By: Jenna Crawford
September 3, 2020
Focusing Skill Development Priorities Based on Current Cybersecurity Trends
By: Jenna Crawford
September 3, 2020
Organizations today are faced with a threat landscape that continues to evolve, including cyber-attacks that have become much more sophisticated. Cybercriminals are highly motivated and tend to use a wide range of tactics, tools, and techniques to achieve their goals. IBM Security (2020) found that the average time it took for organizations to identify a data breach attack was 207 days, and 73 days to contain the breach. They noted that, although the average total cost of a data breach has gone down slightly in the past year, it is still $3.86 million (IBM Security, 2020).
Organizations must take action to secure their networks against attackers. According to Crumpler and Lewis from the Center for Strategic & International Studies (2019), education and training institutes have had difficulty keeping up with the high demand for skilled cybersecurity talent. They found that 82% of employers across eight countries have reported a shortage of cybersecurity skills and scarcity in almost every cybersecurity position, causing measurable damage to their organizations. A very high demand exists for high-skilled technical personnel, and many employers have reported a deficient talent pool for available trained cyber defense candidates. The need exists to strengthen cybersecurity talent through a more robust skill development training program that produces the skills desired by individual organizations (Crumpler & Lewis, 2019).
Determine Organizational Cybersecurity Goals & Explore Cybersecurity Risks
Figuring out how to even begin to strengthen your organization's current cybersecurity workforce is a little bit more complicated than sending your employees to training courses or demanding they obtain certifications. As an organization, you need to identify and define your cybersecurity goals. It can be challenging to determine your cybersecurity goals without first exploring your cybersecurity risks. The U.S. Department of Homeland Security (2016) recommends gaining foundational knowledge about your organizational cybersecurity workforce risk and the extent of tolerance you have for potential outcomes. It is essential to work with leadership, cybersecurity managers, and human capital experts to conduct an in-depth organizational risk assessment. After identifying your organizational cybersecurity risks, one can begin to define cybersecurity goals (U.S. Department of Homeland Security, 2016).
Inventory & Assess Your Cybersecurity Workforce
Taking stock of your cybersecurity workforce begins with working with your cybersecurity managers to determine your cybersecurity team's size, the number of vacancies, the team's current skills, and the activities they perform. There are several ways to assess current team knowledge and skills, including:
- Knowledge Tests
- Certification Exams
- Skill Assessments
(ISC)2 (2020) highlighted the ten skills needed in the cybersecurity workforce today. These skills help ensure a well-rounded cybersecurity workforce. The highlighted skills include:
1. Technical prowess - A clear and solid understanding of the tools and technology needed for job performance, including a basic knowledge of general technological concepts such as encryption, automation, and analytics. 2. Business understanding - General understanding of business mission and operations and the ability to demonstrate a security strategy that supports the business strategy and provides a return on investment. 3. Cloud - Organizations are moving toward cloud services, so some cloud and cloud architecture knowledge is needed. 4. DevSecOps - Bridges the gap between security and agility by building security into the DevOps cycle. 5. Project management - IT and cybersecurity professionals need to understand the project management life cycle because this is required to develop and deploy new tools and technologies. 6. Threat detection - It is critical to understand the fundamentals of threat detection and the techniques used to detect network threats. The threat landscape is continuously evolving and changing, and understanding this landscape is an essential aspect of being part of a proactive security team. 7. Forensics - Having a basic understanding of the tools used to investigate an incident is important to learn how to prevent attacks from happening in the future. 8. Hacking - This is a valuable skill to have, and the tools and methods used in ethical hacking can be used to identify gaps in organizational security to improve defenses. 9. People skills - The ability to work with team members and employees across the organization is an essential skill for a robust cybersecurity team. 10. Passion - This is important to prevent burnout, which is all too common in cybersecurity. Knowing that you are doing meaningful work that has a relevant purpose is key to maintaining focus on securing the organization.
The U.S. Department of Homeland Security (2016) identified five major characteristics of high-performing cybersecurity teams that can be used as an additional resource when determining current staffing gaps and future staffing needs (U.S. Department of Homeland Security, 2016).
1. Agile - Attacks can emerge at any time, so teams must be ready to change course and solve problems quickly. 2. Multifunctional - Teams need diverse knowledge and skills to perform many activities. 3. Dynamic - To respond to new threats, teams need to learn new skills and methodologies to secure systems. 4. Flexible - Strong teams can shift priorities to meet the challenge of the day. 5. Informal - Cyber teams favor flexible work hours and shifting duties to remain engaged and on top of their game.
Develop a Cybersecurity Training Plan
After taking the time to evaluate and assess one's organizational cybersecurity workforce, it's time to evaluate the team's current skills against the desired future skills. This begins the road to closing the gaps in their skill sets and can be done by developing a security training plan, which includes identifying training to improve your workforce's skill gaps. There are a variety of training methodologies and training plan options for any organization, including:
- Instructor-led training courses
- Hands-on learning exercises
- Virtual interactive practice labs
- Capture the flag exercises
- Practice assessment questions
- Certification practice exams
- Role-based learning paths
- Strategic roadmap
Need Help Developing a Skilled Cybersecurity Workforce?
Developing a skilled cybersecurity workforce can seem overwhelming, as there are many aspects to ensuring that proper training is provided to verify the workforce's appropriate development. Cybrary can help make this process easier for your organization. Cybrary will provide a Customer Service Manager to build a strategy, help launch your team into Cybrary's training platform, and provide periodic results.
- Strategy- Create a development plan that aligns with your business goals & recommends a strategic roadmap, including custom learning paths and certifications.
- Launch- Oversee launch and help manage the team transition into Cybrary & check-in via email, phone, and in-app chat, ensuring everyone gets onboarded successfully.
- Results & Review- Regular check-ins to track learning progress and suggested improvements. Provide support, strategy, and training to monitor your team's development and maximize your success with Cybrary.
Cybrary helps organizations close the cybersecurity skills gap and build a workforce capable of tackling the challenges of today, and tomorrow. Request a demo of Cybrary for Teams to get started.
Crumpler, W., & Lewis, J. A. (2019). The Cybersecurity Workforce Gap. Center for Strategic & International Studies.
ISC2. (2020, June 3). 10 Critical Skills for the Cybersecurity Workforce. Retrieved August 1, 2020, from https://blog.isc2.org/isc2_blog/2020/06/10-critical-skills-for-the-cybersecurity-workforce.html
U.S. Department of Homeland Security. (2016, November). Cybersecurity Workforce Development Toolkit. Retrieved from https://niccs.us-cert.gov/sites/default/files/documents/pdf/cybersecurity_workforce_development_toolkit.pdf?trackDocs=cybersecurity_workforce_development_toolkit.pdf