Why we need more continuous hands-on training and fewer cybersecurity certifications – SC Media

Today’s columnist, James Hadley of Immersive Labs, argues that the industry has to move away from cybersecurity certifications. (Stock Photo, Getty Images)
Many organizations still rely on outdated approaches to measuring cyber capabilities, including expensive industry certifications and annual training courses, which could be giving teams a false sense of security. 
With 82% of security leaders believing they could have mitigated the damage of their most significant cyber incident if they were better prepared, it’s time to rethink old-school methods and embrace a new data-driven approach to building and proving cyber resilience: the ability to successfully prepare for and then respond to cyber threats.
Leaders should question the industry’s overreliance on outdated certifications because they fail to build and prove hands-on knowledge, skills, and judgment. Instead, we should focus on continuous improvement through regular exercises via real-life fire drills, measuring the capabilities of teams and individuals, and filling talent gaps before it’s too late. This will result in stronger cyber postures for organizations and the confidence to know that teams are truly ready when a crisis hits.

Traditional certifications and training are flawed for many reasons. They take years to develop, by which time they are already outdated, and are updated infrequently. Cyberattacks are evolving at a rapid pace, and certification programs can’t keep up. Additionally, the cost of maintaining certifications has become prohibitive for many organizations, making it difficult to justify the investment. It’s clear that certifications alone are not the solution.
These methods fall short when it comes to reacting and recovering quickly from cyberattacks. Infrequent training sessions do not align with the pace of the real threat landscape, and professionals are not engaged with the information they receive.
Hands-on practice and realistic, simulated scenarios are necessary to develop cognitive agility and muscle memory for tackling real breaches. Without concrete proof or data demonstrating cyber resilience, leaders lack the metrics needed for meaningful conversations with boards and senior leadership.
By embracing a data-driven, always-on approach, we can build true cyber resilience and confidently face the challenges of the ever-evolving cyber threat landscape. The future of cyber resilience, requires that leaders adopt the following four criteria:
By adopting this approach, security leaders gain a comprehensive view of team and individual preparedness for attacks, and they can make informed decisions and ensure alignment throughout the organization. This approach will lead to tangible proof of cyber resilience and ultimately create more secure organizations.
The rise of cyberattacks targeting the human element exposes the inadequacy of traditional cybersecurity certifications and training, which fail to offer the necessary skills and confidence to effectively respond to and recover from cyber incidents.
The industry needs a data-driven approach that focuses on continuous improvement, hands-on practice, and realistic simulations. By breaking free from outdated methods and embracing a stronger cybersecurity culture, organizations can confidently face the challenges of the evolving threat landscape and create a more secure future.
James Hadley, founder and CEO, Immersive Labs

Here’s a strategy for maintaining effective cloud security even while facing the ongoing skills gap.

Universities and underserved communities that lack the necessary resources to ensure defenses against cybersecurity threats are being prioritized by California-based IT security company Stellar Cyber in its new cyber workforce program, EdScoop reports.

Nearly a third (32%) cybersecurity professionals responded in a recent poll also found that they are interrupted by work every night.

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.

Copyright © 2024 CyberRisk Alliance, LLC All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorization.
Your use of this website constitutes acceptance of CyberRisk Alliance Privacy Policy and Terms & Conditions.

source

Related Posts

After 6 months and little explanation, Norton Healthcare patients, employees still feeling effects of cyber attack – WDRB

Spotty shower possible. Storms after midnight Updated: April 16, 2024 @ 12:31 pmNorton Healthcare, a company serving about 600,000 patients a year with nearly $5 billion in assets, continues to…

Read more

CA's top cybersecurity job has been vacant for almost 2 years – CalMatters

Technology Californians get hacked all the time. The state’s top cybersecurity job is vacant In summaryGov. Newsom has yet to appoint a commander who is tasked with informing businesses and…

Read more

13 Cyber Security Measures Your Small Business Must Take – Tech.co

Our content is funded in part by commercial partnerships, at no extra cost to you and without impact to our editorial impartiality. Click to Learn MoreCybersecurity has been important to…

Read more

AVG Antivirus Free review – Ghacks

AVG AntiVirus Free is a longstanding security program for Microsoft Windows that protects computer systems from viruses, trojans and other malicious code.One interesting fact about AVG is that it maintains…

Read more

Vlog Episode #247: Chris Long on Improving Technical SEO Skills & Playing Offense SEO – Search Engine Roundtable

In part one, we learned about Chris Long and his experience working with Bill Slawski. Then, in part two, we spoke about helping people with SEO on LinkedIn and using…

Read more

Information Security Vs. Cybersecurity: What's The Difference? – Forbes

Information Security Vs. Cybersecurity: What’s The Difference?  Forbessource

Read more

Leave a Reply

Your email address will not be published. Required fields are marked *