EDITOR’S QUESTION
ANNA COLLARD, FOUNDER
AND CEO OF POPCORN
TRAINING PTY LTD
in the workspace, and the slightly
antiquated theoretical education
systems that turn out young
professionals who are not equipped to
step up to the demands adequately.
T
he shortage in specialised IT and
cyber security skills is a global
problem that affects companies
in every industry and region, not just in
the Middle East. According to a cyber
security workforce study by ISACA’s
Cybersecurity Nexus (CSX), 37%
of respondents reported that fewer
than one in four candidates have the
qualifications necessary. In Europe,
almost one-third of cyber security job
openings remain unfilled.
Also, according to Bayt.com’s Middle
East Skills Gap Survey 2016, more than
half the companies across the Middle
East struggle to find candidates with the
required technical skillsets.
With the increase of cybercrime attacks,
enterprises do invest more in technology
solutions to protect their data but often
can’t find the security professionals who
have the skills needed to implement, run
and operate these solutions.
Some of the challenges facing the
industry are the fast pace of the
changing technology, requirements
78
INTELLIGENTCIO
A typical cyber security professional
needs hands on and practical
experience, an ability to learn quickly
and think critically. He or she needs
to be able to identify patterns across
multi-functional domains and be
interested in various fields, ranging from
multiple technology stacks to human
psychology. These skills are typically
collected through experience and an
interest or passion for the field. Some of
the strategies that CIOs could deploy to
tackle these challenges are:
1. Hire for attitude not experience
or qualifications. As senior
professionals are hard to come
by, the key is to hire people with
the right mindset rather than look
for qualifications only. Someone
who has critical thinking abilities,
an aptitude to learn fast and is a
great self-motivator, coupled with
some internal coaching, will in time
develop the necessary skills. Also,
once you have the right people,
the trick is retaining these talents,
so creating a career path for these
juniors to grow into is an important
factor to keep in mind.
2. Invest in internal talent
development. Creating internal
coaching and mentoring
programmes whereby seniors teach
juniors on a weekly basis can be very
effective and rewarding for both
parties. Offering to pay for IT and/or
security certifications is another way
to help juniors upskill themselves.
Letting staff organise internal
‘hackathons’ or ‘steal the flag’
competitions motivates practical
on-the-job learning and can increase
intrinsic motivation.
3. Industry group involvement. Ask
staff to get involved or start industry
specific communities or groups
that foster knowledge sharing and
peer learning. Sponsoring a trip
to an industry specific conference
will motivate IT staff. Ask them to
provide feedback to the team on
what they have learned.
4. Partnerships. Setting up
partnerships with service providers
who offer managed services in
certain key areas will assist in
addressing some of the skills
shortages – but it’s important to
assign an internal owner for these
contracts. Due to the skills shortages
being a global problem, treating
service providers as partners rather
than replaceable suppliers is another
important tactic to ensure access to
key skills and that the right support
can be guaranteed.
At Popcorn Training we understand that
there is also a requirement to upskill
the general user base in basic IT and
IT security understanding. Some users
may have little or no interest in IT and/
or IT Security but are posing big risks
to the organisations. The fact that we
are humans and respond to emotional
triggers makes all of us vulnerable to
social engineering schemes that use
psychological tricks to suppress our critical
thinking. Cybercrime schemes have
become more elaborate and we need to
increase everyone’s understanding and
awareness on how to stay safe.
www.intelligentcio.com