News story

ISC2 Training with Lumify Work: Establishing a Holistic Cyber Training Program for Your Organisation

Sydney, Australia10 Jun 2025Learning NewsLumify Group

Running a cyber security training program is a continuous and proactive effort. Learn how to plan this and how you can get support with ISC2 training and Lumify Work.

Cyber attacks have been the stuff of headlines recently. From data breaches in financial institutions to deep fakes promoting scam products. So, infusing cyber security savvy across all levels of an organisation is a must. More importantly, setting up and running a cyber security training program isn't just a box-ticking exercise—it's a continuous and proactive effort.

Gartner’s latest “Top Trends in Cybersecurity Report” makes the following predictions:

• Generative AI will spike the resources required to secure it, resulting in a 15+% incremental spend on application and data security.
• 50% of large enterprises will use agile learning as their primary upskilling/reskilling method by 2026.
• 50% of large enterprise chief information security officers (CISOs) will have adopted human-centric security design practices by 2027.

Given these trends, cyber security training needs to be structured and adhere to industry standards. It must also be purposeful and tailored to each organisation’s specific requirements. ISC2 Training with Lumify Work supports this balance.

Many of the fundamentals for a successful training and education program apply across different organisations and sectors. Let's explore in this blog post.

4 tenets of a cyber security training program

According to the latest ISC2 Cybersecurity Workforce Study, 92% of organisations reported skills gaps. To address this gap, ISC2 lists four major tenets that must guide any cyber security training program for employees, regardless of the circumstances. You can reflect on and discuss how to apply these as you plan your training initiatives.

1. Security is an obligation, not an option. This includes a clear understanding of governance, risk, and compliance. This consists of a clear understanding of governance, risk, and compliance. A strategic investment in the education of your cyber security team must complement your effort in implementing security technology.
2.  You need a long-term, agile commitment to security. This is the only way to stay ahead of evolving technology and constantly changing threat landscapes. It all starts with ensuring your IT/ICT, OT, and cyber security teams have access to the ISC2 training they need to develop, evolve, and refine a wide range of skills and experience.
3.  Skills development should be measured for effectiveness. You need a process and the right tools for team members to demonstrate proficiency in the security principles they’ve learned.
4.  Invest in quality knowledge transfer from reputable sources. There’s no substitute for accurate, expert cyber security training.

As the world’s leading member association for cyber security professionals, ISC2 offers certifications and courses in partnership with Lumify Work.

Who needs cyber security training?

The answer to who needs cyber security training in the organisation may seem obvious – the cyber security team. But we can agree that this is a shared responsibility.

So, identifying who needs Training starts with identifying those responsible for protecting critical assets.

• Senior IT executives and CIOS - Even if a company employs a chief information security officer (CISO) or chief security officer (CSO), the position may still report to the CIO. How much cyber security training they need depends on the extent of their involvement. Many CIOs have had security responsibilities as they moved up through the ranks. They may not be directly involved in cyber security currently. But, they will always need a baseline of up-to-date security knowledge.
• CIO’s Staff - Some larger organisations have an Office of the CIO (OCIO), which includes a team of leaders for specific IT functions, including security. Members of the OCIO may include the following roles: Deputy CIO, Chief Technology Officer, Chief Development Officer, Chief Data Officer/Data Protection Officer, Compliance Officer, Application Development Manager, Help Desk Director and CISO.
• IT Department - Organisations without an OCIO will likely have an IT department with roles similar to the ones listed above. Whatever the org structure or job titles, it’s essential to understand each role’s responsibilities to map a cyber security training plan for each. IT teams are often tasked with implementing cyber security policies, but they should also be empowered to contribute to strategy with their unique perspectives.
• CISO and Cyber Security Specialists - They are the primary candidates for cyber security training and certifications. The same is true in organisations where the IT team is responsible for cyber security. These teams are generally subdivided into functional areas like: Risk Assessment and Management, Governance, Policy and Compliance, Security Operations, Security Administration and DevOps.

Who is responsible for cyber security training?

We recommend that the Human Resources, Learning & Development, and Cyber Security/IT Teams decide together. They can determine what areas of Training and assessments are needed, which team members should be trained and certified, at what point in their tenure, and for what applicable skills or domains.

You can also appoint a cyber security training officer. This person can be a project leader from the people or technical team. In consultation with others in the group, they can oversee the following:

• Training budget
• Training schedules
• Specialist training providers to supplement in-house capabilities
• Training delivery methods (In-Person, Online, Private On-Site)
• Tracking each individual’s progress
• Tracking certifications, certificates, assessments and other proof of accomplishments or course completions

Working with an ISC2 Training Partner like Lumify Work can reduce the guesswork. We are proud to have award-winning cyber security trainers in our pool. We have ten fully equipped training campuses (90 classrooms) in key business centres around Australia, New Zealand, and the Philippines. We also offer flexible training modalities.

Determining the curriculum for your cyber security training program

Developing a cyber security education curriculum requires proper planning, starting with a thorough assessment of the organisation’s needs.

Assessment

Reflecting on where the team is will uncover needs you may not have recognised yet. You can use the SFIA framework in Australia and New Zealand for further guidance. You can use the National Cyber Security Plan (NCSP) 2023-2028 in the Philippines for further guidance. Some questions you can ask at this stage include:

• Which systems, platforms and applications are in place?
• Which changes, updates and upgrades do you plan to roll out?
• Which data and assets need to be protected?
• Who runs which systems and applications?
• What are their existing levels of security proficiency?
• What are your future strategic plans?

Third-Party Planning

This is typically focused on certification and developing specific skillsets for specific roles. Industry standards training falls into three primary categories: vendor-specific, specialised skills like ethical hacking and forensic investigations, and vendor-neutral certifications. Each has its rightful place in the program.

Lumify Work offers cyber security training in all three categories. We are an authorised training partner of leading vendors like Microsoft, AWS and Cisco. Lumify is also an authorised training partner of vendor-neutral industry organisations like ICS2 and ISACA.

Other aspects of the cyber security training curriculum can involve the following. Learn more when you access ISC2's eBook "How to Establish a Holistic Cyber Training Program for Your Organisation."

• Internal Training by subject matters experts in the team
• Knowledge Transfers of little tips and tricks
• Mentoring of juniors by seniors
• Industry Conferences and Events
• Training Delivery management
• Planning and addressing technology Advances

Cyber security training - having an “always learning” ethos

Running a training program is multifaceted, and certifications are essential to the curriculum. Certifications demonstrate proficiency in different areas of security. A strong security culture is key to minimising security incidents and knowing exactly how to react if one occurs.

Partnering with an authorised training provider Lumify Work helps you navigate the different aspects of managing your cyber security training curriculum. Lumify Work is one of only a few select training providers in Australasia who offer official ISC2 courseware and materials. By choosing authorised Training, you are guaranteed the latest defence strategies and content mapped directly to the exam. Access our brochure on cyber security training courses.