Agencies Can Focus on Upskilling and Reskilling
One of the most expedient ways to tackle cyber talent shortages is by investing in two types of training: upskilling and reskilling. Upskilling involves implementing programs to increase the knowledge and abilities of the security team to fill in gaps. Reskilling, in contrast, is a way of training employees in other areas so they can be prepared to move into the security team.
Training requires a much smaller investment than hiring a new worker, and it creates a more effective workforce. It can lead to increased job satisfaction as new team members take on lower-level work, allowing skilled cybersecurity team members to concentrate on more intense and meaningful work.
It seems like a simple decision: Implement cybersecurity training instead of struggling to hire seasoned security experts. Still, state and local agencies continue to lag in this regard. Only 22 states offer voluntary cybersecurity training for state employees. Resources provided by these states include online cybersecurity training videos, toolkits and in-person classes through partnerships with higher education institutions.
Fortunately, state and local governments that have not yet implemented security training programs can access a number of resources designed to help agencies tackle cybersecurity talent shortages and implement effective training programs.
A Wealth of Resources for Government Cybersecurity Training
Any effort to improve requires establishing a baseline. Michigan provides a valuable resource called CySAFE, a free security assessment tool to help small and midsized governments assess, understand and prioritize their basic IT security needs. Another resource for assessing current skill sets and proficiency levels is the Cybersecurity Workforce Training Guide released in August by the U.S. Cybersecurity and Infrastructure Security Agency (CISA). This guide provides roadmaps for developing or launching cybersecurity career paths.