Navigating the Cyber Security Training Landscape

Navigating the Cyber Security Training Landscape: Key Insights and Market Trends

Welcome to the first in our series of blog posts focusing on Training within the realm of Cyber Security. Our aim is to provide a comprehensive overview, stimulate insightful discussion, highlight pertinent training resources and introduce our expert authors.

1. Understanding the Cyber Security Training (Market)

Let's start by laying the groundwork with a succinct overview of the Cyber Security Training (Market). We'll delve into its significance in cyber security training and its broader implications in the cyber security landscape. This section will cover key concepts, challenges, and trends, setting the stage for the discussion to follow.

What is cyber security training? It is simply a way of making employees, contractors, and any business partners cyber security aware. Cyber security awareness usually applies to understanding and being aware of potential threats, risks, and hazards associated with IT infrastructure which includes physical (such as desktops, laptops, network printers) and virtual infrastructure (such as cloud-based systems), as well as data which is used in any modern-day organisation.

The next question is then why is such training important? You don’t have to look very far to see the increase in the use of cloud computing, Internet of Things (IoT), and artificial intelligence across organisations of various sizes. The ubiquitous nature of these technologies coupled with the marked increase in cybercrime activities (such as cyber-attacks and data breaches) mean there is a growing need to ensure that data privacy and security remain assured. Several governments are regularly issuing regulation and compliance requirements to which businesses must adhere, particularly if they have a global reach. Hence, Ignoring the cyber security issue by not providing necessary training means that organisations open themselves to these cybercrime activities, as well as associated financial losses and a tarnished image.

So, the era we are in means we need to consider how cyber aware we are as individuals and organisations. For organisations, the training can encompass general awareness and/or developing high-level technical cyber security skills for specified employees/teams. Training in security awareness alone has an extensive market size as businesses want to ensure they are affecting the “human factor” in cyber security, as well as considering advancing technology, such as IoT (Security Mentor, 2022).

2. In-Depth Discussion:

Now that we've set the context, let's dive deeper into the actual Cyber Security Training Market. This section will explore various facets related to our topic. We aim to provide valuable insights, thorough analysis, and practical examples to enhance your understanding. We encourage your active participation through questions and prompts, making this a truly interactive learning experience.

After reflecting on the drivers and scope of cyber security training, let’s now focus on the market for this form of training. The introduction has set the scene for a service that is much in demand and therefore has a market that is constantly expanding. Even governments are making provisions where possible to support businesses investing in cyber security training. To cover off information on this topic, we will look at the current gaps or issues faced in this training market, trends, as well as opportunities for the cyber security training market.

The gaps in the UK cyber security training market that needs to be addressed, covers:

• Lack of qualified cyber security professionals: There is a shortage of skilled cyber security professionals across the globe compared to the demand for their services; many organisations are struggling to find enough qualified candidates to fill open positions. This gap is expected to grow in the coming years as the demand for cyber security services continues to increase (Poremba, 2023).
• Lack of training for small and medium-sized businesses (SMBs): Many SMBs do not have the resources to provide cyber security training for their employees, leaving them vulnerable to cyber-attacks.
• Lack of hands-on training: Many cyber security training programs focus on theoretical concepts and lack hands-on training and practical experience. This can make it difficult for graduates to apply their knowledge in real-world situations.
• Lack of training for specialised areas: Some organisations require specific knowledge or skills to protect their unique assets, such as the critical infrastructure in the healthcare and finance sectors. Subsequently, there is a need to develop training programs that cater to the diverse needs of organisations and their employees.
• Lack of training for emerging (rapidly evolving) technologies and cyber threats: As new technologies such as AI, IoT, and Quantum computing are becoming more prevalent, the need for cyber security professionals with expertise in these areas is also increasing.

Bearing these gaps in mind, what are the latest Market Trends in Cyber Security Training? Where is this training sector headed?

