Effectively upskilling cybersecurity professionals to help close the skills gap

Globally, there are more cyberthreats than ever and a surge in attacks on operational technology (OT), including the proliferation of new ransomware variations and the ascent of Malware-as-a-Service (MaaS). These developments have caused many firms to place a higher premium on narrowing the cybersecurity skills gap within their own IT teams.

Leaders are looking not only at technology but at the human side of the equation, seeking to understand what skills they need and where to find them. However, the cybersecurity skills shortage has contributed to critical IT positions not being filled, which increases organizations’ cyber risks, including breaches. Employers are struggling to fill open positions due to a shortfall of applicants with the needed qualifications.

Yet employers continue to overlook one of the most valuable assets they have when it comes to fighting the cybersecurity battle – their existing employees. In many cases, they need to be more internally focused and consider how they can better equip existing employees and implement more reskilling and upskilling opportunities.

Improving security posture requires careful examination of the skills gap

Last year, cyberthreats of every kind spread like wildfire. Because of this ubiquity, there were more breaches than in the year prior, and many firms paid a larger total cost for breaches. Many leaders also blame the breaches, at least partly, on the shortage of cybersecurity expertise among their IT staff.

Boards are paying attention, as well. Given board duties for managing business risk and reputation management, this is of utmost importance as the enterprise attack surface expands and threats diversify. They can and should play a big role in strengthening the organization’s security posture. The good news is that there’s been a lot of movement in this area. In fact, the 2023 Cybersecurity Skills Gap Global Report from Fortinet found that 83% of boards advocate hiring more IT security personnel.

At the same time, it’s not that easy – finding and hiring people with the right skills is a significant challenge for employers. While there’s no negating the need for more cybersecurity professionals in general, one too often overlooked strategy involves looking within upskilling and reskilling existing employees.

Bringing upskilling and reskilling to the forefront

Giving your employees the chance to enroll in advanced training and certification programs helps to improve employee experience and job satisfaction while also keeping their skills current. In a survey of human resource managers, the Society of Human Resource Management (SHRM) Research Institute found that 86% of respondents said providing ongoing training increases employee retention.

Clearly, the federal government understands the necessity of this strategy. The Acting National Cyber Director is working on a plan to, among other tactics, upskill and reskill current federal employees to fill gaps in cybersecurity roles.

Although college degree programs are a valuable option for preparing for a career in cybersecurity, the current skills shortage requires a more immediate solution. Cybersecurity training and certification programs can go a long way in addressing the need. Many vendor-specific and vendor-neutral programs are widely available, and many are of high caliber. These programs typically include recertification aspects, which help ensure that staff stay current on the latest and greatest technologies.

Employers are increasingly using industry certifications to verify individual abilities when hiring new employees or trying to improve the expertise of current IT security staff. The goal of well-designed certification programs is to develop not only technical skills but also a better comprehension of how to use such skills in the context of a particular job role.

Cyber hygiene for all

Though security teams unquestionably play a crucial role in safeguarding an organization’s digital assets, everyone – regardless of their position – is responsible for cybersecurity. Workers can and should serve as a first line of defense, but this is only achievable if they are knowledgeable about and skilled in recognizing the techniques threat actors employ.

This is why continuing cybersecurity awareness education for all staff is so vital. All employees should have a fundamental understanding of security, even though the training material you choose may vary depending on your organization or industry. Be sure to educate on phishing attack recognition and management, social media use, ransomware, social engineering, passwords and authentication, physical security, and other related subjects.

Training: More than just lip service

Bad actors aren’t going to wait while you beef up your security team. Addressing today’s cybersecurity skills gap requires an immediate and strategic approach. The focus on building cybersecurity capacity starts at the top, with more boards of directors recommending increased IT security headcounts.

This is much-needed and welcome support as organizations seek to recruit and retain talent to meet their cybersecurity needs. While the tendency is to seek out existing experts with technology-focused certifications or cyber-related degrees, leaders must also remember those in their midst who would benefit the company if they had access to additional training. An upskilling and reskilling strategy provides only an upside as organizations try to fill the cyber skills gap and keep their networks safe.

Find out more about how Fortinet’s Training Advancement Agenda (TAA) and Training Institute programs—including the NSE Certification program, Academic Partner program, and Education Outreach program—are helping to solve the cyber skills gap and prepare the cybersecurity workforce of tomorrow.