Ready to Start Your Career?

By: ryan c
June 26, 2019
Welcoming a New Cybersecurity Era for the Enterprise, Hello Security Enablement

By: ryan c
June 26, 2019
There is a new trend across enterprise technical leaders, and that trend is "Security Enablement". Security Enablement is the practice of infusing cybersecurity skill sets into ALL of the IT and technical professionals within the enterprise so that security best practices are deployed throughout the entire technology lifecycles of enterprise applications, products and services. Why and how did this happen? Good question! Here is what happened, how we identified it, and why it is possible now.
Over the past few years, we have had the chance to speak to many Fortune 500 CISO's, and in our conversations, we kept finding a pattern of common frustration. This common pain point has, at least in part, brought about the demand for Security Enablement. That frustration is the amount of time that their security team members are spending essentially consulting for the company's other IT professionals. This stems largely from the desire of the IT leaders to want to bake security into the inception of the products, applications and services. The action of using security team members, in a consultative manner, to enable better security practices in other areas of IT is problematic because the security teams spend less time on their own core activities. Security professionals are busy enough in their core work roles, adding on consultative time to other IT professionals within the organization, makes for lessened efficiency, weaker outputs and therefore, frustrated technical leaders. What is also common is that enterprise technical leaders have significant trouble finding security professionals. It goes without saying that the industry shortage of security professionals is very real, and filling security roles is a challenge. However, the Security Enablement trend shows us that technical leaders are thinking differently about their strategy. They are almost, re-engineering the solution. The best solution is no longer to find more security professionals. Instead, these leaders are empowering their technical teams to act as their security team, throughout the entire technological lifecycle. The modern technical leader is taking steps to ensure security gets infused across all roles that are technical. Coders writing applications, should understand things like the OWASP Top 10, DevOps professionals should be DevSecOps enabled, network admins should be equipped with understanding how to defend the network.
It Took a Whole Bunch of People, and Data
As many of you know, Cybrary has become the world's largest provider of cybersecurity training. We have over 2.5 million users, and we grow by about 2,500 new users each day. We will deliver over 100 million minutes of cybersecurity learning in 2019 and our platform is used by employees from 96% of the Fortune 1000. We are fortunate enough to be powered by a fast growing community of world class instructors and creators who are producing content at a rate that makes Cybrary, the fastest moving catalog in our industry. We also have hundreds of businesses that are paying us to unlock the full catalog to their IT teams.With almost 65% of our user base already working in jobs in the IT industry, we have unique insights into companies and jobs across the globe. We are acquiring massive amounts of data on not only what people are learning, but also how well they know certain skills, across a wide variety of IT work roles. This unique data set allows us to identify trends in the space quickly. What has become common in the last year, in particular among enterprise IT leaders, has been to adopt Cybrary's cybersecurity training throughout their entire IT organizations. CISO's are working with CIO's, along with Cybrary, to drive security strength throughout all technical work roles in the company. We call this trend Security Enablement. Similar to how we went through a wave of Sales Enablement for sales teams, and the more recent wave of Security Awareness to the end users in our companies, Security Enablement is an approach to building security muscle across all of the technical work roles. Where as we have often thought of security as steps we take after a product, application or service is produced, Security Enablement is a pro-active approach to securing the enterprise. We are working on this initiative with organizations like one of the largest healthcare providers in the country, and some of the largest financial institutions in the world. These enterprise organizations are working with the Cybrary platform to make all of the work roles in their technical operations, strong at security. The goal of this, is to ensure that products, applications and services are built and deployed securely, from the start, as well as throughout their lifecycle.We Just Keep Stealing Time from the Security Teams
Over the past few years, we have had the chance to speak to many Fortune 500 CISO's, and in our conversations, we kept finding a pattern of common frustration. This common pain point has, at least in part, brought about the demand for Security Enablement. That frustration is the amount of time that their security team members are spending essentially consulting for the company's other IT professionals. This stems largely from the desire of the IT leaders to want to bake security into the inception of the products, applications and services. The action of using security team members, in a consultative manner, to enable better security practices in other areas of IT is problematic because the security teams spend less time on their own core activities. Security professionals are busy enough in their core work roles, adding on consultative time to other IT professionals within the organization, makes for lessened efficiency, weaker outputs and therefore, frustrated technical leaders. What is also common is that enterprise technical leaders have significant trouble finding security professionals. It goes without saying that the industry shortage of security professionals is very real, and filling security roles is a challenge. However, the Security Enablement trend shows us that technical leaders are thinking differently about their strategy. They are almost, re-engineering the solution. The best solution is no longer to find more security professionals. Instead, these leaders are empowering their technical teams to act as their security team, throughout the entire technological lifecycle. The modern technical leader is taking steps to ensure security gets infused across all roles that are technical. Coders writing applications, should understand things like the OWASP Top 10, DevOps professionals should be DevSecOps enabled, network admins should be equipped with understanding how to defend the network.