As the CEO of a cybersecurity training division, I have had a front-row seat to the transformative power of cybersecurity education and training. There are multiple “human factor” challenges in cybersecurity that need more attention, including the global talent shortage, lack of diversity and severe skills gap that put organizations of all sizes at risk. Today, I write as an advocate for change in an industry that faces a critical challenge.
ISC2’s most recent study reports that the global skills gap sits at 3.4 million workers, with the White House reporting at least 777,000 open positions in the United States alone. That number is likely to increase as cyberattacks continue to grow. The challenges extend beyond skill shortages, as well. Our industry is also grappling with a dire diversity problem; despite numerous opportunities and discussions about the importance of inclusivity, the ISC2’s study showed that “women accounted for 30% of global cybersecurity workers who are under the age of 30.”
At an enterprise level, the spotlight is pointed directly at executives and their teams, who are expected to adapt to new threats and protect their organizations from mounting risks despite a lack of skilled staff and resources. The cybersecurity landscape is evolving at a breakneck pace, with threats becoming more sophisticated and relentless by the day. Yet the persistent gap between the skills required to defend against these threats and the resources available remains a daunting obstacle.
I believe that expanding the talent pool is crucial to solving these challenges, and making cybersecurity training and education more affordable and accessible for workers of all backgrounds is key. This can allow workers who wish to begin a new career to enter the industry quickly, and it can also open up opportunities for current IT employees to upskill into new cyber positions. Based on my experience, here are four ways in which business leaders can effectively help make this a reality within their organizations.
1. Industry Partnerships
Collaborations between educational institutions and industry leaders can significantly enhance the accessibility of cybersecurity education. (Full disclosure: My company offers these services, as do others.) Educational partnerships typically create immersive, hands-on learning environments on how to detect likely threat scenarios. Learners are able to complete coursework at their own pace, entirely online. This helps ensure they gain practical skills while also reducing overhead costs that are normally associated with more traditional programs. Companies can also utilize government grants, which often provide opportunities for candidates from underrepresented backgrounds.
To determine which educational institution is right for your company, look for flexible programs that offer a curriculum closely aligned with the skills required in the positions you are looking to fill, with a strong track record for placing graduates in relevant job positions. Also ensure that the institution meets industry standards, such as the NIST-NICE framework in cybersecurity. Some programs offer hybrid opportunities, which combine self-paced, hands-on cybersecurity courses, workshops and certifications with a dedicated trainer or facilitator. This can allow employees to get more flexibility in their training while still having a professional available to address their questions and learning needs.
2. Real-World Simulations
In my experience, theory-based approaches to cybersecurity education often require more time than necessary without providing learners with as many of the skills they will actually need to perform their jobs. Learners need hands-on experience to apply theoretical knowledge to the real-world scenarios that they are likely to face. By dealing with realistic challenges, they gain hands-on experience in using cybersecurity tools to analyze threats, identify attacks and apply effective solutions.
Because cyber threats are constantly evolving, ensure your team stays up to date on the latest training offerings and industry news. Traditional cybersecurity programs are built to meet compliance standards, but they are not usually tailored to address employees’ specific roles and the threats they are likely to encounter on a daily basis. Instead, consider tailoring training to specific roles, including threats that your employees have or are likely to face to help them detect the very latest attack.
"The time has come to invest in our workforce development and embrace diversity as an integral component of cybersecurity resilience."
3. Mentorship And Apprenticeship Programs
Mentorship and apprenticeship programs can make a significant impact, both on the success of cybersecurity professionals just starting out in the industry and on companies seeking to fill hard-to-hire positions. According to an ISC2 survey, only 49% of companies with 1,000 or more employees who had implemented rotating job assignments, mentoring, and internal training initiatives had staffing shortages, compared with 77% of those who had implemented none.
These programs are also cost effective. Companies with mentoring programs have profits that are 18% better on average, and employee retention rates are also much higher. Creating these programs within your organization can help you bridge experience gaps and provide a safe space for employees to ask questions and grow professionally. A few best practices for creating an effective program include utilizing partnerships to bring apprentices into your organization to mentor with your more senior staff, as well as thoughtfully matching mentors and mentees to ensure that the pairs align based on career goals and strengths.
4. Diversity And Inclusion Initiatives
To tackle the lack of diversity in the cyber industry, consider proactively implementing diversity and inclusion initiatives within your organization. This can include targeted recruitment efforts, partnerships with underrepresented communities and/or creating inclusive environments that value diverse perspectives. By embracing diversity, you can help the cybersecurity workforce become more representative of the populations it aims to protect.
The challenges we face are immense, but so is our capacity for innovation and change. The time has come to invest in our workforce development and embrace diversity as an integral component of cybersecurity resilience. Let’s seize this opportunity to shape a brighter future for our industry—one where organizations are fortified, risks are mitigated and the digital world is safer for us all. Let’s open the gates.
Originally published in Forbes.
Roy Zur is a serial entrepreneur, Founder & CEO of ThriveDX’s Enterprise Division, the global education company committed to transforming lives through digital skills training and solutions. In August of 2021, ThriveDX acquired Cybint Solutions where he also served as CEO since founding the company in 2014.
Protect Your Organization from Phishing
Explore More Resources
Your Trusted Source for Cyber Education
Sign up for ThriveDX's quarterly newsletter to receive information on the latest cybersecurity trends, expert takes, security news, and free resources.