In-depth

Industry 'must work with universities to fight cybersecurity skills gap'

Cybersecurity needs more skilled professionals, and businesses need to help train them, say experts

Experts have urged businesses and educators to address the widening cybersecurity skills gap by working together.

LinkedIn CISO Cory Scott said "there is way more demand than there is existing staff" for cybersecurity roles, while F-Secure chief research officer and industry veteran Mikko Hypponen explained that this is not a new phenomenon. "We've faced it already for quite a while and it's just getting worse," he said.

A Frost and Sullivan survey from last year revealed that 62 per cent of the 14,000 respondents thought that their organisations had too few security personnel. Not only that, but the workforce shortfall for the infosec industry is predicted to reach 1.5 million within five years.

"It is something that our annual research with B2B International highlights every year, and something that we believe is of global significance," Kaspersky Lab's managing director for Europe, Alex Moiseev, told IT Pro. "The world needs security professionals, with adequate skills to defend the technologies that we love and depend upon."

"The core reason for this skills shortage is that security isn't a field," Hypponen explained. "It's an umbrella for tons of different small niches. Do you want to be a forensics expert? On which platform? What kind of forensics? So you have to pick a very narrow field if you want to be good at what you do."

FICO chief analytics officer Scott Zoldi concurred, adding that security also includes skills from a vast number of disciplines. "It's an interesting mix of IT knowledge, and networking, and statistics and analysis, and critical thinking."

"I don't know if all those pieces fit within any of the siloed domains of a computer scientist, or a statistician, or an analytics person, or an IT ops person," he said.

Moiseev added: "Anecdotally, we've found the problem to be quite complex, with issues ranging from lack of interest in STEM subjects meaning less people exploring computer science in tertiary education, to organisations needing greater flexibility in their approach to training and 'upskilling' security specialists."

According to Hypponen, most cybersecurity professionals still end up coming into the industry by accident. For example, due to a background in assembly programming, Hypponen found himself to be very good at reverse-engineering malware, which started him on his 25-year career in cybersecurity.

"This is a tremendous problem," Zoldi said, "because if you don't have the right staff to actually look at these cases and put in the best practices, that's a very big challenge."

The solution, he suggested, could be for businesses to form deeper partnerships with education institutions. "We need to work with our universities," Zoldi urged, encouraging industry figures to donate their time and expertise.

"Those that have knowledge need to teach, they need to work and develop programmes that make sense in the cybersecurity area with local universities. Industry has to collaborate in that regard or the whole ecosystem is threatened, and that's not good for anybody, from a business perspective."

F-Secure has been running malware analysing and reverse engineering courses at two different universities for the past nine years. "That's how desperate we are in trying to find new people," Hypponen said.

Kaspersky Lab has been running similar programmes, Moiseev said. "We are currently working on various initiatives - cybersecurity challenges, a campus ambassador programme - to raise awareness of security career paths in schools and universities."

Aside from bringing more experts into the field, cybersecurity degrees can also help educate budding hackers and security professionals on the philosophical and moral issues surrounding the industry.

"If we look at bioengineering," explained Zoldi, "there's typically a course around bioengineering ethics and there's these courses that talk about what's generally accepted and some of the complexities of the topic."

Moiseev also warned that courses need to be flexible in order to keep up with the demands of the industry. "Cyber threats are constantly evolving and no matter what we do to combat them, cybercriminals will only improve their own skills to carry out more sophisticated and complex attacks in the years to come.

"Not only do we need to drive greater interest in cybersecurity career paths, but we need courses that evolve and adapt at the same pace as threats (and the cybercriminals responsible for them), otherwise we risk a severe undersupply of skills, as well as talent."

However, Hypponen explained that while infosec degrees are valuable, they're not the whole solution. "The people who are coming out of university courses like that know the basics, but they are not experts in whatever we need them to do because it's so granular and so niche."

Once security graduates have a general understanding, Hypponen said, it's up to the industry to ensure they continue to develop their skills and experience.

"Companies need to train them and take them further," he said. "This shortage is so bad, that we can't hope to fill it by people stumbling into it accidentally. We have to do it in a more organised manner."

Featured Resources

Navigating the new normal: A fast guide to remote working

A smooth transition will support operations for years to come

Download now

Leading the data race

The trends driving the future of data science

Download now

How to create 1:1 customer experiences at scale

Meet the technology capable of delivering the personalisation your customers crave

Download now

How to achieve daily SAP releases

Accelerate the pace of SAP change to support your digital strategy

Download now

Recommended

8 of the most secure web browsers
web browser

8 of the most secure web browsers

25 Sep 2020
Your essential guide to internet security
Security

Your essential guide to internet security

23 Sep 2020
How to enable private browsing on any device
privacy

How to enable private browsing on any device

22 Sep 2020
Third-party apps are tracking your WhatsApp activity
social media

Third-party apps are tracking your WhatsApp activity

21 Sep 2020

Most Popular

16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
16 ways to speed up your laptop
Laptops

16 ways to speed up your laptop

16 Sep 2020
The Xbox Series X shows how far the cloud still has to go
Cloud

The Xbox Series X shows how far the cloud still has to go

25 Sep 2020