In-depth

Industry 'must work with universities to fight cybersecurity skills gap'

Cybersecurity needs more skilled professionals, and businesses need to help train them, say experts

Experts have urged businesses and educators to address the widening cybersecurity skills gap by working together.

LinkedIn CISO Cory Scott said "there is way more demand than there is existing staff" for cybersecurity roles, while F-Secure chief research officer and industry veteran Mikko Hypponen explained that this is not a new phenomenon. "We've faced it already for quite a while and it's just getting worse," he said.

Advertisement - Article continues below

A Frost and Sullivan survey from last year revealed that 62 per cent of the 14,000 respondents thought that their organisations had too few security personnel. Not only that, but the workforce shortfall for the infosec industry is predicted to reach 1.5 million within five years.

"It is something that our annual research with B2B International highlights every year, and something that we believe is of global significance," Kaspersky Lab's managing director for Europe, Alex Moiseev, told IT Pro. "The world needs security professionals, with adequate skills to defend the technologies that we love and depend upon."

"The core reason for this skills shortage is that security isn't a field," Hypponen explained. "It's an umbrella for tons of different small niches. Do you want to be a forensics expert? On which platform? What kind of forensics? So you have to pick a very narrow field if you want to be good at what you do."

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

FICO chief analytics officer Scott Zoldi concurred, adding that security also includes skills from a vast number of disciplines. "It's an interesting mix of IT knowledge, and networking, and statistics and analysis, and critical thinking."

"I don't know if all those pieces fit within any of the siloed domains of a computer scientist, or a statistician, or an analytics person, or an IT ops person," he said.

Moiseev added: "Anecdotally, we've found the problem to be quite complex, with issues ranging from lack of interest in STEM subjects meaning less people exploring computer science in tertiary education, to organisations needing greater flexibility in their approach to training and 'upskilling' security specialists."

According to Hypponen, most cybersecurity professionals still end up coming into the industry by accident. For example, due to a background in assembly programming, Hypponen found himself to be very good at reverse-engineering malware, which started him on his 25-year career in cybersecurity.

Advertisement - Article continues below

"This is a tremendous problem," Zoldi said, "because if you don't have the right staff to actually look at these cases and put in the best practices, that's a very big challenge."

The solution, he suggested, could be for businesses to form deeper partnerships with education institutions. "We need to work with our universities," Zoldi urged, encouraging industry figures to donate their time and expertise.

"Those that have knowledge need to teach, they need to work and develop programmes that make sense in the cybersecurity area with local universities. Industry has to collaborate in that regard or the whole ecosystem is threatened, and that's not good for anybody, from a business perspective."

F-Secure has been running malware analysing and reverse engineering courses at two different universities for the past nine years. "That's how desperate we are in trying to find new people," Hypponen said.

Kaspersky Lab has been running similar programmes, Moiseev said. "We are currently working on various initiatives - cybersecurity challenges, a campus ambassador programme - to raise awareness of security career paths in schools and universities."

Advertisement - Article continues below

Aside from bringing more experts into the field, cybersecurity degrees can also help educate budding hackers and security professionals on the philosophical and moral issues surrounding the industry.

"If we look at bioengineering," explained Zoldi, "there's typically a course around bioengineering ethics and there's these courses that talk about what's generally accepted and some of the complexities of the topic."

Moiseev also warned that courses need to be flexible in order to keep up with the demands of the industry. "Cyber threats are constantly evolving and no matter what we do to combat them, cybercriminals will only improve their own skills to carry out more sophisticated and complex attacks in the years to come.

"Not only do we need to drive greater interest in cybersecurity career paths, but we need courses that evolve and adapt at the same pace as threats (and the cybercriminals responsible for them), otherwise we risk a severe undersupply of skills, as well as talent."

Advertisement - Article continues below

However, Hypponen explained that while infosec degrees are valuable, they're not the whole solution. "The people who are coming out of university courses like that know the basics, but they are not experts in whatever we need them to do because it's so granular and so niche."

Once security graduates have a general understanding, Hypponen said, it's up to the industry to ensure they continue to develop their skills and experience.

"Companies need to train them and take them further," he said. "This shortage is so bad, that we can't hope to fill it by people stumbling into it accidentally. We have to do it in a more organised manner."

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/security/ransomware/356292/university-of-california-gets-fleeced-by-hackers-for-114-million
ransomware

University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
Visit/security/cyber-security/356289/australia-announces-135b-investment-in-cybersecurity
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
Visit/cloud/cloud-security/356288/csa-and-issa-form-cybersecurity-partnership
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Visit/business/policy-legislation/356215/senators-propose-a-bill-aimed-at-ending-warrant-proof-encryption
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020