The Problem – Time, Money, and Travel

In today’s world of network defense most defenders don’t take the time to train and keep their skills fresh.  They worry about missing a day of work and what will happen when they are gone.  I’m sure most of you reading this second guess yourself about even taking a sick day, let alone a day or even a week to hone your skills.

Even if you are able to find the time to separate yourself from your day to day work, you may not be able to convince your management to pay for the training you really need.  Even if you could convince them, the money just might not be there.  More and more cyber defense budgets are getting slashed because it’s seen as a cost center or an insurance policy, just another operating expense.

The distance to travel to a training site may add another level of difficulty.  Take it from a guy that travels a lot for work, being away from home is difficult.  Coordinating travel is difficult.  Living out of a suitcase is difficult.  In the end, you may question if all the effort to secure budget, time, and travel was even worth the training you received.  In this post, I hope to address these concerns, and make an argument for why you MUST continue to learn.

Why Continued Learning Is Important

Before we start to look at solutions to the problems addressed above, let’s start with why you should continue your information security training.

First, let’s look at it on a personal level.  Stagnation leads to boredom and continuing to do things inefficiently, or just flat out the wrong way.  I do know some people that are perfectly happy doing the same thing at their job day-in and day-out.  They are happy to continue doing the same ‘ole same ‘ole.  However, most of the security analysts I have met aren’t content to stay sedentary in their careers.  They want to learn more about the craft of information security.  They thrive off new knowledge.

To the Infosec managers out there – your people, your team, the people that look to you for guidance and leadership will be much happier and have a higher rate of job satisfaction if you feed their desire to learn.

Building Your Personal Brand

I learned a while ago that no one is going to be a better advocate for you than you.  I could go deep into personal branding here, but that is for another day.  For the purposes of this post, just understand that continuing education and demonstrating your knowledge is the foundation of building your own personal brand.  If you want to build a long, sustainable, and happy career for yourself, start focusing on yourself and building your personal brand. Do it by continuing to learn.

How Training Helps Your Organization

Although your company, department, school, whatever might look at your training as a waste of time and money, they need to understand that it is an investment in the organization.  Continued learning will help employees do their job better and faster.

If we look to other professions like medicine, military, and law enforcement we see organizations where continued learning isn’t just encouraged – it’s required.  Why is that?  For these fields, it’s because it is likely that the new education will help them save lives and keep people safe.  For information security, it’s because the continuing education your analysts receive helps to keep your organization, data, and customers safe.

Solving The Time, Money, Travel Problem

Unfortunately, there isn’t an exact answer for every organization.  Because of the politics, funding, and personalities involved, every situation is going to be different.  What I’m going to discuss here are general recommendations that should be able to help in most circumstances.


I think the first problem that we should address is the time problem.  This is probably going to be the first hurdle you have to get over.  It will probably also be the hardest obstacle to overcome because you are probably the one making the objection.  You are probably more than likely trying to justify why you don’t have the time for continuing education.  I get it.  I am no different.  This is something I struggle with constantly.  It’s hard for me to pull back and tell myself that taking the time needed to invest in my continuing information security education is important.

If you think you don’t have the time to train, go back and re-read the last section on why training is important.  If you still feel like you don’t have the time, then think about it this way:

The upfront time that you invest in training can lead to much more saved time in the future.  Learning a better way to do something or getting more clarity on a product, process, or idea can help to reduce the amount of time you spend putting that concept into practice later. If I were to ask you for $50 today and I would show you how you can save $1 a day, would you do it?… Just follow me on this, I’m trying to make a very low thought analogy here….  Of course you would because in less than two months you would have re-couped your initial investment and after that everything else would be savings.  It’s unfortunate, but most of us don’t look at our time this way.  We look at the up front costs and don’t look at the return beyond this.

Money & Travel

I’ve grouped the money and travel solutions together because a lot of what I’m about to say solves both the money and travel problem.  Training and continuing education don’t have to be a big formal class they could be something as simple as cross training with other somewhat related departments.

Cross Training

Cross training will benefit you in many ways.  It will allow you the time needed for other training since you know there will be someone else who can help cover some of your workload while you are gone.  It can also help create empathy between employees and departments.  If you know what someone has to do on a daily basis, it’s easier to take the proverbial walk in their shoes and be more understanding on issues that cause conflict in the organization.

User’s Groups

Local user’s groups are a great way to get some product specific training, especially if it’s a users group that your vendor runs.  They are also a good way to interact with your peers and share problems and experiences.  If it is a vendor run users group, make sure they are providing more than food and alcohol.  Make sure that they are giving you product specific information and answering questions you have on the product.  Make sure that they are facilitating conversations about the information security industry.

Virtual Training

Virtual training is a good option for the organizations that can spare some budget for formal training.  Virtual instructor lead training is usually cheaper than in person training and can be done from anywhere.  My suggestion is to make sure you do this training wherever you normally do your work.  Don’t take the training from your couch or bed at home because you will find other distractions and the money & time invested will be lost on you.  It’s going to be important that you are able to show your employer why they just spent money and time to train you, and not paying attention can help guarantee that you will get less or no training in the future.

Making sure you are going to quality training that is also the right training will make sure that the time, travel, and monetary investments you are making are good ones.  A stock trader doesn’t just pick a random stock and then throw tons of money at it.  They research the stock to determine if it’s worth their investment.  You should do the same with training.

Researching Your Training Options

With budget, time, and travel all being considerations – your ability to justify the expense of all three of these will be important to getting future training.  That justification starts with researching the training ahead of time.  However, before researching, we might want to identify some metrics that we can use.  These metrics are going to vary, but we can look at some questions that might help you determine those metrics:

  • What skills are gained from training? – Will those skills increase efficiency? Will those skills make you better at your job?  Will those skills help with future projects and plans for your organization?
  • What is the expected impact to job performance?
  • How will this training save future time and money? – What will your return on investment be in both time and money?

Is The Training Right For You?

When you’re considering registering for training, you want to have some questions in mind to help determine if this training is right for you.  Some of those questions may look like:

  • Who are the instructors? – Do they have a good reputation? Are they known for being able to convey information easily and effectively, or do they put their audiences to sleep?
  • What do others say about the course? – Are you able to find any reviews online that discuss the instructor and the course itself?  Do other people that have taken the course find what they have learned valuable?  What was their return on investment?
  • Does the course line up with any certifications? – If the outcome of the course is to have you ready to be certified, how will this apply to your job or your personal brand?  Are they teaching just for the certification, or is there going to be information you can put into practice as well?
  • What are the sources used for creating training content? Where are the course developers getting their information from?  If it’s from experience, what does the experience of the course developers look like?  Unfortunately, experience can just lead to anecdotal evidence.  This isn’t always the case, but it’s something to keep in mind.

Just Go Do It Already

If you’ve been putting off training now is the time to make the tradeoff.  Now is the time to make an investment in not only the future of your organization, but also your personal brand.  Make sure you research and justify your expense (time, money, travel, or otherwise) so that you can be trusted to take courses in the future.  If you still aren’t convinced that you have the time, please, just put that aside for one course.  Take the course, come back, and see what you really missed.  Is the company still running?  Has the building burnt down?  Did anyone die because of your absence? Probably not.  Take the first step and you’ll be able to see why the training trade off is worth it.

Share This