I’m thrilled to announce a brand-new Forrester Wave™ evaluation on a market that, through my research into cybersecurity talent management, has become near and dear to my heart: cybersecurity skills and training (CS&T) platforms. These platforms increase employee engagement and retention, uncover skill and process gaps within the security program, and keep teams up to speed on the latest threats and adversarial tactics. Oh, and they’re far less expensive per head than most in-person training courses or boot camps.

Forrester clients: read The Forrester Wave™: Cybersecurity Skills And Training Platforms, Q4 2023.

I’ve been following this market for the past two years, watching the players’ bodies of content grow and their hands-on labs and cyber ranges become more sophisticated and customizable. At the end of another tumultuous year for security leaders and their teams — one that put their current skills to the test and prompted them to seek resources to quickly acquire new ones — it’s time to advocate for a new approach to security skills and training.

Change The Way Security Practitioners And Teams Acquire And Hone Skills

The emergence of CS&T platforms ushers in a new era of upskilling and training focused not on point-in-time test prep but on continual learning, where practitioners go up against the latest attacker techniques individually or as a team to test technical skills, refine documented processes, and improve communication. They’re also using these platforms to acquire emerging skills, like prompt engineering, which are offered by many of the platforms in this evaluation. Given the urgent need to keep up with emerging threats and evolving environments, waiting around for specific certifications and associated exam preparation coursework will feel like a speed bump in the upskilling road in comparison to AI and machine-learning-generated skills labs and attack simulations offered on a weekly basis, on average, by most CS&T platforms.

CS&T platforms also give security leaders the ability to track team skill and process improvements by measuring capabilities and performance against organizational baselines as well as industry frameworks and benchmarks. This enables security leaders to make data-backed investment decisions and demonstrate program maturity.

CS&T Platforms Can Help You Let Go Of Outmoded Hiring Requirements

For years, security leaders and their HR partners looking to bring on early-career talent relied almost exclusively on traditional indicators of competence such as higher education degrees and cybersecurity certifications. Advanced degrees, certifications, and work experience factored heavily for those seeking midlevel talent. CS&T platforms break down these self-inflicted staffing barriers by facilitating unbiased skills challenges in the recruitment and hiring process. They also broaden the candidate pipeline to include individuals with or without those traditional and often rigidly required indicators of competence. They change the focus to demonstrable skills and experience.

Finally, what I really love about CS&T platforms is that they support “home-growing” security talent within and outside the security organization and increasing retention by creating custom career paths to support succession planning for critical security roles. Show your key individual contributors that moving up doesn’t mean moving out of your organization by linking time spent upskilling in a CS&T platform to development and promotion plans.

I could go on and on, but instead, I’ll ask you to check out the full report here: The Forrester Wave™: Cybersecurity Skills And Training Platforms, Q4 2023. If you’re interested in learning more about or selecting a CS&T platform, schedule an inquiry or guidance session with me.