Intelligent CIO Middle East Issue 21 | Page 78

EDITOR’S QUESTION ANNA COLLARD, FOUNDER AND CEO OF POPCORN TRAINING PTY LTD in the workspace, and the slightly antiquated theoretical education systems that turn out young professionals who are not equipped to step up to the demands adequately. T he shortage in specialised IT and cyber security skills is a global problem that affects companies in every industry and region, not just in the Middle East. According to a cyber security workforce study by ISACA’s Cybersecurity Nexus (CSX), 37% of respondents reported that fewer than one in four candidates have the qualifications necessary. In Europe, almost one-third of cyber security job openings remain unfilled. Also, according to Bayt.com’s Middle East Skills Gap Survey 2016, more than half the companies across the Middle East struggle to find candidates with the required technical skillsets. With the increase of cybercrime attacks, enterprises do invest more in technology solutions to protect their data but often can’t find the security professionals who have the skills needed to implement, run and operate these solutions. Some of the challenges facing the industry are the fast pace of the changing technology, requirements 78 INTELLIGENTCIO A typical cyber security professional needs hands on and practical experience, an ability to learn quickly and think critically. He or she needs to be able to identify patterns across multi-functional domains and be interested in various fields, ranging from multiple technology stacks to human psychology. These skills are typically collected through experience and an interest or passion for the field. Some of the strategies that CIOs could deploy to tackle these challenges are: 1. Hire for attitude not experience or qualifications. As senior professionals are hard to come by, the key is to hire people with the right mindset rather than look for qualifications only. Someone who has critical thinking abilities, an aptitude to learn fast and is a great self-motivator, coupled with some internal coaching, will in time develop the necessary skills. Also, once you have the right people, the trick is retaining these talents, so creating a career path for these juniors to grow into is an important factor to keep in mind. 2. Invest in internal talent development. Creating internal coaching and mentoring programmes whereby seniors teach juniors on a weekly basis can be very effective and rewarding for both parties. Offering to pay for IT and/or security certifications is another way to help juniors upskill themselves. Letting staff organise internal ‘hackathons’ or ‘steal the flag’ competitions motivates practical on-the-job learning and can increase intrinsic motivation. 3. Industry group involvement. Ask staff to get involved or start industry specific communities or groups that foster knowledge sharing and peer learning. Sponsoring a trip to an industry specific conference will motivate IT staff. Ask them to provide feedback to the team on what they have learned. 4. Partnerships. Setting up partnerships with service providers who offer managed services in certain key areas will assist in addressing some of the skills shortages – but it’s important to assign an internal owner for these contracts. Due to the skills shortages being a global problem, treating service providers as partners rather than replaceable suppliers is another important tactic to ensure access to key skills and that the right support can be guaranteed. At Popcorn Training we understand that there is also a requirement to upskill the general user base in basic IT and IT security understanding. Some users may have little or no interest in IT and/ or IT Security but are posing big risks to the organisations. The fact that we are humans and respond to emotional triggers makes all of us vulnerable to social engineering schemes that use psychological tricks to suppress our critical thinking. Cybercrime schemes have become more elaborate and we need to increase everyone’s understanding and awareness on how to stay safe. www.intelligentcio.com