Using upskilling to solve the cybersecurity talent shortage

Since the start of the pandemic, many organizations have broken digital barriers at record speed.

The era of cloud computing, Internet of Things (IoT), automation and online collaboration tools has accelerated digital and human connectivity. 

But these new hybrid human-digital ecosystems are often fragile. And threats are increasingly sophisticated. Organizations are sounding the alarm for more investments in their people, but they’ve been dealt a critical hit: talent shortages. This hurdle can make it extra difficult to pad their defenses. To catch up to, and outrun, emerging cyber threats, organizations will need to  look within to create a holistic team of cyber defenders—using upskilling as their secret weapon.

Cybersecurity is facing the perfect storm

Digitization trends have left many cybersecurity professionals—and organizations—on uneven ground. These challenges often run deep and were gaining momentum before disruptions like the Great Resignation or the pandemic.

1. The meaning of security has changed.

Technology not only has become faster and better, but it has also become more complex. We’re connected through a tangled web of devices, data and digital where attackers can survive underground unnoticed. And just when organizations think they’ve pulled one weed, another springs up.

Core business processes that existed within physically secure servers may now only exist as a single line of code—but that doesn’t mean it’s easier to keep safe. Forty-nine percent of CEOs have ranked cyber risks as the top threat to growth in the next 12 months. Organizations predict a 53% increase in cyber crime and are looking to bring on more resources to combat these growing threats against cloud services, supply chain software, ransomware and malware.

No one business is immune to cyber threats. To stay secure, cybersecurity professionals should stay vigilant, and the rest of the organization will need to get involved. From the C-suite to the board to risk, technology and security functions—everyone can play a part in protecting against cyber attacks, disinformation and vulnerabilities.

2. It’s not just a talent shortage. It’s a talent crisis.

And if it grows any stronger, it will continue to jeopardize organizations' abilities to safeguard against fast-spreading digital threats.

More than half (51%) of executives say they plan to add full-time cybersecurity staff. Cloud security, security awareness, endpoint security, and real-time threat intelligence capabilities are top priorities. But there are coverage gaps—and they are wide. In the US, 50% fewer candidates are available than are needed in the cyber field. Globally, it was estimated that 3.5 million cybersecurity jobs went unfulfilled in 2021.

Organizations can’t afford to wait for fresh talent to come in. Cybersecurity is still a relatively new field of study on college campuses and threats and strategies for managing them are ever-changing. And if you want to take advantage of more experienced hires, they’ll still need to be cross-trained. To prepare both new and experienced talent, organizations should understand skill gaps and move employees through cybersecurity upskilling quickly without sacrificing skills acquisition.

3. There’s a lot of learning software out there.

With so many options, organizations either don’t have the time or resources to narrow down the leading cybersecurity learning development platform for their needs. And with how fast everything changes, content can quickly go out of date. How do you know if you’re getting the latest and greatest information?

As a result, many companies establish individual learning budgets for cybersecurity practitioners. But this can often result in leaving money on the table or mismatched skills development, widening the skills gaps even further.

PwC felt the cyber talent crunch—and sought to solve it

The ongoing cyber talent shortage pushed us to realize that our cybersecurity professionals needed a better learning and development structure. We were growing by the thousands and had to make sure we were not only keeping our company safe but our clients as well.

So we decided to do a global search for the most effective training content we could find. We reviewed and ranked over 50 vendors and hundreds of courses that spanned live, computer-based and simulation learning. We mapped our scoring metrics like frequency of updated content, user experience and customization to 72 PwC Cyber learning topic areas. In all, we reviewed over 4,000 assets.

By the end of 2020, we opened our Global Cyber Academy. After its first year, we had 3,100 practitioners from almost 70 PwC member firms upskilling across the nine different pathways using highly-curated, digitally accessible learning. New hires that went through the training came out more confident and productive. Cloud certifications went from a few dozen pre-launch to over 2,000.

Now, PwC is integrating our Cyber Academy into ProEdge, an end-to-end upskilling product designed for digital business transformation and citizen-led innovation. ProEdge is used to help accelerate the upskilling journey, close skill gaps from within and help organizations stay competitive by giving people the skills they need to innovate at scale. 

Look to upskilling for a fortified defense to cybersecurity threats

By increasing current employees’ skills in cloud solutions, cyber defense, data privacy and security analysis, you can improve your organization’s capabilities in protecting data and systems, help mitigate risk and improve resilience against cybersecurity threats.

ProEdge offers cyber-specific learning content that helps organizations surround cybersecurity threats from all angles for a 360-degree defense against increasingly complex risks. They can engage with thousands of pieces of cyber content served up to them via highly-personalized learning paths and recommendations based on their skill level, role and future goals.

Here are a few examples of how ProEdge’s cyber channel can boost function-specific skills across the organization:

• A cyber defense manager who has experience in security and network traffic analysis can expand their knowledge of cybersecurity threats, improve decision-making and communication skills and learn how to present recommendations. 

• A business risk manager who focuses on mitigating risks and meeting compliance requirements can build stronger digital skills such as agile methodology, continuous monitoring and automated reporting through data and analytics to help improve his department’s performance. 

• A newly appointed cyber business information security officer (BISO) can sharpen their skills in threat management by learning to create an incident response strategy and how to use AI to mitigate threats and improve resiliency. 

Future-proof your cybersecurity team with ProEdge cyber credentials

Learners have opportunities to earn nine ProEdge cyber credentials in areas like cyber incident management and cloud security. ProEdge cybersecurity credentials help learners confirm their competency in skills relevant to function-specific tasks and can be used to advance careers and cross-train employees across the organization. Learners apply their skills through realistic business projects related to their function. A virtual evaluation team reviews credential projects and confirms skill proficiency. Courses can be completed in short bursts and are meant to be taken in respect to an employee’s time and energy. 

With ProEdge, you get industry-leading, vetted providers delivering high quality, curated content and courses refreshed regularly that can help learners stay current with emerging skills. Your cyber professionals can get credentialed so they can get ahead of the high-velocity change within digital and cyber.

Related blog post

Upskilling the next-generation of risk, compliance and audit officers