Cybersecurity – and specifically the talent and skills required for it – can make or break an organization’s digital transformation plan. The bad news is that the gap between supply and demand for these highly coveted skills is widening with increasing complexity and sophistication of threats such as ransomware, spyware and phishing.
According to the (ISC)2 Cybersecurity Workforce Study 2018, the shortage of cybersecurity professionals is close to three million globally. The bulk of this shortage is in Asia Pacific, where growing economies and new cybersecurity and data privacy legislation being enacted have led to a gap of around 2.15 million. Overall, 63% of respondents report that their organizations have a shortage of cybersecurity staff and nearly 60% say their companies are at moderate or extreme risk of cybersecurity attacks due to this shortage.
International recruitment and hiring firm Michael Page saw an increase in cybersecurity job placements in the region of 110% from 2017 to 2018. A rising proportion of demand for experienced professionals in a myriad of job roles remains unfulfilled.
In Singapore alone, up to 3,400 cybersecurity professionals will be in demand by 2020 to fill roles in threat and vulnerability assessment, security management, and incident and crisis management – a majority of which are found in large MNCs, across the banking, finance, healthcare, and IT sectors.
Traits and talents
The ever-evolving technologies creating new security concerns and widening the talent shortage gap provides fertile ground for governmental reskilling efforts and enterprises’ rethinking of approaches to fix cybersecurity talent shortage.
The US Office of Management and Budget, the CIO Council and the Department of Education have begun piloting a Federal Cyber Reskilling Academy program, which offers Federal employees the opportunity for hands-on training in cybersecurity, one of the fastest growing job fields in the country. The inaugural class will help current employees who do not work in the IT field to build foundational skills in the field of Cyber Defense Analysis. This program will subsequently be open to all employees.
In Singapore, the Skills Framework (SF) for Infocomm Technology maps out for individuals, employers, training providers, professional bodies and government agencies the recommended skills, competencies and career pathways across seven tracks, including cybersecurity, for job roles such as chief digital officer, data scientist and cyber risk analyst, as the country embarks on its Smart Nation initiative. Training programmes for the SF cater to both entry-level and in-service employees.
Meanwhile, the Cyber Security Associates and Technologists (CSAT) Programme trains and up-skills fresh ICT professionals and mid-career professionals for cybersecurity job roles via on-the-job training and local and overseas attachments identified by the CSAT Training Partners.
On-the-job-training is beneficial for individuals who lack a cybersecurity background but have transferable skillsets from other IT domains that could be applied to well defined roles in cybersecurity.
At a recent roundtable discussion in Singapore, Chen Kin Siong, director at Insider Security, highlighted the “numerous online portals, such as GitHub, that allow aspiring cybersecurity professionals to showcase their own work” – an approach that can supplement years of professional experience, demonstrating a candidate’s abilities at handling code and working within a particular domain.
Although technical skills remain the most important criteria for a cybersecurity professional, the reality is that demand for sought-after cyber expertise continues to outstrip supply. Hence, it may be time for your company to widen its approach to addressing the talent shortage.
Soft skills are growing in importance as must-have competencies for any cybersecurity job. Good communication and interpersonal skills enhance the ability to manage and communicate with both internal and external stakeholders, articulate insights from data, and make sound problem-solving recommendations based on critical thinking processes.
Cybersecurity areas that have been cited as not requiring deep technical know-how include project management in security projects; analysis of internet content for on-line radicalization, extremism on social networks, suspicious activities; scientific research in social engineering, safe internet, cybercrime, artificial intelligence ethics and security scenarios; and review of practices, procedures and compliance with cyber regulations.
Cybersecurity professionals play a critical role as security evangelists who add value across the business and underscore the strategic role of the IT department in spearheading digital transformation. Perhaps it’s time to establish a good cybersecurity professional as one who is not just technically proficient but also a creative problem solver and business-savvy critical thinker.
This is a QuestexAsia blog post commissioned by F5 Networks Asia Pacific.