Cybersecurity: the importance of continuing training for professionals

The field of cybersecurity is constantly evolving. With new threats and new technologies, it is necessary that industry professionals be prepared to train throughout their careers, and on a regular basis.

While there are many ways to stay up to date on the latest trends in IT security, continuing education is one of the best ways to stay effective when you have to defend yourself daily against adversaries who do not hesitate not to use all the means at their disposal. Certifications, training, specialized sites, we explain how to continue to evolve as cybersecurity professionals.

Cybersecurity, a popular sector of activity

A sector in search of talent

According to a study carried out in 2023 by ISC2 and reported by Le Monde Informatique, companies lack cybersecurity experts around the world. Although the industry gains new workers every year, the deficit continues to widen, with 4 million additional people needed to meet the global need. This is also the case in France: to attract high school and college students to cybersecurity careers and have a greater diversity of profiles in the field, ANSSI, Campus Cyber ​​and the Ministry of National Education have launched the “Tomorrow Cyber ​​Specialist” campaign, in order to explain the different professions in the field of cybersecurity and the ways to access them. According to them, there are now 52,000 cyber specialists in France, with the objective of creating 37,000 additional jobs by 2025. The sector is therefore constantly looking for new talents and profiles, including more women, who previously represented in 2021 only 11% of IT security professionals according to an ANSSI survey.

Increasing numbers of cyber threats

This demand for additional manpower in the field of cybersecurity also comes from the increase in cyber threats. In 2023, according to ANSSI, security threats increased compared to the previous year, with 3,703 security events brought to the attention of the agency compared to 3,018 in 2022, and they take different forms : ransomware (or ransomware), which saw an increase of 30% compared to the previous year, espionage and targeting of individuals or structures that handle sensitive data, or even destabilization operations, such as DDoS attacks or against critical infrastructure. And criminals continue to improve while exploiting weaknesses that are still not corrected, showing a certain need for professionals in the field to face ever more imaginative and formidable adversaries.

Everything you need to know about initial cybersecurity training

If according to ANSSI, 71% of professionals recruited in the field of cybersecurity over the last five years are not initially trained in the field, courses in a cybersecurity school have developed over the years to be able to get started in cyber security from the start of your studies. These training courses are generally offered over 1, 2, 3 or 5 years depending on the level of studies upon entry into the program and offered as integration in the 1st year, 3rd year, 4th year or 5th year, subject to meeting the requirements. requirements for each of the programs, namely the baccalaureate, a bac+2, bac+3 or bac+4 and the successful completion of admission tests. From now on, it is therefore possible to train in the field as soon as possible or to switch to it quite easily after a few years of study.

The main certifications to boost your career

There are many IT security certifications, some very specialized in certain software or services, while others are more general and will depend on your field of expertise. It should also be noted that certifications are not all aimed at the same audience: some are suitable for young workers just finishing studies, with little or no professional experience, to teach them certain essential skills, while others should be reserved to seasoned professionals, with several years of experience behind them. It is difficult to determine which certifications are truly essential as the cybersecurity professions are vast, but a few of them are particularly well-known:

• CompTIA Security: this certification validates basic knowledge in cybersecurity. No experience necessary, but it is recommended to have already worked 2 years in the IT field and possibly to pass the Network+ certification beforehand.
• CEH: this certification is for those who wish to move into the field of ethical hacking. It is possible to take the exam without experience by following official training beforehand or to have two years of experience in information security to take the exam directly.
• CISSP: This certification is reserved for experienced professionals who want to take the next step in their career. The prerequisites to be able to pass it are higher than others, in particular significant professional experience in cybersecurity.
• CISA: this certification is aimed at people already employed in the IT field and who would like to specialize even further. It is therefore necessary to have several years of experience to be able to pass it, varying depending on your level of education.
• OSCP: another specialized certification in the field of “offensive” security, to certify ethical hackers, penetration tester and others. This certification is quite specialized and requires you to have acquired some skills, although there are no prerequisites to take the exam.

Please note that these are only examples. The best certification is the one that most closely matches your chosen field, whether it’s ethical hacking, cloud services security or network security, and your level of experience and knowledge. Trying to jump into an advanced certification too early isn’t always the best idea.

The risks associated with the absence of continuing training in cybersecurity

If the study carried out by ISC2 pointed to a lack of personnel, it also highlighted a lack of training on new IT technologies and the threats they face. The companies and professionals surveyed said the majority lacked skills in the field of cloud, artificial intelligence/machine learning or in the implementation of a model zero trust. The ISC2 further indicates that in studies from previous years, artificial intelligence was either at the bottom of the list or not mentioned, while it is now one of the most in-demand skills, showing that cybersecurity is an area in constant change, in which professionals must continue to train throughout their careers to remain effective. The ANSSI report also shows that adversaries themselves do not hesitate to modify and perfect their techniques to avoid detection and identification, thus illustrating the need to continue to update and expand his professional expertise.

Cyberattacks: how to stay up to date to better counter them?

There are several ways to continue to stay up to date on the latest computer threats and methods to counter them. Specialized sites, professional blogs and social networks are an excellent way to stay up to date with current events, know the latest trends and research, and be warned as quickly as possible in the event of cyberattacks on systems or software used. Going regularly to the CERT-FR site is also a good reflex to have to see the latest security alerts, stay up to date on current threats and vulnerabilities or even obtain indicators of compromise to determine if you have been victims of a particular group or malware. Finally, as we indicated above, the cybersecurity sector is evolving quickly. Continuing to learn throughout your career is essential to face threats that continue to change and use new tools. More than in other fields, continuing education is an essential component for IT security professionals.