Security staff are being forced to upskill in their own time

Many businesses aren’t prioritising internal training, causing workers to spend their own time on professional development

Many IT and security professionals are working to improve their skills in their own personal time rather than through opportunities provided through their workplace, despite concerns over cost and lack of time.

With a skills gap widening, security workers aren’t able to fully develop their skills at work and are instead turning to development training in their free time. Around half of employees (48%) have committed time before and after work to improve their skills, for example, with 20% also training themselves on weekends. 

Professionals are also spending a great deal time per week on upskilling themselves outside of work hours, with 40% spending time every day, and another 38% at least once a week, according to research by Cybrary.

The volume of staff spending time on upskilling outside of work hours is high, despite 33% reporting cost and 28% reporting lack of time as a barrier to getting the development training they need. Disturbingly, according to the findings, 40% say these barriers have a major or severe impact on developing their skills.

“While cybersecurity is often considered a top priority, the industry lacks urgency when it comes to skills development practices for individual team members,” the report claimed. “Organizations need to establish continuous cybersecurity education and professional development not only for security teams but across multiple disciplines, including HR, IT and management.”

Related Resource

IT Pro 20/20: The learning revolution starts now

The eighth issue of IT Pro 20/20 looks at the rise of self-education during a global pandemic

DOWNLOAD NOW

The findings have uncovered a severe workplace skills gap in cyber security, with 72% of respondents to the Cybrary survey suggesting there’s a skills gap on their team. To compound the issue, 65% of IT and security managers agree that this has a detrimental effect on how effective their teams are in responding to threats.

The picture is particularly grim considering recent changes in the workplace which have resulted in IT and security professionals feeling their organisations don’t understand what skills are needed from them. 

Around half of organisations, for example, have either reduced their training budgets, 22%, or kept them the same, 25%, over the past year. A fraction of respondents, 16%, claimed their organisations don’t have any training budget at all.

Methods of reviewing skills on security teams are seemingly inadequate or out-of-date, the report also concluded, with 46% of organisations relying on performance reviews, and a further 37% relying on job-related assessments. Only 20% of businesses deploy skills-based assessments, while just 17% use certification practice tests. 

Alarmingly, 23% of organisations don’t track any skill development for their IT and security teams, and 46% also don’t confirm new hire skills for specific roles, and neither do 40% regularly assess the skills of newly recruited team members.

 The report has recommended that organisations must empower members of their IT and security teams to take up training and development opportunities so they aren’t forced to invest their own time and money developing themselves. The result would be an increase in efficiency, the report claims, as well as productivity and performance. 

Simply providing training isn’t a solution, however, and any efforts to improve the skillset amongst the workforce must involve assessing skills across teams and monitoring development on a continuous basis. Such a targeted approach would help the industry to gain a better, more granular, understanding of the skills gap, with businesses able to establish clear development goals for workers.

Featured Resources

Unlocking collaboration: Making software work better together

How to improve collaboration and agility with the right tech

Download now

Four steps to field service excellence

How to thrive in the experience economy

Download now

Six things a developer should know about Postgres

Why enterprises are choosing PostgreSQL

Download now

The path to CX excellence for B2B services

The four stages to thrive in the experience economy

Download now

Recommended

Mastering endpoint security implementation
Security

Mastering endpoint security implementation

16 Apr 2021
US, UK say Russia was behind SolarWinds hack
cyber attacks

US, UK say Russia was behind SolarWinds hack

16 Apr 2021
1Password targets enterprise customers with Secrets Automation
IT infrastructure

1Password targets enterprise customers with Secrets Automation

14 Apr 2021
PowerShell threats increased over 200% last year
cyber security

PowerShell threats increased over 200% last year

14 Apr 2021

Most Popular

Microsoft is submerging servers in boiling liquid to prevent Teams outages
data centres

Microsoft is submerging servers in boiling liquid to prevent Teams outages

7 Apr 2021
University of Hertfordshire's entire IT system offline after cyber attack
cyber attacks

University of Hertfordshire's entire IT system offline after cyber attack

15 Apr 2021
NSA uncovers new "critical" flaws in Microsoft Exchange Server
servers

NSA uncovers new "critical" flaws in Microsoft Exchange Server

14 Apr 2021