Inside Jobs: The Value of Cross-Training and Upskilling for Your Cybersecurity Team

As cybersecurity threats continue to evolve in the wake of the pandemic, IT leaders are looking for ways to shore up defenses and take a proactive approach to protecting key data.

According to recent survey data, this translates directly into boosted security budgets: Eighty-one percent of organizations spending more on cybersecurity in 2022 to help mitigate attacks and stay ahead of the curve.

The challenge? Eighty-eight percent of companies expect the growing skills gap to affect their strategy, with 50 percent anticipating a “significant” impact that will require them to hire new team members. This creates a paradox, however: While increased hiring could help close the gap, the gap itself makes it harder for companies to find skilled professionals. What’s more, competition for top-tier talent is more competitive than ever as demand for IT experts increases exponentially.

But it’s not all bad news. By building on the framework that already exists within their organization, companies can increase their InfoSec impact without breaking their budgets or competing for the attention of “unicorn” candidates with exactly the right skill sets. In practice, this means leveraging the twin disciplines of cross-training and upskilling to create inside job opportunities that increase overall cybersecurity.

Current Challenges in Cybersecurity

Companies now face the dual challenge of evolving attack vectors combined with increasing attack surfaces. It makes sense: Driven by the rapid shift to hybrid and remote work, many companies made the move to cloud-based, on-demand solutions that enabled anytime, anywhere access — but also came with the commensurate challenges of growing complexity and reduced visibility.

The result? An exponential rise in familiar threats such as ransomware that exploit open-source or zero-day vulnerabilities to compromise and control key data, combined with the growth of malware-as-a-service (MaaS) frameworks that allow would-be cybercriminals to purchase ready-made attack tools, complete with ongoing customer service from their criminal creators.

This leaves companies fighting on two fronts as they try to bolster existing security frameworks by closing current gaps, while simultaneously implementing advanced tools such as runtime application self-protection (RASP) and next-generation firewalls (NGFWs) capable of frustrating attacker efforts.

In short, it’s no surprise that enterprises are looking for help.

Considering Cross-Training

With new talent getting harder and harder to hire, tapping internal resources is often the best course of action for companies.

One option is employee cross-training. Cross-training is the process of helping staff expand their expertise by learning about the tasks, tools, and technologies of other disciplines within the organization. In the case of IT, cross-skilling might take the form of connecting developers with operations and security teams for regular training sessions to help expand their expertise. From an IT perspective, this approach dovetails well with emerging DevSecOps models that look to break down common barriers between departments.

Cross-skilling also comes with the benefit of reduced risk. Consider a scenario that sees IT security professionals sidelined due to illness or moving to new careers — now a common occurrence as The Great Resignation continues to change labor markets. Even the best hiring teams will take weeks to find and onboard new staff members. Cross-skilling offers a stopgap while this process is underway and allows internal staff members from other departments to make a more permanent shift.

Unpacking Upskilling

Of course, cross-skilling only gets your company so far when it comes to covering cybersecurity gaps. To build more robust and reliable InfoSec teams from internal staff members, the next step is upskilling.

TechTarget defines upskilling as a “workplace trend that facilitates continuous learning by providing training programs and development opportunities that expand an employee's abilities and minimize skill gaps.” In practice, this means offering cybersecurity staff access to courses, virtual labs, and practice tests that help them hone specific security skills and set them on the path to potential certification.

Upskilling offers several benefits for your business. First, internal staff are familiar with current policies, procedures, and infrastructure, meaning it’s easier for them to integrate new training with day-to-day operations. Upskilling also offers new career paths for committed staff members — while this does introduce the possibility that they’ll move on to other jobs, the more likely outcome is that you’ll boost overall retention, because you’re offering employees a pathway to both improved skillsets and greater responsibility.

Making the Most of Inside Jobs

When it comes to cross-training and upskilling, the best strategy is rooted in a data-driven approach to finding and closing key gaps. Here’s why: While many companies provide online cybersecurity training for staff, 68 percent of staff say their organization doesn’t deliver the right training at the right time.

Solutions such as Cybrary for Teams can help your business better manage skills at scale. By combining targeted assessments and advanced analytics with personalized skill development and access to a wide variety of in-depth cybersecurity courses, Cybrary can help your organization make the most of inside jobs with complete visibility into current skill sets, necessary upskills, and potential pathways to success.

Learn how Cybrary helps organizations build highly skilled teams to navigate an evolving threat landscape. Request a demo today.