EXPERT OFFERS SOLUTION TO
THE W-I-D-E-N-I-N-G
CYBERSKILLS GAP
Creating a diverse cybersecurity workforce is challenging to
say the least as the cyberskills gap is still so prominent within
the industry. Bridget Kenyon, Global CISO, Thales, suggests
how business leaders should consider a wider pool of potential
employees in an attempt to plug the gap and create a more
varied cybersecurity culture.
2
019 was a busy
year for the
cybersecurity
industry as it
continued to battle
both evolving
and increasing
volumes of attacks. But one thing was
made abundantly clear – there is a
real need for more talent within the
industry. According to (ISC)², there is
estimated to be over four million jobs
in the cybersecurity industry unfilled
globally, and in order to close that gap,
things need to change. While there is
no silver bullet to curing the skills crisis,
the industry must continue to focus on
educating companies on what skills they
should be looking out for in people.
Different skills for different roles
From a penetration tester who
needs more technical skills to the
CEO who requires a more high-level
understanding, the truth is that there
are hundreds or even thousands of
different roles that involve cybersecurity
62
and data protection. It really is an
industry that requires everyone to play
a role. However, one important skill for
anyone dealing with cybersecurity is
flexibility, or adaptability.
With technological advancements,
and cybercriminals boosting their
capabilities, the industry needs to keep
up with and understand the new threats
they face. Take the rise of ransomware
attacks, for example; despite not being
sophisticated, many organisations are
likely to fall victim to them.
For any organisation, it is important to
have someone at a senior level with the
right level of contextual awareness – a
combination of technical and business
acumen to ensure that information
risk is appropriately considered and
decisions are made in a responsible
and informed fashion. When an attack
happens, they can then ensure that
the response minimises the impact
to the business. The ideal candidate
for this role is someone who is on the
board and can act as the champion
Bridget Kenyon, Global CISO, Thales
for information/cybersecurity. This can
be the CISO or CSO, or a non-exec
member who is an expert in this field.
Training the rest of the business
Beyond the board, there are other
cybersecurity skills that organisations
may require. The first challenge is
identifying them.
One issue with gap identification is the
lack of awareness that there is a gap –
i.e. getting the rest of the business on
board when it comes to security. It is a
situation where the lack of awareness
makes it hard to convince people that
there is a need for better expertise. This
is known as the ‘bootstrap problem’. The
way out is a good awareness campaign,
starting with the decision makers (to
ensure that the wider staff will be
motivated to take the training seriously).
Issue 23
|
www.intelligentciso.com