In an earlier post discussing security awareness training, I discussed the failings of general security awareness training for end users at companies. When it comes to training the IT staff about security, there are also some gaps.
A lot of effort goes into certification and advanced training for specified security team members, but that leaves out a lot of other IT staff members (the help desk, for example), often the front-line team when it comes to dealing with cyber-attacks on end users.