The Gorilla Guide to Skills, Success, and Surviving Cybersecurity
Cybersecurity is a field that experiences significant professional attrition. The annual Voice of SecOps report found that up to 45% of cybersecurity professionals are considering leaving the field due to stress. Similarly, ISACA’s State of Security 2022 report finds that 60% of respondents are having trouble retaining cybersecurity professionals.
Burnout in cybersecurity is a very real concern, and the remedies for this problem aren’t as straightforward as simply increasing pay (although that can help). Alleviating burnout requires obtaining and retaining enough skilled cybersecurity professionals to do the job.
Unfortunately, cybersecurity is a large and diverse field, meaning that cybersecurity professionals aren’t easily interchangeable. Even if the technical skills were fungible— onboarding new staff costs time. Staff turnover affects team cohesion, while new staffs need time to learn business processes and train on company-specific applications and other necessary skills.
Cybersecurity has both a talent and a skills gap. To address the talent gap, you must address the skills gap, too: In other words, you can’t hire your way to a secure network—training simply must be part of the solution.
Saying “training must be part of the solution,” however, is a lot easier than actually implementing a training program. “Training” covers many approaches, ranging from a very hands-off “encouragement of lifelong learning” through to systematized drills, and everything in between.
Which approaches are most helpful in meeting today’s cybersecurity needs? And if training is only part of the solution to securing our networks, what else do organizations need to keep in mind?
