Do Your Homework
Do Your Homework Once you have made the decision to send your employees to "hacker school," take a few basic steps to maximize the return on your investment.Foundstones instructors are the first to admit that the material they teach can easily be put to a wide range of unsavory uses. Take this into account when selecting the staffers you wish to send, so as not to expose yourself to the risk of an insider attack or legal liability stemming from an employee using your network to attack others. Consult with your human resources department to find the most trustworthy candidates. Perhaps the only thing worse than having your security breached by disgruntled employees is the knowledge that you paid to teach them how to do it. Be sure your students are prepared. Make no mistake, Foundstones hacking class is not intended for beginners. While students need not be security experts, without a good working knowledge of Windows and/or Unix networking concepts, they will quickly fall behind. Reading through available course materials in advance can also help cope with the grueling pace of the class sessions. Construct a test environment. Your staff is going to return from class eager to test their new skills, perhaps even show off a little. Encourage them to do so by providing an isolated test network. These new skills stem from practice and will quickly fade if not maintained. As attackers develop new tools and techniques, your staff will have the resources necessary to keep themselves up to date; moreover, they will also have an environment for testing new defensive techniques and equipment before deployment. Finally, the availability of a safe target area will remove the temptation to practice on production machines.
Send only the right people.