This October we discussed the evolution of cybersecurity education and explored the four key themes of Cybersecurity Awareness Month through member voices on ISC2 Insights:

As we close out the month, we asked our ISC2 Volunteers to reflect on the expansions they have witnessed in cybersecurity education, their greatest training experiences and to weigh in how the cyber training experience can advance to inspire the next generation.

Cybersecurity Changes & Trends

There have been many progressive changes to cybersecurity education in the 15 years Desmond Israel, CC has been in the industry. He highlighted a few for us:

  • Increased demand for specialization: There is a growing need for specialized training in areas like threat hunting, incident response and cloud security.
  • Shift towards remote learning: The COVID-19 pandemic accelerated the adoption of online learning platforms and virtual training environments.
  • Integration of ethical hacking and offensive security: Ethical hacking training has gained prominence as organizations recognize the value of offensive security measures in identifying and mitigating vulnerabilities.
  • Compliance and regulatory training: With the introduction of new data protection laws (e.g., GDPR, PIPL, CCPA), compliance-focused training has become a crucial aspect of cybersecurity education.

Cyber training for all has become an everyday practice in many organizations. Users are given much more information on what to look for in regard to scams, malware, etc. Organizations have learned that the weakest link in the systems is usually the users in an otherwise secure network. There is still more to be done, in particular to secure healthcare and infrastructure as they are critical for our society. - Jean Tam, CISSP

Over the years, we’ve seen a shift towards more practical and scenario-based training. There's also a growing emphasis on threat intelligence, cloud security, and the integration of emerging technologies like AI and blockchain into cyber education. - Abdullah Afzal Raja, CC.

Outside of the educational space, Fred Dais, CISSP shared that to him, a big progression in recent years is cyber-supply chain risk management and governance becoming a part of the C-suite conversation. In addition to this, Babatunde Ojo, SSCP, CC mentioned BYOD (bring your own device), AI and machine learning, Zero Trust architecture and an increase in cyberattacks have all had large impacts on the industry.

Moving forward, Chinyelu Udeagwu Karibi-Whyte, CISSP, CCSP noted a trend towards vendor-neutral certifications and training that provide a broader understanding of cybersecurity concepts. Also, regulations like GDPR, CCPA and HIPAA have specific mandates for cybersecurity awareness and training, influencing the curriculum.

Impactful Cybersecurity Training

While we may each have individual preferred methods of learning, a common theme stood out among our respondents; memorable trainings are interactive and engaging.

Jean Tam, CISSP provided a good example of this, reflecting on how much fun she had when memorizing the periodic table, all because of her high school chemistry teacher. This experience remains a valuable part of her educational journey today, Jean still learns best in a lab environment. She has a lot of her own equipment at home, just to stay up to date on the latest tools and techniques used in the industry. Abdullah Afzal Raja, CC seconds this approach saying, “My best experience was a hands-on workshop addressing real forensic challenges. Practical, interactive sessions like these are invaluable because they simulate actual scenarios, enhancing critical thinking and problem-solving skills. This approach makes learning engaging and effective.”

Some, like Fred Dais, CISSP, prefer attending live conferences and networking with peers. While Hina Jabeen, CC says online trainings are more efficient, economical and interesting. Through these online interactive cyber trainings, she mentions, learners can acquire useful cybersecurity skills through simulations, real-world situations and active engagement. This virtual method encourages effective learning and equips students to take on the always-changing problems of the digital security ecosystem.

Babatunde Ojo, SSCP, CC noted that he prefers self-paced training from home because it gives the opportunity to set personal goals in a flexible environment. Philips Oke, CC agreed that his best cybersecurity training experience was with self-study materials.

Phaustin Karani, CC and Neeraj Kumar Vijay, CISSP both shared the viewpoint that learning on the job and with a team can lead to rapid growth through exposure compared to self-study or bootcamps. In addition to this, Neeraj enjoys learning in a virtual space as well with interactive videos with assessments.

Chinyelu Udeagwu Karibi-Whyte, CISSP, CCSP advocates for scenario-based training as one of the most effective methods for cyber education. Here's why:

  • Scenario-based training mimics real-world cyber threats, providing a practical understanding of how to respond to different situations.
  • The interactive nature of scenarios keeps learners engaged, making the training more impactful.
  • This method encourages critical thinking and decision-making skills, which are crucial in cybersecurity.
  • Learners receive instant feedback on their actions, allowing them to understand the consequences and learn from their mistakes.
  • Scenario-based training often involves team exercises, which help improve communication and collaboration skills, essential in handling cyber incidents.
  • Scenarios can be tailored to mimic threats that are most relevant to the organization or individual, making the training highly relevant.
  • Advanced scenario-based platforms offer analytics to gauge the effectiveness of the training, identify areas for improvement and measure ROI.

On this note, Lok Yi Lo, CISSP highlighted recent advancements like gamification of cybersecurity education can improve people's motivation to learn and update cyber security skills.

Future of Cyber Education

Almost every day new technologies are coming out that directly send a signal to us as cybersecurity professionals and experts to think ahead. Advanced cybersecurity training is essential in preparing cybersecurity professionals to address the evolving and increasingly sophisticated threats in the digital landscape. Here are some of the key considerations for advancing cybersecurity training: real-world scenarios, cloud-based labs, AI and automation, red and blue teaming hands-on, specializations and threat intelligence. Cybersecurity training should be agile, responsive and adaptable to the adjusting needs of organizations and individuals. It should not only focus on technical skills but also encompass the broader aspects of cybersecurity, including risk management, policy development and ethics. Regularly updating training materials and methodologies is crucial to staying ahead of evolving cyber threats. - Babatunde Ojo, SSCP, CC

Additional suggestions for advancements include Philips Oke, CC encouraging cybersecurity training to begin with the youth offering social media awareness and free online training. Abdullah Afzal Raja, CC shared that cybersecurity training should evolve by focusing on real-world scenarios and hands-on experience, bridging the gap between theory and practice. remarking on Loki’s earlier suggestion that gamified learning experience and continuous skill assessments can make learning skills engaging and skill retention easier.

The group as a whole seems to be in line with the following from Chinyelu Udeagwu Karibi-Whyte, CISSP, CCSP, cyber training should be:

  • Continuous, real-time updates and training modules that can be accessed anytime, anywhere.
  • Interactive, game-based learning to engage employees and make the training more effective.
  • Specialized training modules for different departments like HR, Finance, and IT, focusing on the specific risks they face.
  • AI-driven personalized training paths based on an individual's role, past performance, and areas for improvement.
  • Mobile-friendly, accessible training modules that can be accessed on various devices.

In closing, cybersecurity has evolved and met a new level of technology era where for enterprise we talk about adopting the change like cloud, AI/ML, Robotics, IoT's etc. and for end-user understanding and adhering to secure practice. While the end-user is always the weakest chain in the security line, we should balance the technology adoption to make it easier for the end user. An ideal training should balance both and provide interactive and more practical training material that sticks to memory and easily adaptable. - Neeraj Kumar Vijay, CISSP

Find your preferred training that fits your schedule and learning style with the ISC2 Training Finder. This resource makes it easy to view and register for official training courses from ISC2 and our Official Training Providers.