Having a strong foundation of skills and knowledge is essential if we expect tech pros to be efficient, productive and innovative in the global workforce. Yet around the world, hiring managers, HR professionals and industry leaders are noticing that while IT professionals possess valuable technical skills, they sometimes lack foundational knowledge. This poses a problem in a world where technology is woven into the fabric of every organization and employers are already facing many challenges.
Before we dive in further, let’s take a minute to level set. Foundational knowledge is the what and why — the understanding of how networks function, how technology enables a business to run, how different areas of technology work together, and why things like data analytics and cybersecurity are crucial to business operations. Technical skills are the how – the expertise required to perform tasks and use programs and tools in real-world scenarios.
Hiring managers and workforce development professionals play an important role in working toward a solution to this issue. That’s because it’s vital that we upskill existing workers. For all of the talk about millions of openings, the real issue is that today’s hiring managers need IT professionals that have comprehensive foundational technical skills.
But it’s not as simple as finding great IT pros – you need to build them and continue to provide them with opportunities for growth. Fostering an environment within your organization where open dialogue about strengths and weaknesses is the norm will help set tech professionals up for success from the get-go.
In today’s tight labor market, training, upskilling and reskilling hold the keys to creating a more digitally fluent workforce that will propel the industry forward. Supporting your employees and offering them opportunities to learn and fill knowledge gaps is a key factor in creating a vibrant workforce.
Missing Fundamental Knowledge is a Global Issue
Over the last year, I have spent time with CIOs, CISOs, and hiring managers from around the world. For example, in September 2022, I was invited by Amorn Chomchoey, Chancellor of the Thailand National Cybersecurity Agency (NCSA), to teach his security operations center (SOC) team about visualizing security alerts and events using a tool called Security Onion.
Working with NCSA’s Chancellor, Amorn Chomchoey during a security bootcamp for about 100 of his employees
Chomchoey’s employees are deeply talented. They know how to use tools like Security Onion, and we had fun teaching each other new things. They were stronger than many other professionals I’ve met around the world.
But even though many of them have advanced cybersecurity knowledge, almost all were missing foundational knowledge, such as how applications and networks talk, specifically in reference to network protocols. Many of these workers also needed information about how the Domain Name System (DNS) works in more detail, from recursive lookups to NXDOMAIN requests. After all, it’s difficult to discover various types of DNS-based attacks if your workers don’t know the essentials of DNS in the first place.
This problem is not unique to Chomchoey’s team. Industry leaders from around the world find that their employees don’t always have adequate technical foundations. I’ve heard about this for years from hiring managers about their otherwise talented IT and security employees.
For example, Mike Geraghty, chief information officer for the State of New Jersey, said that he and his team spend a significant amount of time teaching first-year security employees the foundational elements of operating systems and networks. They will often say, “You can’t protect a network if you don’t know how it works.”
I have also noticed that professionals with more advanced skills don’t always understand some of the more basic, essential networking protocols. I’ve met penetration testers who lack a fundamental understanding of the hypertext transfer protocol (HTTP), arguably the most often-used and often-hacked protocol that exists.
This fundamental knowledge is critical and helps to build more well-rounded tech professionals. It behooves any hiring manager to have an open dialogue about an employee’s skills at the beginning of the hiring process.
Why the Disconnect?
I’ve found that the in-demand, well-rounded IT and security professional needs to know the foundations. This includes knowledge of:
- Typical networking handshakes, including the TCP 3-way handshake, the TLS/SSL handshake and HTTP
- Storage concepts, both in terms of hard disks and cloud storage (e.g., Amazon S3)
- How to read log files
However, hiring managers often note that professionals are weak in these areas. There are several reasons why this happens. First, security professionals are increasingly expected to specialize in areas of IT and security. As people specialize, they tend to skip things to bring focus.
Second, sometimes IT professionals don’t want to highlight foundational skills, especially when trying to make a good impression during the interview process, because they fear that talking about such basic things might lead employers to think they don’t know or possess the more advanced, in-demand skills. Without these conversations, hiring managers don’t know what foundational skills candidates possess – or lack.
Third, organizations don’t always do a great job onboarding their employees. For example, the onboarding process may not allow for new employees to demonstrate their knowledge level. Sometimes, what we think is a healthy dialog between employee and employer isn’t all that helpful.
As you can see, there are several reasons for the disconnect, but ultimately it boils down to a lack of digital fluency among employees of all ages.
Building Digitally Fluent, Well-Rounded IT Professionals
Digital fluency is the measurement of a person’s – or even an organization’s – ability to use a particular technology effectively to accomplish a project or a goal. Digital fluency doesn’t mean that you know how to use a device as a consumer, but rather that you have in-depth knowledge of how – and why – that particular device works.
When it comes to IT and security professionals, it’s important for them to have the right foundations. Strong foundations create more top-tier, well-rounded, efficient IT professionals. A great time to look at whether or not your employees have a good understanding of these things is during the onboarding process, or even before. If you understand where their strengths and weaknesses lie when they join your organization, you can offer them training that will allow them to brush up on their weaker skills and help them – and your organization – thrive.
Opening a dialogue where employees feel heard and cared for from the get-go will help them to feel more comfortable coming to you or their manager when they encounter something that they don’t understand or need more training on – even if it’s just a refresh on the foundations.
What Can HR and Workforce Development Pros Do?
Digitally fluent employees help strengthen and unlock the potential of your organization. Ensuring your employees have foundational knowledge is key. Foundational knowledge gives professionals the ability to keep their feet the next time there’s a big shift in how we use the technology that helps propel us forward. Having that foundation also allows organizations to focus on developing “T-shaped workers,” someone with deep knowledge in one area, but adequate knowledge in many areas. It will also make it possible for your security workers to better troubleshoot and identify root causes.
One solution is to create a better screening process to help make sure that potential workers have the foundations that they need. Hiring managers can help on this front by creating job postings and questions that focus on foundational skills. Instead of creating job postings that ask for too many advanced skills, focus on the essentials.
But we all know it is far, far easier on your time and budget to develop internal talent than to go out and find it. It’s important to develop digitally fluent employees that can bring abstract concepts to life and tie learning to real-world examples. In other words, if they learn about the TCP handshake, the next step would be to find an example in your organization’s systems and infrastructure and dig into how it works.
Take a close look at your organization and review what professional development, training and upskilling opportunities are offered to your employees. If you don’t have any yet, start with CompTIA. We can partner with you to offer training solutions that can help you to upskill new and existing employees.
Learn more about CompTIA’s Workforce Development Solutions.