Online training should be engaging and hands-on, says Infosec Skills instructor Ross Casanova
Ross Casanova began teaching in the 1990s when he did a tour with the U.S. Army Training and Doctrine Command and was asked to develop courseware for their career paths, known as Military Occupational Specialties.
“I was an instructor for six or seven years,” Ross said. “Then I was assigned to the special forces teaching survival evasion resistance and escape for four of five years.”
Get your free course catalog
When his 20-year military career came to an end, Ross started a new career in cybersecurity, but he continued to do what came naturally — teaching. Over the past year he’s taught popular Infosec Flex boot camps such as Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), NIST Cybersecurity Framework and DoD Risk Management Framework.
When Infosec Skills launched last spring and was looking for experienced instructors, Ross was a natural choice to develop learning paths for the new online cybersecurity training platform.
Creating engaging online training
Teaching a live boot camp requires a slightly different set of skills to keep students engaged than teaching an on-demand course.
“With boot camps there’s a built-in interaction with the students, and the questioning techniques I use during a boot camp can lead us down interesting and engaging paths,” Ross said. “With on-demand training, the communication is more one-way, so it requires a different approach to create that interaction.”
Ross wanted that feeling to carry over to his three Infosec Skills learning paths:
- (ISC)² Certified Cloud Security Professional (CCSP)
- NIST Cybersecurity Framework (CSF)
- NIST Risk Management Framework (RMF)
“I want to provide students with that exchange so they feel invested, like I’m talking directly to them and engaging them in the conversation,” Ross said. “That's how I developed my Infosec Skills courses.”
Building skills through hands-on training
Hands-on training is also important because it feeds into that back-and-forth that helps students truly learn the material.
“I created a couple of projects for the Risk Management Framework and the Cybersecurity Framework to help students gauge and demonstrate their knowledge,” Ross said. “The projects basically walk through templates that are done as part of an assessment, and then give you a scenario where you can apply the knowledge you learned.”
For example, his NIST Cybersecurity Framework Project asks students to perform a gap analysis on an organization so they can practice adjusting impact levels and selecting, mapping and tailoring controls from the NIST SP 800-53 catalog.
“I say, here's the organization. This is where they're at, and this is where they want to go," Ross said. “Then it's up to you to dissect the information, just like you would with any interview or anything else, and place that information into the template correctly and understand the analysis.”
The two frameworks really go hand-in-hand, Ross said.
“Ideally, you would start out with the Risk Management Framework so you understand risk assessments and controls and those kinds of things,” Ross said. “Once you have your controls outlined and in your system security plan, then you could turn around and say, ‘Well, now how do I improve these controls, and how do I map that back to the Cybersecurity Framework so I can see what it is I need to do?"
Advice for up-and-coming cybersecurity professionals
Ross attributes his personal training success to having a unifying theme that’s carried through his career.
“I've earned a lot of different certifications, but all of them have a theme. They're all cybersecurity information management related,” Ross said.
A lot of cybersecurity professionals are jumping between different certifications and chasing down different areas of expertise without a thought out plan, Ross said.
“The training and certifications don't feed into each other, and that can lead to holes in your skills as you progress your career,” Ross said. “Make sure you're building on what you currently know rather than learning about a lot of different things but not mastering anything. Pick a career field, work your way through it and nurture and grow that set of knowledge and skills.”
“That’s the best advice I have.”
What should you learn next?
Check out Ross’s Infosec Skills courses below:
About Ross Casanova
Mr. Casanova has extensive experience in leadership, project management, intelligence analysis and training development. As a program manager, he helped build the CSRA pipeline of new opportunities, including developing winning proposals for more than $100 million in new business. He served the intelligence community in various roles and retired from the United States Army after 20+ years of service. He has over twenty years’ experience as a technical trainer.
Certifications held: CISSP, Security+ce, CEH, CCSP, NSA-IAM, GIAC, CCSK, CIRM, SMSP, Infosec Certified Instructor, (ISC)² Certified CISSP Instructor, Ultimate Knowledge Institute Certified Instructor, ITIL® Foundation Certificate in IT Service Management (ITILv3-F).
In this Series
- Online training should be engaging and hands-on, says Infosec Skills instructor Ross Casanova
- Top-paying cybersecurity jobs and salary trends for 2024
- The importance of IT certifications in boosting your career
- Understanding the role of a network engineer in IT
- The role of the chief information officer (CIO) in cybersecurity
- What is a network engineer and how to become one?
- What does a system administrator do and how to become one?
- Cyber security hiring: Tips and best practices
- Cybersecurity soft skills: Career benefits of public speaking
- CompTIA Data+ certification: Opening doors to new careers
- Surviving cybersecurity burnout: Tips from industry experts
- How to make a mid-career change to cybersecurity
- 7 top security certifications you should have in 2024
- The Changing Role of the Modern SOC
- Discover the top 5 information security management certifications
- CySA+ versus CASP+: Is the CySA+ good enough for a career in cybersecurity?
- The best cybersecurity jobs in 2023: Trends, roles and salaries
- Top 10 penetration testing certifications for security professionals (2023)
- How to land an entry-level cybersecurity job: Essential skills and certifications
- 133 cyber security training courses you can take now — for free
- Breaking down barriers: How to make cybersecurity more inclusive and diverse
- Computer forensics interview questions
- The digital security forensic analyst salary guide
- Applying linguistics to cybersecurity: The journey of Jade Brown, a 2022 Infosec Scholarship winner
- The Path to “Career 4.0”: Amy Bonus leverages humanities, FinTech experience to bring Cybersecurity to the layperson
- Security engineer: Degree vs. certification
- Cybersecurity engineer: CyberSeek
- Infosec Accelerate Scholarship winner highlights essential qualities of a successful cybersecurity professional
- Career skills, imposter syndrome and intelligence-led pentesting | From the Cyber Work desk
- Cloud security engineer interview questions and answers
- Prior preparation results in a big payoff for Jason Mondragon, an Army veteran transitioning into cybersecurity
- Infosec scholarship winner Kandice Kucharczyk salutes her mentors as she sets her sights high
- Which CompTIA cert is right for you: Security+, PenTest+, CySA+ or CASP+? [updated 2023]
- How VetsInTech and Infosec Laid the Path to Gaurav Panta’s New IT Career
- Infosec 2022 scholarship winner Anthony Torres: Bringing the Marine Corps ethos to the cyber domain
- Infosec Scholarship winner Chris Chisholm knows the power of service and diversity in cybersecurity
- Betta Lyon Delsordo, Infosec scholarship 2022 winner, is a true life-long learner
- A veteran transitions from military medical logistics to multi-national security analyst
- An Army National Guard member fast tracks his cybersecurity career transition with VetsinTech
- How a career harnessing Navy nuclear energy can power a transition to a Security+ certification
- What is a cloud administrator? Essential roles and skills
- Security control mapping: Connecting MITRE ATT&CK to NIST 800-53
- Should you take the CCSP/SSCP before the CISSP? [updated 2022]
- (ISC)² certifications: The ultimate guide [updated 2022]
- CCSP vs. Cloud+ [updated 2022]
- Data architect: The ultimate career guide
- The ultimate guide to ISACA certifications: Overview & career paths [updated 2022]
- I failed IAPP’s CIPP/C certification. Here’s how I recovered
- How learning to be "Always Flexible" helped a Marine in earning the Security+ certification
- How to learn and pass your next certification exam
- Mission accomplished: How one army veteran turned neurobiologist moved into cybersecurity
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
Professional development
Professional development
Professional development
Professional development
The role of the chief information officer (CIO) in cybersecurity