Cybersecurity Training: 3 Advantages of Training on Production

Technological advances have made it possible to test adversary tactics on live production environments in real-time. Instead of investing time and resources to stand up a sandbox or a cybersecurity range, you can now directly test the effectiveness of cyber responses in your real production instance. Cybersecurity training needs to keep up with the pace of evolving cyber threats, and the best way to ensure that is to train your people to defend your systems from the desks that they’ll be sitting at when, and if, a real attack happens.

Here are the 3 advantages of performing cybersecurity training in the production environment:

Validate the configurations of your cybersecurity tools
Save time

Improve the performance of personnel during a real attack

To continuously improve your security posture, the most direct method is to train your employees using exactly what they’ll have at their disposal in the event of a real cyber attack. It produces better results, takes less time to conduct, and gives you actionable insights into what defenses need to be shored up. Watch our video and learn more about what makes training your IT department in their production environment your best option.

Your IT team is your first and best line of defense against cyber threats. Make sure they have access to the best possible cybersecurity training available. A well-trained team makes all the difference when a real problem occurs.

Learn More:

4 Keys to an Effective Cybersecurity Training Program

Cybersecurity Fundamentals: The Anatomy of Cyber Defense

Cybersecurity Trends Interview: Tackling the Market with Ron Gula

Video Transcript

0:00 Intro
0:31 Cybersecurity Training: Training On Production
1:24 Cybersecurity Training: Cybersecurity Innovation
1:59 Cybersecurity Training: Advantage #1
2:24 Advantage #2
2:50 Advantage #3

I spent over 10 years in the Army working with and training militaries all over the world. When it comes to effective training, we have one simple phrase, ‘train how you fight’.

Since leaving the Army several years ago, I’ve been working with organizations to help them apply that principle to cyber security training. Here are three advantages to training on production instead of training on a cyber security range or in a sandbox environment.

0:31 Cybersecurity Training: Training On Production

Most cyber security leaders think it’s not possible to actually train their personnel on production, but this is actually an outdated view based on an old technology paradigm. As I’ve already described, in the last few years, technologies have emerged that enable organizations to actually test their security tools, test the configurations of their firewall or their SIEM or their EDR tools in the production environment to make sure that they’ve got all the right configurations for those tools to stop the attacks that they need to stop. Now technology has emerged that enables you to build on top of that to enable your personnel to train with those same tools against real-world threats in the production environment.

Most organizations think that training their cyber security personnel is something that has to take place on a cyber range or in a sandbox environment, but new technologies have emerged that enable organizations to actually train their cyber security personnel in the same places that they do their job on production.

1:24 Cybersecurity Training: Cybersecurity Innovation

Technologies developed over the last several years enable organizations to actually test their cyber security tools in their environment where they’re actually meant to work, which is on production. There’s now technology that actually builds on top of that, that same technology that allows you to run tests of malicious actions in your production environment to actually test your personnel who are using the security tools in that environment as well.

I want to share how new technologies can help organizations save time and effort. One of the most difficult parts of their cyber security program, training. I’m going to talk about three advantages to training your cyber security personnel on production.

1:59 Advantage #1

Advantage number one: when you train on production, you can actually validate the configurations of your cyber security tools. When you go to a sandbox environment, you try to match that environment exactly to your production environment, but it’s difficult and expensive, and time-consuming to get it exactly right. When you train on production, you can actually validate the tools in the configurations that they’re actually in that analysts have to use on an everyday basis to do their job.

2:24 Advantage #2

Advantage number two: training on production saves you time by training on production. you eliminate the need to stand up and maintain a separate cyber security range, which will take away valuable time that you could be using to actually do your job. So your people who are probably already overworked and have very limited time when you train on production. They no longer have to actually pick up and go to a separate location; they can actually do the work right there on production without even leaving their desk.

2:50 Advantage #3

Number three: training on production improves performance, so based on what I’ve described so far, it’s probably not surprising to learn that organizations that train on production actually stop 56 percent more attacks than organizations that train on a cyber range or in a sandbox environment.

If you want to stay up to date on everything that we’re doing over at SightGain, including developing tools that enable you to train your personnel on production, don’t forget to like this video, subscribe to our channel, and check out our website at