Featured Product
This Week in Quality Digest Live
Innovation Features
Zach Winn
Autonomous machines snip weeds and preserve crops without herbicides
Daniel Croft
Noncontact scanning for safer, faster, more accurate, and cost-effective inspections
National Physical Laboratory
Using Raman spectroscopy for graphene and related 2D materials
Ashley Hixson
Partnership with Hexagon’s Manufacturing Intelligence division provides employable metrology skills
Annual meeting in Phoenix, April 26–28

More Features

Innovation News
Even nonprogrammers can implement complex test systems and standards
Alliance will help processors in the US, Canada, and Mexico
New features revolutionize metrology and inspection processes with nondimensional AI inspection
Strategic partnership expands industrial machining and repair capabilities
Supports robots from 14 leading manufacturers
AI designed to improve productivity and processes
Ultrasonic flaw detector now has B/C scan capability, improved connectivity, and an app to aid inspection
Tapping tooz for AR/VR competence center

More News


Why Employers Should Embrace Competency-Based Learning in Cybersecurity

Closing the education-to-hiring gap

Published: Monday, January 16, 2023 - 13:02

There’s a growing movement to increase competency and skills-based education and hiring practices in both the public and private sectors.

For example, the Executive Order on Modernizing and Reforming the Assessment and Hiring of Federal Job Candidates calls on the federal government to “ensure that the individuals most capable of performing the roles and responsibilities required of a specific position are those hired for that position.” This results in “merit-based reforms that will replace degree-based hiring with skills—and competency-based hiring.”

Similarly, the “Principles for Growing and Sustaining the Nation’s Cybersecurity Workforce” emphasizes the importance of expanding the candidates pool by discontinuing the use of degrees as a mandatory requirement for jobs and revising job postings to be more transparent about the skills needed to perform and thrive in the role.

Although employers as well as education and training providers are prioritizing cybersecurity competencies and skills, getting the two ecosystems to work together to close the education-to-hiring gap continues to be a challenging and slow-moving mission.

Benefits of competency-based training

Competency-based education allows students to verify their skills and earn credentials by demonstrating what they know instead of spending a required amount of seat time in class. With every competency assessed, students understand the value of their effort against targeted job roles. When armed with this intelligence, they can build their careers in real time while also continuing to attain high-value credentials.

Often, when students enroll in a degree or certificate program, they’ve already acquired a significant work history related to their field of study. Competency-based education gives credit where credit is due, allowing students to use prior knowledge and professional experience to accelerate in their program and qualify for employment opportunities.

This model is well-suited to adult learners, who often enroll in programs with different levels of knowledge and experience. It offers a variety of preferred approaches for balancing school and work.

Employers must actively invest in their workforce to maintain competitive teams. That means creating deeper and more strategic partnerships with higher education—or with new education and training providers that are willing to be part of the solution. Competency-based education and hiring is a more objective, equitable, and efficient way to connect today’s job seekers with available career pathways. While traditional degrees are still a powerful engine of social mobility, they’re not the solution to every talent supply-chain challenge. We must embrace new routes to opportunity, including short-duration, on-the-job, and apprenticeship programs that can be expanded rapidly and stack into higher degrees of value.

Reevaluating hiring practices

Employers will also need to change how they hire. The significant staffing shortage relative to the volume of available talent available requires employers to cast a wider net. The speed of hiring and availability of candidates are two primary drivers. Employers are shifting their focus to transferable capabilities to close both gaps. In some cases, dropping the requirement for academic degrees and building in-house training opportunities to meet specific technology needs can create a wider pool of talent in a timelier manner.

Many recruiters and hiring managers now avoid a “checklist” approach for qualifications in favor of evaluating applicable, transferable interests and capabilities. Certifications or degrees are foundational and highly valued, but competencies can be equally important. If candidates can demonstrate a capability to learn, many employers are more willing to invest in training.

One consideration for bridging the gap between employers and job seekers is to include more inviting language and marketing of cybersecurity opportunities. When pivoting to competencies and skills-based hiring, ensuring that prospective candidates don’t drop out of the application process is a first step. It’s important to encourage them to understand how relevant and applicable their current skills and experiences are, even if they don’t have specific “cybersecurity” credentials or experience.

When evaluating candidates, it’s important for employers to use assessments effectively during the interview process. Assessments should occur early in the process and reflect what someone might do on the job. One example: When hiring a technical support engineer, have the assessment simulate a ticketing queue to observe how a candidate operates with efficiency. A security research-assessment tool might look at how someone worked through a problem, not just whether they got it right. It’s also important to assess teamwork and collaboration, particularly how hiring teams and candidates can work on small challenges together to gauge both technical and soft skills at the same time.

Broadening our understanding of what competencies and general skills qualify a person for a cybersecurity job can help all employers gain a broader view of the talent pool. Additional investments will be needed to develop talent in-house, including coaching and mentoring. Increasing collaboration and partnerships between employers and education and training providers will allow us to transform learning and modernize talent management to meet today’s cybersecurity workforce needs.

First published Oct. 25, 2022, on NIST’s Cybersecurity Insights blog.


About The Authors

Marni Baker-Stein’s picture

Marni Baker-Stein

Marni Baker-Stein is chief content officer at Coursera, responsible for deepening the company’s relationships with more than 275 university and industry partners. In this role, Marni works closely with many of the world’s most renowned education institutions and employers to enable and accelerate content and credential innovations that will increase access, align with job market demands, and meet learners where they are.

Bridgett Paradise’s picture

Bridgett Paradise

Bridgett Paradise is the chief people and culture officer at Tenable. She leads the company’s human resources strategy and policies, global recruitment efforts, and organizational development programs.

Rodney Petersen’s picture

Rodney Petersen

Rodney Petersen is the director of the National Initiative for Cybersecurity Education (NICE) at the National Institute of Standards and Technology (NIST). Petersen previously served as the senior policy advisor to EDUCAUSE and was the managing director of EDUCAUSE Washington. He founded and directed the EDUCAUSE Cybersecurity Initiative and was the lead staff liaison for the Higher Education Information Security Council. Prior to joining EDUCAUSE, he served as the director of IT policy and planning in the office of the vice president, and chief information officer at the University of Maryland.