INTERVIEW: The future of work in cybersecurity

Behind technology, there are always humans, so any technology or cybersecurity tool used in business is impossible to apply without professionals. And there is no denying that a shortage of talent is a constant challenge in cybersecurity, with a gap of almost three million positions in the industry workforce globally.

Andrey Evdokimov, Head of Information Security at Kaspersky, believes this means that the problem isn’t necessarily a lack of talent or promising young people who are aspiring to work in cybersecurity. Instead, a lot of the roles that need new talent are in areas that remain unseen and therefore under-employed.

Speaking to Andrey, ITNA’s Jenna Delport finds out how those looking to have a career in cybersecurity can seize the moment, uncover which specialisation to choose and what skills to develop.

When it comes to the cybersecurity industry, do you think there’s a shortage of talent?

Research shows that despite there being an estimated 2.8 million cybersecurity professionals globally, an additional four million trained personnel in these areas are required to close the skills gap. Additionally, 65% of those organisations surveyed reported that they have a shortage of cybersecurity staff, generally.

This is only expected to increase given how digital transformation has become a business priority in recent years. Companies can no longer only rely on security software and hardware to keep sensitive data safe and networks running optimally.

Instead, they need to invest in relevant professionals capable of integrating cybersecurity solutions effectively across all organisational touchpoints. There is a clear need for cybersecurity talent, yet it is difficult to come by.

With the growth of the Internet of Things (IoT) and edge computing, more devices will connect to the corporate back end. As such, companies must do more to keep the devices secure while ensuring the integrity of data collected and processed at the edge is not compromised.

For this, they need dedicated cybersecurity human resources able to adapt to the rapidly evolving digital requirements of the business, irrespective of its size or industry sector.

What kind of role does digitalisation play in creating a skills gap?

With more organisations becoming digital and the arrival of multi-national data centres in South Africa seeing a shift towards multi-cloud environments, companies are embracing a new way of doing business.

Digitalisation has become the cornerstone of not only being competitive in the always-on world, but to differentiate from others that include not only incumbents but more agile start-ups across fintech, insurtech, and other industry sectors.

However, as systems evolve and become more sophisticated, so too do the threat actors and the tools available to them to compromise networks and data. This puts even more pressure on companies to keep up with what is happening on the cybersecurity side.

Things such as the cloud, IoT software-defined networking, machine learning, and other elements mean the business (and threat) landscape is continually changing and with that the skills set required to manage this change grows.

It stands to reason that more traditional cybersecurity tools and strategies are no longer adequate to protect the business. But even the most sophisticated solutions cannot operate effectively without human intervention. And this is where the rapid expansion of the digital workforce becomes essential.

On the one hand, there are more jobs available for cybersecurity professionals than the current supply can meet. And on the other, universities and corporates cannot create skilled personnel fast enough for the evolving digital world.

What are some of the key areas that people looking to start a career in cybersecurity should develop?

It all starts with the foundational technology skills developed through studies and graduate programmes. These include how servers, clients, and networks work as well as getting comfortable in cloud environments. Furthermore, traditional cybersecurity education is also important to give the person an understanding of how firewalls and exploits work in addition to more sophisticated attacks such as ransomware and identity theft.

But much like any ICT skill, the person must be willing to constantly re-evaluate their skills and keep up to date with innovations. As cybersecurity threats evolve, so too must their knowledge of them as well as the hardware and software required to effectively protect systems.

In this regard, certifications become critically important as it supplements more traditional learning programmes. These certifications, when combined with practical experience, build on the core message of putting people first aided by the latest technological innovation.

Furthermore, as technical skills improve, professionals will get the opportunity to explore such dynamic areas as cybersecurity management, forensic analysis, cloud migration, and others.

There is no single way of becoming a cybersecurity professional. Instead, it is about combining elements across the ICT offering with people development. Self-education becomes instrumental as is getting upskilling opportunities from a corporate level.

How do you think the industry will change over the course of 2020?

As countries and businesses become more dependent on technology to become smarter and more efficient, cybersecurity roles will continue to grow in importance. Having awareness of the skills gap that exists is one thing, but the industry will need to bridge the gap as a priority during 2020. This will also result in the creation of new career options which were previously unimaginable.

For example, a cybercity analyst is likely to become vital in bridging the link between the government’s digital initiatives and how to implement the best technological innovation to safeguard it. This role is expected to be an interface for businesses running inside smart cities, while from a government side, it will be separated into multiple roles in the future as city technologies and responsibilities are highly diverse.

But in addition to new job roles, cybersecurity will increasingly become integrated with data science to provide more proactive ways to combat against attacks. Already, artificial intelligence and machine learning have been utilised to continually monitor networks and automatically plug any holes that might exist (or occur with new threats).

Cybersecurity will also become a critical building block in ensuring the mobile strategies of companies not only focus on data generation but protection as well. As phishing and other social engineering attacks become even more sophisticated, education initiatives must evolve and not be limited to only cybersecurity professionals.

Edited by Jenna Delport
Follow Jenna Delport on Twitter

Follow IT News Africa on Twitter