Employers are failing to invest adequately in training
for their IT security staff, a survey of IT security professionals
by IT training association Comptia has revealed.
The research, based on interviews with 100 senior IT security
professionals, found that 20% do not believe they have adequate
training for their role.
And when companies do provide training, they are investing in
senior IT staff, rather than the junior staff who would benefit
more from training programmes, the IT security professionals
surveyed said.
Fifty per cent of those surveyed said the most junior members of
staff would benefit from training more than senior staff, but
nearly 40% said their employers focused their training programmes
on senior security staff.
"I think a lot of the complaints we hear are because IT training
is targeted at the wrong level. It tends to be targeted at a CIO
level. We need to raise awareness at the very bottom of the skills
pyramid, not the top. Those guys who set up users and install
firewalls are the ones that need the training," said Comptia
regional director Europe Matthew Poyiadgi.
Sixty per cent of the security professionals surveyed said the
lack of investment in training meant that their employers were
wasting the money they had spent on better security.
"The network engineers and the system administrators are not
aware. That is the problem. It is the fundamentals of security -
things like password control, locking a computer, and having a
basic security policy communicated across all staff," he said.
The survey also revealed that most IT security professionals
believe their employers should make security training a priority
for all of their staff, not just the IT team.
More than 88% said training across all levels of staff in their
organisation would improve the effectiveness of IT security. But
61% said their firms had no clear benchmark for doing so.
"Many firms think it will not happen to them. There is a general
lack of awareness that is remarkable. When they have their fingers
burned, they realise that it is people further down the ladder that
need to be trained," said Poyiadgi.
Comptia, which has 22,000 members, including Vodafone,
Computacenter and BT, develops IT qualifications taught in
universities and colleges for people starting out in IT
management.