learning for Cybersecurity Professionals™ course, which provides valuable insights into leveraging data science and AI for enhanced security measures.
Q: Is certification required after taking a SANS course?
A: Yes, GIAC certification is mandatory after completing a SANS course. This requirement ensures that our team members have fully absorbed the material and can apply it effectively in real-world scenarios.
The certification process also validates our staff's knowledge and skills, providing a recognized benchmark of their expertise. This is crucial for maintaining high standards across our teams and ensuring consistent, reliable performance in our cybersecurity efforts.
Q: What new training topics would you like SANS to provide?
A: We recently conducted a survey to better understand our training needs, particularly in the areas of AI and data science. There is significant interest in AI-related courses to baseline foundational understanding, standardize terminologies, and explore practical applications in cybersecurity.
Additionally, we see a need for general awareness training aimed at all employees, such as a 'Cyber-Ambassador' program. This program would focus on basic security best practices, helping to create a security-conscious culture across the organization. Such training would empower all staff members to contribute to our cybersecurity efforts, regardless of their specific roles.
Q: What advice do you have for organizations looking to implement SANS training?
A: Organizations should ensure at least one person from each team completes the basic courses, whether it's cloud security, DevOps, hacker techniques and training for red teams, or incident response tactics.
Certifications validate the employees' skills and provide a clear validation of knowledge.
Q: What has been your overall experience with SANS and its instructors?
A: Our experiences with SANS have been overwhelmingly positive. The instructors are brilliant, and the support is excellent. The SANS team is composed of thoughtful and dedicated individuals committed to delivering high-quality training and content.
Meeting the SANS instructors demonstrates the commitment SANS has to its clients. They are down-to-earth professionals who focus purely on education and training, not on selling anything. The atmosphere they create is one of genuine learning and support.
Our investment in SANS training has grown significantly. Initially, we made a substantial investment in the first year. After a year and a half, we doubled that investment, and now we are at about 2.5 times our original investment. We have been very happy with the results and the value SANS training has brought to our organization.
Our partnership with SANS has been instrumental in providing our employees with growth and professional development. Through comprehensive training and certification programs, our company has been able to standardize knowledge across teams, streamline playbooks, and ensure continuous improvement in our security posture. Our ongoing commitment to SANS training reflects its role in our company’s cybersecurity strategy.
Ready to strengthen your cybersecurity team like the Fortune 500 global tech company shared in this story? Download the SANS 2024 Workforce Study report to uncover industry-leading strategies and insights for building a robust cybersecurity workforce. Learn how top organizations are leveraging structured training programs to enhance skills, standardize knowledge, and improve incident response. Don't miss out on these valuable insights—get your free copy today and take the first step towards cybersecurity excellence!