Security staff are being forced to upskill in their own time

Many businesses aren’t prioritising internal training, causing workers to spend their own time on professional development

Many IT and security professionals are working to improve their skills in their own personal time rather than through opportunities provided through their workplace, despite concerns over cost and lack of time.

With a skills gap widening, security workers aren’t able to fully develop their skills at work and are instead turning to development training in their free time. Around half of employees (48%) have committed time before and after work to improve their skills, for example, with 20% also training themselves on weekends. 

Professionals are also spending a great deal time per week on upskilling themselves outside of work hours, with 40% spending time every day, and another 38% at least once a week, according to research by Cybrary.

The volume of staff spending time on upskilling outside of work hours is high, despite 33% reporting cost and 28% reporting lack of time as a barrier to getting the development training they need. Disturbingly, according to the findings, 40% say these barriers have a major or severe impact on developing their skills.

“While cybersecurity is often considered a top priority, the industry lacks urgency when it comes to skills development practices for individual team members,” the report claimed. “Organizations need to establish continuous cybersecurity education and professional development not only for security teams but across multiple disciplines, including HR, IT and management.”

Related Resource

IT Pro 20/20: The learning revolution starts now

The eighth issue of IT Pro 20/20 looks at the rise of self-education during a global pandemic

DOWNLOAD NOW

The findings have uncovered a severe workplace skills gap in cyber security, with 72% of respondents to the Cybrary survey suggesting there’s a skills gap on their team. To compound the issue, 65% of IT and security managers agree that this has a detrimental effect on how effective their teams are in responding to threats.

The picture is particularly grim considering recent changes in the workplace which have resulted in IT and security professionals feeling their organisations don’t understand what skills are needed from them. 

Around half of organisations, for example, have either reduced their training budgets, 22%, or kept them the same, 25%, over the past year. A fraction of respondents, 16%, claimed their organisations don’t have any training budget at all.

Methods of reviewing skills on security teams are seemingly inadequate or out-of-date, the report also concluded, with 46% of organisations relying on performance reviews, and a further 37% relying on job-related assessments. Only 20% of businesses deploy skills-based assessments, while just 17% use certification practice tests. 

Alarmingly, 23% of organisations don’t track any skill development for their IT and security teams, and 46% also don’t confirm new hire skills for specific roles, and neither do 40% regularly assess the skills of newly recruited team members.

 The report has recommended that organisations must empower members of their IT and security teams to take up training and development opportunities so they aren’t forced to invest their own time and money developing themselves. The result would be an increase in efficiency, the report claims, as well as productivity and performance. 

Simply providing training isn’t a solution, however, and any efforts to improve the skillset amongst the workforce must involve assessing skills across teams and monitoring development on a continuous basis. Such a targeted approach would help the industry to gain a better, more granular, understanding of the skills gap, with businesses able to establish clear development goals for workers.

Featured Resources

The ultimate law enforcement agency guide to going mobile

Best practices for implementing a mobile device program

Free download

The business value of Red Hat OpenShift

Platform cost savings, ROI, and the challenges and opportunities of Red Hat OpenShift

Free download

Managing security and risk across the IT supply chain: A practical approach

Best practices for IT supply chain security

Free download

Digital remote monitoring and dispatch services’ impact on edge computing and data centres

Seven trends redefining remote monitoring and field service dispatch service requirements

Free download

Recommended

Senate report slams agencies for poor cyber security
cyber security

Senate report slams agencies for poor cyber security

3 Aug 2021
Most employees put their workplace at risk by taking cyber security shortcuts
cyber security

Most employees put their workplace at risk by taking cyber security shortcuts

27 Jul 2021
61% of organizations say improving security a top priority for 2021
cyber security

61% of organizations say improving security a top priority for 2021

29 Jun 2021
ProtectedBy.AI’s CodeLock blocks malware at source code level
software as a service (SaaS)

ProtectedBy.AI’s CodeLock blocks malware at source code level

9 Jun 2021

Most Popular

Best Linux distros 2021
operating systems

Best Linux distros 2021

11 Oct 2021
HPE wins networking contract with Birmingham 2022 Commonwealth Games
Network & Internet

HPE wins networking contract with Birmingham 2022 Commonwealth Games

15 Oct 2021
Veritas Backup Exec 21.3 review: Covers every angle
backup software

Veritas Backup Exec 21.3 review: Covers every angle

14 Oct 2021