ISACA Journal Author Blog

ISACA > Journal > Practically Speaking Blog > Posts > The New Normal: The Learning Organization

The New Normal: The Learning Organization

Philip Casesa
| Published: 12/3/2018 3:07 PM | Category: Security | Permalink | Email this Post | Comments (1)

Philip CasesaThe cyberworkforce gap is well documented. When we look at it from a macro level, it seems straightforward. Studies show between 1-3 million job openings over the next few years, unfilled due to a lack of talent. As schools pump out new cyber grads and push them into the workforce, our prayers are answered, right?

When we look closer at the problem, we see how woefully inadequate the macro view really is. The uncomfortable truth is this: We cannot close that gap by throwing bodies at it. The speed of change in the cyberarena means that new skill gaps are created daily, even on established cyberteams. In other words, every day our teams are not learning and applying new skills, they are a little less prepared for what may come at them. 

This perspective shifts the arms race from buying the most talented cyberstaff to creating programs and cultures that foster development, teamwork, and a focus on continuous and persistent learning.

Success in such an environment requires a level of discipline many organizations are not used to. But something must change if we, as an industry, want to overcome the challenges in front of us. Here are just a few of the key strategies to prepare a cyberteam to be mission-ready at all times:

  • Today’s tech workers are looking for growth opportunities, but this does not always mean moving into management. Mapping roles within the team and the skills and capabilities required from each position give a clear picture of what individuals need to develop to get ahead, both technically and professionally.
  • With knowledge, skills and abilities defined, arm your teams with consistent development opportunities so the staff have adequate training to achieve peak performance. The training must be highly relevant to both the organizational environment and to the threats facing the organization.
  • Put the skills to the test with cyberchallenges that push the limits of what the team can do. It is better to challenge cyberteams to respond to threats simulated on your own terms than to expect them to fend off a real attack without firsthand experience.
  • Recruit for those who have a lifetime love of learning, a passion for the industry and belief in what they are defending. The technical skills can be learned and honed, but passion cannot be taught.

Discipline around workforce development can be daunting, but those that embrace the culture of learning and growth will outperform in recruiting, retention, and ultimately performance against the threats to come.

Read Philip Casesa’s recent Journal article:
Growing a Cybersecurity Career: Five Questions for the Next Job Interview,” ISACA Journal, volume 6, 2018.



100% agreed. I have a technical background but was lacking in passion. With the passage of time my fondness for this industry grew and now I am more than happy to have chosen Information security as a profession.
Umar Khalid at 12/18/2018 10:59 PM