Major online security breaches and data leaks have been making alarming headlines and dominating conversations among technology leaders in the past few years. At Coursera, we hear from learning and development leaders who are eager to help their technology teams learn the latest cybersecurity skills to avoid potential attacks.
Just as data scientists, IT architects, and QA engineers are in high demand, cybersecurity pros are at the top of the list for many hiring managers. A 2017 report from CompTIA, an IT industry trade association, says more than 4.6 million cybersecurity occupations were posted in the past year. CompTIA’s definition of “cybersecurity” includes a range of job titles, including cybersecurity analysts, security engineers, and security architects. But the report shows that employers can’t find the skilled workers to fill those jobs.
We asked CompTIA Senior Director of Technology Analysis, Seth Robinson, for his advice for companies that want to shore up their cybersecurity skill sets.
Lead with a Cybersecurity Strategy
Improving cybersecurity at an organization doesn’t happen by fixing bugs or closing loopholes. It starts with a clear strategy and investment in cybersecurity. That means leaders have to prioritize cybersecurity and security skills development.
Modern cybersecurity requires two things, Robinson says: an understanding that data is critical to business survival and a strategy around technology, process, and education.
Closing the security skills gap is no easy task, he says. “Companies must determine their overall security posture, ensure a solid technical foundation, and invest wisely in both highly technical measures and basic security hygiene. This difficult undertaking becomes more critical as businesses find themselves in a race between building skills and being the next big security headline.”
Invest in a Variety of Training Resources for Security Staff
Many organizations are feeling the strain of under-developed technical teams. Just 21 percent of businesses surveyed by CompTIA said that their current level of security is completely satisfactory. That problem is linked to a lack of internal knowledge: Only 33 percent of companies said they have a very high level of security understanding within the organization.
The highest-priority security skills are network and infrastructure security, knowledge of threats, application/data/host security, and compliance/operational security.
Leaders are remedying the skills problem through a variety of training methods for technical workers:
- 60 percent of companies use training to build security expertise.
- 48 percent of companies pursue formal certifications for technical workers.
Why do less than half of companies prioritize security certifications? Robinson says some companies are deterred by the cost and time required to earn formal certifications and feel that training alone is adequate.
- 39 percent of companies believe the cost of certification is too high.
- 34 percent think there isn’t enough time to dedicate to studying for certifications.
- 22 percent don’t think certifications are widely recognized enough to merit the investment.
But, Robinson says, “those that follow through on certifications find that they provide a higher degree of credibility, better proof of knowledge, and improved candidacy for open positions.”
Train the Entire Employee Base, Not Just Tech Pros
Because almost every employee in an organization uses technology to get work done, training the entire employee base on cybersecurity issues is important for keeping data secure.
“End-user education is needed to raise security literacy,” Robinson says. “As the practice of security begins encompassing more disciplines and the majority of security breaches are due to human error, companies must turn their attention to the skills and literacy of their workforce. The primary focus may be the specific roles and expertise of the technical team, but the solution must extend to awareness and training for all workers.”
CompTIA’s researchers examined how companies are training all staff on cybersecurity skills.
- 58 percent of companies train employees on cybersecurity at new-employee orientations.
- 46 percent of companies do random security audits.
- 35 percent offer “live fire” hands-on labs.
Only about half of companies continuously train employees on cybersecurity. That’s a mistake, Robinson says: “In a rapidly changing technology environment, simple one-time efforts such as new-employee orientation or posting security policies for review will have low efficacy.”
Focus on Secure Processes
As technology changes and develops, it’s clear that one-time security education falls flat and quickly becomes outdated. Instead of relying on specific security tactics, Robinson says companies are focusing on building secure processes that flex for new technology and threats.
“The goal used to be a secure perimeter,” he says. “But as the technology stack becomes more complex, the cybersecurity domain has expanded to include other disciplines beyond firewalls and antivirus programs. The creation of secure processes and policies, such as risk analysis and compliance management, ensures safe operation in digital environments.”
Learn more about Coursera’s courses and specializations in cybersecurity.
Coursera for Business
With access to the best content from over 150 global university partners, Coursera allows you to create Learning & Development Programs that map to your company’s evolving needs. For more information about Coursera for Business, please contact us.2