Security staff are being forced to upskill in their own time

Many businesses aren’t prioritising internal training, causing workers to spend their own time on professional development

Many IT and security professionals are working to improve their skills in their own personal time rather than through opportunities provided through their workplace, despite concerns over cost and lack of time.

With a skills gap widening, security workers aren’t able to fully develop their skills at work and are instead turning to development training in their free time. Around half of employees (48%) have committed time before and after work to improve their skills, for example, with 20% also training themselves on weekends. 

Professionals are also spending a great deal time per week on upskilling themselves outside of work hours, with 40% spending time every day, and another 38% at least once a week, according to research by Cybrary.

The volume of staff spending time on upskilling outside of work hours is high, despite 33% reporting cost and 28% reporting lack of time as a barrier to getting the development training they need. Disturbingly, according to the findings, 40% say these barriers have a major or severe impact on developing their skills.

“While cybersecurity is often considered a top priority, the industry lacks urgency when it comes to skills development practices for individual team members,” the report claimed. “Organizations need to establish continuous cybersecurity education and professional development not only for security teams but across multiple disciplines, including HR, IT and management.”

Related Resource

IT Pro 20/20: The learning revolution starts now

The eighth issue of IT Pro 20/20 looks at the rise of self-education during a global pandemic

DOWNLOAD NOW

The findings have uncovered a severe workplace skills gap in cyber security, with 72% of respondents to the Cybrary survey suggesting there’s a skills gap on their team. To compound the issue, 65% of IT and security managers agree that this has a detrimental effect on how effective their teams are in responding to threats.

The picture is particularly grim considering recent changes in the workplace which have resulted in IT and security professionals feeling their organisations don’t understand what skills are needed from them. 

Around half of organisations, for example, have either reduced their training budgets, 22%, or kept them the same, 25%, over the past year. A fraction of respondents, 16%, claimed their organisations don’t have any training budget at all.

Methods of reviewing skills on security teams are seemingly inadequate or out-of-date, the report also concluded, with 46% of organisations relying on performance reviews, and a further 37% relying on job-related assessments. Only 20% of businesses deploy skills-based assessments, while just 17% use certification practice tests. 

Alarmingly, 23% of organisations don’t track any skill development for their IT and security teams, and 46% also don’t confirm new hire skills for specific roles, and neither do 40% regularly assess the skills of newly recruited team members.

 The report has recommended that organisations must empower members of their IT and security teams to take up training and development opportunities so they aren’t forced to invest their own time and money developing themselves. The result would be an increase in efficiency, the report claims, as well as productivity and performance. 

Simply providing training isn’t a solution, however, and any efforts to improve the skillset amongst the workforce must involve assessing skills across teams and monitoring development on a continuous basis. Such a targeted approach would help the industry to gain a better, more granular, understanding of the skills gap, with businesses able to establish clear development goals for workers.

Featured Resources

Digital document processes in 2020: A spotlight on Western Europe

The shift from best practice to business necessity

Download now

Four security considerations for cloud migration

The good, the bad, and the ugly of cloud computing

Download now

VR leads the way in manufacturing

How VR is digitally transforming our world

Download now

Deeper than digital

Top-performing modern enterprises show why more perfect software is fundamental to success

Download now

Recommended

Microsoft spearheads industry-wide charter against AI cyber attacks
Security

Microsoft spearheads industry-wide charter against AI cyber attacks

23 Oct 2020
Weekly threat roundup: Chrome, Citrix and WordPress
Security

Weekly threat roundup: Chrome, Citrix and WordPress

23 Oct 2020
IT services giant Sopra Steria falls victim to Ryuk ransomware
Security

IT services giant Sopra Steria falls victim to Ryuk ransomware

23 Oct 2020
CMS platforms succumb to KashmirBlack botnet as businesses rush online
Security

CMS platforms succumb to KashmirBlack botnet as businesses rush online

22 Oct 2020

Most Popular

The top 12 password-cracking techniques used by hackers
Security

The top 12 password-cracking techniques used by hackers

5 Oct 2020
The enemy of security is complexity
Sponsored

The enemy of security is complexity

9 Oct 2020
What is a 502 bad gateway and how do you fix it?
web hosting

What is a 502 bad gateway and how do you fix it?

5 Oct 2020