Among the many changes unleashed by COVID-19, one has been a dramatic increase in the use of digital tools. The World Bank projects that total internet traffic this year will be 50% higher than it was just two years ago. The increased digitalization, needless to say, also amplifies the risks of cyber threats and attacks for us all. That underscores the importance for companies to strengthen their capabilities to develop, implement, and maintain robust cybersecurity protocols.
But in a survey of global cyber leaders by the World Economic Forum, 59% said it would be challenging to respond to a cybersecurity breach, given the skills shortage on their teams. And more than half said talent recruitment and retention were the biggest challenges of all. How, then, to meet this ongoing need for cyber resilience?
One of the keys is for companies to operate as something akin to corporate universities — offering not just employment but also the promise of continued employability.
This can be achieved through reskilling programs that train existing or new workers in cybersecurity and related disciplines. Doing so ensures the employers get the personnel they need while workers get the skills and knowledge that will help them get hired and stay employed. There is a clear alignment of interests: individuals benefit from having cybersecurity knowledge with greater employability, and companies need workers with that knowledge.
At Infosys, like all businesses, we increasingly need more workers with digital skills — particularly in cybersecurity — related to new technologies. However, because the technology and the threats are constantly evolving, it can be challenging to find enough people in the labor market with these skills.
We rely on reskilling to fill much of this gap. And we have applied the lessons of more than three decades of training new employees, from physical classrooms in India to our online digital reskilling programs worldwide.
These programs, which include training for cybersecurity, involve continuous, self-paced learning for employees; collaboration with academic institutions; specialized programs for local hiring; and digital reskilling for new and current employees.
In four phases, we developed a holistic reskilling program incrementally, evolving it alongside changes to our operating model. This program can be a model for other companies, with chief information security officers (CISOs) helping design programs that will help them meet their needs for talent in cybersecurity and other areas.
Developing a reskilling program
Phase 1: Foundation. Each unit created a three-year business growth projection for the top five digital skills, called new service offerings (NSOs). The units also created talent plans to meet the anticipated business growth projections for each NSO. This resulted in 36 new offerings, with the top five skills needed for each.
Phase 2: Skills Forecasting. We planned for both long-term (five years out) and short-term (quarterly) skills needs. We used a variety of external and internal inputs for this forecasting model, including revenues, employee skill data, past allocations, and market trends.
Phase 3: Program Implementation. This enabled reskilling as an alternative talent pipeline. More than 90% of these reskilled employees have been deployed to projects using their new skills.
Phase 4: Scaling. We encouraged people to learn about cybersecurity and create awareness of the reskilling program. Employees are induced to participate by giving them concrete financial and career incentives. Career incentives include skill tags. These skill tags quantify what they have learned in a way that is recognized in the market. For instance, “Cybersecurity expert” is a tag employees can earn to indicate their skill set and work on new projects internally and with clients.
In the Scaling phase, we have also focused on communicating the many benefits of reskilling. This communication happens at several levels — with leaders, managers and employees. We also send out a series of weekly emails on reskilling to all employees, which increases awareness of reskilling opportunities.
Benefits of reskilling
Fundamentally, reskilling is a win-win: It benefits both organizations and workers. We have found that it is about half the cost of hiring from the market. Reskilling has also lowered the attrition rate in our cybersecurity teams.
Reskilling has wider benefits, too. It helps our talent to learn and shape their careers in ways that are most meaningful for them. For example, they can transition from software testing to certified cybersecurity professionals.
Reskilling also inculcates a culture of lifelong learning into an organization. Businesses retain talent while employees continually evolve their skills to match the company’s needs. This is a strong value proposition for both the employee and the organization — it improves recruitment, retention, and internal rotation and deployment.
It can also be part of an inclusion strategy that benefits the company, provides opportunities to work in a digital role for those who might not otherwise have had them, and ultimately increases diversity.
Reskilling should be one of the primary strategies companies use to build their cybersecurity workforce. At Infosys, four principles guide our approach to reskilling.
Make reskilling a core pillar of the operating model. Without the infrastructure and operational changes, employee reskilling programs are destined to fail. They need to be tied to strategy, direction, and other investments.
Assemble cross-functional teams. A successful reskilling program requires participation across the organization. Focused, weekly efforts on reskilling with the leadership of many units are essential to continuously plan and assess reskilling progress.
Make employees part of the process. Create enough incentives, necessary infrastructure, and support — especially during the transition phase.
Don’t go it alone. For the greatest impact, collaborate with academic institutions, nonprofits, and policymakers. At Infosys, for example, we formed a consortium with other trainers to use a learning platform to reskill pandemic-impacted job seekers and connect them with companies looking for workers — including cybersecurity experts.
Two years ago, Infosys opened a Technology and Innovation Center on the campus of Arizona State University to help meet staffing needs in cybersecurity and other areas. The 60,000 square foot site is helping to build a pool of talent, as are our partnerships with ASU, Maricopa Community Colleges, the Arizona Commerce Authority, and the Arizona Technology Council.
Investing in People
Investing in people is the best investment companies can make as they develop their cybersecurity workforce. But more needs to be done. An Infosys survey has shown that only 54% of U.S. hiring managers said their company offered training in basic computer skills, and only 34% offered more specialized training in cybersecurity.
A greater investment in employee learning programs focused on cybersecurity and other disciplines can be cost-saving measures that help organizations learn, adapt, and evolve, while also helping meet employees’ basic human drive to learn. The programs also strengthen the employer-employee relationship because employees feel valued and cared for.
Finally, reskilling brings opportunities to people who might not otherwise have them. Our reskilling initiatives with community colleges, for instance, enable us to employ people at a lower cost — while at the same time giving a wider swath of people the opportunity for upward social mobility.
With cybersecurity threats growing and companies needing the personnel to help address those threats, companies — and CISOs in particular — should be prioritizing reskilling programs. They are investments that will deliver outsized dividends for years to come.