GUEST ESSAY: A call to blur the lines between cybersecurity training, up-skilling and higher ed

By Jack Koziol

In a recent survey of US-based CEOs, talent shortages and cybersecurity were listed as two of the top five business concerns in 2022.

Related: Cultivating ‘human sensors’

They may not entirely realize that when compounded, these two concerns could pose a critical security threat for their organization.

CEOs who are looking to secure their data and build a cyber-resilient infrastructure are facing a quadruple whammy:

•Expanding their digital infrastructure faster than they can secure it,

•Combatting record numbers of cyber incidents,

•Struggling to fill open cybersecurity roles, with now 600,000 unfilled cybersecurity roles in the U.S., and

•Losing the security talent that they do have to what has been called the Great Resignation.

The bottom line: organizations with unfilled cybersecurity roles are leaving themselves vulnerable to the growing number of cyber threats.

While there is no silver bullet to combat the many challenges facing leaders who are experiencing growing talent shortages and cybersecurity threats, these circumstances call for a reexamination of how we fill these essential roles as fast as possible.

Opening more doors

Four-year universities have traditionally been the only way into a career in cybersecurity, but this is rapidly changing — and for the better. What was once the gold standard, these traditional programs take significant time and resources that many individuals, and now organizations, do not have.

It’s time for the industry to reimagine what a traditional and effective path into these roles looks like, and more so, what skills and hands-on experience individuals need to fill these gaps rather than a degree.


Today, there are more paths into cybersecurity than ever. Individuals and organizations can now fill these skill gaps through online, self-paced training and short-term programs that give people the technical skills, hands-on experience and certifications they need to successfully serve in cyber roles.

Now, organizations must follow suit to encourage these expedited and skills-focused options. It’s become clear that the faster we accept and promote these various entry points into our industry, the faster we can fill these mission-critical roles.

Rethinking the talent game

Similar to how we must reevaluate how we’re training and giving the people the skills to fill cybersecurity roles, we must also reevaluate how we hire and retain them. According to the Infosec 2021 IT & Security Talent Pipeline Survey, over 90% of hiring managers struggle to fill open cyber roles — leaving mission-critical work undone and existing teams strapped for time and resources.

On retaining talent, it’s up to security leaders to understand what’s most important to their employees, whether it be compensation, professional development, remote work options or career pathing. Our clients have seen investment into their teams and building career paths for them to grow internally at their organization plays a huge role in talent deciding to stay at one place, with one such enterprise doubling the size of their cybersecurity training and upskilling program in just a few years due to demand and interest.

On attracting talent, the same survey revealed employers having success with hiring talent:

•Removed unnecessary experience requirements

•Offered competitive compensation package based on market demand

•Hired and supported inexperience candidates with re-skilling and up-skilling programs

•Implemented hiring initiatives to diversify talent pools

•Included non-technical skills like leadership skills and communication during the interview process.

Focusing on strategies like these that widen and diversify cyber talent pipelines allows hiring managers to drive better results at all stages of the talent management lifecycle, from attracting a larger cyber talent pool to developing employees throughout their careers.

Blurring the lines

Given the extremely high demand for cybersecurity talent, we must adapt to today’s challenges in attracting, upskilling and retaining cyber talent. We must collaborate across the industry and education providers to bring people into our field whether that be a certification and hands-on skill training online, an internal reskilling program to fill gaps with existing talent or pushing from more short-course security programs from higher education.

To fill this gap, we must blur the lines between traditional and new-age cybersecurity training, hiring and retention. If we don’t, the Great Resignation could become the next advanced persistent threat facing organizations worldwide.

About the essayist: Jack Koziol is the founder, SVP and GM of Infosec Institute, a cybersecurity education company. He is the author of The Shellcoder’s Handbook. When he’s not keeping the world safe by helping organizations educate their employees, he tries to get his three children to eat their breakfast and get to school on time.

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someone