Burnout is also a growing issue in the cybersecurity industry, driven in part by the sense that teams are constantly fighting fires without time to build the tools or knowledge they need to keep pace.
Burnout is also a growing issue in the cybersecurity industry, driven in part by the sense that teams are constantly fighting fires without time to build the tools or knowledge they need to keep pace. Without meaningful growth opportunities, top talent is more likely to leave, contributing further to the talent churn that so many organisations are already experiencing. The 2024 ISC2 report found that 66 % of cybersecurity professionals experience significant stress at work, with nearly half( 49 %) reporting that stress has increased over the past year. A major contributor: insufficiently trained staff, cited by 45 % of respondents.
In contrast, when organisations support continuous learning, the benefits are wide-reaching. In fact, our research found that access to continuous learning and being part of a highly skilled team are among their top priorities when considering a new role. In other words, investing in L & D doesn’ t just build internal capability, it improves retention, attracts ambitious new talent and creates a culture of shared accountability for staying ahead of threats.
Here are a few principles to developing a culture of continuous learning:
1. Align learning strategies with business and security goals. CISOs should partner with department leads to ensure learning objectives map to the broader business strategy. For example, if your organisation is undergoing a major cloud migration, your L & D programme should focus on cloud security training. Similarly, if your business is expanding its digital services or handling larger volumes of sensitive customer data, focus areas should include data protection, threat detection and secure development practices.
2. Integrate in-the-flow-of-work learning. Rather than sending teams off-site for generic training courses, provide access to high-quality, contextually relevant content that can be accessed in real-time, whether during a security audit, or post-mortem analysis. A learning platform – ideally one that has been designed specifically for technology professionals – would make it possible to integrate learning into daily workflows, turning real-world challenges into learning moments. This could mean incorporating time for skill-building into sprint planning, aligning training with real-world threat scenarios, or creating visible pathways for internal mobility.
3. Set measurable expectations. Too often, employees want to upskill but aren’ t sure where to start or if their learning will be recognised. In fact, our research revealed that nearly one in three( 30 %) UK employees say learning and development( L & D) is not discussed or measured as part of their performance reviews. Meanwhile, 27 % report no clear expectations or structured support for leveraging available learning tools. CISOs can change this by setting clear learning goals, incorporating L & D into regular performance reviews, to recognise skill development as much as project delivery.
4. Cultivate a culture of shared responsibility. Ultimately, developing a future-ready security team requires commitment from both employer and employee. CISOs must create the right conditions for learning, but team members must also take ownership of their growth. Empowerment is key, when people feel trusted to explore and develop their skills, they’ re more likely to step up and stay.
The cybersecurity skills gap is only getting worse, putting CISOs in a critical position. To protect their organisations effectively, they must also become champions of talent development. Bridging the gap requires more than just recruitment, it needs a new approach to training that keeps teams working while integrating learning into the day-to-day. In-the-flow-of-work training, tailored to real-world threats and aligned with both business and security priorities, is key to building a resilient, adaptable security team.
50 WWW. INTELLIGENTCISO. COM