Intelligent CISO Issue 23 | Page 62

EXPERT OFFERS SOLUTION TO THE W-I-D-E-N-I-N-G CYBERSKILLS GAP Creating a diverse cybersecurity workforce is challenging to say the least as the cyberskills gap is still so prominent within the industry. Bridget Kenyon, Global CISO, Thales, suggests how business leaders should consider a wider pool of potential employees in an attempt to plug the gap and create a more varied cybersecurity culture. 2 019 was a busy year for the cybersecurity industry as it continued to battle both evolving and increasing volumes of attacks. But one thing was made abundantly clear – there is a real need for more talent within the industry. According to (ISC)², there is estimated to be over four million jobs in the cybersecurity industry unfilled globally, and in order to close that gap, things need to change. While there is no silver bullet to curing the skills crisis, the industry must continue to focus on educating companies on what skills they should be looking out for in people. Different skills for different roles From a penetration tester who needs more technical skills to the CEO who requires a more high-level understanding, the truth is that there are hundreds or even thousands of different roles that involve cybersecurity 62 and data protection. It really is an industry that requires everyone to play a role. However, one important skill for anyone dealing with cybersecurity is flexibility, or adaptability. With technological advancements, and cybercriminals boosting their capabilities, the industry needs to keep up with and understand the new threats they face. Take the rise of ransomware attacks, for example; despite not being sophisticated, many organisations are likely to fall victim to them. For any organisation, it is important to have someone at a senior level with the right level of contextual awareness – a combination of technical and business acumen to ensure that information risk is appropriately considered and decisions are made in a responsible and informed fashion. When an attack happens, they can then ensure that the response minimises the impact to the business. The ideal candidate for this role is someone who is on the board and can act as the champion Bridget Kenyon, Global CISO, Thales for information/cybersecurity. This can be the CISO or CSO, or a non-exec member who is an expert in this field. Training the rest of the business Beyond the board, there are other cybersecurity skills that organisations may require. The first challenge is identifying them. One issue with gap identification is the lack of awareness that there is a gap – i.e. getting the rest of the business on board when it comes to security. It is a situation where the lack of awareness makes it hard to convince people that there is a need for better expertise. This is known as the ‘bootstrap problem’. The way out is a good awareness campaign, starting with the decision makers (to ensure that the wider staff will be motivated to take the training seriously). Issue 23 | www.intelligentciso.com