Cyber security attacks are inevitable — the threats rising steadily along with increasingly professional cyber-criminal networks and attack vectors. Unfortunately, the security skills needed by organisations to prepare for these attacks are not.
According to the ISACA Cybersecurity Nexus survey, 37% of the respondent organisations revealed that one in four candidates for cyber security openings have the qualifications required, and that filling a position can take as long as six months. In Europe, many cyber security positions stay unfilled for years.
Here in SA the battle for talent is just as fierce, making the concern regarding organisational security as prominent as it is internationally. Organisations require the right people to ensure they have the resilience required to protect their business assets in the event of an attack. Today, however, most businesses don’t have the security parameters and agility needed to counter the techniques, tactics and procedures of their cyber-criminal adversaries.
The effective management of security systems is dependent on insightful personnel, those who understand the attackers’ mind-set to effectively prevent, detect and respond to such adversaries.
Exacerbating the cyber-security skills shortage is the fact that South African organisations tend to focus on hiring senior personnel only, resulting in expensive battles for skilled talent in a sparse market. That local enterprises must rely on a small pool of existing senior IT security consultants to implement security solutions, manage breaches and resolve day-to-day security challenges is compounded by the increasingly sophisticated threat landscape. The latter is unfortunately starting to outweigh the former. As such, the demand for highly skilled and capable personnel is costing companies from both a risk and financial perspective.
To address the skills gap proactively and sustainably, the market must turn its attention to new, raw talent, providing avenues of growth and development for the next generation of security professionals.
This must be supported by both business and education institutions in SA. A career in security is rewarding and demanding, allowing individuals with strong technical insight and problem-solving skills to flex their mental muscles and shape the future of SA’s leading organisations. However, many students fail to realise this and so miss out on the opportunity to engage in this specific field.
A step in the right direction
To address this missed opportunity, the following message to students, from tertiary education institutions in particular, must be communicated: "Hacking, albeit ethically, is a rewarding career." This is especially relevant for students who have shown an aptitude for computer science, engineering, technology and mathematics. In this regard, cyber-security can be framed in terminology which is more relevant for the next generation — ethical hacking or cyber-security versus IT security, for example.
Similarly, such terms need to be outlined in a way that distinguishes them from the negative connotations of criminals and the misconceptions around over-used words, such as "hacker". If promising students are shown the value of this career path and the potential it offers them, informed decisions about their interests and future can be made.
Moreover, tertiary institutions must maintain the quality of their technology-related courses so those who qualify are capable and prepared. They must ensure their graduates depart the educational hallways with at least the initial skills needed for the security industry.
Another business-oriented method of closing the skills gap is for organisations to make the path to employment within the security space a far more enticing one. Incentivised programmes will go a long way towards creating awareness and inspiring students, and in guiding them in selecting courses and graduate programmes which are relevant and useful.
Ultimately, for students to engage with the practical realities of cyber security, company graduate programmes, internships and bursaries are vital. Organisations can use this investment to ensure students study the right subjects, gain the right insights and make the right choices to enter this area of work. This level of investment into upcoming talent ensures long-term development of the skills pool, going a long way towards mitigating the current crisis.
It is therefore the responsibility of both education institutions and organisations to address this challenge in such a way that it allows students to enter the market with understanding and the potential to grow.
The security landscape may well be facing an incredibly sophisticated and complex future, but it can be met with confidence if these steps towards a skilled workforce are taken. The skills shortage is not unique to SA, but perhaps organisations here can lead the global way when it comes to making a difference and changing the situation for the better.
Skilled individuals who understand the cyber industry, trends and attacker mind-set will change the way businesses face security threats. Such individuals are those with fresh outlooks, vibrant minds and a clear understanding of what the industry needs. Organisations that play a role in nurturing this talent are more likely to achieve success as they will be able to create and plan for a resilient environment where human talent is recognised and supported.
• Riaan van Boom is MD at MWR InfoSecurity (SA)
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.