While cybersecurity as a topic is gaining more visibility and traction, as a sector it is still in the early stages of development. Today, cyber criminals have ensured that security experts are always on their toes. As cyber-attacks become more frequent and sophisticated, there has been a steep rise in the demand for security professionals who are now needed to lead the fight against cyber crime.
So, the demand for security professionals is increasing, but the question remains if enough skilled professionals are available to address it? If they are, what are regional organizations doing to make sure that their skills are in tune with the changing threat landscape? And finally, what can organisations do to ensure that they retain such talent once developed? We talked to industry experts to understand the state of cybersecurity skill sets in the region.
According to the Cybersecurity Lead – MEA at Cisco, Scott Manson this gap stems from a certain level of disconnect between the perception and reality of security preparedness.
“While many CISOs believe their security processes are optimized – and their security tools are effective – we believe that their security readiness likely needs improvement. Rapidly evolving regulatory requirements further widen the cybersecurity skills gap,” he adds.
“The skills shortage is further exacerbated by a closely linked challenge- failure to attract and retain skilled personnel. It is very typical to see that once an employee has achieved a strong set of skills and accreditations though the training and certifications provided by the organization, he/she begins to look for better opportunities,” states Stephan Berner, CEO, Help AG.
This calls for collaboration between educational institutions, the public sector and vendors to nurture students through tailored university courses, as well as supporting people in existing security roles to help them keep pace with evolving threats.
“At du, we have attempted to bridge this gap by forging close relationships with prominent colleges and universities, and scout for talent in the early stage. Being an ICT service provider, we work on cutting-edge technologies to keep our customer data safe, and therefore attract top-notch experienced talent and provide a good training ground for beginners,” states Walid Kamal – Senior Vice President – Technology, Security & Risk Management, du.
Adding a new perspective, Haider Pasha, Chief Technology Officer – Emerging Markets, Symantec ME says that the challenge is not limited to recruiting trained staff. “The more daunting task is finding the right calibre of well-rounded people who have had the required education, exposure and experience. You may find someone who has a list of certificates, but if they have not witnessed or participated in complex cyber resilience programs, they may not be the ideal candidate.”
At AgilityGrid, we ‘train to retain’ ensuring skills and knowledge are continually improved within our specialist team, explains Costa Boukouvalas, CEO, AgilityGrid. “We identify and attract skilled individuals by offering a combination of dynamic and interesting projects to work on, the right package and on-going training and skills development. In this field it is essential for professionals to continually upgrade skills and stay up to date with the latest technologies in the market.”
There is however a silver lining to this shortage and the challenges therein – an increase in opportunities as new job roles emerge that require new skills. As an example, IoT has introduced a huge number of network connections, connecting everything from homes to cars to space stations. There are about 8.4 billion devices in use today, and industry analysts’ project there will be 63 million new connections per second in 2020. IT professionals who previously supported 200 devices are now supporting 100,000; and are expected to grow to 1 million by 2020. There has truly never been a better time to consider a career in cybersecurity.
Within security, one of the most in-demand cybersecurity roles is a security analyst – one that works to prevent and mitigate breaches on the ground. Another hot job is security manager who develops and implements processes to keep information private.
Other popular roles include cybercrime experts, application developers, network engineers and information security experts, adds Pasha. “As the number of Security Operations Center (SOC) projects increase, we do see an increased demand for security analysts and threat hunting skills.”
Managed security services seem to be one of the most relevant areas for organizations to gain access to top-notch technical expertise without breaking the bank, adds Berner.
Cloud deployments are becoming more and more popular, adds Kalle Bjorn, Director – Systems Engineering, Fortinet. “As several public cloud providers build data centers in the region, the adoption rates are expected to increase. Additionally, virtualization and SDN technologies will require specific understanding and security skill set.”
In addition to these, skills for SIEM and distributed enterprise wireless will also continue to be in demand in this region according to Shahnawaz Sheikh, Sales and Channel Director, SonicWall. “Having said that, the region has been able to attract and absorb skills on demand given that this is an important growth region for many global vendors.”
Recruitment is a very crucial area according to Help AG. Organisations must employ only highly skilled individuals who are committed to growing within an organization that is willing to invest in their professional development. After that to retain skilled staff, it is necessary to provide them with a positive and challenging working environment, ensuring transparency and involving team members in creating the business objectives and strategies.
A number of companies offer training and certification programs to develop essential job skills. With its Networking Academies and other programs, Cisco aims to contribute to developing talent locally and to enable students to compete and thrive in the market. Likewise, Fortinet provides its partners with NSE training that covers both technical and sales programs. This program is also available to end-users through the company’s authorized training centers across Middle East.
ESET offers professional services to its customers with excellent pre-sales consultation and after sales support in a timely manner. “When it comes to the skill shortage problem we solve it with internal trainings but also with 3rd party trainings and certifications, adds Dimitris Raekos, General Manager, ESET ME.
“We understand that many of our resellers have limitations in product knowledge or some of them have better skills in the sales part rather than the technical part. This can often lead to products’ reputation damage and it is something we are addressing by adding more people in our technical team to assist them in gaining in-depth knowledge during the deployments through technical workshops in the region,” explains Raekos.
However, internal training and simply recruiting seasoned candidates is not enough to address the skills gap. There is a need for the Government, educational institutions, and the wider tech industry to work together and help youngsters channel their talent into cybersecurity to pursue exciting and rewarding careers.
“Education must start early, and courses need to offer the right balance of knowledge and practical skills. This should include industry collaboration with schools and appropriate curriculum changes. Industry role models are also important in helping students understand the significance of cyber-security in a rapidly evolving digital world,” adds Tabrez Surve, Regional Head of Security – META, F5 Networks.
The gap in cyber security talent and skills should ideally be a collective effort from individuals, the private sector and government entities. It is therefore imperative that cyber security organizations work with governments and educational institutions to increase awareness and perhaps influence the curriculum being offered.
It would seem that once you have the resources on board, being able to successfully retain them is a matter of providing them with the right level of trainings, certifications, incentives and opportunities to grow with the organization. However, the reality is that the demand for talent is greater than the supply which is why many organizations struggle to attract and retain security professionals. While we cannot blame someone for venturing into greener pastures, this draws attention to the kind of efforts companies need to expend in order to retain good talent.