Intelligent CISO Issue 15 | Page 28

editor’s question STEVE MULHEARN, DIRECTOR OF ENHANCED TECHNOLOGIES, FORTINET E ducation is extremely important but, unfortunately, today’s IT curriculums aren’t quite addressing current needs. Firstly, we often find that the learning content and materials being used are out of date with regard to what is actually happening in the industry. Secondly, many current programmes fail to accurately depict what cybersecurity professionals actually do – many young people believe they sit in front of computers late at night wearing hoodies – or the commercial need businesses have for the cybersecurity skillset. Young people don’t realise the breadth of the problem. While it is the most wanted skillset in the UK, Ireland, the US, Germany and Israel, and is a growing need in emerging countries where competing in the global marketplace requires a digital presence, a recent workforce development survey showed 59% of organisations have unfilled cybersecurity positions, with Frost & Sullivan forecasting a shortfall of 1.5 million by 2020. We need to acknowledge that schools and universities alone can’t address the pressing problem of the cybersecurity skills gap. To address this challenge, we need a new approach that combines the resources of higher education organisations with those of the private industry and public sector. For example, in the UK we’re looking at how we can work with universities to further engage with students in order to give them a better understanding of cybersecurity – through exposure to us as a business, investments in educational technology and investments in time to ensure the materials they are using are up-to-date. Because of the rate at which breach and cybercrime defence methodologies evolve, it’s difficult for education bodies to keep up. As a result, there is a general lack of understanding around the field in general. That gap is expected to grow significantly over the next few years if nothing is done. As a result, people usually fall into cybersecurity, rather than being guided towards it. We need to acknowledge that schools and universities alone can’t address the pressing problem of the cybersecurity skills gap. While students are learning how to code and develop applications, they aren’t necessarily learning how to build effective security mechanisms from the ground up to keep those applications safe – they aren’t learning to think in the way cybercriminals do. The majority of today’s industry professionals start out in a different field of IT and land in cybersecurity because at some point they realise they have an interest or a skill for it. They then have to retrain as cybersecurity specialists, exacerbating the skills shortage issue. A concerted effort across public and private organisations is our best shot at creating a cybersecurity talent pool with a variety of skill levels, with professionals who know how to engineer secure environments and detect and respond to sophisticated attacks. 28 Issue 15 | www.intelligentciso.com