CISOs are suffering from burnout. The number of cybersecurity threats continues to rise, and IT security teams continue to hold the line, trying to head off new threats as they arise. It’s like an endless game of cybersecurity whack-a-mole, and it’s exhausting. CISOs need help, and they need to uplevel staff capabilities to relieve the pressure.
Since cybercriminals never sleep, CISOs are working weekends and holidays, missing vacations, and adding stress to their lives dealing with ongoing crises. It’s difficult for security executives to keep up with their workload, let alone keep pace with the latest technologies, and corporate security is suffering as a result.
At the same time, IT staffing is an ongoing challenge. The number of open cybersecurity positions has risen from 1 million to 3.5 million between 2013 and 2021, an increase of 350%. With the high demand for security experts and the ongoing talent shortage, it’s taking 21% longer to fill cybersecurity jobs. For every 100 jobs posted, there are only 66 candidates.
The solution to both problems is more cybersecurity training. Implementing an online cybersecurity training program for your IT and information security teams offers several benefits, including:
- Self-paced learning so you can learn the skills you need at your own pace.
- Flexible learning since you can train anytime, anywhere, without traveling.
- Affordable training since online learning has been proven to be more cost-effective and readily fits into training budgets.
To get maximum value from online cybersecurity training, consider these five best practices:
While there are common skills that every cybersecurity expert needs, it’s best to develop a custom training program. Start with a smaller pilot group and refine the training program. To train 100 people, start with a pilot program of 5 to 10 trainees.
Once you have a core group of 10 trainees, they can become evangelists for the training program supporting the next 10 trainees. The snowball effect will create a new group of cybersecurity experts in no time.
2.Turn inspired team members into ambassadors.
It’s common for adult learners to find the time and motivation for continuing education difficult. The teacher-student relationship is driven by passive knowledge transfer and is less effective. People are busy, and it’s hard to take time to listen to a lecture. Placing the learners at the center and promoting peer-driven instruction has more impact.
Best practice dictates that you find evangelists among the trainees and give them the tools to serve as ambassadors. Don’t make it part of their job. Get them to volunteer and share their knowledge.
3.Enlist internal candidates with creativity.
Bad actors tend to be creative people, and it takes a level of ingenuity to combat them. It helps to think outside the box when seeking solutions to cybersecurity problems. When looking for cybersecurity trainees, consider candidates who show creativity.
Consider looking for candidates outside of IT who may be interested in an apprenticeship or learning more about cybersecurity. Rather than looking for college degrees, look for the right aptitude and skills. Half of IT job listings don’t list a college degree as a requirement, but only 31% of companies that need IT skills look outside the IT department for candidates for tech reskilling. Be creative when enlisting cybersecurity trainees.
4.Train for real-world issues.
Cybersecurity training should not be an abstract exercise but deal with real-world problems. In addition to instruction, hands-on training is essential. There is no substitute for practical experience.
The challenge with many online training courses is they reinforce instruction with a list of multiple-choice questions. Providing real-world problems that require creative solutions has been proven to be more effective.
5.Choose a training platform with adequate support.
The training platform itself should not impede learning. The platform should be easy to use and require little or no training. If trainees encounter problems, they are less likely to complete the course.
Support needs to be available to address technical issues and training questions. Enlist your IT staff and other training team members to offer help when needed.
Delivering reliable cybersecurity is a people problem. New cyberthreats will continue to emerge, and cybercriminals will double down on hacking strategies that have proven effective in the past. The best defense is a well-trained security staff that is ready and able to deal with threats.
Upskilling your IT staff is one strategy to help reduce cyber risk. Providing additional training for the IT team is an effective strategy to allow the CISO to focus on other strategic business issues. The more cybersecurity expertise your IT staff has, the better they will be at identifying and responding to potential threats.
Dr. Heather Monthie is a leader in Cybersecurity and IT education dedicated to developing workforce-ready professionals for the future. With a diverse background in education, leadership, and technology, she has worked with various businesses and educational institutions to develop successful cybersecurity education programs. She has served in various leadership roles within organizations that are committed to cybersecurity and STEM workforce development. She currently serves as the Head of Cybersecurity Training, Education, and Innovation at Offensive Security.