Outcomes-Based Cybersecurity Training: Why Accreditation Matters

The cybersecurity workforce shortage isn’t just about numbers. According to the Q3 2024 Lightcast Quarterly Cybersecurity Talent Report prepared for the White House, there is a national talent shortage of nearly 265,000 skilled cybersecurity workers across the United States. As organizations face increasingly sophisticated cyber threats, the critical measure becomes whether training truly prepares professionals to protect systems and data.

The cybersecurity industry is moving toward evaluation that focuses on outcomes. Outcomes based training is designed to ensure that learners acquire specific skills and can demonstrate real world competence, rather than simply completing courses or earning credentials. Accreditation is playing a crucial role in this transformation.

The Standard for Cybersecurity Training

ANAB recently accredited two prominent organizations under ANSI/ASTM E2659, the standard for certificate programs:

• ISC2
• Hack-the-Box

Both came to ANAB through the Department of Defense Cyber Workforce Qualification Program, which requires cybersecurity training programs to be accredited by ANAB. While regulatory compliance drove their initial interest, what makes their accreditation significant is what it represents, a commitment to demonstrable learning outcomes rather than credentials alone.

ISC2, long recognized as a leader in cybersecurity certification, achieved accreditation for nine on-demand training certificate programs, including their well-known CISSP, CCSP, and SSCP training courses. Hack-the-Box, with its comprehensive portfolio of cybersecurity and digital trust training programs, has similarly embraced accredited certificate programs. Both organizations are aligning their training programs with the industry shift toward competency-based assessment.

Why Outcomes Matter in Cybersecurity

The cybersecurity field has always been more meritocratic than many professions. It prioritizes demonstrated ability, such as identifying vulnerabilities, responding to incidents, implementing security controls, and protecting organizational assets, rather than formal educational background.

ANSI/ASTM E2659 accreditation embraces measurable and observable learning outcomes rather than simply reviewing curriculum on paper. When ANAB accredits a certificate program, we verify that the organization has established rigorous practices for:

• Instructional design and curriculum development
• Valid content that is aligned with industry accepted practices
• Instructor qualifications and competence
• Valid and reliable assessment methods
• Continuous improvement and feedback mechanism for program management.

Most importantly, we ensure that the program can demonstrate that learners achieve the stated intended learning outcomes and competencies.

This distinction is critical. In cybersecurity, the cost of inadequately trained professionals isn’t just organizational, it can be catastrophic. A training program might look comprehensive in its course catalog, but does it produce professionals who can perform the work? Accreditation provides independent verification that the answer is yes.

Building Trust Through Independent Verification

For employers hiring cybersecurity professionals, for government agencies contracting training providers, and for individuals investing time and money in professional development, accreditation serves as a quality benchmark. It confirms that training programs have been independently evaluated against recognized standards and that they maintain those standards over time through ongoing surveillance.

This is particularly important as the cybersecurity training market continues to expand. With workforce demand far outpacing supply, training providers are proliferating. Some are excellent, some are adequate, and some are falling short of what the industry needs. Accreditation helps distinguish programs that have demonstrated their commitment to quality from those that simply claim it.

The Path Forward

The DoD Cyber Workforce Qualification Program represents just one example of how government and industry are recognizing the value of accredited training programs. As cybersecurity threats continue to evolve and the workforce shortage persists, the emphasis on verified learning outcomes will only grow stronger.

More specifically, the DoD 8140 Cyber Workforce Qualification Program establishes a comprehensive framework for managing and qualifying the Department of Defense’s cyber workforce, ensuring personnel meet the necessary skills and training requirements.

Overview of the Program

The DoD 8140 Cyber Workforce Qualification Program is outlined in the DoD Manual 8140.03, which requires all certifications must be accredited by the ANSI National Accreditation Board (ANAB) under ISO/IEC 17024 and all training programs accredited by ANAB under ANSI/ASTM E2659 Standard Practice for Certificate Issuers.

Organizations like ISC2 and Hack-the-Box are leading the way by voluntarily seeking accreditation that goes beyond minimum requirements. Their pursuit of accreditation demonstrates a commitment to producing cybersecurity professionals equipped to meet real-world challenges, extending well beyond regulatory compliance.

For the cybersecurity industry, this shift toward outcomes-based, independently verified training isn’t just about raising standards. It’s about building the trusted, competent workforce that organizations desperately need to protect their digital assets and infrastructure. For professionals, organizations, and learners alike, accreditation provides a clear signal of quality and reliability.