How a Culture of Learning Can Help Close the Cybersecurity Skills Gap

While the past two years have seen a decrease in the skills gap, dropping from 3.12 million cybersecurity professionals needed to 2.72 million according to a 2021 (ISC)² Cybersecurity Workforce Study, there is still a significant number of positions to fill. The same study also found that the workforce needs to grow 65% to effectively defend organizations’ critical assets. Additionally, Fortinet’s global 2022 Cybersecurity Skills Gap Report found that 80% of breaches can be attributed to a lack of cyber skillsets and/or awareness. As a result, the skills gap is a big challenge for organizations with it being a top concern for CISOs.

Organizations are realizing the benefits of building a culture of learning across their company as a way to help tackle the skills gap. Whether it’s building a foundational baseline understanding of cybersecurity best practices or advancing highly technical cyber skills, training and certifications are ways organizations are ensuring the skills gap isn’t compromising their security posture.  

Empowering employees to pursue cyber certifications and training

According to the (ISC)² study, more cybersecurity professionals are getting their start outside of IT with 17% transitioning from unrelated career fields and 15% gaining access through cybersecurity education. Cyber education plays a big role in closing the skills gap. Some ways organizations can build a culture of learning to attract and retain talent and help close the skills gap is by implementing and promoting the following.

Cyber awareness and training: All employees, regardless if they are in a technical or non-technical role, should have a foundational understanding of the threat landscape and cybersecurity best practices. Only through substantial awareness and training will employees be able to identify and report suspicious cyber activity and maintain cyber hygiene. Many organizations require all their employees to take training when hired and periodically throughout their tenure. Organizations can look to cyber awareness and trainings, such as Fortinet’s Security Awareness and Training service offered through the Fortinet Training Institute.

Vendor certifications: Certifications can complement academic studies enabling professionals to update their knowledge and skills every time they renew their certification. Cybersecurity vendors tend to do a great job at delivering training programs that include certification to equip customers and partners with the knowledge and skills required to deploy and operate their own products. Fortinet’s Network Security Expert (NSE) Certification program, for example, has eight levels designed to provide interested technical professionals with an independent validation of their network security skills and experience. The program includes a wide range of self-paced and instructor-led courses, as well as practical, experiential exercises that demonstrate mastery of complex network security concepts.

Non-vendor certifications: Other industry certifications are a great tool for enabling workers to add to their skillsets. The Certified Information Systems Security Professional (CISSP) accreditation for example, is accredited, recognized and endorsed by leading organizations around the world. Earning the CISSP further validates individual’s expertise and capability of implementing best-in-class security strategies.

Placing a greater emphasis on certifications enables organizations to focus recruitment efforts on a much wider talent pool. As a result, the hiring pool is enlarged to include groups such as degreed professionals in other fields, IT professionals without a college degree, military veterans transitioning to civilian careers, and many more.

Certifications and training can contribute to customer loyalty and growth

By encouraging employees to have certifications and training under their belts, organizations are also providing validation to their customers that they have certified personnel with sought after expertise. Customers appreciate knowing they are working with trained professionals who are keeping up with the latest threats and key technology areas such as secure SD-WAN, Zero Trust Edge, etc. When customers know they are investing in robust security technology but also access to people and resources with knowledge in a wide array of areas, loyalty is further built as well.   

Training and learning should be continuous to address the cyber skills gap

Organizational leaders need to start looking beyond traditional talent pools more and more in order to find people with the skills they need to keep their network safe. At the same time, they should continue investing in their current workforce, ensuring they have access to the training and education they need to gain and advance their security skillsets. Incorporating a culture of learning through training and certifications will help organizations cast a wider net for recruitment while accelerating learning opportunities and ensuring that skills stay current and relevant, which helps lead to well-staffed cybersecurity teams.

Learn more about the Fortinet free cybersecurity training initiative and Fortinet’s Training Institute, including the NSE Certification program, Academic Partner program, and Education Outreach program which includes a focus on Veterans.