#NextGenResearch: Would You Expect Company Training For Skills Required For Compliance and Cloud?

At the start of this year, Infosecurity conducted its second State of Cybersecurity Report. This determined 31 distinct trends in cybersecurity that respondents believed were driving the industry.

Following on from the publication of this report, Infosecurity launched a second piece of research, engaging with students, people on work placements and those starting out their careers in cybersecurity to find out how these trends affected them.

Having looked at compliance and the cloud in the last few weeks, we round off this part of the research by asking if you would expect a company to train you on the job in those skills needed for compliance and cloud? After all, we saw a mainly negative response on preparedness for working with IaaS, and a mix on familiarity and demand for compliance skills.

For this question, we had 54 responses, and from that had 41 positive responses and 13 negative – meaning 41 agreed that training would be welcomed.

Let’s start with the negatives, as the consensus was that businesses “should, but in practice companies won't, pay for training if they don't have to”.

One did say that a company would hire a person and give them the tools to do the job, and if more education or training was needed “then I think that it would be to the company’s advantage to ensure that this happened.” However, they also said: “I believe that if additional training and education was needed, then it’s also up to the employee to put the work and effort into their additional training.”

Another said that in an ideal world, it would be great to be taught the fundamentals, but training does come down to the type of job role you are in, and in this case “the relevance of compliance and cloud to your everyday proceedings in the workplace”.

One respondent said that “everyone should have the basic knowledge of how it all works, even if it is not in the job description” but another said that someone “should know the basic skills before entering a company then achieve higher over the years”.

The split in the negative responses seemed to be fairly in the favor of people being ready to teach themselves, and learn on the job, but training came down to “a joint responsibility between the employer and employee to learn and develop”.

On the positive side, the responses were actually relatively similar, albeit with a more optimistic slant. There was the same feeling that they “would expect any job to provide training to help new employees grow in areas that their job role will benefit from” while it would be needed “if it isn't something you have experience with before”.

Among the positive responses, there was a feeling that personal study and education in your time, and a determined employee should be doing this anyway, while “on the job training will reinforce the knowledge and help to understand the organization specific implementations of the compliance materials and cloud platforms”.

An issue of investing in staff training means that if they leave, you lose members of staff who you have invested time and money into, but from the other perspective, if they don’t get trained “I'm much more likely to leave and go somewhere that will train me” as one respondent said. This becomes a case of employee retention, which Infosecurity covered in the most recent Online Summit, but the feeling from the majority was that as compliance and cloud skills are not widely taught “so I would expect to be training people in these particular areas”.

What’s Hot on Infosecurity Magazine?