• Cyber as a service (CaaS). This is where an organisation outsources their cyber security needs; all the cyber security personnel and management needed by an organisation are contracted out to a different organisation. One key reason for this is the increasing adoption of cloud-based cyber security solutions. The COVID-19 pandemic brought about an increase in home/remote working, as well as Bring-Your-Own-Device (BYOD) and Choose-Your-Own-Device (CYOD) use. This also meant an increase in cloud-based cybercrimes, which many companies were not able to defend or manage effectively. Apart from providing standard cyber security services such as incident response and vulnerability assessments, the outsourced CaaS company would also provide awareness training for the organisation’s employees, as well as any needed cyber security advice and support.
• The adoption of CaaS is a growing trend as more and more organisations (of all sizes) find that this route is more cost-effective, scalable and provides them access to cyber security specialists who are increasingly difficult to recruit. Our recent market research shows that key buyers of CaaS in the UK include government departments, regional consortiums, and large organisations. Our data also show that the UK government market expenditure on CaaS is growing and with current threat levels and upcoming legislation demand, this will remain strong even in (because of) a recession (see figure 1 below).

Figure 1 CaaS Tenders and Awards from 2015 to 2023 by value

• Demand for high-level technical skills. Another trend is the growing demand for training in areas such as threat detection, incident response, and vulnerability management. According to the 2018 Ipsos MORI research for the UK department for Digital, Culture, Media & Sport, many organisations require access to high-level technical skills, that can implement cyber security beyond the minimum standard. Their findings showed that the broad high-level technical skills that are of greatest need are: security architecture, penetration testing, threat intelligence, forensic analysis, interpreting malicious code, and user monitoring.
• Integration of artificial intelligence and machine learning technologies in cyber security training. November 2022 brought Generative AI firmly onto the world stage, via Chat GPT. Now, trainers and educators are keen to see how this tool can be used in the ever-growing field of adaptive learning (in fact, one company is already making headway in this space). Essentially, adaptive learning allows employees to learn at their own pace. Leveraging AI technology in this space can lead to a genuinely personalised learning journey and can provide organisations with information on the impact of such training. Personalising adaptive learning is becoming a priority for organisations as they seek to ensure that rather than having the same training provided to everyone, the right training and support can be provided to individual employees when and where they need it. It therefore allows organisations to track employee progress and identify areas for improvement. Being personalised and adaptive means that the training can be fully online or take place as part of in-person workshops with the aim being flexibility to learn in a way that works for the employees.
• Emergence of gamification and adoption of Virtual and Augmented Reality (AR) technologies for cyber security training. Applying game design elements in non-game contexts (Gamification) has seen growing use in the education sector as it makes learning more fun and engaging for the learners. Cyber security training has now picked up on this mode of delivery with elements like points, badges, and leader boards being used. Gamification is a mode of delivery which would appeal to younger employees, as well as employees who may not be keen on cyber security but require the training. Gamification can also simulate real-world scenarios which will allow employees to apply their knowledge in highly probable situations.
• Taking that simulation factor further to provide hands-on training is the use of Virtual Reality (VR) and AR. Various real-life scenarios can be built into a VR and AR cyber security training session. For example, VR and AR can be used to provide training on physical security (such as the physical layer of networks) where such infrastructure may not be readily available, or employees can be immersed in a simulated cyberattack where they can practice their incident response skills in a safe environment. Being in such a realistic, immersive environment means that VR and AR training can help employees develop a better understanding of potential threats.

Following on from these trends, what Market Opportunities are there for Cyber Security Training?

• Growing demand for cyber security training in emerging economies. The ever-present need for cyber security specialists is especially obvious in developing countries (Catota, Morgan and Sicker, 2019). Various factors have contributed to this, such as lack of awareness amongst the populous and lack of qualified trainers and academics in these nations. Many are keen to invest in training delivered remotely to ensure that their staff can continue to provide the necessary service.
• Demand for specialised training programs for specific industries. Getting generalised training is not suitable for many organisations which must account for very specialised cyber security needs. Subsequently, there is a need to develop specialised training programmes which are industry specific, such as healthcare and finance. As highlighted above, the use of CaaS appears to be the current tool/framework typically adopted by such organisations so that they can focus on what they do best.

