Skip to main content

Not All Education is Equal

April 14, 2011

One of the most critical yet overlooked components to having a secure environment is ensuring that your internal team responsible for protecting sensitive information assets has the knowledge, skills and abilities to make the right decisions. By making that investment on the front end, you are minimizing the possibility that you’ll pay dearly on the back end.

But, all education is not equal. There is the type of education where you learn basic concepts and how to employ those concepts, from a high level – this gives you knowledge. Then, there’s the type of education that gives you the ability to think and act while using knowledge, experience, understanding, common sense and insight – this is applied knowledge or wisdom.

My view is that anyone can teach or learn about tools. Things become really interesting and employees become even more valuable to their organizations when they truly understand the theory and logic behind why they should do a certain type of testing. This is, for example, the difference between a vulnerability assessment and a penetration test. With the former, you run a series of tests and conclude that there either are or aren’t vulnerabilities present. It’s a very cut-and-dried process.  Penetration testing uses a much more creative approach that more heavily relies on the skills of the tester to uncover vulnerabilities that may not present themselves through automated scanning activities. It’s more about how things stack together to create a larger impact or larger vulnerability and using applied knowledge or wisdom to identify and exploit those attack vectors.

Next time you sign yourself or your employees up for a training course ask yourself if you are seeking knowledge, wisdom, or simply looking to check off a box. I’d love to hear your thoughts!

Related Blogs

June 01, 2015

Vulnerabilities in Bluecoat SSL Visibility Appliances

Last Friday, Bluecoat and CERT published security advisories for vulnerabilities in the administrative interface of the Bluecoat SSL Visibility Applia...

See Details

February 19, 2015

Improving Patch Management, A Measured Approach

Organizations face a daily barrage of new vulnerabilities identified in a host of applications and operating systems. Through the deployment of a soft...

See Details

March 16, 2015

Create a Budget-Friendly Virtual Private Server with a Metasploit Instance

Whether a requirement for anonymity arises during a penetration test or simply to stand up another Metasploit instance, we can do so easily with VPS p...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

August 31, 2017

Professional Security Training

Learn how Optiv can help address cyber security resource gaps with a streamlined methodology for hiring and training.

See Details

September 18, 2014

Cybersecurity Awareness & End User Training

You’ve probably seen the news about companies around the world being hacked. These are companies that have millions of dollars invested in technology ...

See Details

August 16, 2019

Security Awareness Training Brief

Learn how to leverage the latest thinking in cognitive science to improve training.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.