Security staff are being forced to upskill in their own time

Many businesses aren’t prioritising internal training, causing workers to spend their own time on professional development

Many IT and security professionals are working to improve their skills in their own personal time rather than through opportunities provided through their workplace, despite concerns over cost and lack of time.

With a skills gap widening, security workers aren’t able to fully develop their skills at work and are instead turning to development training in their free time. Around half of employees (48%) have committed time before and after work to improve their skills, for example, with 20% also training themselves on weekends. 

Professionals are also spending a great deal time per week on upskilling themselves outside of work hours, with 40% spending time every day, and another 38% at least once a week, according to research by Cybrary.

The volume of staff spending time on upskilling outside of work hours is high, despite 33% reporting cost and 28% reporting lack of time as a barrier to getting the development training they need. Disturbingly, according to the findings, 40% say these barriers have a major or severe impact on developing their skills.

“While cybersecurity is often considered a top priority, the industry lacks urgency when it comes to skills development practices for individual team members,” the report claimed. “Organizations need to establish continuous cybersecurity education and professional development not only for security teams but across multiple disciplines, including HR, IT and management.”

Related Resource

IT Pro 20/20: The learning revolution starts now

The eighth issue of IT Pro 20/20 looks at the rise of self-education during a global pandemic

DOWNLOAD NOW

The findings have uncovered a severe workplace skills gap in cyber security, with 72% of respondents to the Cybrary survey suggesting there’s a skills gap on their team. To compound the issue, 65% of IT and security managers agree that this has a detrimental effect on how effective their teams are in responding to threats.

The picture is particularly grim considering recent changes in the workplace which have resulted in IT and security professionals feeling their organisations don’t understand what skills are needed from them. 

Around half of organisations, for example, have either reduced their training budgets, 22%, or kept them the same, 25%, over the past year. A fraction of respondents, 16%, claimed their organisations don’t have any training budget at all.

Methods of reviewing skills on security teams are seemingly inadequate or out-of-date, the report also concluded, with 46% of organisations relying on performance reviews, and a further 37% relying on job-related assessments. Only 20% of businesses deploy skills-based assessments, while just 17% use certification practice tests. 

Alarmingly, 23% of organisations don’t track any skill development for their IT and security teams, and 46% also don’t confirm new hire skills for specific roles, and neither do 40% regularly assess the skills of newly recruited team members.

 The report has recommended that organisations must empower members of their IT and security teams to take up training and development opportunities so they aren’t forced to invest their own time and money developing themselves. The result would be an increase in efficiency, the report claims, as well as productivity and performance. 

Simply providing training isn’t a solution, however, and any efforts to improve the skillset amongst the workforce must involve assessing skills across teams and monitoring development on a continuous basis. Such a targeted approach would help the industry to gain a better, more granular, understanding of the skills gap, with businesses able to establish clear development goals for workers.

Featured Resources

Choosing a collaboration platform

Eight questions every IT leader should ask

Download now

Performance benchmark: PostgreSQL/ MongoDB

Helping developers choose a database

Download now

Customer service vs. customer experience

Three-step guide to modern customer experience

Download now

Taking a proactive approach to cyber security

A complete guide to penetration testing

Download now

Recommended

Botnet targets vulnerable Microsoft Exchange servers
botnets

Botnet targets vulnerable Microsoft Exchange servers

23 Apr 2021
A guide to cyber security certification and training
Careers & training

A guide to cyber security certification and training

22 Apr 2021
What is hacktivism?
hacking

What is hacktivism?

22 Apr 2021
Geico data breach leads to stolen driver’s license numbers
data breaches

Geico data breach leads to stolen driver’s license numbers

21 Apr 2021

Most Popular

REvil threatens to release Apple’s hardware schematics
ransomware

REvil threatens to release Apple’s hardware schematics

21 Apr 2021
How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

8 Apr 2021
Samsung Galaxy S21 Ultra review: Ultra in every sense of the word
Mobile Phones

Samsung Galaxy S21 Ultra review: Ultra in every sense of the word

22 Apr 2021