The concept of the paper tiger originated from the Chinese phrase “zhilaohu” that refers to something that claims or appears to be bigger or threatening but is actually ineffective and cannot fulfill the duties of a tiger. CompTIA+ has decided to include practice-based questions in the exam, format to resolve the issue of a paper tiger. Candidates who are preparing for Cyber security certification with CompTIA Security+ Training Course must be wondering who the paper tigers in cyber security are.
The relationship between paper tiger and cyber security
In the field of cyber security, the term paper represents “cyber security certification” and the “tiger” is the person who is holding the certification. For instance, a person who only has a cyber security certification with no technical skills is the paper tiger. He or she may appear to be real by getting the certification by just memorizing the exam questions.
At ProICT Training, our certified and experienced instructors understand that only theoretical knowledge is not enough to tackle down the real-life challenges. Therefore, we focus on the practical aspects of the training to make sure candidates can build the skills from scratch to handle and overcome organizational challenges.
There is even some training institute that allows candidates to give exams with an open book in a group – despite the fact that the exam is supposed to be taken solo and closed book. These methods make the problem of a paper tiger more serious. Is it the reason why people are facing so many breaches?
How paper tigers are killing us?
There are various ways how paper tigers in cybersecurity affecting us including:
They lack knowledge
The paper tigers lack the knowledge required to defend the system against cyber-attacks. As paper tiger mainly responsible for the cybersecurity controls, planning, security policies, training, etc. The paper tiger professionals don’t know much about security so, the risk of them doing them something totally wrong and ineffective is relatively high.
They hire paper tigers
Another thing about the paper tiger is that they have a fear of getting exposed. Therefore, they always hire those who have less knowledge than them to make sure they are not going to burst their work and knowledge.
They lack passion for the cybersecurity
Unlike other professionals, paper tigers are not passionate about their field, work, career, industry, etc. this is sort of elephant in the room. The passion is what fuels the learning aspect and if a person is working in a field without being passionate toward it then, it makes him nothing but a dabbler.
The cybersecurity criminals are getting smarter day by day and they will never lose to a dabbler- never.
What can we do about cyber security?
There are two ways to get rid of paper tigers:
Cyber security certifications that require the practical approach
There are higher security certifications that are moving toward a higher practical approach. For instance: – the CEH has two approaches, first is “Certified Ethical Hackers” where candidates need to answer multiple-choice questions. Second is the “Certified Ethical Hacker Master” where candidates need to pass both the multiple-choice exam and CEH practical exam.
The paper tigers may be able to crack the multiple-choice question exam but it will require skills to ace the practical test which they lack. Now, building skills and learning things may strip them from the status of a paper tiger.
Hiring procedures for cyber security experts
The organizations need to come up with a better interview and screening approach to filter the cybersecurity applicants. Just because someone has so many certifications doesn’t mean that he or she has knowledge and skills to efficiently perform the roles related to it. It is the responsibility of the interviewer to know about the knowledge areas of the certification to identify the paperness of the tigers. For instance, if I am hiring the CompTIA Security professional then, I must know that areas of CompTIA Security+ Training Course to validate their knowledge.
In the end, if you have any issue regarding the cyber security training courses then, feel free to reach out to the professionals at ProICT Training to learn more about it.