I’m thrilled to announce the next round of evaluative research on the cybersecurity skills and training (CS&T) platform market is officially kicked off with the publication of The Cybersecurity Skills And Training Platforms Landscape, Q4 2025 — and it’s out just in time.

We are in the early stages of a seismic shift as artificial intelligence (AI) reshapes the way organizations defend themselves against attackers who are, in parallel, upping their game by advancing their own AI skills and tools.

It’s an upskilling race between good and evil

To keep up, security leaders need to break current hiring and training practices, move away from reliance on security certifications, and shift to continuous upskilling and live fire incident simulations.

This is where CS&T platforms come in

What began as a collection of free or low-cost courses and labs for individual job seekers has transformed into a cornerstone of the cybersecurity training and experience ecosystem. CS&T platforms now play a critical role in continuous learning, professional development, and operational readiness – and they deserve a place in your budget and program to help you:

  • Grow your own security talent. Security leaders prioritize external hiring for mid or senior-level roles, but this approach can be expensive and risky, especially as the need for AI literacy and AI security skills is evolving. CS&T platforms support internal talent development with unbiased skills assessments and tailored learning paths, helping organizations strategically cultivate a pipeline of professionals for critical roles and future needs.
  • Continuously upskill and cross train. The lines between roles and functions are blurring as cloud environments and applications merge with AI capabilities, spurring organizations to put guardrails in place to protect data and IP. CS&T platforms offer cross-functional upskilling and training to prepare organizations to respond effectively to real attacks, help developers launch more secure applications, and ensure operational technology (OT) teams minimize downtime from disruptions.
  • Prove organizational resilience. Security leaders are driving change and securing budgets by connecting cybersecurity to revenue impacts for customers, cyber insurance coverage, and regulatory compliance. CS&T platforms are improving reporting to move beyond completion rates to highlight incident readiness and identify gaps that justify further investment in skills, processes, or compliance improvements.

The CS&T market isn’t huge (yet), but it does vary by vendor in terms of the capabilities each emphasizes. When assessing your needs against what players in this market offer, consider those that help you:

  • Justify necessary investment – and change. HR leaders may resist tech and security teams expanding into talent management, while managers may hesitate to change traditional training methods. Choose a CS&T platform that integrates with existing systems, offers flexible licensing for broader team coverage, and provides clear metrics to prove training ROI.
  • Deliver useful metrics. While gamification and rewards make CS&T platforms engaging, their real value lies in providing data that helps security leaders demonstrate resilience, link security to business costs, and guide investment decisions. Opt for platforms with intuitive dashboards, seamless integration with GRC tools, HRM solutions, and trust centers, and ensure they can map skills to industry standards and regulatory needs.
  • Keep up with rapidly changing needs. When assessing CS&T platforms, ensure vendors can quickly provide labs and breach simulations for emerging vulnerabilities and adversary tactics. They should also predict future skill needs and offer training on generative and agentic AI attack chains for defenders, red teamers, and threat hunters.

Speaking of change, join us at the Security & Risk Summit, November 5–7, in Austin, Texas, to learn more about how security will be transformed by AI agents and agentic AI in two keynotes. The first from Allie Mellen, The Security Singularity, will cover how AI is transforming the way that attackers and defenders operate. The second keynote, from my colleague Jeff Pollard and me, is The CISO Of The Agentic Future. In it, we’ll discuss how AI agents will transform your security program, including the evolution of security roles and skills.

To discuss The Cybersecurity Skills And Training Platforms Landscape, Q4 2025 in detail and how to move to continuous upskilling, Forrester clients can set up a guidance session or inquiry with me.