Solving the skills shortage, ­supporting the industry

March 2017 Editor's Choice, Information Security, Training & Education

One guaranteed topic of discussion in the security industry is that of the skills shortage. While there are obscene numbers of people unemployed in South Africa, none of them seem to have the skills required to become part of the physical security industry. The same applies to the cyber security world, where those in the know claim there are one million cyber security jobs available worldwide.

So how does this work? Are there really so many jobs available in security, or is it a case of companies wanting to pay peanuts because they don’t understand why they have to have security professionals on board, or are they offering entry-level positions (also paying peanuts) but demanding five years of experience, or are all the security professionals leaving the country?

Perhaps it’s because there are few formal courses in security in South Africa, whether physical or cyber security, and those that exist are too expensive for individuals? It could even be that companies are loathe to invest in training their own people because the belief is that as soon as they are trained they will leave for greener pastures.

No matter what the reason, the fact is there is a shortage of skilled security professionals in South Africa and the world. One local company in the cyber security world has been stung by the skills shortage, but has made a plan to resolve the situation. The result delivers benefits to the company, its customers and the industry as a whole.

Hackers may apply (ethical ones)

Riaan van Boom.
Riaan van Boom.

Riaan van Boom, managing director at MWR South Africa, spoke to Hi-Tech Security Solutions about how the company deals with the skills issue. In short, MWR trains its own cyber security experts. The training consists of an initial three-month on-the-job syllabus, after which the trainees work with more experienced staff members and get more involved in the business of cyber defence.

In the information security world, there are no qualifications that make a person a good defender, or a white hat as some describe them. You need technical skills, but you also need experience; and the method MWR uses to train its staff takes what skills the candidates have and expands them on the job. That way they learn all about hacking and finding vulnerabilities in important systems in a legal and ethical manner.

Van Boom says the company looks for people with some technical background and the right aptitude for the job. To date they primarily focus on engineering and computer science students. The key is they need some programming skills and a bit of maths and physics experience – not that this is absolutely necessary, but the company has found the best matches in these candidates.

It’s a great opportunity for young techies. They get to hack and try to break systems (legally), which is fun, and they earn a salary – not to mention the experience they gain.

Benefit to the industry

MWR currently has about 40 security professionals (out of a staff of 80 people) working in its Rivonia offices, with about 180 employed worldwide. It also serves the industry and would-be cyber security experts with its annual HackFu event (hackfu.mwrinfosecurity.com). The event is a fun two-days targeted at building interest in information security in the interests of filling some of the missing cyber security jobs.

When asked about employees leaving once they have a few years’ experience, which makes them very attractive to the market, Van Boom says he is not worried about that since the industry as a whole will benefit from experienced personnel who decide to expand their horizons. What is worrying, he notes, is that so many of South Africa’s skilled people are being snapped up by overseas countries, which are also crying out for cyber skills. The result is a bigger deficit in South Africa.

Nonetheless, getting skills into the market is non-negotiable if individuals, organisations and even countries are going to be able to beat the cyber criminals. Right now, the criminals are better funded than the defenders (much like the SAPS), and they have the time and resources to plan and execute their mischief. Perhaps more companies prepared to take the risk of on-the-job training could make a difference?

For more information contact MWR South Africa, +27 (0)10 100 3157, www.mwrinfosecurity.com





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Data security and privacy in global mobility
Risk Management & Resilience Information Security
Data security and privacy in today’s interconnected world is of paramount importance. In the realm of global mobility, where individuals and organisations traverse borders for various reasons, safeguarding sensitive information becomes an even more critical imperative.

Read more...
Sophos celebrates partners and cybersecurity innovation at annual conference
News & Events Information Security
[Sponsored] Sun City hosted Sophos' annual partner event this year, which took place from 12 to 14 March. Sophos’ South African cybersecurity distributors and resellers gathered for an engaging two-day conference.

Read more...
Enhance control rooms with surveillance and intelligence
Leaderware Editor's Choice Surveillance Mining (Industry)
Dr Craig Donald advocates the use of intelligence and smart surveillance to assist control rooms in dealing with the challenges of the size and dispersed nature common in all mining environments.

Read more...
A long career in mining security
Technews Publishing Editor's Choice Mining (Industry) Risk Management & Resilience
Nash Lutchman recently retired from a security and law enforcement career, initially as a police officer, and for the past 16 years as a leader of risk and security operations in the mining industry.

Read more...
A constant armed struggle
Technews Publishing XtraVision Editor's Choice Integrated Solutions Mining (Industry) IoT & Automation
SMART Security Solutions asked a few people involved in servicing mines to join us for a virtual round table and give us their insights into mine security today. A podcast of the discussion will be released shortly-stay tuned.

Read more...
Risk management: There's an app for that
Editor's Choice News & Events Risk Management & Resilience
Zulu Consulting has streamlined the corporate risk management process with the launch of Risk-IO, a web-based app designed to consolidate and guide risk managers through the process, monitoring progress as one proceeds.

Read more...
Integrated information platform for risk management
Editor's Choice News & Events Risk Management & Resilience
Online Intelligence recently launched version 7 of its CiiMS risk and security platform. Speaking to SMART Security Solutions after the launch event, the company’s Arnold van den Bout described the enhancements in version 7.

Read more...
Unlocking Africa's AI potential
Editor's Choice News & Events AI & Data Analytics
Africa's AI market is set to grow exponentially; by investing in AI education, training, and ethical practices, African nations can harness the power of AI to transform the continent and create a brighter future for its people.

Read more...
The CIPC hack has potentially serious consequences
Editor's Choice Information Security
A cyber breach at the South African Companies and Intellectual Property Commission (CIPC) has put millions of companies at risk. The organisation holds a vast database of registration details, including sensitive data like ID numbers, addresses, and contact information.

Read more...
Global Identity Fraud Report revealing eight-month ‘mega-attack’
Editor's Choice Risk Management & Resilience
AU10TIX recently released its Q4 Global Identity Fraud Report, with the research identifying two never-before-seen attack patterns, with the worst case involving 22 000+ AI-generated variations of a single U.S. passport.

Read more...