Skill up or lose out: The key to retaining top cybersecurity talent

Cybersecurity training has traditionally been very limited. It’ll be a one-off event with an external trainer, cramming as much information into one week as possible.

This simply isn’t effective. 

Cybersecurity teams require continuous learning that keeps pace with existing threats, supports their career development, and teaches them skills they can apply to real-life scenarios when under immense pressure.

An adaptive approach does a better job of mitigating business risk and boosting security posture. It’s also more engaging for security teams, as their upskilling initiatives are making them better at what they do, every single day. 

As a result, you retain an elite security team that’s primed to perform better because they’re highly engaged and upskilled on cutting-edge vulnerabilities.

Training vs. upskilling 

It’s important to differentiate between traditional cybersecurity training and upskilling programs. One doesn’t have a lasting impact while the other can transform teams and retain your best talent. 

Cybersecurity professionals are tasked with an unending mission: to continually learn and adapt to new threats and trends. This perpetual state of learning is not unlike that of medical doctors, who must stay abreast of the latest advancements in medical science to provide the best care for their patients. 

Just as you wouldn’t want a doctor relying on techniques and technologies from the 1980s to perform an ACL surgery in 2024, you wouldn’t want cybersecurity professionals to combat today’s cyber threats with yesterday’s knowledge. 

The digital threat landscape changes daily, with adversaries constantly devising new methods to exploit vulnerabilities. Therefore, cybersecurity experts must remain vigilant, always expanding their knowledge and skills to anticipate and neutralize emerging threats. 

This commitment to continuous learning ensures they can protect their organizations effectively in a digital age where the only constant is change.

Why traditional cybersecurity training fails 

So, why is traditional training outdated and doesn’t provide the same impact to teams? 

One thing people lack in the world of cybersecurity is time. Traditional cybersecurity training would require entire days or weeks set aside to focus purely on training. 

Now, with upskilling platforms like Hack The Box, employees can dip into learning for 30 minutes every day or over the weekend. The self-guided and flexible nature of modern upskilling makes it much more accessible.

What’s more, traditional training would be ad-hoc and often in-person with an instructor. What happens here is that people only observe and take in a fraction of what they’re being taught. 

With upskilling platforms, employees gradually build up knowledge rather than all at once, becoming a tiny bit better week by week.

3 ways continuous learning retains talent 

For CISOs and leaders, building an effective retention strategy is key to closing the skills gap and improving security posture. An effective retention plan also demonstrates resilience by ensuring the security team is continuously upskilled, which reassures the board of directors.

By creating a culture of continuous learning, employees will have a higher incentive to stay loyal to your organization, not to mention improved overall performance on the job.

1. Career development and engagement 

Breaking into the field of cybersecurity requires plenty of passion and determination. This means that most cybersecurity professionals are eager for opportunities to learn, develop their skills, and grow in their careers. 

Organizations can demonstrate a commitment to the growth of their cybersecurity team by providing continuous upskilling opportunities. 

This has been proven by our research in our cyber attack readiness report. 68% of security team members rated “opportunities to learn skills” as the most successful way of staying engaged at work. This placed higher than increasing compensation, demonstrating just how powerful learning can be in retaining your top talent. 

Being a performance center for many different companies, we’ve noticed that the smartest cyber teams get together regularly for upskilling and knowledge sharing. 

For example, Toyota security teams participate in Friday CTFs and love the “show and tell” style of learning they’ve been advocating to their team.

We use the Dedicated Labs instances for CTFs we host every Friday afternoon. It’s a fun and casual way for the team to gather and work together to solve challenges - and our favorite way to end the work week!

 

Gabe Lawrence, VP of Information Security Cyber Protection, Toyota.

As you support cybersecurity teams in their career journey, you’ll only add more value to your organization, increasing security posture while mitigating risk.

3. Talent retention

By investing in your team’s skills, you’re not only improving security posture but are also more likely to retain talent over the long term. Demonstrating a commitment to well-being and career development will set your company apart from potential competitors.

Your most talented employees will be headhunted by other organizations, more so with the talent shortage. On top of this, security teams are close to burning out, with Gartner predicting that 25% of cybersecurity leaders will change jobs by 2025 due to stress. 

By supporting your current employees with learning and development opportunities, they are less likely to be tempted by other opportunities.

Go beyond upskilling

Continuous learning offers many more benefits than just upskilling employees. It boosts retention, improves company security posture, generates more talent, and helps tackle burnout.

Upskilling isn’t a singular action, it’s more of a culture and a lifestyle that needs to be woven into the fabric of an organization. 

HTB Enterprise Platform provides a place for employees to turn to when in need of engagement and support. It’s a platform for businesses to rely on to mitigate risk and navigate cybersecurity compliance.

Dan Magnotta (Mags22), HTB Federal Business Development & Capture Manager, Hack The Box Dan Magnotta is an accomplished professional in cybersecurity and intelligence operations with more than a decade of experience in the military and private sectors. His career began with dedicated service to the U.S Department of Defense, where he played critical roles in the U.S. European Command and U.S. Special Operations Command Europe, contributing significantly to cutting-edge cyber strategies. In addition to his civilian role, he serves as an LCDR in the U.S. Navy Reserve, showcasing his leadership and dedication as an Executive Officer for a Navy Reserve Unit. His expertise in cybersecurity, operational analysis, and strategic planning is extensive. At Hack The Box, he tailors solutions to meet the unique requirements of government agencies and organizations worldwide, leveraging his deep understanding of both military and civilian cybersecurity needs.