The Future of Cybersecurity Education

According to Gartner’s most recent report on Risk and Security, the future is bleak.

There are now too many vendor solutions making choices complicated and confusing.

APIs are expanding to meet surging demands for increased digitization.

Security teams that were already failing to keep up with the surging threat, risk and compliance demands are now told to adapt practices and controls to cloud and remote work. All this while ensuring that incident response plans and security monitoring systems are well tested and also leveraging automation and orchestration to maximum advantage.

New technologies demand skilled security teams for value extraction and we are woefully short on those resources.

At the same time, it is clear that so far advanced technologies can’t compensate for immature practices or a lack of skilled personnel.

These conditions create enormous new risk, fueled in part by an economic downturn driving cost-centric solutions, along with the virtual impossibility of staffing to the demand.

The Real Fix?

Culture and training, along with a mind-shift from prevention to control.

Gartner also tells us that today only 12% of CISOs are able to exceed the expectations of executive leadership in all four necessary areas:

  1. Lead the function
  2. Organize security service delivery
  3. Embed governance in workflows
  4. Influence strategic decision makers

Additionally, by 2023, 30% of chief information security officers’ effectiveness will be directly measured on the role’s ability to create value for the business.

The Challenge of New Digital Initiatives

New digital initiatives create challenges and the security team is often not consulted until digital plans for the organization are well underway. In addition to reorienting the security program to address new technologies, effective security leaders are working with the board and business leaders to manage cyber-risk control expectations.

In 2020, cybersecurity mesh has emerged as the preferred delivery model for security services.

This cloud-based and highly modular architecture makes it much more practical to control the uncontrollable. Cybersecurity mesh is the most efficient and effective way to extend security policy to digital assets that are outside of the traditional enterprise.

Citizen computing accelerates when a user creates new business applications using development and run time environments approved by IT. However, it’s generally outside of IT visibility and traditional enforcement, which creates complexities for security and risk leaders tasked with protecting the organization.

The two major challenges facing CISOs in 2021 are:

  1. Acceleration in digital business is outstripping cybersecurity investment – It is often simply assumed that the security and risk team will be able to adequately protect the organization regardless of what the business decides, but the heritage security infrastructure is just not designed to expand in scope across new and unfamiliar systems and
  2. The Cybersecurity knowledge gap – Demand for cybersecurity skills already outstrips availability. New digital initiatives mean organizations need more cybersecurity effort with new and different skill sets. Digital initiatives almost always use new forms of digital computing that require new skill sets. Virtually all Gartner clients struggle to find the skills needed to apply public cloud computing.

Recommendations

Gartner recommends developing talent versus trying to hire it.

The competition for needed talent in cybersecurity is fierce. It is virtually impossible to hire people with security skills for public cloud computing and other newer digital domains. Gartner suggests making a plan that addresses the need for critical security skills and manages their development. And avoid getting trapped in old preconceptions about the types of people, or sources of people, who might be suitable for cybersecurity roles. This gap is the moment when we need to be more open to experimentation.

Finally, a focus on adaptability, business acumen, digital dexterity, outcome-driven behavior and collaboration which are the business/cyber skills necessary for our new normal.

Flexibility, Agility and Adaptability

We need resources who can demonstrate flexibility, agility and the ability to respond effectively to changing environments, awareness of internal and external dynamics with an acute perception of business issues, and with the digital dexterity to leverage information and technology in unique and innovative ways.

When reviewing internal candidates for cybersecurity training, better outcomes will accrue to those who focus on competencies – not cybersecurity skillsets or tactical knowledge – and on those who are oriented toward desired results and business outcomes, can set and achieve challenging goals while leveraging collaborative energy and synergies.

The CyberEd.io Solution

This is why when we designed our curriculum, learning paths and coursework, we focused on the human-factors necessary for success and confirmed that the approach was appropriate to the new normal era by thoroughly vetting our entire program through a team of faculty advisors who are industry leading CISOs or senior executives in leading cybersecurity companies.

Our goal is to close the skills gap across all three levels: the cyber-warriors necessary on the front lines of defense, the CISO who needs constant up-skilling to stay in front of today’s increasingly sophisticated threats and the non-technical C-suite and board members who need a new cyber-educational framework contextualized to their unique learning paths.

Our objectives were to align our training curriculum with modern attack scenarios so that our ability to detect, defend and respond is continually superior to the threats posed by incoming cybersecurity attack vectors.

Combining problem-space resonant training and upskilling with an aggressive program of content delivery is the only way we will be able to climb above the noise and re-focus our collective energies around controlling the inevitable versus trying to protect against attacks through technology alone.

Previous Post
The Role of Strategy in a Cybersecurity Action Plan – Deception and Human Will
Menu