As the cybersecurity skills gap persists, a new training and testing program can help bridge that gap, while providing a recruitment and retention tool for HR departments.
In an age when data breaches are all but inevitable and the public remains undereducated in cybersecurity, organizations are struggling to close the cybersecurity skills gap in their workforce. According to recent research from ISACA, about a third of organizations take six months or longer to fill cybersecurity positions, with 37 percent saying less than a quarter of applicants are actually qualified.
In light of these challenges, ISACA is helping organizations close that skills gap with a new cybersecurity training and assessment tool as part of its Cybersecurity Nexus (CSX) portfolio.
“As part of our mission to narrow the skills gap and help enterprises develop their cyber workforce, ISACA developed the CSX Training Platform as an affordable solution that gives cybersecurity professionals complex scenarios to handle and live incidents to detect and mitigate,” CEO Matt Loeb said in a press release
Based on ISACA’s certification platform, the tool includes a two-hour assessment that returns a report on the user’s strengths and weaknesses, as well as performance-based, online training that allows users to access the platform from any place or device and goes beyond simulation.
“It is all virtual machines, which means in each particular lab you’re talking to a real firewall, a real DMZ, a real web server, a real database server, whatever the configuration happens to be,” Chief Innovation Officer Frank Schettini explained to Associations Now. “And they’re actually up and live up in the cloud, so it is actually a real-time lab.”
When organizations sign up for the platform, their managers, HR teams, IT employees, and job applicants can all log in, allowing HR to easily test a candidate’s cybersecurity competencies and managers to monitor their IT staff’s learning progress.
“Now instead of going through a process of blindly hiring someone, you go through the process of having them run the skills assessment test, reading the results, and then deciding whether you want to hire the individual,” Schettini said.
“What this tool allows you to do is … know up front before you hire them what type of training investment you’re going to want to do to bring them on board,” he continued. “So the hiring process becomes much more straightforward—you know what you’re getting, you know what training program you want to set up—and the beauty of the platform is you can leverage the platform any way you want to set up that training program.”
In addition to reviewing and training new hires, the tool provides a consistently updated professional development opportunity for current IT employees. It tracks time spent training for those who use the platform to perform their certification continuation hours, and unlike the original certification program, includes beginner-level training for non-cybersecurity IT professionals, like network engineers or software developers, to ensure the organization is focused on both breach prevention and incident detection and response.
“It really is an enticement to bring people in from outside saying, ‘We’re going to train you, we’re going to bring you up to speed, and we’re going to keep you current,’” Schettini said.