What training do we need to provide cybersecurity professionals to be one step ahead of the bad guys? And how do we retain talented security professionals in such a competitive recruitment market? These two important questions may seem different, but they are intrinsically linked. Both relate to the statement we always hear at the start of a vendor pitch: “The cyber threat landscape is constantly changing.”
The truth is that we rely on the fact that we work in an industry where a large percentage of the workforce is made up of highly motivated and motivated people who complete their work and then often sit down to create or try to new tools. They investigate new sources, participate in “capture the flag” events and debate in online forums. But that’s not possible for everyone due to a myriad of reasons.
This level of dedication and constant occasional learning can also make the career transition quite scary for some. Keeping up with innovations, technology, and the ever-changing threat landscape is certainly daunting. However, there are now fantastic resources available, many of them free, to make it easier for cybersecurity professionals to train and hone their skills, with certified proof.
One of the most important things we need to do as an industry is to create the time, space, environment and budget for talent to continuously improve. Where some industries push continuous development for people to become more experienced or certified, we in cybersecurity must do so too – because “the cyber threat landscape is constantly changing”.
Personally, I love resources like Immersive labs and hack the box. Why? Because they can quickly reflect the real world threat landscape, with hands-on labs that can test defensive and offensive skills against the latest techniques, quickly aligning an individual’s skills with real-life situations.
Many of these platforms also align with career development and certification pathways – so the work is mostly done for us. That said, variety is the spice of life. There will always be a place for intensive classroom training, led by a tutor.
It’s about getting the recipe right for the individual, which also helps with retention.
The psychological build of the average cybersecurity professional means that they place a high value on their employers caring about their training, knowing that they have a dedicated training budget and a detailed training plan laid out. for him. The more effort we put into our talent training and development plans, the more effort they will put into the role and our businesses.
It doesn’t have to cost the earth.
A training plan should not only contain large expensive courses, but subscriptions to platforms, academies and even free online tutorials and webcasts, for example. Training offerings don’t have to be a “one type fits all” scenario, we need to keep in mind that different people learn in different ways and everyone benefits from the variety.
Although lab training such as HTB and Immersive have recently strengthened cybersecurity skills and certification bodies such as Crest have ensured that these skills are used in a safe, professional, ethical and legal manner, for the future, I’m excited to see what virtual and mixed reality is can bring to cybersecurity training.
Some of us are very visual or auditory learners. Labs where we can learn with the help and support of friends and strangers, pointing to visual representations of networks and network traffic, will bring whole new understanding and perhaps even new people to our industry. It will also merge the separation between classroom, tutor-led training and hands-on labs.
The evolution of AI-based chatbots, many of which have recently made headlines. These bots have the ability to act as tutors and “sounding boards”. This allows students to ask questions, clarifications and seek advice, for example with the development of scripts and rules.
Overall, the cybersecurity training environment is strong and continues to grow. What’s more important is making sure individuals have the time, support, plan, and budget to make it happen. Want to keep your staff? Do the above. Want to be at the forefront of an ever-evolving threat? Do the above. Want to do the right thing for the individual and the industry? Then do the above.