From AI-generated malware to deepfake-powered phishing and a surge in zero-day exploits, the threat landscape is shifting beneath cybersecurity leaders’ feet. Add to that expanding compliance requirements—from the U.S. Securities and Exchange Commission’s breach disclosure rules to global data privacy laws—and the pressure is on teams to evolve faster than ever.
And many cybersecurity professionals don’t feel they—or their organizations—are ready. In a 2023 survey conducted by ISC2, 92% of cybersecurity professionals reported skills gaps in their organizations, and many said they have no or minimal personal knowledge of AI. In this climate, traditional training approaches and siloed security operations just won’t cut it.
Members of the Senior Executive Cybersecurity Think Tank are facing these realities head on. From red and blue team exercises to AI-assisted learning and embedded real-world context, these experts are adapting how they build, train and empower their teams—ensuring they’re ready not only to respond to today’s threats, but also to anticipate tomorrow’s.
“We blend human expertise with AI insights to create a shared intelligence loop.”
Invest in Continuous Learning and Cross-Functional Collaboration
For more than two decades, IP Services has helped businesses secure their most critical systems through its Total Control System framework, based on principles found in CEO Scott Alldridge’s contribution to the bestselling VisibleOps book series. Alldridge believes cybersecurity must be treated as a dynamic discipline, supported by ongoing learning and tight cross-functional collaboration.
“We invest heavily in ongoing training, certifications and threat simulations for our team to stay ahead of increasingly complex attacks and evolving regulatory frameworks,” he says. “Our team regularly collaborates across disciplines—security, compliance and IT ops—to break silos and ensure a unified response posture.”
Even—perhaps especially—in the age of AI tools, such continuous learning is vital; Gartner has predicted that, by 2030, 75% of Security Operations Center (SOC) teams will experience skill erosion. Alldridge stresses that his company is committed to ensuring human knowledge and insights don’t fall by the wayside.
“We blend human expertise with AI insights to create a shared intelligence loop—where lessons from real-world incidents, threat models and compliance changes feed back into our playbooks and culture.”
Pair Industry Training With Internal Knowledge-Sharing
At Edgescan, internal training initiatives are supercharged by hands-on experience. Founder and CEO Eoin Keary says the company’s penetration testers and operations teams are exposed to thousands of vulnerabilities across hundreds of client environments, giving them constant, hands-on experience with real-world risks.
But even though their everyday work brings Edgescan team members into direct contact with evolving threats, Keary says they still need to pursue industry training.
“We encourage our staff to pursue relevant certifications, such as CREST and OSCP, and to participate in war games, such as NATO/CCODE ‘Locked Shields’ live-fire or ‘Zerodays’ capture-the-flag events,” he says.
Fostering knowledge-sharing and cooperation between teams is also an essential part of company culture.
“Cross-training between development and cyber teams can produce great outcomes, as both sides come to understand each other’s perspectives of the world we live in,” he notes.
“We empower people to question assumptions, fail fast and learn faster.”
Tailor Training for Team Members
At Piqued Solutions, curiosity isn’t just encouraged—it’s engineered into the company’s training model. Jeremy Dodson, Founder and CISO, emphasizes that today’s threats outpace traditional training timelines, demanding faster, more tailored learning approaches.
“We’ve adopted continuous learning via AI-assisted labs, real-world simulations like our ‘Red vs. Blue Labs,’ and ‘curiosity-driven coaching’ that’s tailored to each team member,” Dodson says.
He notes that he and his fellow leaders have deliberately built a culture that blends the pursuit of technical excellence with psychological safety. “We empower people to question assumptions, fail fast and learn faster.”
To boost retention and engagement, the company also develops internal short-form explainer content. This helps communicate key lessons across teams with varying technical backgrounds.
“Today’s evolving threat landscape demands a culture of adaptability, discipline and proactive evolution.”
Stay Response-Ready and Future-Focused
For TIAG, readiness is measured by speed, adaptability and resilience in the face of unpredictable cyber events. Umang Modi, Managing Partner and Chief Strategy Officer, says checking compliance boxes isn’t enough; teams must evolve faster than both attackers and regulations.
“Today’s evolving threat landscape demands a culture of adaptability, discipline and proactive evolution,” Modi says. “We continuously refine our internal operations to stay ahead of increasingly sophisticated attacks and shifting regulatory demands.”
Live threat intelligence, adversary emulation and scenario-based exercises that mirror real-world complexity anchor a culture of cross-functional collaboration, rapid response and operational agility, ensuring TIAG team members don’t just stay up to date on cyber trends and best practices, but also have an eye on what’s coming.
“We enable our teams to anticipate threats before they emerge and deliver mission-focused cybersecurity in even the most complex environments,” Modi says.
Teach and Enable the Team to Trust, But Verify
For cybersecurity expert Salim Gheewalla, building an effective security culture starts with storytelling.
“Lead with context; share real-world incidents from customers to highlight the scale and impact of modern threats,” he advises. “Such stories create ownership across the team, reinforcing the fact that vigilance is not optional.”
While it’s essential to underscore the important role every team member plays in maintaining security, Gheewalla says it’s also important to enable teams wherever possible, deploying embedded security tools that protect without compromising agility. But no matter the blend of training and tools companies develop, he cautions that the most important factor is emphasizing the timeless principle adopted by many in the cybersecurity space: Trust, but verify.
“From automated patching to SASE connectivity, multifactor authentication and zero-trust identity enforcement, it’s about building habits, systems and accountability that scale,” Gheewalla says. “Even when it introduces friction, security is nonnegotiable.”
Actionable Strategies for Building Resilient Cyber Teams
- Combine ongoing education with cross-functional collaboration. Providing structured, real-world training and breaking down team silos helps ensure a fast, unified response to threats.
- Tap into industry knowledge and events. Encouraging the team to pursue relevant certifications and participate in war games builds a broader knowledge base.
- Prioritize curiosity and safe experimentation. Tailored training and psychologically safe environments let teams learn from failure—and adapt to evolving threats faster.
- Build for agility in complex environments. Scenario-based simulations and live threat intelligence help teams stay ahead of shifting threats and compliance expectations.
- Use real-world stories to drive cultural change. Sharing the details of actual incidents reinforces vigilance, accountability and security-first thinking across teams.
Focus on the Future
As cybersecurity attacks grow more sophisticated and compliance becomes more demanding, there’s no one-size-fits-all training strategy. What’s consistent among top leaders is a refusal to stand still. They’re building cultures of curiosity, adaptability and shared ownership, recognizing that today’s best practices may not be enough to tackle tomorrow’s threats.
Whether through hands-on simulations, cross-functional collaboration or psychologically safe learning environments, experts from the Senior Executive Cybersecurity Think Tank are showing that future-ready teams are forged through flexibility, not just frameworks.