John Elliott, Cybersecurity Author Fellow at Pluralsight talks about the evolving roles of modern CIOs and CISOs in this catch-up with CIO Influence:
_____
Hi John, tell us about Pluralsight’s new skilling initiative in cybersecurity and what inspired it?
Right now, weโre seeing organizations face rising cyber risks and a persistent talent shortage. Industry research projects global cybercrime costs will reachย $15.63 trillion annually by 2029, while the cybersecurity workforce gap remains aboveย 4 million roles worldwide. In this environment, simply providing access to training isnโt enough; skills development must be tightly aligned to specific roles and real-world needs. We built SecureReady to enable tech leaders to move their organizations beyond “checkbox” compliance and deliver role-specific training to protect and give resilience to enterprise infrastructure.
As a security leader, when Iโve taken over a new team, Iโve always benchmarked the skills we had with what the organisation needs and from that developed a skills plan for each colleague. Rather than just giving people an enterprise training โlibrary card,โ companies are demanding individual-level skills assessment with a librarian who builds a custom learning path for each colleague. To answer that need, we developed this initiative to include training aligned with nationally recognized workforce frameworks and enterprise-grade labs that enables organizations to quickly perceive and close skills gaps.
How would you define “job-ready” cybersecurity professionals?
Being job-ready isnโt a final destination or even a set journey – itโs a muscle you flex and build. The cybersecurity landscape doesnโt stay constant; in fact, it is moving more quickly than ever before. AI is being wielded to scale and automate cyberattacks and evolve to find gaps in enterprise defenses. AI-powered phishing has entered a new era, with more convincing synthetic media such as deepfakes proving a real threat across enterprise functions from HR to executive communications.ย Skills need to develop at the same pace. With the growing complexity of the modern attack surface and the risk of โscaled upโ attacks, technical knowledge has to be translated to decisive action. SecureReady is more than teaching theory; we built it to include labs, simulations and continuous updates focused in new vulnerabilities and threat actor techniques to combat ever-evolving threats.
Also Read:ย CIO Influence Interview With Jake Mosey, Chief Product Officer at Recast
What skill gaps do most CIO and CISO’s struggle with most today?
Weโre seeing transformative changes most clearly causing gaps in AI and cybersecurity literacy and skill needs, where fields are accelerating at such a rate that technical knowledge and practical experience is becoming outdated more quickly than ever. Without proactive, strategic upskilling, these skill gaps are only going to widen.
Justย 14% of organizationsย believe they hold the cybersecurity skills to secure themselves. This means the large majority of organizations risk exposing themselves to accelerating threats and lack the AI governance culture to control how data is managed. Foundational cybersecurity upskilling that evolves with emerging technologies and risks will be vital to meet new challenges as AI puts cybersecurity risks into overdrive.
We’d love to hear more about how training is provided to these up and coming executives regarding AI-powered threats, especially since the threat landscape is also quickly evolving with fraudsters becoming smarter.
AI is making attacks more intelligent and enabling threat actors to pose as insiders more convincingly than ever. The pace of change means that leaders need ready access to the tools that provide them with security readiness and operational skills, and know how to quickly train their teams too. Training IT leaders and practitioners alike in understanding the current threat landscape, leveraging synthetic media detection tools, even all-encompassing labs that emulate crises; all of these avenues ensure that leaders and their teams can beat a new threat in practice.
A few thoughts you’d leave every CIO and CISO with before we wrap up?
AI is rapidly reshaping the security landscape – for both defenders and attackers.ย On one hand, it enables organizations to detect threats faster, automate responses, and operate at a larger scale than human teams can deliver alone. On the other, adversaries are gaining tools to launch more sophisticated, targeted attacks at scale.
In practice, we canโt afford to fall into the trap of believing all the cast-iron promises that AI-powered cybersecurity vendors may provide; human expertise remains vital. Intuition, context, and critical analysis can catch what untested models may miss, and cybersecurity training and upskilling will be just as important as investing in AI tools.
We need balance: combine AI-driven capabilities with a well-trained, security-aware leadership and teams. At all levels, there needs to be a deeper understanding of how AI works, its limitations, and potential for manipulation. This will be what enables organizations to stay ahead as tech and threats continue to evolve.
Catch more CIO Insights:ย Why CIOs are becoming chief risk orchestrators?
[To share your insights with us, please write toย psen@itechseries.com ]
Pluralsight provides the only learning platform dedicated to accelerating the technology skills and capabilities of today’s tech workforce. Thousands of companies, government organizations, and individuals around the world rely on Pluralsight to support critical technology skill development in areas that are crucial to innovation, including artificial intelligence, cloud computing, cybersecurity, software development, and machine learning. Pluralsight offers highly curated content developed by vetted technology experts, industry leading skill assessments, and hands-on, immersive learning experiences designed to help individuals skill-up faster. The company is headquartered in Westlake, Texas with a global office in Dublin, Ireland.
John Elliott is a Pluralsight Author Fellow and a professional interpreter of cybersecurity and regulatory complexity. As a top-rated presenter, trusted advisor, and course author, John has spent his career bridging the gap between those who create security standards and those who must implement them. Heโs contributed to the PCI standards and has managed cybersecurity for both large companies and small businesses. Johnโs core focus is the “human interface” of security: how people and organizations interact with standards like PCI DSS, regulations like GDPR,ย with internal policies and with technological change. He specializes in the communication of cybersecurity: translating complex governance, risk and compliance requirements into clear, actionable guidance.

