Across industries, organizations are reporting difficulties in hiring qualified cybersecurity professionals. According to a recent report from ISACA, about 55 percent of U.S. companies say open cybersecurity positions take at least three months to fill, while 32 percent say it takes six months or more to fill vacancies. Almost 30 percent of responding companies say they are unable to fill these open positions at all. "There aren't enough people in the industry to fill jobs, and CISOs acknowledge that they are hiring people who they know don't have the right skills —they are taking whatever they can get," said Frank Schettini, chief innovation officer at ISACA. In the face of this shortage, training is becoming critical for the often under- or unqualified individuals filling these roles—real world training, in particular. Most cybersecurity training programs are knowledge based, but emerging technologies are allowing these professionals to participate in real-life scenarios, configured with real-life firewalls, web servers, databases, and other tools of the trade. "The person is doing a real thing—attacks are happening in real-time, and the person has to respond," Schettini said.