Flexing cybersecurity muscle

ARTICLE | August 25, 2023

To grow your cybersecurity muscle, look inside

Attacks are on the rise and talent is scarce. So retrain the staff you already have

By Christine Kent, Workflow contributor

Without vigilant security staffers, cybercriminals are more likely to sneak past defenses and run riot through your network. People with the right skills are the best bulwark against the cyberattack money drain. The problem is there aren’t enough of them, and companies will pay a price for that: According to a Gartner/Bitsight report, a cybersecurity talent shortage or human failure will be responsible for more than half of all significant cyber incidents by 2025, with each costing anywhere from $1.4 million to almost $4.5 million per attack.

The staff you have on hand today are your best hope for a secure future, especially considering that 3.5 million cybersecurity jobs are going unfilled in 2023. But they’ll require ongoing training to stay ahead of cybercriminals. Now is the time to start preparing all employees for a changing world of business, according to a study by ServiceNow/Pearson that named “cyber awareness” as a top needed skill by 2027.

 Workflow Quarterly

Making risk pay

Traditional cybersecurity talent will remain scarce, but the good news is that the new skills required to combat emerging new threats can be acquired by workers with less tech experience. According to the study by ServiceNow/Pearson, the biggest technology skills gaps in the U.S. are in process improvements and operationalizing data—skills that could conceivably be learned by people in the business but outside of security teams.

Data analysis and generative AI will be top of mind. Derek Vadala, chief risk officer of Bitsight, a cybersecurity solutions provider, says this will extend beyond “data’s historical usage for detection and response and focus more holistically on the business of cybersecurity within companies—investment and prioritization of scarce resources.” The new generative AI tools like ChatGPT can help security teams study data and research risks, but people have to know how to use the tools—like learning to create the right prompts to drive usable responses, Vadala says.

Cybercrime itself will be turbocharged by artificial intelligence. Indeed, the emergence of AI in just about every corner of the enterprise world is unnerving security leaders who are still assessing the potential dangers of machine learning. Olivia Rose, founder of the Rose CISO Group and a virtual CISO, says AI dominates the Slack channel where she chats with other CISOs.

“The questions about AI are snowballing,” Rose says. “We don't fully understand it or have the resources to staff and protect against the risks.” The
risks, CISOs fear, are multidirectional, including both threats to existing AI models and threats from using AI models.

Fortunately, AI also will expand the talent pool needed to keep the bad guys at bay. According to the study by ServiceNow/Pearson, as many as 23.5 million people will have their jobs impacted by automation, making them available for reskilling and upskilling. As these trends converge, cybersecurity can tap enough talent from other areas of the business to meet any threat. The sense of urgency is clear: In a World Economic Forum survey of cybersecurity and business leaders, 91% of respondents believe that a far-reaching, catastrophic cyber event is at least somewhat likely in the next two years.

The good news is that the new skills required to combat emerging new threats can be acquired by workers with less tech experience.

But which employees will be the right candidates for reskilling, and how best to prep them for cybersecurity? Identifying and reskilling takes different forms. As the World Economic Forum has pointed out, closing the cybersecurity employment gap requires organizations to get creative—like setting up in-house training programs from scratch, or engaging in public-private partnerships.

One of the first steps when plotting out a plan for reskilling internal talent is to determine what exactly is a transferable skill—that is, pinpoint which skills lend themselves to IT and cybersecurity. That search may lead to unexpected places. For example, the ServiceNow/Pearson study notes that people who work in fields like bookkeeping and sales have appropriate skills for switching to jobs as help desk support agents.

Professional organizations like the Women Cybersecurity Society promote training and certification opportunities that are designed for both mid-career security pros as well as total newbies. The training helps women—traditionally underrepresented in cybersecurity—get a foot in the door of the industry. “Naturally, women bring several soft skills to the cybersecurity industry, along with transferable skills, expertise, and experience derived from preexisting roles before transitioning to a cybersecurity career,” says Lisa Kearney, president and CEO of Women Cybersecurity Society.

91% of respondents believe that a far-reaching, catastrophic cyber event is somewhat likely in the next two years

Reskilling neophytes in cybersecurity know-how requires technology, people, and processes—the trusted trio that create the framework for pushing any project forward.

Platforms like skills intelligence systems use machine learning and AI to help companies get a clear picture of employee skills and map them to the ones they need. The systems are a forward-thinking shift away from simply judging job candidates not merely by their past degrees or experience, but by their “power skills” such as critical thinking, communication, problem-solving, and creativity. Companies will need all the power skills they can lay their hands on if they are going to keep themselves safe from ever escalating cyber threats.


Cybercrime itself will be turbocharged by artificial intelligence.


Future proof your workforce

Related articles

Meet your new GenAI threat hunter
Meet your new GenAI threat hunter

Cybersecurity pros and hackers are locked in an AI arms race. Enterprises can’t afford to come up short.



Companies are no stranger to the need for new skills in the face of new technologies. But the pace of AI’s impact brings new urgency

Addressing IT's skills shortage
Addressing IT's skills shortage

Training enough people for crucial and expanding tech roles will require innovative thinking.

AI’s Impact on the Tech Skills of Tomorrow
AI’s Impact on the Tech Skills of Tomorrow

New research by ServiceNow and Pearson examines how AI will shape the evolution of workplace expertise over the next five years.


Christine Kent is a San Francisco Bay Area‑based writer who covers technology and security.

Loading spinner