Solving the skills shortage, ­supporting the industry

March 2017 Editor's Choice, Cyber Security, Training & Education

One guaranteed topic of discussion in the security industry is that of the skills shortage. While there are obscene numbers of people unemployed in South Africa, none of them seem to have the skills required to become part of the physical security industry. The same applies to the cyber security world, where those in the know claim there are one million cyber security jobs available worldwide.

So how does this work? Are there really so many jobs available in security, or is it a case of companies wanting to pay peanuts because they don’t understand why they have to have security professionals on board, or are they offering entry-level positions (also paying peanuts) but demanding five years of experience, or are all the security professionals leaving the country?

Perhaps it’s because there are few formal courses in security in South Africa, whether physical or cyber security, and those that exist are too expensive for individuals? It could even be that companies are loathe to invest in training their own people because the belief is that as soon as they are trained they will leave for greener pastures.

No matter what the reason, the fact is there is a shortage of skilled security professionals in South Africa and the world. One local company in the cyber security world has been stung by the skills shortage, but has made a plan to resolve the situation. The result delivers benefits to the company, its customers and the industry as a whole.

Hackers may apply (ethical ones)

Riaan van Boom.
Riaan van Boom.

Riaan van Boom, managing director at MWR South Africa, spoke to Hi-Tech Security Solutions about how the company deals with the skills issue. In short, MWR trains its own cyber security experts. The training consists of an initial three-month on-the-job syllabus, after which the trainees work with more experienced staff members and get more involved in the business of cyber defence.

In the information security world, there are no qualifications that make a person a good defender, or a white hat as some describe them. You need technical skills, but you also need experience; and the method MWR uses to train its staff takes what skills the candidates have and expands them on the job. That way they learn all about hacking and finding vulnerabilities in important systems in a legal and ethical manner.

Van Boom says the company looks for people with some technical background and the right aptitude for the job. To date they primarily focus on engineering and computer science students. The key is they need some programming skills and a bit of maths and physics experience – not that this is absolutely necessary, but the company has found the best matches in these candidates.

It’s a great opportunity for young techies. They get to hack and try to break systems (legally), which is fun, and they earn a salary – not to mention the experience they gain.

Benefit to the industry

MWR currently has about 40 security professionals (out of a staff of 80 people) working in its Rivonia offices, with about 180 employed worldwide. It also serves the industry and would-be cyber security experts with its annual HackFu event ( The event is a fun two-days targeted at building interest in information security in the interests of filling some of the missing cyber security jobs.

When asked about employees leaving once they have a few years’ experience, which makes them very attractive to the market, Van Boom says he is not worried about that since the industry as a whole will benefit from experienced personnel who decide to expand their horizons. What is worrying, he notes, is that so many of South Africa’s skilled people are being snapped up by overseas countries, which are also crying out for cyber skills. The result is a bigger deficit in South Africa.

Nonetheless, getting skills into the market is non-negotiable if individuals, organisations and even countries are going to be able to beat the cyber criminals. Right now, the criminals are better funded than the defenders (much like the SAPS), and they have the time and resources to plan and execute their mischief. Perhaps more companies prepared to take the risk of on-the-job training could make a difference?

For more information contact MWR South Africa, +27 (0)10 100 3157,

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Prime time for palm vein identification
Fulcrum Biometrics Editor's Choice
Ingenico and Fujitsu Frontech North America, represented by Fulcrum Biometrics in South Africa, unveil queue-busting solution for secure in-store commerce.

A closed security concept for test halls and perimeter
Dallmeier Electronic Southern Africa Editor's Choice
At its factory facilities in Vilsbiburg, Germany, Flottweg SE relies on tailored video security technology from Dallmeier for perimeter security and workplace safety.

Enterprise threats in 2023
News Cyber Security
Large businesses and government structures should prepare for cybercriminals using media to blackmail organisations, reporting alleged data leaks, and purchasing initial access to previously compromised companies on the darknet.

Advanced server performance and energy efficient design
Editor's Choice IT infrastructure Products
Dell PowerEdge server portfolio expansion offers more performance, including up to 2.9x greater AI inferencing while Dell Smart Flow design and Dell Power Manager software advancements deliver greater energy efficiency.

Free-to-use solar score for South African homes
Technews Publishing Editor's Choice
The LookSee Solar Score is one of the first of its kind to provide insight into the potential of solar power for South Africa’s residential properties.

CA Southern Africa unmasks container security
Technews Publishing IT infrastructure Cyber Security
Adoption of software containers has risen dramatically as more organisations realise the benefits of this virtualised technology.

Fast, reliable and secure cloud services
Technews Publishing Editor's Choice Cyber Security IT infrastructure
Security and speed are critical components of today’s cloud-based services infrastructure. Cloudflare offers a range of services supporting these goals beyond what most people think it does.

Industrial control systems under attack
News Cyber Security
According to Kaspersky ICS CERT statistics, from January to September 2022, 38% of computers in the industrial control systems (ICS) environment in the META region were attacked using multiple means.

Fire-fighting force at Vergelegen
Editor's Choice Fire & Safety Residential Estate (Industry)
Vergelegen wine estate in Somerset West, and its neighbours, are set to enjoy greater peace of mind this summer, thanks to the delivery of a brand new fire truck .

Sasol ensures Zero Trust for SAP financials with bioLock
Technews Publishing Editor's Choice Cyber Security Security Services & Risk Management
Multi-factor authentication, including biometrics, for SAP Financials from realtime North America prevents financial compliance avoidance for Sasol.