Security Staff Acquisition & Development

3 reasons cybersecurity certifications and training demand disruption

There’s no shortage of cybersecurity training or certifications for security professionals.

Despite this availability, many programs prioritize session completion over outcomes and fail to provide the necessary data to prove readiness for real-world threats.

This lack of outcomes-focused process creates vulnerabilities across organizations – gaps that no amount of certifications can fill.

To explore why traditional certification and training models fail, Immersive Labs Chief Executive Officer James Hadley joined guest speaker Forrester Senior Analyst Jess Burn and Relativity CIO and CSO Amanda Fennell, on a recent webinar.

Industry Sentiment

While certifications were once revered as the gold standard in cybersecurity training, industry professionals are vocally sharing new, less favorable perspectives via social media.

A recent Forrester Report highlights this attitude shift, noting that of 200 posts shared by cybersecurity professionals, 53% expressed negative sentiment toward certifications.

Among these posts, two main issues were the primary drivers of negative sentiment:

  • Cost
  • Utility

We believe this insight reveals that certification value simply isn’t worth the price tag. In fact, many social sharers (46%) who voiced discontent also expressed intent to let their certifications lapse due to this lack of value.

Complete, but Obsolete

As the Forrester Report highlights, cybersecurity professionals are finding little value in certifications.


Due to the breakneck pace of cybersecurity, by the time the need for a certification is identified, the training built, and the materials disseminated, the industry has moved on.

Given this pace, months or years-old material is no longer relevant. Despite this reality, many certification and training programs rely on out-of-date material to drive examinations and certifications, ultimately resulting in obsolete capabilities.

Siloed Approach

When cybersecurity responsibility is viewed as exclusive to the IT team, silos are created. This mindset underscores the idea that cybersecurity is an individual duty, and that a strong team consists of a variety of traditionally-certified professionals.

This perception, however, creates vulnerabilities on both IT teams and across the organization. To achieve a truly effective approach to cybersecurity, individuals must be collectively responsible for organizational cybersecurity. Different skills, knowledge, and judgment are required for different roles, creating a secure people-centric workforce that is prepared to thwart cyber threats at every entrypoint and adapt to the unexpected, driving true resilience.

Achieving this collective approach requires organizations to stop overvaluing traditional certification and training methods and elevate gamified approaches that can assess, upskill, and measure existing and future talent.

To learn more about how your organization can confront the limitations of traditional cybersecurity training methods, listen to the webinar here.

“Cybersecurity moves on really quickly. By the time you’ve built a course and written training, the material is already out-of-date and not as relevant in the workplace.” – James Hadley, CEO, Immersive Labs

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.