Industry insights

IT skills advice from IDC's IT education and certifications expert

Elise Chan
May 6, 2022 by
Elise Chan

Technology change continues to outpace the speed at which information technology professionals can gain new knowledge, skills and abilities. This is especially challenging when looking at the growing list of security vulnerabilities organizations face as well as the current skilled staff shortage.

To learn more about what organizations can do to account for these evolving challenges, we sat down with Cushing Anderson, IDC's Program Vice President for IT Education and Skills for Digital Transformation.

Phishing simulations & training

Phishing simulations & training

Build the knowledge and skills to stay cyber secure at work and home with 2,000+ security awareness resources. Unlock the right subscription plan for you.

When Cushing started in the IT education space 22 years ago there were only two primary certification vendors — Novell and Cisco. Now there are hundreds of potential certification options and organizations are investing heavily in their employees' skills sets.

His advice for IT and cybersecurity leaders looking to leverage certifications and team training to recruit and retain talent?

"Organizations should be expanding the opportunities for their IT professionals to learn about emerging technologies even if it's not currently in their organization's IT infrastructure. This establishes the organization as one that wants to grow and wants to improve, and I think that is great for employee engagement," says Cushing, who authored the IDC MarketScape: U.S. IT Training 2021 Vendor Assessment.

Q: How are IT certifications evolving?

Some certification sponsors are introducing performance-based tests and questions. These are exam items designed to test a candidate’s ability to solve problems in real-world settings and are delivered as either a simulation or within virtual environments.

The use of simulations or virtual environments will likely continue to increase — improving both the relevance of the skills being tested and the security of the test to ensure it’s not compromised.

Certification sponsors and test providers have made other changes to make certification tests more "hack-proof.” We now see larger pools of potential questions to prevent test items from being copied and proctoring technology to prevent cheating by detecting the use of external resources.

Firms who provide great training to prepare for certifications, like Infosec, give feedback to the certification sponsors to help keep these certifications focused on the most important content. All of these changes have helped certifications become much more trusted and focused on relevant skills and capabilities over the last five years.

Q: How does the growing demand and supply of certifications impact IT managers?

When IT professionals pass a rigorous certification exam, IT managers can believe that the employee really knows something that matters. Not all training needs a certification, but training providers use the same approach and rigor to train IT professionals whether they are preparing for a certification or not. The training providers are also focused on ensuring the training content helps the IT professional with their job. Training has to matter when the student gets back to work  — this focus has been great for the industry.

On the flip side, there are a lot of certifications out there. It can be hard for both an IT manager and a professional to decide what certification is going to be the most relevant. What they should be paying attention to are certifications that matter most to their tech environments and employee development plans.

Q: How can organizations leverage certifications to recruit and retain talent?

Organizations that leverage certifications as a career development tool have an easier time leveraging certs in the hiring process as well because they've already determined which skills and certifications matter. When organizations have identified the relevant certifications for different roles, they can see a candidate in the market and know quickly where that person would fit in their organization.

On the other hand, fifty-eight percent of companies who successfully fill roles also consider inexperienced candidates1. These companies are seeing lower attrition rates, decreased costs associated with turnover, higher employee engagement and more satisfied and loyal employees. Infosec offers a free ebook to help teams develop less-experienced workers and close skills gaps.

It takes some maturity and stability to create career development plans, and then leveraging certifications as a component of those is an additional level of structure. Some organizations find that their IT and security organizations are always in flux — with the addition of new technologies, reorganization of staff and shifting of infrastructure platforms.

Q: In addition to increasing the effectiveness of talent recruitment and onboarding, are there other benefits certifications bring to more mature and stable IT structures?

Absolutely. So as organizations create stability around their infrastructure, they are in a much better position to secure it. With a more stable infrastructure, it's easier to identify where vulnerabilities may occur and when changes might be introducing vulnerabilities. Career paths that include certifications as development milestones create stability in the processes and practices of the cyber team. This makes securing the infrastructure much easier.

Q: What changes do you predict we’ll see within the IT education and certification space?

I think over the next year, a couple of things are going to change in tech training and they're going to roll into the certification industry. We are beginning to leverage experiential learning more widely in training and in assessing competence. So people are more likely to find themselves in a class that includes opening a lab or virtual session and learning hands-on — especially around security. Instead of showing someone, we're actually getting them to do it, to practice that skill. They are going to leave the class with a greater sense of confidence and with greater competence.

That is going to translate itself into certifications that more closely reflect what someone can do on the job. Using labs and simulated technology environments is going to improve training delivery and increase confidence that an organization can use those skills in their environment.

Q: What advice do you have for IT and security leaders trying to keep up with the latest trends and stay ahead of technology change?

Don't just train your people on what they need to know today or what they need to know to get better. You should do that, but you should also give all IT professionals the freedom to learn technologies and topics that are outside of their current work environment — or that may be tangential or peripheral to their work. That encourages creativity and curiosity, and it brings skills into your organization before you need them. They will explore technologies and processes that you might not need now, but that you might consider needing a year or two from now.

There are so many ripple benefits to that approach. Individuals who take initiative will learn more, and you'll get them to accelerate much faster. If you celebrate that, then you are celebrating that curiosity, and other staff in the organization will say, "Oh, I could do that too."

Be sure to find ways to allow your staff to use these new skills too. If you allow them to train in really cool skills and then don't use those skills on the job, they're going to find another place to use those really cool skills. So expand the opportunities for your IT professionals to leverage or test the new emerging skills even if it's not currently in your IT infrastructure. This establishes your organization as one that wants to grow and wants to improve, and I think that is great for employee engagement.


Elise Chan
Elise Chan

Elise is a communications professional with seven years of experience in a variety of industries — ranging from insurance to website development. As a product marketing manager at Infosec, Elise focuses on helping cyber professionals discover and understand what training is best for their team.