SANS Training has Improved Our Teams by Providing Them with Expertise in Key Technical Disciplines

Haroon Mahmood Learning and Development, Salesforce Security

Can you provide a brief overview of your organisation's cyber team?

Our global security organisation has specialists that are proficient in a wide array of cyber and information security disciplines. Within the security organisation, the Detection and Response function encompasses Incident Response (CSIRT), Threat Detection, Threat Intelligence, and Vulnerability Management, with over 100 technical specialists in the teams covering those areas. Our Incident Response teams operate 24/7/365, across all regions.

What motivated your organisation to invest in cybersecurity training?

Our commitment to investing in high-quality training and development opportunities for our employees and teams enables us to meet Salesforce's number one value, which is Trust. Training empowers our employees with the expertise to safeguard the confidentiality, integrity and availability of customers' data, Salesforce data, applications, and systems.

How long have you been conducting cybersecurity training with SANS?

SANS and Salesforce have maintained a strong collaborative relationship for more than a decade.

What were the key objectives and goals Salesforce aims to achieve with SANS cybersecurity training?

Salesforce uses SANS training to develop technical knowledge and skills. We have always recognised the importance of high-quality training in acquiring advanced technical skills and certifications, reflecting the company's deep commitment to trust and security. One of our key objectives is to show a high level of professionalisation of our teams by having our employees certified to SANS and other technical certifications. We also track the number of employees who successfully achieve SANS certifications after training.

How do you measure the effectiveness of Salesforce's cybersecurity training from SANS?

A crucial measure for assessing effectiveness is verifying that an employee has not only retained the knowledge and skills acquired from SANS training but is also able to effectively apply and use them in their everyday tasks at Salesforce. When employees participate in training, it is also expected that they will also attain certification. The number of certified team members in our organisation is viewed as an indicator employees have mastered their understanding of the training material.

Can you provide specific examples of improvements or security enhancements that have resulted from SANS training?

SANS training has improved our teams by providing them with expertise in key technical disciplines. Training has enabled our team to more proficiently investigate security incidents, perform detection and response in cloud environments, analyse malware, perform forensic analysis etc. As a result, we are better equipped to handle incidents effectively, identify and mitigate vulnerabilities.

What has been the feedback from your employees regarding the SANS training?

The feedback from our employees regarding the SANS training has been very positive. Many have expressed an appreciation of the comprehensive and practical nature of the training. Most SANS instructors are also considered to be experts in their field. This positive experience has motivated many employees to pursue more advanced SANS training. They have found the process of earning SANS certifications to be rewarding, both professionally and personally, and are enthusiastic about further advancing their expertise in the information and cyber security fields.

Are there any success stories or testimonials from employees who have benefited from the training?

When SANS announced the GIAC Portfolio Certifications, two of our team members achieved the GIAC Security Expert (GSE) certification a few months after launch. This achievement not only underscores the exceptional expertise within our team but also reaffirms our commitment to the value of SANS certifications.

Outside of the available training offerings at SANS, do you also take advantage of the complimentary resources, summits or events available? If yes, what do you gain the most from and why?

We share information about upcoming SANS summits and webcasts to our teams, motivating them to participate whenever possible. Additionally, some of our team members have also presented at SANS summits.

What advice or recommendations would you give to other technology organisations looking to train with SANS?

Cybersecurity training should be an important investment for organisations of all sizes. It is more important than ever to try and stay ahead of the attackers and training can help employees better understand the constantly changing cybersecurity landscape, including emerging threats and vulnerabilities. It is important to ensure the training provided to employees is in alignment with the skillsets your team actually needs. This alignment helps guarantee that staff receive appropriate training, enabling them to perform their roles effectively.

Are there any best practices or key takeaways you'd like to share based on your experience?

It is important to have a clear understanding of the skills that your security organisation needs. This includes understanding the current coverage of the required skills, identifying skills gaps, and planning targeted training accordingly. Additionally, it is important to encourage diversity of thought, creative thinking, and problem-solving. This will help to ensure that your security organisation has the skills it needs to be successful.