Give your business the technical edge to beat cybersecurity skills gap

Give your business the technical edge to beat cybersecurity skills gap

Ned Baltagi, Managing Director, Middle East and Africa at SANS, says training can be the most efficient and thorough way to rapidly ramp up technical skills

Ned Baltagi, Managing Director, Middle East and Africa at SANS, says training can be the most efficient and thorough way to rapidly ramp up technical skills.

Business today is dominated by the Digital Transformation; therefore, the more technically sound IT staff are, the more value they can bring to their organisation.

This is true of both in-house IT teams that are entrusted with managing and optimising IT investments while fostering innovation, and of technical teams in channel organisations that must demonstrate high levels of technical expertise to differentiate themselves from the pack in a highly competitive market.

Globally, there is a growing requirement for qualified IT professionals and this is nowhere more acute than in the domain of cyber security. Predictions vary but all agree there is and will continue to be a significant gap. Symantec, for example, has predicted that by 2019, there will be 1.5 million unfilled cybersecurity jobs worldwide and a 2016 study by Enterprise Strategy Group (ESG) and Information Systems Security Association (ISSA) found that 69% of organisations had already been impacted by the global cybersecurity skills shortage.

With this acute shortage of skills a major issue in the Middle East and Africa (MEA), organisations must take proactive steps to secure their digital future.

Why training matters

While the merits of on-the-job experience cannot be overstated, training can be the most efficient and thorough way to rapidly ramp up technical skills – provided of course that it is done right. This is particularly true when an organisation is looking to utilise new technologies that require deep domain-specific knowledge. And it is particularly true when it comes to cybersecurity.

By undergoing training, not only do employees become more efficient and have a better understanding of the technologies they work with – critical when defending against cyber criminals – but they can also become more knowledgeable in front of customers, troubleshoot better and so on.

Vendor training

Technology vendors, such as Microsoft, Cisco, and SAP offer training and certifications specific to their solutions that are aimed at helping IT professionals install and maintain the products correctly. Typical IT infrastructures however are hybrid in nature with integrated architectures consisting of best-in-class products from a variety of vendors. Product specific knowledge therefore only goes so far whereas domain specific knowledge has far greater practical advantage. For long-term success, organisations are better placed opting for vendor-neutral training courses that focus on principles, knowledge and capabilities.

Deciding on delivery

Next, there’s the question of the delivery model. Today, most IT training companies offer the choice of classroom-based instructor-led training as well as online computer-based training, both of which have their unique benefits. In SANS’ experience, classroom training is the preferred option for most of our delegates since it allows a more personal experience as well as deeper engagement through interaction. Delegates also benefit from the chance to engage with their professional peers, which enables them to network, share experiences and learn from others.

However, if time, budget and geographical constrains make it impractical to attend classroom training, online training is a very viable alternative. In recent years, rich-feature sets in collaboration tools have greatly enriched the quality of online training. This option also grants attendees the flexibility of undertaking the training at their own convenience and pace with the on-demand model. Alternatively, they could enjoy a mix of the benefits of on-demand and classroom style training by opting for live webcasts that enable real-time engagement with instructors while still allowing attendance from the location of choice.

Irrespective of the delivery model, it is always best to select courses based on the specific skillsets they help hone. While broader subject lines might serve as a good foundation, the complexity of IT systems today demands specific domain-related knowledge. For example, mobile security alone can require skills in forensics, advanced development, risk management, as well as employee awareness and policy development.

Key selection criteria

Two vital aspects of training that are often overlooked are the instructor and the course’s degree of emphasis on practical learning. This oversight is unfortunate as, in my experience, these are without doubt the factors that most impact the value of the course. As necessary as sound theoretical knowledge is, there is simply no substitute for hands-on advice and practice. And this is best facilitated when the course is led by an instructor who is also a working industry practitioner, particularly critical in a field like cybersecurity where both technology and the cyber criminals’ techniques are changing so rapidly.

The rapid advancement of technology has led to shorter times to market, faster refresh cycles and an abundance of new technology trends. An instructor who is also an active IT professional is on the frontline and therefore better placed to get students up-to-date on the latest developments taking place in the ‘real world’. They are also capable of answering questions based on experience and not just theory.

A case for certification

A discussion on training would be incomplete without at least brief mention of certification. In the simplest sense, a certification is a strong credential indicating one’s knowledge in a specific technology domain. While certifications can play a key role in the advancement of one’s professional career and prospects, they hold many benefits for employers too and therefore warrant investment.

For one, certification preparation often provides the motivation necessary for employees to set aside the time and effort required to become subject matter experts. Very often certification training includes the use of hands-on and/or simulated instruction which expose applicants to a wide range of scenarios that they might not frequently see in their day-to-day job. This prepares them for the one-off issues that often have the greatest negative impact on business.

Certifications also ensure that fundamental theoretical concepts are well understood. Maintaining a certification requires an ongoing educational commitment which keeps skill sets and knowledge up to date. Furthermore, most organisations which provide industry-standard certifications continue to maintain a relationship with the individual and their employer thereby acting as a source for up-to-date domain specific information. In short, certifications help organisations to realise the full benefit of the training they invest in.

A note on the ‘soft’ benefits

Beyond the obvious technical benefits, training and certifications can go a long way to boost employee satisfaction, IT efficiency and staff retention. Training enables organisations to hire entry-level staff and ramp up their skill sets in niche areas. This not only helps overcome the regional skills shortage but also encourages company loyalty since employees need to be challenged and convinced of their continued career growth.

To summarise, IT training is an expense for the business, but it is one which brings substantial short and long-term benefits. By investing in the right training delivered by the right provider, employers get expertly skilled staff who are committed to the organisation. These qualified professionals are equipped with the knowledge and hands-on experience to tackle the challenges that complex IT environments entail. They are more efficient, innovative and ready to give their organisation the edge it needs in today digital economy.

 

Browse our latest issue

Intelligent CISO

View Magazine Archive