There is a lot out there about the benefits of continuous learning—or continuous professional development—and what we’re gleaning from research is how POWERFUL the approach can be when applied to cyber team training.
Like most industries, the only constant in cybersecurity is change. It’s not enough for cyber professionals to get technical degrees and certifications to call themselves experts. Ever-evolving cyber threats are a constant thorn in the sides of cyber professionals. They are responsible for finding new ways to stay ahead of the game to swiftly and efficiently defeat threats before they do damage to their company. CISOs in particular have the unrelenting challenge of identifying opportunities to assess, enable, train, and retain their cyber teams, which usually requires time they don’t have. To assist with this challenge, a simple and effective solution is continuous learning.
Continuous learning is exactly what it sounds like: the ability to continually develop skills and knowledge to perform effectively in the workplace. When it comes to cyber teams, they must be “students of the business,” willing to stay current with the latest news and industry developments to grow their understanding and apply any new knowledge gained to their jobs.
Practicing continuous learning within your cybersecurity team delivers the following benefits:
- Protects your company against evolving cyber threats
- Enables and empowers cyber teams to perform optimally and efficiently
- Increases productivity
- Expands knowledge of current hacker methods and understanding of ways to stop attacks
- Improves decision making
- Stimulates cognitive activity, keeping teams actively engaged and passionate about what they do
Due to the widespread skills shortage of cybersecurity professionals (projected 1.8 million open and unfilled positions by 2022), organizations need ways to develop skilled teams to fight ever-evolving cyber threats.
Many leaders are addressing this problem by adopting a continuous learning philosophy that involves consistent training and up-skilling their teams. In fact, 60% of companies use training to build security expertise (Coursera) and 70% of cybersecurity professionals agree that they must keep up with their skills or the organizations they work for will be at a significant disadvantage (ESG Research).
However, preconceived notions of cost and time prevent lots of companies from offering continuous development opportunities for their employees (only 38% of cybersecurity pros say their organizations provide the right level of training and education). Fortunately, there are training platforms out there (such as our very own Project Ares®) that are both cost-conscious and time-saving in the sense that they don’t require time away from the office to train.
We recommend CISOs adopt continuous learning by:
- Interviewing and assessing cyber teams to identify skills deficits and, therefore, understand what team members need to learn/develop.
- Address large workloads via automation and augmentation so that cyber teams can move away from data handling tasks and into higher-level reasoning and analysis.
- Providing ample opportunities for skills development through persistent, gamified training, mentoring, networking, and continuing education.
- Developing teams incrementally and continuously via a “day-by-day, month-by-month” mindset – as the job is never done in this field.
- Dedicating resources, setting expectations, and aligning corporate culture with the goal of enabling employees to get the learning they need to protect and defend the organization at every stage of their careers.
Continuous learning will up-skill and strengthen your cyber teams so that they are prepared to defend your organization against ever-increasing cyber threats.
Increased understanding, skill and application of offensive and defensive strategies, will greatly improve your organization’s security posture and help keep the hackers at bay. As technology and connectivity strengthen with each passing day, steps must be taken immediately to adopt a culture that values and emphasizes continuous learning to help avoid your organization being featured as the victim in the next cybersecurity attack headline.