With data breach rates rising and criminal attack methods becoming more sophisticated each day, it is essential for every organization to take security seriously. That means cybersecurity training and education so that key stakeholders understand the risks that businesses are facing, and which strategies are most effective for protection.

Who should receive cybersecurity training in your organization? While your immediate reaction might be to think training should stay with the cybersecurity team, there are actually many roles that would benefit from security knowledge and education.

Cybersecurity is a shared responsibility and since many companies do not have a formal security team in place, managing risk can be a responsibility for many other roles within the organization.

Watch the (ISC)² webinar Protecting the Enterprise: 5 Components needed for Cybersecurity Training to get insights into who needs cybersecurity training and much more. 

Here’s a look at some of the key people in a business that can benefit from cybersecurity training.

The CIO

An organization’s Chief Information Officer (CIO) or someone in a similar capacity – Chief Digital Information Officer or Information Technology Director – sits atop the security hierarchy in many organizations. Even if a company employs a Chief Information Security Officer (CISO) or Chief Security Officer (CSO), the position may still report to the CIO.

Senior IT executives and CIOs should receive an appropriate level of training. How much depends on the extent of the CIO’s involvement in cybersecurity. They need a baseline of current security knowledge so they can relate to the cybersecurity team and ensure the organization’s security needs are properly addressed.

The CIO’s Staff

Some larger organizations have an Office of the CIO (OCIO), which includes a team of leaders for specific IT functions, including security.

Members of the OCIO may include:

• Deputy CIO

• Chief Technology Officer

• Chief Development Officer
• Chief Data Officer/ Data Protection Officer
• Compliance Officer
• Application Development Manager
• Help Desk Director
• CISO

The IT Department

While IT teams may not be formally responsible for setting up cybersecurity programs and policies, but they often implement and maintain them. This means IT teams often play a critical role in securing the organization. They should not simply be viewed as implementing policy but should also be empowered to contribute to strategy with their unique perspectives, while honing their technical, hands-on skills securing systems and responding to incidents.

The CISO and Their Security Staff

The CISO and the cybersecurity team are the primary candidates for cybersecurity training and certifications.

Security teams are often structured in various ways according to an enterprise’s specific needs, but generally they are subdivided into several functional areas, including:

• Risk Assessment and Management
• Policy and Compliance
• Security Operations
• Security Administration
• DevOps

All of the above roles have a critical need for security training. Many can serve as advocates for education and training throughout the organization.

Security is Everyone’s Responsibility

(ISC)² research has determined that many positions have cybersecurity responsibilities to varying degrees that go beyond just our list here. But the responsibility for security does not stop with specific roles. Security is everyone’s responsibility within a company, and fostering an environment that promotes security education and training for all will help get your organization on the path to a more secure future.

To learn more about how to create an enterprise cybersecurity training program, read our complimentary eBook, The Enterprise Guide to Establishing a Cybersecurity Training Program .