Comprehensive software reviews to make better IT decisions
Train to Gain: Training the Next Generation of Cybersecurity Professionals
Trying to fill a cybersecurity position? Chances are you are having difficulty finding a candidate, let alone a qualified one. With 3.5 million cybersecurity job vacancies expected by 2021, the quick demand for cybersecurity professionals has had industries scrambling to catch up.
To counter the worldwide shortage, many governments have collaborated with educational institutions to develop and integrate cybersecurity curriculum in K-12 institutions and colleges. With the overall goal of engaging and offering younger generations educational cybersecurity resources, the hope is that they will further pursue it as a profession.
However, while educational programs do provide the foundational skills and theory for a profession in security, education alone does not promise for the output of high-quality cybersecurity professionals. Academia often struggles to keep up with the evolving cybersecurity landscape, and employers often note that the technical and soft skills learnt in education programs lack real-world application. Therefore, government and educational intervention may not be enough to counter the cyber talent shortage. Rather, corporate training opportunities must also be included in the equation.
Big technology firms acknowledge the importance of industry training in closing the cyber talent shortage and developing world-class cyber professionals. For example, over the next four years, IBM will be investing a large part of one billion dollars to cybersecurity-specific skills training and development for the US workforce. The initiative involves funding high school students in STEM fields to earn an associate’s degree free of charge as well as offering opportunities to intern at IBM during their academic careers and work at the company upon graduation.
Verizon has taken a similar stance on closing the cyber skills gap with corporate training but has decided to invest in its own employees. Applying its philosophy of using non-traditional routes such as classes with certifications and on-the-job training, it has announced a large-scale employee training initiative for 2,000 people in cybersecurity. The initiative will involve a self-paced, online cybersecurity course based on role (i.e. wireless sales, product, and security sales), and will emphasize connections between cybersecurity and business operations.
- Leverage the NICE Cybersecurity Workforce Framework in education and training initiatives.
The NICE Cybersecurity Workforce Framework (NCWF) is a cybersecurity workforce guide that provides employers, educators, and students a list of baseline skill standards for cybersecurity roles across all industry verticals. With the overall aim of increasing awareness of the knowledge, skills, and abilities (KSAs) that are valued and in-demand of common cyber roles, it is hoped that the framework will improve communication on how to identify, recruit, develop, and retain cybersecurity talent.
- Research online resources to recommend to employees interested in cybersecurity.
Several resources exist for employees wanting to enhance their skill sets in cybersecurity. Resources like Cybrary, the SANS Institute, and eLearnSecurity offer a range of security training at varying proficiencies. Be sure to also check out government resources online.
- Look for transferable capabilities.
Deloitte Canada suggests that using a human-centric framework focused on soft skills can enable businesses to move past the talent shortage. Having developed a list of seven personas that represent the faces of cybersecurity (e.g. strategist, advisor, sleuth, defender, scientist, hacker, firefighter), with each associated with a list of transferable capabilities, Deloitte believes that people matching these personas can be molded into security roles to fill the talent void.
The cybersecurity talent shortage is only expected to widen in future years and employers must be cognizant that government and educational efforts alone will not be enough to close the cyber talent gap and develop world-class cybersecurity professionals. To prepare for the challenges ahead, employers should investigate whether they are able to offer cybersecurity training opportunities for students and in-house employees.
Want to Know More?
Proteus-Cyber Provides a Tactical Solution for Schrems II Stress With the Transfer Impact Assessment (TIA) Tool
The recent Schrems II invalidation of the EU-US Privacy Shield has added a layer of difficulty for organizations that operate across borders, as they now require additional contractual clauses and measures in place to ensure data can transfer freely. Privacy program management vendor Proteus-Cyber offers a streamlined solution with the release of its Transfer Impact Assessment tool.
PHEMI is a data privacy solution focused on keeping data-processing activities secure by redacting information based on the role of the accessor. Thus, allowing such data to be used for multiple use cases without compromising privacy.
OneTrust challenges the antiquated idea of data privacy and artificial intelligence (AI) as stark opponents, with the introduction of OneTrust Athena, the vendor’s AI and robotic automation-powered platform.
Startup security vendor SECURITI.ai wins RSAC “Most Innovative Startup” at the RSA Conference 2020 Innovation Sandbox Contest.
Osano recently released its SaaS privacy solution aimed at simplifying compliance and vendor assessments. The product feels familiar, but Osano’s ethical commitment sets it apart from the crowd.
DataStealth is a difficult product to classify. It resembles DLP and privacy software but doesn’t fit neatly in either category. DataStealth focuses on data obfuscation, using a novel approach aimed at limiting sensitive-data acquisition.
TrustArc has announced the acquisition of Canadian counterpart, Nymity – a more boutique-style vendor known for its very high standard of privacy research, expertise which manifests in its product offering.
Privacy by Design (PbD) is a General Data Protection Regulation (GDPR) requirement, but effective implementation requires deep insight into the operation and interconnection of various data collection processes. Thus, PbD can be difficult to document and demonstrate. However, Proteus may help.
The US Federal Trade Commission announced both a $5-billion settlement with Facebook and a $575-million penalty against Equifax in the same week. Both were for data breaches – the Equifax case affected 147 million people, and the Facebook incident 87 million. So why is Facebook being hit with the heavier penalty?