The Forrester Wave™: Cybersecurity Skills And Training Platforms, Q1 2026 is now live, and it lands at a moment when security leaders are under real pressure to prove readiness and resilience. Automation and AI have compressed attacker timelines, blurred role boundaries across security teams, and exposed the limits of certification-first training models. What matters now is whether teams can perform, together, under realistic conditions. This Wave examines which vendors are enabling that shift.

What’s Changed Since The First-Ever Evaluation Of This Market In 2023

When the first cybersecurity skills and training (CS&T) Wave published in 2023, CS&T platforms were entering a period of rapid maturation. They offered expanding content libraries, more sophisticated labs, and an early shift away from point-in-time certification exam prep toward continuous learning. That evolution has accelerated as:

  • AI reshapes attacker behavior and defender expectations. In 2023, AI-generated labs were emerging. Today, AI is materially changing workflows on both sides of the fight. Practitioners must evaluate AI-generated outputs, adapt to new attack chains, and operate effectively alongside AI-enabled tools. The upskilling race between good and evil is no longer theoretical.
  • Team-based readiness now matters as much as individual skill. Organizations no longer train analysts in isolation — they train teams. Real incidents demand coordination across security operations center operators, incident responders, developers, engineers, executives, and OT/industrial control system stakeholders. Platforms must support realistic, cross-functional simulations that reflect cloud, hybrid, and AI-driven environments.
  • Skills verification is replacing certification as a hiring signal. In 2023, CS&T platforms began breaking down hiring barriers through challenge-based assessments. As roles blur and AI changes job expectations, verified capability is even more essential.
  • Boards and regulators expect proof of resilience. Reporting has shifted from activity tracking to insight: where gaps exist, how teams perform under stress, and how skills map to business risk. Dashboards increasingly support investment decisions, cyber insurance conversations, and regulatory scrutiny.
  • Threat velocity demands faster updates. What was often biweekly in 2023 is now expected continuously. Platforms must keep pace with emerging vulnerabilities, adversary tactics, and AI-driven threat patterns to remain credible.

What CISOs Should Look For In A CS&T Platform

For CISOs under pressure to prove readiness, the most important platform capabilities are those that translate training into measurable, team-level, and even organizational-level performance. Consider CS&T platform vendors that prioritize:

  • Team-based readiness. Platforms should simulate complex enterprise environments and evaluate how teams perform collectively across detection, response, escalation, and communication — not just how individuals score on isolated tasks.
  • Measurable skill development and resilience. Look for analytics that quantify progress, align to frameworks such as MITRE and NICE, and help leaders demonstrate readiness and justify investment.
  • Alignment with emerging threats and AI-driven attack patterns. Consider platforms that deliver rapid content updates and AI-informed simulations that prepare teams for hybrid human-AI security operations.

How To Use This Wave

The Forrester Wave™: Cybersecurity Skills And Training Platforms, Q1 2026 is a starting point. Forrester clients can use the interactive comparison tool to weight the criteria that matter most to you and your environment and pair it with The Cybersecurity Skills And Training Platforms Landscape, Q4 2025 for additional market context.

If you’re evaluating platforms or planning a shift to continuous upskilling, I welcome you to schedule a guidance session to discuss the findings from this Wave and what they mean for your organization.