The cybersecurity industry has a fundamental insecurity: talent supply. Frost & Sullivan estimates that by the year 2020 the field of cybersecurity will see a talent shortage of 1.5 million skilled employees despite the effort of education systems around the world to increase capacity.
The IT departments of large companies will bear much of the brunt of the shortage. However, the real fight will happen between specialized security vendors searching and competing for experts with cross-domain knowledge. You don’t find people like that in your average university.
The challenge of talent shortfall was discussed at a panel held by Kaspersky Lab in Dublin, Ireland. Widely known as the Silicon Valley of Europe, Ireland — and Dublin in particular — is very active in training and hiring IT professionals, making the city a natural choice of venue for a discussion involving a huge group of interested parties: security vendors, educational institutions, recruitment agencies, and government representatives.
All panelists shared the view that although education systems are already actively adapting to address the issue, it’s not enough to overcome the expected shortage. Shane Nolan, CEO of IDA Ireland explained: “The capacity to train new people at the academic level stepped up a number of notches during the past five years. Pretty much every college in the country has an undergrad or postgrad course in cybersecurity…. I think promoting this capacity to kids is vitally important. And the work placement part of the education system is vitally important. Many students choose generic IT education. If we could divert this traffic towards cybersecurity applications, that would go somewhere as well.”
Jacky Fox, risk advisory director for Deloitte Ireland and leader of Deloitte’s Cyber Security and IT Forensic service in the country, added that ideally, at least one lesson in cybersecurity should be provided to every student regardless of his or her field of study. “It may turn some heads. It may be a potential option for them,” she concluded.
Dr. Michael Schukat, a lecturer in the Department of Information Technology at the National University of Ireland, Galway, emphasized that the problem should be addressed in earlier stages as well, during the school years: “Teenagers are interested in programming, but they end up doing mechanical engineering or civil engineering because that’s the advice they got. Where we can step in? I suppose we have a right person sitting here [points at Eugene Kaspersky]: We need role models, we need rock stars of cybersecurity being more visible, showing those teenagers (and their parents) there’s a career, there’s money, there’s a lot of excitement in cybersecurity. And also, we need to enhance our efforts to get students interested in cybersecurity — right now ICT is just programming. We can spin it off to make it focus on cyber, we could have hackathons, open days, you name it. Eventually we will find students gravitating to cybersecurity.”
Eugene Kaspersky himself thinks that it’s not that difficult to get students interested: “First, IT security is now everywhere from a phone to a turbine,” he said. “Second, in many cases we have to investigate, to hunt the men. Third, there’s more demand for cybersecurity experts, so they’re better and better paid.”
— Kaspersky (@kaspersky) September 7, 2016
However, even educated and engaged graduates are rarely fully qualified for advanced cybersecurity tasks. That’s why graduates who undertake additional training or internships with real cybersecurity teams are more likely to find success in the field. Of course, this task is much easier to achieve in an oasis like Dublin, which has many such companies and teams. “At Deloitte, we take interns, we have graduate programs — three years of training to bring them from grad space to trained cybersecurity professional,” said Jacky Fox.
To evolve, cybersecurity companies need such oases: They often need to find a rare or unique expert. As Shane Nolan put it: “Having the majority of industry here is vitally important because you want a level of skilled employees, not just graduates, not just PhD students, but people with experience…. It’s our part of the deal to help Ireland to create a platform for these companies to continue to build the IT cluster.”
Kaspersky Lab has this need too. That’s why we opened our first EU-based research and development center in Dublin the same day the panel took place. About 50 developers will work there during the first stage.
— Kaspersky (@kaspersky) September 7, 2016
Keith Waters, head of engineering at Kaspersky Lab Ireland, said he feels quite inspired by his task: “It’s a great and interesting challenge to build the type of products we do for protecting enterprise companies. To build the advanced products and solutions that we want to do in Dublin requires a combination of security expertise, big data knowledge, machine learning — it’s difficult to find a more exciting and interesting combination of skill sets and technologies for the engineering community.”
Eugene Kaspersky hinted that in addition to the new R&D center, Kaspersky Lab may create a special training center dedicated to education in emerging cybersecurity fields such as critical infrastructure protection and transportation security. “I am certain that our office in Dublin will help us to build better cybersecurity systems, services, training, and education, working closely with the Irish government and universities,” he said.
Prime Minister of Ireland (Taoiseach) Enda Kenny attended the opening ceremony and promised governmental support for the industry: “The breadth and scope of the skills needed in this area are well recognized by the government, and the new strategy for education and skills will seek to ensure that IT and digital skills are a key part of all levels of educational system.”