Onsite Tenable Training: An Instructor Perspective

Besides the monthly Tenable Enterprise Security Monitoring classes available at our Columbia training center, Tenable offers versions of the same content taught at customer locations. The obvious reason to choose our onsite training offering is that allows entire teams to be quickly trained on Security Center, Nessus, Passive Vulnerability Scanner or Log Correlation Engine without the inconvenience and cost of sending one to two students at a time to Maryland. But having just returned from an onsite class with one of our large customers, there are other aspects of onsite training than make teaching entire teams (or parts of multiple teams) on their "home turf" an interesting and rewarding experience –- both for the students and the instructor alike.

Although our students are never shy about asking tough questions or sharing war stories about how our products are being used in unique ways, I've found students are much more likely to open up about product features they really like (or don't care for so much!) when they are among their peers. Similarly, we can focus discussions around live product deployments, which can result in higher levels of student engagement. Something else I've noticed is that onsite courses often include a more diverse Security Center user base than traditional classes. In Security Center terminology, onsite classes include a great ratio of "end users" to "primary security managers." In particular, onsite classes often include members of platform teams (UNIX, Windows, Desktop, etc.) in addition to full-time security folks. In one class, the participation of non-security teams was particularly valuable for the customer, in that it provided better understanding of the value of conducting credentialed scans. Training can provide a neutral environment for discussing (and sometimes debating) the pros and cons of different approaches for using a given product. For example, understanding whether or not an organization should implement a centralized or distributed vulnerability management strategy is a frequent topic of discussion.

Although a certain amount of customization occurs in every class based on student interests or experience, onsite classes take this customization to a higher level. As part of scoping the training engagement, we define which content is critical based on which products the customer is using and the product features being used most commonly -- as well as other factors such as common target operating systems and which compliance standards organizations must adhere to. Our modular curriculum makes it easy to "cut and paste" content to build courses that meet specific customer needs, as well as make changes on the ground. For example, last week we attached an AIX workstation, as commonly deployed in the customer's environment, to the classroom network and conducted patch and configuration audits. This allowed students to see realistic scan results from targets in their own environment within the safety of a training environment.

Anyone who has taught hands-on technical classes on the road knows "setting up shop" outside the comfort is their home classroom from far from stress-free, but based on the last few onsite classes I've taught, I've found it to be well worth the additional planning and preparation necessary for a successful training experience.

For more information on Nessus, Enterprise, and Compliance training contact your sales representative or [email protected].