Build a Plan to Close Your Cybersecurity Competency Gaps
Develop business-aligned security competencies for your IT team.
- Organizations need competent cybersecurity staff to combat security threats and support their security program.
- Identify and prioritize the skill sets needed to grow your security team in alignment with business goals.
- Maintain and develop the right knowledge, skills, and abilities to keep up with the evolving complexity of cyberthreats.
Our Advice
Critical Insight
To prepare an employee for the evolving threat landscape, an effective skills development plan should reflect both the employee's professional development goals and the organization's strategic security objective.
Impact and Result
This research will help you develop the following:
- Guidelines on how to identify cybersecurity talent that aligns with your organization’s needs.
- A comprehensive list of cybersecurity competencies derived from industry-leading standards.
- An in-depth mapping of cybersecurity competencies to security services to assist in prioritizing the most important competencies for your organization.
- An interactive development plan that will help track the development and upskilling of your organization's security staff.
Build a Plan to Close Your Cybersecurity Competency Gaps
Develop business-aligned security competencies for your IT team.
Analyst Perspective
Building an effective cybersecurity team begins with equipping your employees with the right competencies.
With the increase in cyberthreats and gaps in finding cybersecurity talent, organizations are struggling to identify the right cybersecurity competencies to improve their security posture and align with business goals. Furthermore, the evolving threat landscape makes it challenging for organizations to create a training plan that will equip employees with the necessary competencies while also helping them reach their own personal goals.
A development plan that focuses on equipping employees with competencies recognized by industry standards would ensure the correct skills are being developed, while enabling organizations to stay competitive. These development plans should allow organizations to prioritize which competencies to develop, while also tracking proficiency within those competencies. This would ensure organizations are meeting their security goals, while also improving their overall maturity.
|
Ahmad Jowhar
Research Specialist, Security & Privacy Info-Tech Research Group |
Executive Summary
Your Challenge
|
Common Obstacles
|
Info-Tech’s Approach
|
Info-Tech Insight
To prepare an employee for the evolving threat landscape, an effective skills development plan should reflect both the employee's professional development goals and the organization's strategic security objectives.
Your challenge
There is a growing gap between demand and supply of cybersecurity talent.
- Although the number of the global cybersecurity workforce has increased by 11% over the past year to over 4.6 million, there is still a shortage of cybersecurity professionals to fill the gap.
- The increased cyberthreat has also made it harder for organizations to find the right talent, with 43% of organizations indicating their challenge in finding qualified individuals as the biggest cause of their shortage.
- The growing cybersecurity workforce gap has been a challenge for organizations globally, with many regions experiencing an increase in the shortage of talent. Regions such as North America saw an 8.5% increase in the cybersecurity gap, while the EMEA and APAC regions saw an increase in their cybersecurity gap of 59% and 52% respectively.
42% of global cybersecurity roles are not filled.
54% of organizations believe their staff shortage puts them at increased risk for cyberattacks.
23% of organizations believe the biggest cause for the shortage is not putting enough resources into upskilling non-security IT staff.
Source: ISC2, 2022
Cybersecurity development framework for security leaders
To prepare an employee for the evolving threat landscape, an effective skills development plan should reflect both the employee's professional development goals and the organization's strategic security objectives.
DEFINE
the competencies your organization needs to support the security program.
Leverage Info-Tech’s Competency Framework based on industry best practices.
ASSESS
employees’ current proficiency levels across defined competencies.
Focus on employees who have adjacent skill sets that complement the required security competencies.
PRIORITIZE
competencies against known organizational priorities.
Optimize your learning and development plans by starting with the most critical competencies.
ACQUIRE
competencies through available Learning & Development tools and resources.
Enable continuous improvement of employee proficiency.
Apply best practices in creating a cybersecurity development plan for your employees.
Prioritize what competencies you need by focusing on the ones most impactful to your organization’s security maturity.
To prepare an employee for the evolving threat landscape, an effective skills development plan should reflect both the employee's professional development goals and the organization's strategic security objectives.
Define requirements for your competency needs.
Review your industry’s standards and identify any additional compliance requirements that will influence your decisions.
Harness the power of upskilling your employees.
Focus on employees who have adjacent skill sets that complement the required security competencies.
Develop a lifecycle for your development plan.
Ensure your development plan enables continuous improvement to an employee’s proficiency.
Tactical insight
Select and test the best solution against a trusted competency model to ensure that you are focusing on the right skills at the right time.
Tactical insight
A good approach to workforce development is to balance on-the-job application of knowledge with validation and assurance through alignment with globally recognized credentials.
Blueprint deliverables
Use this blueprint to identify competencies for your organization, prioritize the competencies, and build a roadmap to develop those competencies.
Key Deliverable:
Security Competency Analysis Tool
The Security Competency Analysis Tool will be used to:
- Identify competencies required for your organization.
- Prioritize competencies based on service resourcing and proficiency gaps.
- Build a development plan for equipping employees with the important competencies.
Blueprint benefits
IT/InfoSec Benefits
- Identify the most important cybersecurity competencies to acquire, using Info-Tech Research Group’s Cybersecurity Competency Framework.
- Create a prioritized competency list based on organizational priorities and alignment with security business goals.
- Gain an increased awareness of your cybersecurity team’s competency levels through proficiency analysis and creation of a development plan.
Business Benefits
- Reduce time and effort spent training new staff by leveraging the opportunity to upskill your IT staff.
- Understand how security’s alignment with the business will enable the strategic growth of the organization through employee skill development.
- Gain an advantage by acquiring a diverse set of competencies that will give your organization a competitive edge while navigating the evolving security threat landscape.
Measure the value of this blueprint
Streamline your development plan to improve your overall security program.
Work to complete |
Average time to complete |
Info-Tech method timeline |
Time saved |
| Create a cybersecurity development plan | 5 days – research security competencies, identify security services to deliver, determine strategy for proficiency assessment, prioritize competencies, develop a roadmap to acquire the competencies | 1 day | 4 days |
Improvement metrics |
Value impact (direct/indirect) |
Estimated time to realize value |
| Number of employees who have a development plan | Direct | 1-3 months |
| Percentage of cybersecurity learning & development actions that align with your security goals | Direct | 9-12 months |
| Percentage of cybersecurity competency gaps reduced | Indirect | 9-12 months |
About Info-Tech
Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.
We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.
What Is a Blueprint?
A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.
Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.
Talk to an Analyst
Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.
Book an Analyst Call on This Topic
You can start as early as tomorrow morning. Our analysts will explain the process during your first call.
Get Advice From a Subject Matter Expert
Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and set the direction for your next project step.
Unlock Sample ResearchContributors
- Richard Drouillard, Manager of Security and Risk, Municipality of Chatham-Kent
- Prachee Kale, Co-Founder, Think.Design.Cyber
- Micael Szyszko, Senior Consultant, BDO Canada