Empowering Your Public Sector Agency: 5 Keys to Cybersecurity Literacy
Learn how to equip your public sector employees with critical cybersecurity skills to combat evolving threats and foster a culture of security awareness.
Key Takeaways
Prioritize cybersecurity training that leverages the existing skills of your workforce, empowering them to become valuable assets in safeguarding your agency.
Embrace “secure by design" principles, integrating security into all aspects of your agency's operations and technology adoption.
Create clear career pathways and recognize employee achievements to foster a culture of continuous learning and development in cybersecurity.
Public sector leaders face a critical challenge: Safeguarding sensitive data and inter-connected systems against increasingly sophisticated cyber threats and malicious actors.
To counter these evolving challenges, government agencies must prioritize building a cyber-ready workforce, ensuring cybersecurity literacy extends across departments and job functions. Agencies around the world have been charged with upskilling their workers to unprecedented levels of IT and cybersecurity expertise.
This article outlines five actionable steps to building a robust cybersecurity training program and empowering your workforce to embrace various approaches, including resilience strategies, AI-driven security analytics, and Zero Trust, to navigate the evolving threat landscape with confidence. We also draw on expert advice from Dr. James Stanger, Chief Technology Evangelist at CompTIA, to guide the strategy.
Cybersecurity skills are increasingly “table stakes”
Cybersecurity skills are vital as agencies and employees are expected to build resilient digital infrastructure. Emerging technologies will only heighten security risk and the need for skilled talent. The FBI, for example, has warned of increased threats due to the fact that threat actors have harnessed generative AI’s capability to increase the scale and speed of cyberattacks.
Despite this, the Global Skills Report 2024 found that global learner enrollment growth in cybersecurity skills falls behind other high-growth areas like cloud computing and data science.
The discrepancy between open cybersecurity roles and available talent is stark. According to ISC2 data, 78% of government leaders recognize that they have reached their peak threat level in the last five years, yet only 45% agree they have the tools and people needed to respond to cyber incidents.
Prioritizing cybersecurity upskilling across your organization isn't just about filling specialist roles; it's about fostering a culture of security awareness and equipping every employee with the foundational digital literacy needed to protect sensitive data.
5 steps for effective cybersecurity training
1. Start now, and improve step by step to build momentum
Don't let existing tech debt, shadow IT or outdated processes hinder your progress. Begin building cybersecurity literacy now, focusing on foundational skills and a "secure by design" mindset. As Dr. Stanger advises, "Start as secure as you can, but know you can’t do anything perfect in the real world. You have to make a good beginning, and then iterate step by step to constantly improve."
By incorporating security considerations into every new technology adoption and operational process, you create a culture of security awareness early on.
2. Assess, map, and motivate
Conduct a comprehensive skills assessment to understand your agency's cybersecurity strengths and weaknesses. Then, map cybersecurity training to clear career pathways, demonstrating the value and growth potential for employees. CompTIA, for example, effectively uses pre-assessments to tailor skills development and highlight relevant career paths.
We must create more pathways for people to enter the cybersecurity field and build a lasting career. We’re proud that the Google Cybersecurity Certificate is helping organizations fill cybersecurity roles and enabling people to earn an industry-recognized credential that will qualify them for well-paying jobs.
– Lisa Gevelber, Global Managing Director, Grow With Google
By showcasing how cybersecurity skills directly contribute to career advancement and job satisfaction, you can increase employee engagement and retention. According to ISC2’s Cybersecurity Workforce study, cybersecurity skills lead to many career benefits:
Cybersecurity training promotes talent mobility: 23% of younger professionals leverage their cybersecurity education to enter the profession, and 13% parlay these skills into a different field.
Career advancement opportunities grow: Career advancement is the number one reason why individuals choose to go into the cybersecurity field.
Increased responsibility: Leaders with cybersecurity training will become more prepared and sought-after to guide teams through digital transformation. Programs like the Google Cybersecurity Certificate offer a valuable pathway for individuals to enter the field and advance their careers, further strengthening your talent pool.
3. Embrace existing skills
Recognize that cybersecurity isn’t just for tech teams. Within your workforce, many individuals possess transferable skills that, with proper training, can be leveraged to strengthen your cybersecurity posture.
Dr. Stanger saw this firsthand with a CompTIA government partner in Europe: "They wanted to reskill their IT support service employees into security analysts. As they rolled out their training, it became clear that the IT support team already possessed many of the skills required for a security analyst role. Both receive tickets, have to read and write to a knowledge database, come up with solutions, make recommendations, and work with different types of people."
In the above example, all the trainers needed to do was provide the IT support team members with requisite cybersecurity skills. By identifying and bridging these skills gaps, you unlock hidden potential within your agency, empowering employees from diverse backgrounds to contribute to a stronger security culture. Organizations generally benefit from adopting upskilling strategies, rather than simply trying to hire that talent in the open marketplace.
Sometimes, it’s difficult to know where to start when it comes to creating an upskilling pathway. When upskilling anyone in your organization, lead with a foundational understanding of key skills as recommended by Dr. Stanger:
Understand how endpoints work: Learners should understand endpoints, or any network-connected device, at a base level. This could include laptops, mobile phones, IoT devices, routers, switches, storage, and even Operational Technology (OT) devices.
Networking protocols: Explore the fundamentals of a Domain Name System (DNS), a common target of cyberthreats, to gain a sense of networking protocols.
Cloud essentials: Understand how cloud-based infrastructure works, how to safeguard it from risk, and how to make it more resilient.
Attack recognition: To assess and handle cyberthreats, learners need to spot them first. Attack recognition familiarizes learners with hacker patterns and signs that they are being targeted given their ties to an organization.
Curiosity: Dr. Stanger recommends curiosity as a fundamental soft skill that will enable learners to troubleshoot cybersecurity problems, experiment with tools, and understand concepts that could lead to solutions.
4. Make learning practical with hands-on applications
Incorporate hands-on learning opportunities, simulations, and real-world scenarios into your cybersecurity training program. This approach not only boosts knowledge retention but also allows employees to build practical skills they can apply immediately on the job.
The future of cybersecurity upskilling will be much more hands-on. It will become context-specific; learning will be less of a separate activity and more of a livestream, real-time activity.
– Dr. James Stanger, Chief Technology Evangelist at CompTIA
Coursera Guided Projects, like "Vulnerability Scanning with Nmap: Network Scanning" and "Introduction to Networks and Cisco Devices," offer a great example of this practical, hands-on approach.
5) Track, reward, reinforce
Establish clear metrics to measure the impact of your cybersecurity upskilling initiatives. “If upskilling isn’t measured, it likely won’t be recognized as improving anyone’s situation,” says Dr. Stanger. Regularly track progress, analyze data, and use the insights gained to continuously improve your program's effectiveness. Just as importantly, recognize and reward employee achievements to maintain motivation and foster a culture of continuous learning.
Leverage platforms like Coursera, where learners earn shareable certificates and badges that showcase their achievements and expertise. This public recognition further incentivizes employees and reinforces the value of cybersecurity skills within your agency.
Building a more secure and trusted public sector workforce
While the task of building a cyber-ready workforce may seem daunting, remember to start where you are, leverage existing resources, and focus on building momentum. Industry-created, skills-based pathways exist that are designed to help public sector leaders and their employees in their upskilling journey. By taking a proactive, skills-based approach to cybersecurity upskilling, you not only safeguard your agency from evolving threats but also cultivate a culture of shared responsibility, continuous learning, and enhanced public trust.
This content has been made available for informational purposes only. Learners are advised to conduct additional research to ensure that courses and other credentials pursued meet their personal, professional, and financial goals.