In this interview with Help Net Security, Mike Hendrickson, VP of Technology & Developer Solutions at educational technology company Skillsoft, talks about the effect these last few years have had on online cybersecurity learning and training, and the trends
What trends in online cybersecurity training have you been seeing in the last year or so?
First and foremost, we have observed a 53% increase in the total number of hours that corporate learners have dedicated to security training and content since 2019. There are many factors at play here, but we have seen direct correlations between malicious attacks and engagement with cybersecurity training and development content.
We saw especially large spikes in March and April of 2021, coinciding with the Hafnium state-sponsored attack, followed by an additional uptick in late May of a new wave of attacks launched by Nobelium.
Additionally, with 75% of IT decision-makers struggling with existing skills gaps, particularly in cybersecurity and cloud related fields, another trend we have seen in cybersecurity training is that certifications are becoming more relevant and sought-after. Learners are spending more time on content that will help them achieve those certifications, and in-turn, increase their skillset and knowledge in emerging areas of tech.
Has the explosion of remote work influenced how companies view online learning and training?
This is not just related to cybersecurity. The switch to remote and hybrid work has drastically changed the way learners approach their training and development, and the way in which organizations provide it. Employees want convenience, ease of access, and impactful trainings that will provide value to their careers – it falls on employers to provide them with this and meet their learners in their natural flow of work.
Time has been an increasingly valuable commodity in 2020 and 2021. We have found that regardless of work level or job function, learners do not have a significant amount of time to spend on learning, with 67% spending less than 5 hours learning per week. Creating an environment that fosters learning and development will be key for organizations in the fight to attract and retain top talent. Successfully re- and upskilling employees can help employers avoid employee turnover for a variety of reasons.
In addition to an increased focus on cybersecurity we are seeing drastic increases in access to courses focused on improving communication and productivity in a newly remote world. The biggest increase we saw was 278x growth in Developing Emotional Intelligence and 189x growth in our course around communicating via the Microsoft Teams app.
Learning and development remains a top priority and the organizations who place a priority on employee growth will see this pay dividends in the long run.
Which cybersecurity topics/skills are learners concentrating on the most and what can you infer from that?
Based on our research, leading the charge for security training in 2021 were OWASP Top 10 related lessons followed closely by cloud security fundamentals. The top 10 is rounded out by a variety of CompTIA Security+ pre-certification courses ranging from social engineering techniques to basic cryptography principles.
We know that certifications are important, 91% if IT professionals in North America hold at least one certificate and 49% have noticed an improved quality of work after completing a certification. Certifications benefit both the employee and the organization—higher quality of work obviously benefits the organizations and we have seen that certifications also lead to higher salaries for employees.
The top-paying certification in North America—for the second year in a row—is the Google Certified Professional Cloud Architect ($160,961 in 2021). An IT certification also indicates to employers that an individual is motivated to put the time, effort, and expense into improving their job performance.
It is likely that a focus on cloud technologies and security will continue to be a high priority for organizations, particularly as the hybrid workforce becomes the norm. Increased use of technology will lead to increased security threats for organizations and employees are the first line of defense for security. Employees using personal devices, applications, accounts, and Wi-Fi have added new layers of security for organizations to consider when developing security planning and training. The training around this is two-fold, educating employees on best IT practices and upskilling security personnel on the latest threats.
What should companies / organizations do before embarking on a company-wide quest to upskill their employees via online cybersecurity training?
Lay out your company vision around security and how you intend for everyone to be involved. Make this both high level with the who, what, why and also detailed on how, when and where everyone has a role. So, get a good grounding on why security matters to your organization and your ability to continue your path to success, safely. Once everyone has a perspective the training will make more sense to all your various cohorts.
What things have you learned when it comes to a successful delivery and customization of online training since the start of the Covid-19 pandemic? What are the most common barriers for online learning and how do you work to overcome them?
24/7 access to learning and development content is incredibly important when it comes to a successful delivery of training and development content to employees. Time is scarce in the workforce currently and finding time for learning and development is not always top of mind for employees. Meeting employees in their flow of work is essential to minimizing disruptions to their day while providing the opportunity to upskill and grow professionally on a continued basis.
The introduction of blended learning is also important, providing personalized, differentiated, and varying learning experiences to appeal to multiple learning styles.
But learning and development was not the only concern for employees transitioning to remote and hybrid work – there were also challenges around dealing with stress, managing remote employees, and developing leaders. In 2020 we saw growth across various themes including 79x growth in getting to know the Microsoft Teams application, 62x growth in exploring virtual collaboration, 8.2x growth in organizing your physical and digital workspaces, and 7.3x growth in the art of staying focused.
In an ideal world, how do you think cybersecurity education and training should work?
While we have seen the spikes in access to cybersecurity learning around state sponsored attacks, this reactive approach cannot become the norm. Security training can’t be a “stop and start” format or a short-term priority. Malicious actors do not rest and continue to have success with preventable hacks—hacks that can be deterred by narrowing the current skills gap and ensuring the optimal training of all employees.
Some keys to building a lasting, cybersecure culture include:
- Outline the role each employee plays, where everyone works together to achieve a common objective rather than simply checking a box
- Implement a blended learning approach, combining traditional course content with real-world scenarios, practice labs, and team-oriented lessons
- Encourage employees to pursue certifications to expand their skillsets, become more cyber-aware, and reduce skills gaps
- Provide employees with the tools needed to train and upskill in their natural flow of work, with a gamification component to help keep individuals interested and motivated
In addition to traditional training for all employees, it is important that employers provide space for their security focused employees to practice and hone their newfound skills.