Professional development

How to Get Your Employer to Pay for Your IT Security Training — 10 Steps

Graeme Messina
July 7, 2018 by
Graeme Messina


“Who’s paying for this?” It’s an age-old question, and while it didn’t start with information technology, it certainly seems to be one of the most common questions amongst IT professionals trying to keep up-to-date. In this list, we will highlight 10 steps that will assist you in getting your boss to help foot the bill on your next certification or set of certifications.

Some of these steps will have pros and cons, so you will need to decide for yourself how important it is for you to have your IT security training compensated, or if you would be better off going it alone. Since not all IT security training is certification-level (meaning that you might just want to access a workshop or training seminar), these 10 steps will cover a mixture of different approaches.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

1. Identify Business Value

Most companies will need to know that the IT security training you’re undergoing will add business value to the enterprise and that it will eventually yield a return on investment for the company. Perhaps you need to call in a qualified consultant to perform some occasional work, like routine checks, which costs the company money on each call out. Showing how much money you could save the company by performing some or all of those tasks yourself could be enough of a motivator to get you enrolled in some classes and on your way to certification. In some cases, you might need to show a return on investment (ROI) schedule, which outlines how your new certification would save the company money, and how long it would take to pay for itself.

2. Commit to the Business

Some employee contracts will stipulate that any training paid for by the company will incur a lock-in fee that prevents that employee from exiting the company too soon after achieving certification. This is understandable in many instances, as the company pays for you to achieve certification so that you can add value to their business. Leaving soon afterwards because you are now eligible for a better-paying job is great for the individual, but disastrous for the company. Some companies will ask you to sign an updated contract stating that you will not leave the company until a set number of months have passed. Failure to stick by the agreement may result in legal action or in the employee paying back a portion, or the whole, of the training and certification fees.

3. Prepare a Presentation

Creating a presentation and a talk could be a good idea, depending on how open your management structures are within the company. Be sure to have as much information on hand as possible, especially costs and benefits to the company. Be prepared for questions such as how long the training will take, how it may affect your duties while you are busy with it, and how much it will cost the company. If you can comfortably answer these questions, then you could be on your way to increasing your IT security knowledge through a valuable training course. Your manager might be impressed with the thought and effort that you have put into your pitch, but be sure to do your preparations after-hours on your own time.

4. Email Pitch

Perhaps in-person presentations aren’t your strong suit, or maybe the decision-makers in your company can’t spare the time to sit through a meeting and presentation. What do you do then? Luckily, email can provide a vehicle for your pitch, and there are a good deal of sources on the Internet that can help you to prepare the perfect pitch for your training request. These go into great detail and mention all of the key points that your manager will want to know about the training.

5. Offer Your Time Back to the Organization

If the training course, seminar or studying requires you to be off work, offer to fill in somebody else’s shift, or offer to come in on a weekend to catch up. Remember, you want to show that you have the initiative and drive to sacrifice some of your own time for valuable training. Be sure to show your manager that you are grateful for the opportunity and understand that in order for you to undergo training, others will have to lend a hand while you are out of the office. This also indicates that you will happy to return the favor once you return with your new-found skills.

6. Offer to Pay In

If you are working in a smaller business, or if finances are a bit tight within your existing company, then offering to pay some of the course fee yourself might go a long way to showing that you are serious about taking IT security training. This could help your employer to pull the trigger on your training if it is more affordable, and it also helps to solidify your place within the organization as a go-getter. If the company really can’t afford to help with the training then you might have to find a more cost-effective alternative, or be prepared to try and go it alone if the training is important enough for you to bear the costs.

7. Be Prepared for Rejection

Remember that no matter how valuable the training might be to the organization, your employers might not be compelled to grant your request. You might get pushback from your manager in some instances, especially if you have important tasks that need to be completed during your absence. Make sure that you have answers to some of these common questions:


  • Who will cover your daily job requirements while you are away?


If you are able to negotiate with your co-workers ahead of time, then let your manager know that your colleagues will be able to help fill in for you while you are away, and if you have remote access facilities then offer to catch up in the evenings as well. Not all training takes up an entire day, so try and get into the office if your training facility is close enough to your offices and you are able to travel.


  • When will you return?


Make sure that you are able to give an exact schedule of when your training will take place, and when you can come back to the office.


  • What are your expectations upon your return from training?


Employers are often wary of employees that want to up-skill and progress their training and certification, because it means that they could outgrow the current role that the employee occupies. Another real concern is that an employee might leave the company to take a better offer from another company, all thanks to the training and certification that the company just paid the bill for. Be prepared to negotiate with your manager, and do not be surprised if you have to sign another employment contract; the employer will wish to retain you after you complete your training.


  • The costs seem excessive!


As we saw in our earlier points, you will need to defend your position as to why you believe that the costs incurred by the company would be worth the investment. Explain how the training will benefit the company, and allow the organization to be even more secure.

8. Be Persistent

Don’t be discouraged by a negative response at first, as it is quite possible that your manager’s priorities are quite different to yours. You will want to find a balance between being assertive and being an annoying nag. Carefully read the response that you get, and see if you can leave the request open instead of being denied outright. Your manager will want the best for the department and the company, so if you can show value and all of the benefits to your training, you might sway their decision in your favor.

9. Put Your Skills to Good Use and Document the Value of Your Contributions

Once you have your new training under your belt, start using what you’ve learned and show the bosses just how right they were in choosing you to receive the opportunity. If you’re able to document what you have been able to accomplish after receiving your certification or training, then don’t be shy about it. Compile a list of cost savings that you have been able to accrue for your company, and show your manager how much value you can add to the organization. The chances of you being picked for additional training are even better once you demonstrate the value that you can provide for the business.

10. Look for More Training!

Expand your horizons and identify security shortcomings within the organization, and look towards skills that will help you to accomplish all of these objectives. Find skills that you know that your department could use, and if you aren’t sure about the next certification to chase down, then look around the organization for what you are lacking. You would be surprised to note how many areas could use some improvement around you. Once you have an idea of what is needed on the training front, be sure to find a training course to fill those requirements.

Find the Right Training Partner

InfoSec Institute offers some of the most comprehensive IT security courses available today, with boot camps and training available for all skill levels. If training and certification are what you’re after, then be sure to check out the wide range of courses available here.

What should you learn next?

What should you learn next?

From SOC Analyst to Secure Coder to Security Manager — our team of experts has 12 free training plans to help you hit your goals. Get your free copy now.

Good luck on your training journey!

Graeme Messina
Graeme Messina

Graeme is an IT professional with a special interest in computer forensics and computer security. When not building networks and researching the latest developments in network security, he can be found writing technical articles and blog posts at InfoSec Resources and elsewhere.