Training

Why we must close the cybersecurity skills gap

COMMENTARY: The cybersecurity skills shortage remains a pressing challenge for organizations worldwide. New global research reveals a grim reality: nearly nine out of 10 organizations suffered a cyber breach in 2024, with more than half facing damages exceeding $1 million.

Alarmingly, more than half of those surveyed (54%) pinpointed a lack of IT security skills and training as a reason for these incidents. There are simply not enough skilled defenders to safeguard our increasingly vulnerable world.

[SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Read more Perspectives here.]

As cybercriminals accelerate their attacks, leveraging automation and AI to amplify their reach, this talent void isn't merely a hiring headache; it's a potent risk amplifier. Now’s the moment for aspiring professionals to dive into cybersecurity careers, and for seasoned experts to sharpen their skills in high-demand areas. It’s a clear call to step-in, skill-up, and join the fight with today’s cyber professionals.

Unlock new pathways to cybersecurity careers

The global cyber workforce faces a shortfall of more than 4.7 million professionals, according to industry-wide workforce studies. Beliefs that cyber roles require advanced degrees or technical pedigree deter capable individuals from pursuing careers in cybersecurity. But today, cybersecurity has become more accessible than ever: research shows that 65% of organizations now prioritize certifications above traditional academic degrees, emphasizing the value of practical expertise to deliver immediate impact.

Practitioners from IT, operations, or other lines of business can gain skills through targeted cybersecurity certifications and training. This shift opens doors for a diverse talent pool. Many organizations today have dedicated initiatives to actively recruit minorities, women and military veterans to enrich the field. Military veterans and those from related fields bring invaluable traits like discipline, sharp problem-solving, and leadership—qualities that seamlessly translate to cyber defense.

Meet the demand for AI and cloud security skills

For job seekers and career changers, pursuing certifications and training in AI-driven security and cloud security creates a competitive advantage. In fact, 89% of employers prefer to hire candidates with certifications, rewarding those who commit to continually refreshing their skill set. Candidates with experience in network engineering and security are scarce (58%), and those with specific cybersecurity AI experience are a close second (57%). AI, machine learning, and cloud security are among the hardest roles to fill (30%). Organizations need this expertise, and those who acquire this experience will stand out.

For existing cybersecurity professionals, the challenge is different: how to keep pace with evolving threats and technologies. Upskilling benefits both employees and employers. Professionals who pursue advanced certifications in AI security, secure DevOps, or advanced SOC operations help their organizations close critical skills gaps. Employers who support training programs then boost retention and resilience.

The rise of governance and awareness roles

Cybersecurity career pathways aren’t limited to hands-on technical roles. The skills gap also extends to areas such as governance, compliance, and security awareness training. Boards of directors, for example, are increasingly held accountable when a breach occurs, yet fewer than half of leaders believe their boards are fully aware of potential risks caused by AI.

This gap highlights the need for bridge-builders: professionals who can understand and explain technical concepts in the context of the larger business picture. These employees can create security strategies that align with risk management and compliance requirements. Careers in governance, risk, and compliance (GRC), security awareness program management, and policy development are equally critical to building cyber resilience. 

Cybersecurity isn’t just an IT issue—it’s everyone’s business. Non-technical roles open the door for more employees to contribute while strengthening organizational defenses. With 56% of leaders pointing to low employee security awareness as the top cause of breaches, ongoing training and awareness efforts are essential.

The doors to cybersecurity are open wider than ever. Whether through certifications, hands-on training, or awareness programs, individuals at every level can play a role in closing the gap.

For those outside the field, cybersecurity offers meaningful work with clear entry points. For those already inside, growth and advancement depend on upskilling. And for organizations, investing in both recruitment and training promises to strengthen resilience against costly and damaging breaches.

Awareness, training, and certifications are the pillars of progress. Organizations that invest in these areas, and individuals who seize the opportunity, will thrive in the years ahead.

Melonia da Gama, director of training and learning programs,  Fortinet

SC Media Perspectives columns are written by a trusted community of SC Media cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds