Get Instant Access
to This Blueprint

Security icon

Build a Plan to Close Your Cybersecurity Competency Gaps

Develop business-aligned security competencies for your IT team.

  • Organizations need competent cybersecurity staff to combat security threats and support their security program.
  • Identify and prioritize the skill sets needed to grow your security team in alignment with business goals.
  • Maintain and develop the right knowledge, skills, and abilities to keep up with the evolving complexity of cyberthreats.

Our Advice

Critical Insight

To prepare an employee for the evolving threat landscape, an effective skills development plan should reflect both the employee's professional development goals and the organization's strategic security objective.

Impact and Result

This research will help you develop the following:

  • Guidelines on how to identify cybersecurity talent that aligns with your organization’s needs.
  • A comprehensive list of cybersecurity competencies derived from industry-leading standards.
  • An in-depth mapping of cybersecurity competencies to security services to assist in prioritizing the most important competencies for your organization.
  • An interactive development plan that will help track the development and upskilling of your organization's security staff.

Build a Plan to Close Your Cybersecurity Competency Gaps Research & Tools

1. Build a Plan to Close Your Cybersecurity Competency Gaps Storyboard – A guide on how to create a cybersecurity development plan for your employees.

This research provides guidelines to hep organizations create a cybersecurity development plan that will close their skills gap, focusing on how employees can define their competencies, assess the proficiency of those competencies, prioritize which competencies to develop, and identify ways to acquire those competencies.

2. Security Competency Analysis Tool – A tool that will enable security leaders to create and track a development plan for their employees and overall security program.

This tool will help members build a development plan to close their cybersecurity competency gap while aligning with their security and business goals.


Build a Plan to Close Your Cybersecurity Competency Gaps

Develop business-aligned security competencies for your IT team.

Analyst Perspective

Building an effective cybersecurity team begins with equipping your employees with the right competencies.

With the increase in cyberthreats and gaps in finding cybersecurity talent, organizations are struggling to identify the right cybersecurity competencies to improve their security posture and align with business goals. Furthermore, the evolving threat landscape makes it challenging for organizations to create a training plan that will equip employees with the necessary competencies while also helping them reach their own personal goals.

A development plan that focuses on equipping employees with competencies recognized by industry standards would ensure the correct skills are being developed, while enabling organizations to stay competitive. These development plans should allow organizations to prioritize which competencies to develop, while also tracking proficiency within those competencies. This would ensure organizations are meeting their security goals, while also improving their overall maturity.

Photo of Ahmad Jowhar, Research Specialist, Security & Privacy, Info-Tech Research Group. Ahmad Jowhar
Research Specialist, Security & Privacy
Info-Tech Research Group

Executive Summary

Your Challenge

  • Organizations need competent cybersecurity staff to combat security threats and support their security program.
  • Identify and prioritize the skill sets needed to grow your security team in alignment with business goals.
  • Maintain and develop the right knowledge, skills, and abilities to keep up with the evolving complexity of cyberthreats.

Common Obstacles

  • Shortage of cybersecurity professionals due to rising costs and demand for specialized skill sets.
  • Lack of knowledge of the competencies needed to improve the organization's cybersecurity maturity.
  • Difficulty in prioritizing which competencies to develop in alignment with organizational goals.

Info-Tech’s Approach

  • Create a customizable plan that will help you define and track the professional development goals of your security staff.
  • Develop guidelines on how to identify cybersecurity skills that align with your organization’s needs using a comprehensive list of competencies derived from leading industry standards.
  • Prioritize the most important competencies for your organization using an in-depth mapping of cybersecurity competencies to organizational security services.

Info-Tech Insight

To prepare an employee for the evolving threat landscape, an effective skills development plan should reflect both the employee's professional development goals and the organization's strategic security objectives.

Your challenge

There is a growing gap between demand and supply of cybersecurity talent.

  • Although the number of the global cybersecurity workforce has increased by 11% over the past year to over 4.6 million, there is still a shortage of cybersecurity professionals to fill the gap.
  • The increased cyberthreat has also made it harder for organizations to find the right talent, with 43% of organizations indicating their challenge in finding qualified individuals as the biggest cause of their shortage.
  • The growing cybersecurity workforce gap has been a challenge for organizations globally, with many regions experiencing an increase in the shortage of talent. Regions such as North America saw an 8.5% increase in the cybersecurity gap, while the EMEA and APAC regions saw an increase in their cybersecurity gap of 59% and 52% respectively.

42% of global cybersecurity roles are not filled.

54% of organizations believe their staff shortage puts them at increased risk for cyberattacks.

23% of organizations believe the biggest cause for the shortage is not putting enough resources into upskilling non-security IT staff.

Source: ISC2, 2022

Cybersecurity development framework for security leaders

To prepare an employee for the evolving threat landscape, an effective skills development plan should reflect both the employee's professional development goals and the organization's strategic security objectives.

DEFINE

the competencies your organization needs to support the security program.

Diagram for defining needed competencies. 'Knowledge + Skills + Abilities = Info-Tech Competencies'.

Leverage Info-Tech’s Competency Framework based on industry best practices.

ASSESS

employees’ current proficiency levels across defined competencies.

Diagram for assessing current proficiency. 'Proficiency Level + Current Competencies - Proficiency Analysis'.

Focus on employees who have adjacent skill sets that complement the required security competencies.

PRIORITIZE

competencies against known organizational priorities.

Diagram for prioritizing competencies. Matrix with 'Low Effort/ High Value' highlighted, and a different tabular prioritizing system.

Optimize your learning and development plans by starting with the most critical competencies.

ACQUIRE

competencies through available Learning & Development tools and resources.

Diagram for acquiring competencies. A cycle with 'Info-Tech Assured' at the center: Instruction, 'Application', 'Assessment'.

Enable continuous improvement of employee proficiency.

Apply best practices in creating a cybersecurity development plan for your employees.

Prioritize what competencies you need by focusing on the ones most impactful to your organization’s security maturity.

To prepare an employee for the evolving threat landscape, an effective skills development plan should reflect both the employee's professional development goals and the organization's strategic security objectives.

Define requirements for your competency needs.

Review your industry’s standards and identify any additional compliance requirements that will influence your decisions.

Harness the power of upskilling your employees.

Focus on employees who have adjacent skill sets that complement the required security competencies.

Develop a lifecycle for your development plan.

Ensure your development plan enables continuous improvement to an employee’s proficiency.

Tactical insight

Select and test the best solution against a trusted competency model to ensure that you are focusing on the right skills at the right time.

Tactical insight

A good approach to workforce development is to balance on-the-job application of knowledge with validation and assurance through alignment with globally recognized credentials.

Blueprint deliverables

Use this blueprint to identify competencies for your organization, prioritize the competencies, and build a roadmap to develop those competencies.

Key Deliverable:

Security Competency Analysis Tool

The Security Competency Analysis Tool will be used to:

  • Identify competencies required for your organization.
  • Prioritize competencies based on service resourcing and proficiency gaps.
  • Build a development plan for equipping employees with the important competencies.

Sample of the key deliverable 'Security Competency Analysis Tool'.

Blueprint benefits

IT/InfoSec Benefits

  • Identify the most important cybersecurity competencies to acquire, using Info-Tech Research Group’s Cybersecurity Competency Framework.
  • Create a prioritized competency list based on organizational priorities and alignment with security business goals.
  • Gain an increased awareness of your cybersecurity team’s competency levels through proficiency analysis and creation of a development plan.

Business Benefits

  • Reduce time and effort spent training new staff by leveraging the opportunity to upskill your IT staff.
  • Understand how security’s alignment with the business will enable the strategic growth of the organization through employee skill development.
  • Gain an advantage by acquiring a diverse set of competencies that will give your organization a competitive edge while navigating the evolving security threat landscape.

Measure the value of this blueprint

Streamline your development plan to improve your overall security program.

Work to complete

Average time to complete

Info-Tech method timeline

Time saved

Create a cybersecurity development plan 5 days – research security competencies, identify security services to deliver, determine strategy for proficiency assessment, prioritize competencies, develop a roadmap to acquire the competencies 1 day 4 days

Improvement metrics

Value impact (direct/indirect)

Estimated time to realize value

Number of employees who have a development plan Direct 1-3 months
Percentage of cybersecurity learning & development actions that align with your security goals Direct 9-12 months
Percentage of cybersecurity competency gaps reduced Indirect 9-12 months
Build a Plan to Close Your Cybersecurity Competency Gaps preview picture

About Info-Tech

Info-Tech Research Group is the world’s fastest-growing information technology research and advisory company, proudly serving over 30,000 IT professionals.

We produce unbiased and highly relevant research to help CIOs and IT leaders make strategic, timely, and well-informed decisions. We partner closely with IT teams to provide everything they need, from actionable tools to analyst guidance, ensuring they deliver measurable results for their organizations.

What Is a Blueprint?

A blueprint is designed to be a roadmap, containing a methodology and the tools and templates you need to solve your IT problems.

Each blueprint can be accompanied by a Guided Implementation that provides you access to our world-class analysts to help you get through the project.

Talk to an Analyst

Our analyst calls are focused on helping our members use the research we produce, and our experts will guide you to successful project completion.

Book an Analyst Call on This Topic

You can start as early as tomorrow morning. Our analysts will explain the process during your first call.

Get Advice From a Subject Matter Expert

Each call will focus on explaining the material and helping you to plan your project, interpret and analyze the results of each project step, and set the direction for your next project step.

Unlock Sample Research

Authors

Ahmad Jowhar

Ian Mulholland

Contributors

  • Richard Drouillard, Manager of Security and Risk, Municipality of Chatham-Kent
  • Prachee Kale, Co-Founder, Think.Design.Cyber
  • Micael Szyszko, Senior Consultant, BDO Canada
Visit our IT Cost Optimization Center
Over 100 analysts waiting to take your call right now: 1-519-432-3550 x2019