BY JAKE GIBSON, Chief Compliance Officer and Chief Security Officer, LightEdge Solutions
Training the next generation of cybersecurity professionals is not easy.
In the ever-changing world of technology and cybersecurity, the workforce is required to learn and understand more information than ever before.
The skill shortage that job markets are currently facing makes having a well-trained cybersecurity professional more important than ever. According to a 2018 survey completed by Enterprise Strategy Group, a research organization in the information technology industry, 51 percent of the organizations that responded said they “had a problematic shortage of cybersecurity skills.” That’s up 6 percent from 2017 and more than 25 percent from 2013.
When geared with the most up-to-date information, cybersecurity experts are some of the hottest hires in today’s workforce. Throughout this article, I will discuss how your organization can better prepare the next generation of professionals.
Relevancy in Higher Education
As I mentioned above, the information technology (IT) industry is constantly shifting. That means the curriculum that colleges implement each semester is almost outdated by the time it is printed.
Colleges that work closely with local businesses are experiencing greater success, because they get relevant feedback on their courses. Students who take advantage of co-ops and internships are entering the workforce with a better understanding of the evolving technology environment.
Higher education institutions should connect with cybersecurity professionals on a regular basis to ensure changes in the industry have been communicated. This regular information can then be implemented into the curriculum. University staff can also create one-off programs to further train students.
Businesses expect their new hires to start the job already having proficient knowledge on industry best practices. It does not matter if that new hire is an experienced cybersecurity veteran or a newly graduated young professional. Both should come with background knowledge to contribute. From there, ongoing training and education can occur.
Ongoing Training and Awareness
Perhaps the most important period of learning comes during a person’s career. Just like in any other industry, ongoing training is essential in growing as a professional. According to IBM’s “The Value of Training,” 84 percent of employees in the best preforming organizations are receiving the training they need, while only 16 percent of employees in the worst preforming companies are receiving training.
It is no surprise that in the cybersecurity industry, education is even more important.
There is a real deficit of cybersecurity understanding within organizations. [Insert Source Title] reported that only 33 percent of companies say they have a very high level of security understanding. To remedy this, organizations have been implementing training and awareness tracks for their technical workers.
While some of this training falls on the organizations, employees are in charge of furthering their education. Being aware of new trends, incidents and threats is important. Even if a cybersecurity employee does not understand everything about a new vulnerability, being aware can help mitigate attacks.
Something that goes hand in hand with ongoing training is certification. Many companies are hesitant to invest in formal certification. Only about 48 percent of organizations pursue technical certifications for their technical workers. The ones that don’t do so cite the cost and time required as the reasons why.
Despite the glaring statistics, these certifications are important. While going through the process of certification, professionals can pick up new skills and better security practices.
Networks of Resources
When training and educational opportunities are not available, I recommend using your network of peers as a resource to learn from.
Many cities around the nation have cybersecurity professional groups. In Central Iowa, the Information Systems Security Association (ISSA) Des Moines branch is a good organization with a diverse group of professionals in the industry.
Another place for a professional to grow their network is at industry conferences. There are many conferences available to professionals that are free to attend.
With a job market that has seen a rise of cyberattacks this year, it is important for young professionals and cybersecurity experts to continue their education. The workforce needs well-trained professionals now more than ever.