Let’s Ask Our Experts: Talking Cybersecurity Skills Gap with Ryan Corey
From IT classroom trainer to building the largest cybersecurity learning platform in the industry
We sat down with Cybrary Co-founder and CEO, Ryan Corey, to talk about security enablement and the shortage of security professionals for businesses large and small.
What is security enablement and who does it impact?
The short answer is putting cybersecurity skills into the hands of your entire IT workforce.
To give a more in-depth answer, let me paint a picture: to thwart some of the most prevalent threats in our organizations, technology leaders had to address the end points. The biggest threat was the end users. We have learned over the period of a few years that we need to train anybody that is at the operational core of an organization. We have to train them on things like how not to click phishing emails or not to put that USB drive you found on the ground into a company computer with access to the network. That’s a really broad number of people.
Security enablement, on the other hand, addresses the technological workforce within an organization that has anything to do with the delivery of technological products, services or applications; from the people writing the first line of code to the devOps professionals to the system admin to the help desk team. It’s putting the security skill sets into the hands of those people who are touching the technologies.
We’ve seen security enablement emerging for about 2 years and it’s gaining more momentum right now. The first industries that have adopted have been the ones that contain very sensitive data on individuals: that’s financial services and healthcare. These industries primary business is centered around trust with the end user – the customer. Larger organizations are seeing that they need to put security in the hands of their entire technical workforce so they can do their jobs with a security mindset at the core of what they do every day.
Should small businesses be thinking about security enablement?
Yes. The impact of a cyberattack can be greater on small businesses where security enablement is almost more important to them than larger organizations that have cyber teams versus generalists. For example, when a small businesses’ website is taken down by hackers through unknown site vulnerabilities it has a much different impact. That small business relies on their website to drive leads and sales each day. Every moment the site is down it impacts the remainder of the month for that business overall.
What is the most in demand technical skill set?
While there are certainly a lot of jobs out there for people who can work in a SOC (Security Operations Center), incident response is really, really hard to find; that is the number one career path on our site right now, none of the others come anywhere close. For this skillset, you have to know how to identify breaches and attacks, how to gather intel around it, and then what actions to take.”
For IT providers and Managed Service providers, how do they make the leap to adding those cybersecurity capabilities and overcoming that skills gap in the process?
Again, this comes down to Security Enablement, making sure you have the right people delivering your services. As a customer, I would almost demand to see security skills evolving in my MSP/MSSP. As an informed business owner, I don’t think you can feel fully confident if your provider isn’t continually training their team, and infusing security skills into what they’re doing. I would agree that it could be a liability for providers if they didn’t.
Is the skills gap worsening for employers when it comes to IT and cybersecurity?
The skills gap has become so widely known and prevalent. There are 27 job postings for every 1 qualified IT security professional. Because it is so prevalent, we are seeing job descriptions for system administrators and network administrators contain security skills. Hiring managers are looking for full-stack skilled professionals.
What got us here?
Cybersecurity is the fastest moving landscape in the world right now due to the amount of attack vectors and attack surfaces opening up in organizations every day. There are new and different types of attacks on a daily basis. What we’ve done in the past, such as send people to expensive one-week classroom training courses, does not work to combat this new landscape. These courses do not teach professionals how to stay current with the threat landscape, but rather teaches a certain set of security skills that is generally older. With a fast-moving landscape, you need fast-moving learning and skill development.
How is Cybrary helping address the security skills gap?
Well, I used to teach the classroom-based courses. I remember there was a mother who wanted to go into cybersecurity, but her options were high-friction and costed thousands of dollars for broad training. The options were risky with no job guarantee at the end of the training. We (Cybrary) are taking the risk and friction out of accessing and learning the skills needed to get into cybersecurity or a security role. Cybrary is also more cost effective for people and employers from having to go to a training facility, get a 4-year degree or an online degree. So, the mom who stayed home from work raising her children can now go to Cybrary’s library of content, and start learning for free. Employers can skill up their employees and teams to move people into cyber roles and promote from within.
What is on the horizon for Cybrary?
Getting people into jobs is a bit harder. We want to help people get jobs without the guess work, and make it easier for employers. We have different learning assessments and hands on labs for technical assessments. With employers, we are hearing the need for competency-based hiring, where they know the abilities of a candidate before they go through the interview process. Employers want to know if they have the experience and skills for confident hiring decisions.
About Ryan Corey
Ryan is the Co-Founder and CEO of Cybrary, the world’s first crowdsourced platform for cybersecurity and IT learning. With over a decade of experience in the IT training space, previously serving as the VP of Marketing and Sales for TrainACE, Ryan is skilled at building data-driven, efficient growth businesses. In 2006 Ryan founded All Around the Home, an online demand generation website for home contractors, which was acquired by Quinstreet in 2008. Ryan has served as an instructor for the Certified Internet Marketing Practitioner certification and as a member of the EC-Council Digital Marketing Advisory Board. In addition to leading Cybrary’s vision, Ryan currently sits on the Board of Directors for the Incident Response Consortium and has a passion for advising early-stage startup founders.