The cybersecurity skills gap continues to widen, putting pressure on organizations to find the talent they desperately need at a time when cybersecurity breaches are becoming an almost daily occurrence. A 2021 survey of 489 cybersecurity professionals found that the cybersecurity skills shortage had affected half of all respondents, who said that the gap was on a “downward” trend, going from “bad to worse.” While many initiatives have been launched to address the skills gap, one of the most important steps that organizations can take to improve the resilience of their own security is to invest in upskilling their IT professionals by providing cybersecurity training. This is particularly important at a time when employees are expecting more development opportunities from their employers.
Cybrary is a cybersecurity professional development platform that offers a variety of cybersecurity training content to a community of over three million users. These range from professionals looking to gain certifications and improve their cybersecurity domain knowledge to students looking to pursue a new career in cybersecurity.
Kevin Hanes joined Cybrary in June 2021 as CEO. Before joining Cybrary, Hanes was Chief Operating Officer at leading cybersecurity service provider Secureworks, managing security solutions across XDR, EDR, compliance, incident response solutions and consulting services as the company went public in 2016. We spoke to Hanes about the Cybrary platform, how employers can best train their employees, and the importance of diversity in solving the cybersecurity skills gap.
What sets Cybrary apart from other workforce development providers?
Prior to joining Cybrary, I was heads down, delivering security to thousands of organizations. The hardest thing I had to do while running operations at a large cybersecurity company was to manage talent: bringing talent in the door, keeping talent, and developing talent. It was the hardest thing by far. Solving this challenge is what inspired me to join Cybrary.
For context, we would have hundreds of billions of events flowing into our operations center every day. And to find the bad guy among all that traffic and noise, we had to have amazing technology. But at the end of the day, it is the people who have to deal with the things that are suspicious but known not to be malicious. The technology can only take it so far.
In that process, I saw the industry needed to put more emphasis on training and equipping the individuals that are dealing with the risk and taking all of the mitigation steps. I knew this was a huge problem, but I just didn’t know how to solve it. Then Cybrary came along, and our mindset is different from many other cybersecurity learning and development platforms.
All of the cybersecurity certifications out there are important and help people get into the space, but they’re not sufficient in preparing you for the experience you’re going to need when you join a security organization.
Because honestly, hiring managers will look at your certifications in the interview process, but once you’re in a job, typically nobody ever looks at them again. But what employers do look at is: What do you know how to do? What can you do? What are you capable of?
Cybrary wants to teach the skills on the keyboard, help people demonstrate these skills, and be confident in their ability to do the job. It’s hard because you look at LinkedIn and see what certifications people have, but it doesn’t tell you a lot about what people can do.
We have a huge community of over 3 million learners on our platform. And we can help them with the professional development piece to help their career, but we can also really help them reduce risk to their organization. That’s what we’re all about.
What do people like best about Cybrary’s training?
We have people who are here to learn as individuals. We also have companies who want their cybersecurity teams to advance in their learning and improve their skills.
For the individual learner, we want to double down on the accessibility and affordability of our platform and make it fun. People love that on the learning side, and they love our community of mentors, who they can connect with about their jobs and their fields.
On the organization side, I think what they like is our obsession that, at the end of the day, we’re trying to help them reduce the risk in their organization by enabling them to build and develop cybersecurity teams with the skills to succeed against ever-evolving cyber threats.
In a recent blog post, you predict that the cybersecurity skills gap is unlikely to improve this year. Why does this gap continue to be such as persistent problem in the industry, and what do you think is needed to solve it once and for all?
I think there are a lot of reasons why there is a skills gap. One is just because of the explosion of what’s going on in the cybersecurity space. Over the last ten years, there has been a ton of innovation making it more challenging for professionals to stay ahead. Cyber also historically hasn’t been super inclusive or approachable as a profession to jump into—but it is turning that way; it is getting better.
I was a technology executive who led Women in Technology organizations. And it struck me that I would walk around our operations centers, and you just don’t see enough diversity. And I think there’s a great opportunity for people who you are not typically seeing in these roles, who could do amazingly well, but for whatever reason, they’re not seeing cyber as something that they can do. These are some systemic problems.
In terms of how we fix it, we’ve got to get to them earlier, we’ve got to make it accessible and affordable. We have to think about the diversity of who we are bringing in. And that’s all kind of diversity—including cognitive diversity—we need to think about that and support that.
I also think organizations need to be more proactive about this. If you think about the benefit of taking somebody who is already in your company, and maybe they’re technically orientated, they love to break things and solve problems, why not invest in them? It may be really hard to recruit somebody who is exactly what you’re looking for. But if you start to invest in these people, it’s really viable. Workforce transformation within your own company can be a game-changer.
What advice would you give to organizations to help them deal with the IT security skills gap?
If you think about investment in cybersecurity over the last ten years, it’s a curve going up. And the majority of that investment has gone into cyber technology—so deploying and implementing tech.
One of the questions I’d love organizations to ask is: What will reduce the most amount of risk for the next dollar they spend? Is it going to be more tech? Or is it going to be enabling their team to get the best use out of the tech they have?
In most organizations today, I would argue strongly that the way to reduce the most risk for the dollar spent is to invest that dollar in enabling your team—enabling the people—as part of your program. This would be a much better return than investing in more tech. And I come from a background where I believe in tech, so I’m not anti-tech, don’t get me wrong. I’m just looking at what reduces the most risk.
Often, when there’s a budget cut, the first thing a lot of financially orientated people look for is travel and training. Unfortunately, I think we are in a world now where the gap in terms of where technology is and where people are is too wide. We can’t do that anymore; we have to invest in our people. And it’s something you can commit to when you’re trying to recruit, and it will also pay off with your current employees, knowing you’re investing in them.
You can find out more about Cybrary here: https://www.cybrary.it
Expert Insights provides leading research, reviews, and interviews to help organizations make the right IT purchasing decisions.