Most IT experts agree that as long as threat actors have the upper hand in launching cyber attacks CiSOs will be challenged to meet the ability to hire the infosec talent they need.
However, a recruitment expert says help may be down the hall or on the next floor: Staff who have business analytic and related skills who might be capable of being trained to join the IT staff.
That was one of the messages Sanrda Saric, vice-president of talent innovation at the Information and Communications Technology Council, gave Tuesday to a cyber security conference north of Toronto.
“How do we take people we have already instead of hiring new?” she asked. How do we upgrade them? Maybe they are in a different department but have transferable skills that might be (appropriate) — maybe they’re in audit.”
Later in an interview she expanded on the idea. “Not necessarily every occupation will be conducive to that, but I think there’s a lot of opportunities. If companies can look at various skill sets, and if 70 to 80 per cent of the skills can be met, what could you do potentially do to up-skill, or re-tool, with potentially a smaller investment, if it’s difficult to recruit?”
“As cyber security becomes more prevalent because its a skill that everyone needs, there some opportunities to look across functions, across the departments, across the organization and look at transferable skills … and how can we potentially layer information security learning in them. There may be opportunities in the business function – for example, if they have business analysts, they have critical thinking skills that may be complementary to up-skilling and penetration testing or quality assurance.”
Saric was speaking at the International Cyber Security and Intelligence Conference organized by the Ontario College of Management and Technology, which offers diplomas or certificates in a range of studies. A graduate program in Cybersecurity Engineering starts in January.
She has no doubt the demand for infosec pros is high and will continue to be for a while.
One in four employed information and communications professionals in Canada already require cybere security skills now in their jobs, she told the conference. Her council estimates the number of employed cyber security pros here will grow by 20 per cent through 2019.
Every sector of society – government, business, non-government agencies – has a role to play in filling the demand, she said. That will include making sure women, indigenous people, people with disabilities newcomers and others have a chance to be recruited and trained.
Surprisingly, given the entertainment industry’s gloss on cyber security – actors playing law enforcement hackers have prominent roles on almost any cop TV shows or movie – Saric said there’s a stigma among the young.
“It doesn’t have the – for lack of a better term ‘sex appeal’ — that coding and other areas have,” she maintained.
Cyber security is seen as a military or a first responder career, she said, which made her call for a “re-branding” of the title.
And yet, she added, information security and privacy are only going to be an increasing part of our lives “In the future you’re going to see more job descriptions that will say “cyber security knowledge” or “security knowledge” required, she predicted.
A former network administrator, Saric said CISOs and hiring pros should look beyond people with IT or infosec degrees. Students in business, law, psychology and other fields will have qualities need for information security such as communications and writing skills, the ability to think and act quickly, to troubleshoot and solve problems; curiosity (a desire to learn), resourcefulness, detail oriented and the ability to stay calm under pressure.
The council has a number of initiatives to help spread knowledge of cyber security among high school students, including Cyber Days, which has taken Ottawa students to tour the RCMP cyber lab, then challenged them to find vulnerabilities in a computer; and the national Cyber Titan cyber team competition.
It has also announced a new partnership with Cisco Systems for virtual facilitated training in cyber security for high school teachers.
CISOs can also partner with education institutions for two-way collaboration, Saric said.