3 reasons cybersecurity certifications and training demand disruption – SC Media

There’s no shortage of cybersecurity training or certifications for security professionals.
Despite this availability, many programs prioritize session completion over outcomes and fail to provide the necessary data to prove readiness for real-world threats.
This lack of outcomes-focused process creates vulnerabilities across organizations – gaps that no amount of certifications can fill.
To explore why traditional certification and training models fail, Immersive Labs Chief Executive Officer James Hadley joined guest speaker Forrester Senior Analyst Jess Burn and Relativity CIO and CSO Amanda Fennell, on a recent webinar.
While certifications were once revered as the gold standard in cybersecurity training, industry professionals are vocally sharing new, less favorable perspectives via social media.
A recent Forrester Report highlights this attitude shift, noting that of 200 posts shared by cybersecurity professionals, 53% expressed negative sentiment toward certifications.
Among these posts, two main issues were the primary drivers of negative sentiment:
We believe this insight reveals that certification value simply isn’t worth the price tag. In fact, many social sharers (46%) who voiced discontent also expressed intent to let their certifications lapse due to this lack of value.
As the Forrester Report highlights, cybersecurity professionals are finding little value in certifications.
Due to the breakneck pace of cybersecurity, by the time the need for a certification is identified, the training built, and the materials disseminated, the industry has moved on.
Given this pace, months or years-old material is no longer relevant. Despite this reality, many certification and training programs rely on out-of-date material to drive examinations and certifications, ultimately resulting in obsolete capabilities.
When cybersecurity responsibility is viewed as exclusive to the IT team, silos are created. This mindset underscores the idea that cybersecurity is an individual duty, and that a strong team consists of a variety of traditionally-certified professionals.
This perception, however, creates vulnerabilities on both IT teams and across the organization. To achieve a truly effective approach to cybersecurity, individuals must be collectively responsible for organizational cybersecurity. Different skills, knowledge, and judgment are required for different roles, creating a secure people-centric workforce that is prepared to thwart cyber threats at every entrypoint and adapt to the unexpected, driving true resilience.
Achieving this collective approach requires organizations to stop overvaluing traditional certification and training methods and elevate gamified approaches that can assess, upskill, and measure existing and future talent.
To learn more about how your organization can confront the limitations of traditional cybersecurity training methods, listen to the webinar here.
“Cybersecurity moves on really quickly. By the time you’ve built a course and written training, the material is already out-of-date and not as relevant in the workplace.” – James Hadley, CEO, Immersive Labs

Rob Duhart Jr., vice president, deputy CISO and eCommerce CISO at Walmart, spoke with SC Media about how Walmart systemically allocates its security resources across its vast empire.

Throwing money at cybersecurity software doesn’t guarantee your organization is immune to risk. It is impossible to prevent every attack and the organization must be able to flexibly adapt and respond.
On-Demand Event
On-Demand Event
On-Demand Event
By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.
Copyright © 2022 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.


Leave a Comment