Indeed, we are all keen to see how these opportunities develop as more and more people become aware of cyber security issues and many more take on various training to make their move into the cyber security arena.

3. Training Resources:

MKC Training’s, Cyber Training Alliance (CTA) is a true alliance of trusted Small and Medium Enterprises (SMEs) operating together to the mutual benefit of each company and collectively to the benefit of its customers. The CTA brings together complementary companies to deliver a coherent, powerful, and compelling offering to meet the needs of the ever-evolving cyber market with greater agility and value for money. The CTA was founded by MKC Training to bring together a trusted network of like-minded SMEs to deliver cyber training, delivering real skills rather than theory.

To help you further develop your skills and knowledge in Cyber Training, we've curated a list of relevant training resources. This includes a mix of free and paid options, online courses, certifications, workshops, and webinars. Each resource is briefly described, highlighting its key features, learning outcomes, and target audience.

If you would like to know more about our training capabilities please contact courses@mkctraining.com for further information or following one of the links below:

• NCSC Assured Cyber Security for Boards Training
• Cyber Security Awareness Course
• Cyber Security Fundamentals | NCSC-Certified Course
• ITIL® 4 Foundation Certification - IT Service Management Certification

Conclusion:

As we wrap up our first blog post, we hope you've gained a deeper understanding of the Cyber Security Training Market and its significance. We encourage you to explore the training resources provided and continue your learning journey. We'd love to hear your thoughts and suggestions for future topics. Thank you for your time and interest.

About the Author(s):

Author: Dr Nkaepe Olaniyi

Services Limited Divisional Manager (Head of Department) at MKC Training

Connect with me on LinkedIn!

Dr Nkaepe Olaniyi is MKC Training Services Limited Divisional Manager (Head of Department) of the Professional Engineering Wing at the Royal School of Military Engineering. Nkaepe has several years’ experience in Higher Education, with a focus on Computing and Engineering. She is vice-chair of the UK Cyber Security Council Professional Standards Working Group and an Associate Editor for the IEEE Education Society IEEE Access Section. Her expertise and insights have been invaluable in creating this post.

Author: Trevor Jackson

Founding Director of Metier Solutions Ltd

Connect with me on LinkedIn!

Trevor Jackson is Founding Director of Metier Solutions Ltd a trusted strategic consultancy, specialising in people, organisational performance, training and capability building. Lead training research, consultancy function for QinetiQ's cyber, information and training division and was head of architecture for BAE AI cybers business unit. A proven track record in market analysis, business strategy underscores a multidimensional approach to complex problem-solving.

Sources:

DiFurio, D. (2023). Demand for Cybersecurity Analysts Is Growing Twice as Fast as the Workforce.

Catota, F., Morgan, M.G., and Sicker, D.C. (2019). Cyber security education in a developing nation: the Ecuadorian environment, Journal of Cybersecurity, 5(1)

Khan, S. (2023). Harnessing GPT-4 so that all students benefit. A nonprofit approach for equal access. Khan Academy Blog.

HTF Market Intelligence (2022) Cyber Security Training Market Dynamics, Size and Future Growth Trend 2022-2029

Pedley, D., McHenry, D., Motha, H. and Shah, J.N. (2018). Understanding the UK cyber security skills labour market: Research report for the Department for Digital, Culture, Media and Sport Ipsos MORI.

Poremba, S. (2023). The cybersecurity talent shortage: The outlook for 2023. Cybersecurity Dive.

Security Mentor (2022). Security Awareness Training Statistics & Trends: 2022 Edition.

The White House (2023). FACT SHEET: Biden-Harris Administration Announces National Cyber Workforce and Education Strategy, Unleashing America’s Cyber Talent.