Cyberattacks grew by more than 31% in 2021, according to Accenture's State of Cybersecurity Report 2021. And it seems 2022 is poised to set another record.
Microsoft, News Corp, CashApp, and the Red Cross are just some of the organizations that had to fight off breaches this year. From crypto.com, cybercriminals stole $18 million in bitcoin and $15 million in Ethereum. They also grabbed $600 million from blockchain company Ronin, and PressReader had to stop publishing news titles, including the New York Times, to local outlets. Another cyberattack forced 200 gas stations to close.
The need for cybersecurity professionals has never been greater. Yet, there are more than 600,000 job openings for cybersecurity positions in the U.S. currently. At the same time, the (ISC)2 Cybersecurity Workforce Study reports that 2.7 million more professionals are needed right now globally to adequately defend critical infrastructure.
With attacks increasing and the cybersecurity talent shortage reaching critical status, upskilling your security team needs to be part of your security plan.
Widening the talent pool through training
Staff upskilling is more than just a way to fill knowledge gaps and deal with the ongoing talent shortage. It’s an essential part of growing and sharpening your team’s skillset so they're always a step ahead of looming threats.
Here are some tips for widening your talent pool through ongoing education and training.
1. Upskill and reskill experienced team members
It’s not just your less experienced team members that need—and want—training. According to a survey by Workable and TalentLMS, 91% of tech employees said they want more training opportunities from their employers.
If you're not upskilling, the skill gaps only widen. Training your security operations center (SOC) team received five years ago may no longer be relevant. Knowledge can decay quickly in a field where cybercriminals are constantly evolving.
2. Increase diversity and opportunity
Bridging the cyber talent gap will require diversifying the skill sets of your current team. Organizations need to think more broadly about candidates. Instead of looking for a four-year degree and years of experience, think more about finding the right fit.
Threat hunting is often more about curiosity, behavior, and communication than it is hard skills. You can teach the hard skills if your employees have the right attitude.
3. Bring in more junior members and train them
Instead of poaching talent from other companies, bring in entry-level workers and expand their skills through training and learning. Find people with passion and invest in them using a mentorship approach.
4. Skip the conferences
While conferences provide value, most of what attendees experience is not directly work-related. For many, conferences can be more like a vacation than leveling up. Instead, invest in mentorship programs, lunch and learns, red team and blue team scrimmages, and more hands-on experience.
5. Prioritize training
Training requires commitment. It’s too easy to look at the thousands of alerts every day and feel like there’s no time for learning and training. Inertia, however, is your enemy. Without commitment, you’re only treading water—and the water is rising.
The hidden benefit of training and upskilling
There’s a hidden benefit to investing in your team members: retention. When security team members are growing professionally, adding new skills, and continuously learning, they are more engaged in their job. They also tend to stay with their employer longer.
A career optimism study found that 68% of workers would stay with their employer longer if their organization committed to upskilling, while 65% said reskilling would keep them with their employer throughout their careers.
Tapping your network to solidify your cybersecurity defenses
While training and broadening your collective skillset, leaning on others in the cybersecurity community strengthens your resources. For the longest time, security was viewed almost as a competition. Teams worked in isolation to prevent breaches and attacks. Today, it’s become about leveling up the entire cybersecurity community. This requires collaboration in real time to upskill everyone.
Every organization is at a different level of experience and knowledge. One SOC team may miss a malicious threat, but another team may see it. Organizations can benefit from a Collective Defense strategy, in which anonymized data is shared to the collective, allowing everyone to grow together.
Upskilling takes strategic planning and commitment
A study of 10,000 senior business leaders revealed that 97% said strategic leadership was the most important part of making their organization successful. Yet, another study reported that 96% of executives said they didn’t have the time to think strategically and execute a plan.
Failing to plan is like driving your car continuously without ever changing the oil. It will run fine—until it doesn’t. Then, it breaks down and repairs are costly.
Without planning and commitment, the only thing that changes is that the knowledge gap widens and you fall farther behind. This is true in business and cybersecurity. In business, however, the threat typically comes from competitors. In security, the threat comes from organized crime and cybercriminals who don’t play fair.
Make a plan today to upskill your team and employ more proactive measures like Collective Defense to meet today’s evolving security threats.
Social media add-on
There are 600,000 current cybersecurity job openings in the U.S., and 2.7 million security professionals are needed globally. Upskilling and reskilling are essential to overcome the critical cybersecurity talent shortage. Learn how to do it right.
Subject line 1: The keys to upskilling your security team
Short summary: 91% of tech employees said they want more training opportunities from their company. If you’re not providing upskilling and training, you’re putting your workforce—and your security—at risk. Cybercriminals are constantly evolving. Are you?
Subject line 2: Upskill your team to overcome the cybersecurity talent shortage
Long summary: There are 600,000 current cybersecurity job openings in the U.S., and 2.7 million security professionals are needed globally. This critical cybersecurity talent shortage comes at the same time cyberattacks are occurring at record levels. As cybercriminals continue to evolve, you need to grow the skill set of your security team to stay on top of emerging threats.
3 Bullet Points:
The keys to upskilling your security team discusses:
- Why conferences aren’t getting the job done and what actually works
- How to upskill and reskill your security team
- How a Collective Defense strategy can strengthen your team