Cyber training in the real world: 3 approaches to strengthening your workforce
Given the dynamic nature of cyber threats, industry and government leaders alike need to ensure their workforce is properly trained and ready for anything. Focus on these three areas to support career paths in cyber and address the current critical skills gap.
Election tampering. Identify theft. Power grid incursions. The opportunities for adversaries to threaten our critical systems and functions continue to grow, while the tactics they use, such as malware and infrastructure attacks, evolve minute-by-minute. In such a challenging and high-stakes environment—when today’s skills are not equal to the task of combating tomorrow’s threats—how can cyber domains across industry, academia, government agencies, and the armed services adequately prepare cyber professionals for future cyberattacks?The key is an innovative, immersive, and consistent curriculum that is designed for the real world. We have identified three critical areas that leaders should strengthen to provide workers with appropriate career paths in cyber and address the current and future critical skills gap. While cyber training is far from simple, this 3-pronged approach will help employers develop appropriate career paths in cyber—while addressing the current and future skills gap.
1. Establish a mature training modelStart by creating a common framework for employees and building interactive experiences to test their skills. Establish common experiences, lexicons, tool kits, and work role alignment to set employees up for successful collaboration across domains. Current cyber training programs or curricula are often too specific, leaving a novice individual with knowledge honed only where they’ve been instructed. This makes cyber professionals—and the organizations they support—vulnerable, as they may struggle to apply their knowledge to a variety of new scenarios or domains.
We’ve seen this happen with armed services members who have been asked to support an issue within industry—the lack of commonalities slowed down responsiveness to a cyberattack. By providing cross-domain experiences throughout the training lifecycle, cyber leaders ensure that their workforce will be able to apply their knowledge to a variety of experiences—reinforcing their skills while making their organizations more resilient to cyber threats.
This broad approach to cyber training provides a solid foundation on which to build your mature training model. It’s a shift in mindset that empowers cyber professionals, giving them the confidence and competence they need to tackle new cyber events, regardless of the environment. Because it’s not enough to convey the “how” and “know” parts of learning in only one environment—cyber professionals need to be able to demonstrate the “do” aspect of cyber in multiple platforms across a variety of circumstances.
2. Invest in mentorship to shape and inspire the next generation of cyber professionals
Utilize your greatest assets: experienced cyber experts. These cyber veterans—who are fluent in the latest IT and security tools in their domains—should support newer cyber professionals. Seasoned mentors can share their critical thinking, trend analysis, analytic techniques, effective writing and briefing, and alternative analysis skills. One-on-one conversations, timely feedback, and written observations help foster an environment of continuous learning.
Mentorship should include in-depth reviews of tradecraft, recommendations for improving specific analytical products, and the overall process of analytic reviews. Through mentoring, newer cyber professionals can better understand their career path and potential growth opportunities, leading to a more committed and motivated staff.
3. Support formal cyber education programs
Finally, expand the pipeline. The demand for cyber professionals will continue to grow beyond what the labor market can support. In order to address the long-term critical cyber skills gap, we recommend that all cyber domains support formal cyber education programs. These opportunities provide the next generation of cyber professionals with early and frequent opportunities to be critical thinkers.Theoretical education cannot offer the same impact as practical execution: cyber learners at all stages need to understand how to conduct actual cyber functions. Cyber education programs that allow students to safely conduct exercises in a variety of simulated environments will produce a generation of hands-on keyboard learners who are able to think clearly and critically in the face of emerging cyber threats.
Scholarships, diversity programs, and internships/apprenticeships can give learners a range of experiences in specialized cyber roles and increase their comfort level when stepping directly into new scenarios.