top of page

Let's do something about the cyber security skills shortage

  • Writer: Anna Collard
    Anna Collard
  • Feb 14, 2020
  • 3 min read

Updated: May 9, 2022

I'd like to share a story about Jason. Jason was barely out of school at 19 years old, when he joined the security team where I worked about 10 years ago. We needed someone to be the administrator for an email security gateway at one of our largest clients. Administrator is a nice word for the mind-numbing tasks Jason had to complete every day, such as fixing spam filters and getting irate phone calls from unhappy end users. Jason had a great way of calming users and a wicked sense of humour, and most importantly a thirst for learning and attitude to put in whatever it took. Within a few months he was promoted to security engineer and fast forward a few years and Jason was poached by the US where he now leads a whole team of senior security architects.



Across the board, the security skill shortage was listed as one of CISO's top pain points for 2020. The security skills shortage is not just a South Africa problem, globally there are about four million IT security vacancies, according to (ISC)2.


Yes there have been great advancement made in security orchestration and automation tools and technology, but if there is no one available to set it up and operate it what's the use? And the service providers? They have exactly the same problem: too many experienced & qualified staff leaving the country, tempted by the promises of a better or at least safer life and a stronger currency.


Here are my thoughts on how we as South Africans could address the problem heads on and possibly even benefit from it in the long run:


1. Hire for attitude not experience

I always have to think about Jason when talking about this. He is living proof that attitude trumps experience - with literally zero professional experience Jason soared to great heights. We have long given up finding staff from within the IT or security industry and have successfully hired people from other industries such as media or straight out of school. The common denominator across high performers is their hunger to learn and an attitude to take ownership and stick with a challenge until it is resolved. There are fantastic online resources available, so anyone who wants to can learn more about. It just requires a bit of an outline or curriculum and discipline to stick to the self learning process. Cybrary, LinkedIn Learning, Udemy all have courses available to teach security & networking fundamentals.


2. Start a security academy & internships

Some of the larger financial organisations such as Standard Bank, have launched security academies targeted at internal staff to up- and cross-skill into cybersecurity. These initiatives are mostly led by security professionals who spend their free time to volunteer and train others about cyber security. I believe this is largely because most security professionals are really passionate about what they do. And this passion drives them to work after hours, set up curriculums and find the time to inspire others - often up until the middle of the night. Some grass roots collaboration is happening already with Standard Bank sharing their learnings with other organisations. ABSA has launched a formal cyber security academy targeted not just at internal staff but to the wider public.


3. Inspire the Youth

Security is such an incredibly interesting industry to get into: the diversity and breadth of topics allows for continuous learning and a variety of skills and interests to be developed. Wherever possible, security professionals should find ways to spread the word in schools and youth development programs. KnowBe4 offers free awareness content in the form of an activity kit which can be used by schools and parents. Go and speak at universities or schools when you get a chance.


Thanks to Lynette Hundermark and Wouter Grove, I had the opportunity to talk about cybersecurity to a room full of young


sters at the CoLab for e-Inclusion and Social Innovation University of the Western Cape and that day was the best day of the week for me, it was really inspiring - as you can see by my dufus smile.



4. Provide a career path for girls and young women

According to Charles Schwab in the Fourth Industrial Revolution, women will be at higher risks of being left behind as automation and robots replace traditionally female roles such as secretarial, retail, call center and even caregiving jobs. This means that we really need to find ways to inspire today's young girls and women to embrace a career in the Science, Technology, Engineering, and Mathe


matics (STEM) areas. Cyber Security offers not just the pure technical roles, but a lot of aspects such as "building the human firewalls" which requires skills often typically linked to female traits, such as high empathy and communication skills.





Comments


Image by kylefromthenorth
Join My Mailing List

Thanks for submitting!

About Me
Anna 22 formal.jpg

I'm a creative security awareness content developer and founder with a demonstrated history of working 20+ years in the cybersecurity industry. Originally from Munich, Germany, I've been living in Cape Town, South Africa for the last 20+ years. Successfully grew bootstrapped startup Popcorn Training to US acquisition and scaled team in a hyper-growth environment under the new ownership as the regional MD of KnowBe4 Africa.

Since 2021 I've moved into an evangelist role at KnowBe4, driving cyber awareness across the African continent with a special focus on cyberpsychology, security culture, metaverse, Web3 security, and the intersection of mindfulness on cyber.

I'm a Member of the World Economic Forum’s Global Future Council on the Future of Metaverse for the 2023-2024 term as well as a member of the WEF Metaverse Initiative Governance Working Group and Security Skills Development Group. 

 

I'm a founding member and on the Mido Cybersecurity Academy advisory board, aimed at underserved communities in South Africa to bridge the cyber skills divide.

I'm a certified business analyst and have an MSc in Cyberpsychology from the University of Applied Sciences in Vienna. I hold multiple security certifications, including CISSP, CISA, CIPP/IT, ex PCI DSS QSA, ISO 27001 Implementer, and auditor.

Im also a Yoga Alliance certified Yoga Teacher Trainer (YTT 500) and certified Trauma Sensitive Yoga Facilitator.

Awards / Recognitions:

- Top 20  Women in Cyber of the World 2024 

- Top 100 Influential Women in Tech South Africa 2024
- Women in Cyber People’s Choice Award 2023
- IFSEC Global Influencer in Security for 2022.
- UK’s IT Security Guru 21 Most Inspiring Women in Cyber in 2021
- Top 100 Women in Cyber 2020 and 2021 globally by Cyber Defence Magazine.
- ISACA South Africa President Award for 2020
- Women in Tech Innovations Africa 2020 Award for Southern and Central Africa at Africa Tech Week
- Top 50 Women in Cybersecurity – Africa 2020

 

© 2024

  • LinkedIn
  • X
bottom of page