Strategic approaches to closing the cybersecurity skills gap
The cybersecurity landscape has, for decades, grappled with a severe and escalating challenge: Public and private sector organizations are confronted with a rapidly evolving array of threats. Simultaneously, a widening skills gap is eroding their capacity to effectively design and manage a secure IT environment.
According to the World Economic Forum, 52% of public organizations say a lack of resources is their biggest roadblock to cybersecurity resilience, and ISC2’s most recent Cybersecurity Workforce Study revealed that a whopping 92% of practitioners and decision-makers report skills gaps in their organizations. In plain terms, most organizations don’t have enough resources to protect themselves, and less than 10% have all the skills they need to improve. At the same time, the demand for advanced and specialized cybersecurity skills like cloud security or artificial intelligence (AI) is on the rise, highlighting the critical need for targeted training initiatives.
This shortfall results in direct and demonstrable operational risk. It’s hampering the development of infrastructure and applications secure enough to face the growing ecosystem of attackers and threats. Budget constraints further widen the gap. The ISC2 study shows that 47% of cybersecurity professionals experienced cutbacks at their organizations, manifesting as layoffs, budget cuts, and the elimination of critical training programs.
How do we get past these fundamental obstacles? We must adopt more collaborative and innovative approaches to cybersecurity education and workforce development to ensure the industry can effectively meet future challenges. And it starts at the beginning.
Bringing Academia into the Fold
Innovative partnerships between academia and industry are emerging and maturing as a new collaborative tactic to close the cybersecurity skills gap more effectively and adequately prepare the workforce. Schools create marketable skills for graduates at multiple levels of technical sophistication, while companies influence curriculum and core requirements to ensure that graduates are prepared to bring value from their first day.
Collaborations like the one between NuHarbor Security and Champlain College illustrate how integrating real-world responsibilities and experience with academic curricula accelerates the readiness of cybersecurity professionals. NuHarbor’s commitment to collocating company facilities on campus provides the presence required to mentor and prepare a new generation of practitioners through casual interaction and practical experience.
Pace University similarly joined forces with the National Security Agency (NSA) to grow the cybersecurity workforce through higher education. One of the most meaningful benefits is the topical relevance of these programs. Dated coursework and study materials are a sad reality in traditional cybersecurity training, as threats, enabling technologies, and new service models arrive with exciting and disruptive regularity.
New, tailored, and results-focused internship programs and cooperative educational frameworks require students to engage directly with cutting-edge cybersecurity challenges during their studies. This prepares them to solve real-world challenges upon entering the workforce while giving them access to the modern tools and approaches that they will use when they enter the marketplace.
These collaborative programs are naturally more dynamic and responsive to trends and advancements outside of strict security measures. As corporate and public sector sponsors manage their security programs in a real-world populated with threat actors and technology evolution, those insights bring changes like specialized certifications and programs focused on high-growth areas like AI, API security, cloud and hybrid operating models, and automation.
By leveraging industry leaders’ cutting-edge resources and expertise, educational institutions offer more targeted and advanced training, making their programs more attractive to prospective students and raising the population of experienced security players in the industry.
Creating More Consistency and Competency in Cybersecurity
A change in the fundamental scarcity of resources will be defined by these deeper partnerships between industry and academia. These collaborations are vital for creating a responsive and innovative approach to solving cybersecurity challenges. Like teaching hospitals, graduate research programs, and traditional cooperative education, this new combination of academic research with real-world industry tasks and responsibility has the potential to generate new methodologies better suited to stop the next wave of cyberattacks.
This type of exposure and experience isn’t a new concept for highly complex or deeply process-driven jobs. There are apprenticeships in many critical and well-known industries, from plumbers and electricians to jewelers, designers, and musicians.
A collaborative environment encourages hands-on, real-world experience that promotes the exchange of ideas and fosters work cultures that value both traditional expertise and innovative thinking. As experienced practitioners guide young talent, they evolve through exposure to fresh concepts and perspectives that challenge conventional approaches. In cybersecurity, this can lead to breakthroughs in practices, technical requirements innovation, and automation and response advancements. A continuous learning environment helps to ensure that cybersecurity measures keep pace with evolving threats, and these measures ultimately inform and raise the baseline protections for everyone.
Lastly, these partnerships create a source of candidates who will contribute immediately upon hiring, reducing time spent on training and the time that organizations remain exposed during the ramp-up of new employees. Organizations’ ability to quickly leverage new cybersecurity talent to protect their operations is critical, and they can demonstrate quick wins, overcoming resistance to hiring new staff.
This approach to closing the cybersecurity skills gap is an essential initiative to lay the groundwork for long-term cybersecurity preparedness. The escalating sophistication of cyber threats demands that we think differently about how we train and nurture the next generation of cybersecurity practitioners. By integrating the theoretical knowledge from higher education institutions with our industry’s practical insights and tools, these partnerships are the foundation for building a sufficient, resilient, and highly engaged cybersecurity workforce.