The need for cybersecurity workers is more critical than ever, yet the talent gap continues to grow. The reason: There’s a gap between the skills of the workforce and cybersecurity demands. Globally, there is a deficit in cybersecurity talent, and 71% of organizations report being impacted by the skills shortage. These challenges have resulted in high burnout in the cybersecurity workforce.

Upskilling can be a viable solution to address these common challenges. Many organizations lack the budget to hire people, however, investing in upskilling can prepare the workforce to combat cyber threats, protect sensitive information transition into high-demand roles. In this article, we’ll review best practices on upskilling employees to meet the heightened demand in cybersecurity.

The State of the Cybersecurity Industry

ISACA’s “State of Cybersecurity Report 2023” found that over one-half of respondents struggle to retain the people needed to respond to cyberattacks. For example, cybersecurity analysts are one of the top digital roles for growth, yet there’s a struggle to find highly-skilled professionals to meet industry demand. With an excess of entry-level talent and a higher proportion of senior-level positions remaining vacant, 49% of roles in cybersecurity remain unfilled. Additionally, with a notable aging workforce in the field, the current trajectory does not bode well for a shortage of skilled professionals in the future.

Organizations face challenges in recruiting cybersecurity workers due to the diverse range of responsibilities, educational backgrounds, skills, experience levels and certifications that professionals in this field possess. And despite the demand for cybersecurity skills, retaining talent poses just as much of a challenge. High attrition rates have made it difficult for cyber talent who’re tasked with an increased influx of work. In Cynet’s “2023 Implications of Stress on CISOs Survey,” 65% of chief information security officers (CISOs) indicated that high-stress levels compromise their ability to protect their companies. It’s up to learning and development (L&D) leaders to upskill potential employees in cybersecurity to decrease attrition, and sustain a cyber-secure organization.

Shifting Emphasis To Practical Skills and Expertise

Many aspiring cyber professionals have the practical experience needed to have a thriving cybersecurity career — they just lack the technical skills necessary to succeed.

Information technology (IT) skills are undoubtedly important for cybersecurity jobs, however, there’s a common misconception that these are the only skills necessary and that formal education, such as a bachelor’s degree, is required to succeed in the role. However, soft and analytical skills like critical thinking, communication, decision-making, management and troubleshooting are equally important.

This perception can present a barrier to entry for those who undervalue their soft skills and might overlook a cybersecurity career based on the perceived requirements. Human resources (HR) managers also can over emphasize certain job requirements, which can lead to a poor understanding of the actual skills required for the role. This can pose a challenge for businesses to find and hire well-rounded individuals with the ideal combination of technical and soft skills. As a result of this mismatch between employer expectations and candidate skill sets, industry skills gaps persist.

To solve this challenge, L&D leaders must look within their own talent pool for high-potential employees with transferable skills and the soft skills to take on new roles in cybersecurity.

Upskilling as the Solution

To get started, learning professionals should focus on seasoned and/or high-potential employees who already have knowledge of the business and soft skills. L&D leaders can then upskill this talent pool in technical training and coach them to fulfill cybersecurity roles in the organization — rather than hire college graduates with technical skills but a deficiency in soft skills and company knowledge. Instead of waiting for those individuals to develop the knowledge and expertise that come with years of experience, L&D leaders can embrace the shift and give highly-skilled employees the knowledge to have a successful cybersecurity career. And some companies are already doing this.

For example, Amazon is investing more than $1.2 billion to upskill 300,000 of their own employees in the U.S. to equip them with the skills to transition into high-growth jobs. Amazon is also investing hundreds of millions of dollars to provide free cloud computing skills training to 29 million people across the globe. These upskilling efforts can give learning professionals a faster way to close talent gaps.

L&D can also partner with academic institutions to develop tailored courses, certifications and training models that provide hands-on experience and practical skills development. Organizations that train and promote employees internally can benefit greatly. Adopting a mindset that embraces inclusivity and a variety in skills can effectively sustain employee retention for the business.

A Holistic Approach to Cybersecurity Training

To successfully upskill employees and fill talent gaps, L&D professionals must look within the organization for potential candidates and then design and develop the training. This can inspire innovation and promote a sustainable, learning culture that prioritizes inclusivity and diversity.

This is why continuous upskilling is imperative. Through upskilling initiatives, employees can pursue non-traditional educational pathways that can offer them hands-on experience in the field. Upskilling and reinforcing foundational tech skills regularly is critical to increasing learning retention, mitigating the risk of a cyberattack and keeping the organization secure.

Digital advancements in the business sector, like the rapid adoption of artificial intelligence (AI), has increased the need for ongoing upskilling. According to an IBM report, the half-life of professionals skills was once estimated at 10 to 15 years, however, today the half-life of a learned skill is estimated to be five years and even shorter for technical skills.

Cybercrime is only going to increase, so companies must prepare for inevitable cyber breaches. It’s up to L&D to design and develop the learning required to help employees detect and avoid cybercrime. This not only cultivates a highly-skilled workforce that can tackle cybersecurity challenges, but also a culture of upskilling and empowering employees to acquire new skills and grow inside the organization.