Welcoming a New Cybersecurity Era for the Enterprise, Hello Security Enablement

There is a new trend across enterprise technical leaders, and that trend is "Security Enablement". Security Enablement is the practice of infusing cybersecurity skill sets into ALL of the IT and technical professionals within the enterprise so that security best practices are deployed throughout the entire technology lifecycles of enterprise applications, products and services. Why and how did this happen? Good question! Here is what happened, how we identified it, and why it is possible now.

It Took a Whole Bunch of People, and Data

As many of you know, Cybrary has become the world's largest provider of cybersecurity training. We have over 2.5 million users, and we grow by about 2,500 new users each day. We will deliver over 100 million minutes of cybersecurity learning in 2019 and our platform is used by employees from 96% of the Fortune 1000. We are fortunate enough to be powered by a fast growing community of world class instructors and creators who are producing content at a rate that makes Cybrary, the fastest moving catalog in our industry. We also have hundreds of businesses that are paying us to unlock the full catalog to their IT teams.With almost 65% of our user base already working in jobs in the IT industry, we have unique insights into companies and jobs across the globe. We are acquiring massive amounts of data on not only what people are learning, but also how well they know certain skills, across a wide variety of IT work roles. This unique data set allows us to identify trends in the space quickly. What has become common in the last year, in particular among enterprise IT leaders, has been to adopt Cybrary's cybersecurity training throughout their entire IT organizations. CISO's are working with CIO's, along with Cybrary, to drive security strength throughout all technical work roles in the company. We call this trend Security Enablement. Similar to how we went through a wave of Sales Enablement for sales teams, and the more recent wave of Security Awareness to the end users in our companies, Security Enablement is an approach to building security muscle across all of the technical work roles. Where as we have often thought of security as steps we take after a product, application or service is produced, Security Enablement is a pro-active approach to securing the enterprise. We are working on this initiative with organizations like one of the largest healthcare providers in the country, and some of the largest financial institutions in the world. These enterprise organizations are working with the Cybrary platform to make all of the work roles in their technical operations, strong at security. The goal of this, is to ensure that products, applications and services are built and deployed securely, from the start, as well as throughout their lifecycle.

We Just Keep Stealing Time from the Security Teams

Over the past few years, we have had the chance to speak to many Fortune 500 CISO's, and in our conversations, we kept finding a pattern of common frustration. This common pain point has, at least in part, brought about the demand for Security Enablement. That frustration is the amount of time that their security team members are spending essentially consulting for the company's other IT professionals. This stems largely from the desire of the IT leaders to want to bake security into the inception of the products, applications and services. The action of using security team members, in a consultative manner, to enable better security practices in other areas of IT is problematic because the security teams spend less time on their own core activities. Security professionals are busy enough in their core work roles, adding on consultative time to other IT professionals within the organization, makes for lessened efficiency, weaker outputs and therefore, frustrated technical leaders. What is also common is that enterprise technical leaders have significant trouble finding security professionals. It goes without saying that the industry shortage of security professionals is very real, and filling security roles is a challenge. However, the Security Enablement trend shows us that technical leaders are thinking differently about their strategy. They are almost, re-engineering the solution. The best solution is no longer to find more security professionals. Instead, these leaders are empowering their technical teams to act as their security team, throughout the entire technological lifecycle. The modern technical leader is taking steps to ensure security gets infused across all roles that are technical. Coders writing applications, should understand things like the OWASP Top 10, DevOps professionals should be DevSecOps enabled, network admins should be equipped with understanding how to defend the network.

Why Now is Different than the last Decade

So, now we know that the era of Security Enablement across enterprise technical teams is officially here, as evidenced by the fact that we are helping more and more CIO's, CISO's, CSO's and CTO's adopt the concept each month. A primary driver of this movement is the subscription economy, which has made adopting continual training more realistic for these leaders and their teams. It no longer requires a week off of work and $7,000 per person (plus travel and per diem). Where as the classroom based approach was an inhibitor of pervasive and rapid skill development, an on-demand offering like Cybrary for Business makes security skill deployment convenient, affordable and easily managed for technical leaders. Another challenge from past years that prevented technical leaders from deploying organization-wide rapid skill development, was managing that deployment. Given the extremely wide variety of work roles in the org, the question of who needed what training, was extremely complex. In other words, the technical skill sets for a DevOps Engineer is quite different than that of a SOC Analyst. However, modern frameworks, such as the NIST NICE Cybersecurity work roles framework, configured along with Cybrary's data from the world's largest user base of its type, makes it effortless to deploy accurate, continual learning, to any person, in any work role, in the organization. Team leads simply click a button and get a team member started down the right path. From there, usage data (proprietary to the Cybrary platform) kicks in, creating a continuous cycle of easy to consume, hands-on skill development. This learning feedback loop means that managers must only think ONCE about setting up skill development for an employee, and the employee walks down a path of continual cybersecurity (and IT) improvement, for their tenure at the organization. So as we usher in the era of Security Enablement, we have reason to believe that what comes from it will be a more secure enterprise, with security capable technical professionals. It has taken too long to get to this point, despite the fact that we have known for quite some time that security shouldn't be the sole responsibility of the security teams, it is everyone's responsibility. Fortunately, because of the accessibility, convenience, affordability and capability of the web, we are here now. I know the team at Cybrary won't be the only ones welcoming in the era of Security Enablement, it is long overdue.Ryan CoreyCEO / Co FounderCybrary

 

 

 

Watch the interview with CEO Ryan Corey discussing Security Enablement