printer friendly version

Solving the skills shortage, ­supporting the industry

One guaranteed topic of discussion in the security industry is that of the skills shortage. While there are obscene numbers of people unemployed in South Africa, none of them seem to have the skills required to become part of the physical security industry. The same applies to the cyber security world, where those in the know claim there are one million cyber security jobs available worldwide.

So how does this work? Are there really so many jobs available in security, or is it a case of companies wanting to pay peanuts because they don’t understand why they have to have security professionals on board, or are they offering entry-level positions (also paying peanuts) but demanding five years of experience, or are all the security professionals leaving the country?

Perhaps it’s because there are few formal courses in security in South Africa, whether physical or cyber security, and those that exist are too expensive for individuals? It could even be that companies are loathe to invest in training their own people because the belief is that as soon as they are trained they will leave for greener pastures.

No matter what the reason, the fact is there is a shortage of skilled security professionals in South Africa and the world. One local company in the cyber security world has been stung by the skills shortage, but has made a plan to resolve the situation. The result delivers benefits to the company, its customers and the industry as a whole.

Hackers may apply (ethical ones)

Riaan van Boom.

Riaan van Boom, managing director at MWR South Africa, spoke to Hi-Tech Security Solutions about how the company deals with the skills issue. In short, MWR trains its own cyber security experts. The training consists of an initial three-month on-the-job syllabus, after which the trainees work with more experienced staff members and get more involved in the business of cyber defence.

In the information security world, there are no qualifications that make a person a good defender, or a white hat as some describe them. You need technical skills, but you also need experience; and the method MWR uses to train its staff takes what skills the candidates have and expands them on the job. That way they learn all about hacking and finding vulnerabilities in important systems in a legal and ethical manner.

Van Boom says the company looks for people with some technical background and the right aptitude for the job. To date they primarily focus on engineering and computer science students. The key is they need some programming skills and a bit of maths and physics experience – not that this is absolutely necessary, but the company has found the best matches in these candidates.

It’s a great opportunity for young techies. They get to hack and try to break systems (legally), which is fun, and they earn a salary – not to mention the experience they gain.

Benefit to the industry

MWR currently has about 40 security professionals (out of a staff of 80 people) working in its Rivonia offices, with about 180 employed worldwide. It also serves the industry and would-be cyber security experts with its annual HackFu event (hackfu.mwrinfosecurity.com). The event is a fun two-days targeted at building interest in information security in the interests of filling some of the missing cyber security jobs.

When asked about employees leaving once they have a few years’ experience, which makes them very attractive to the market, Van Boom says he is not worried about that since the industry as a whole will benefit from experienced personnel who decide to expand their horizons. What is worrying, he notes, is that so many of South Africa’s skilled people are being snapped up by overseas countries, which are also crying out for cyber skills. The result is a bigger deficit in South Africa.

Nonetheless, getting skills into the market is non-negotiable if individuals, organisations and even countries are going to be able to beat the cyber criminals. Right now, the criminals are better funded than the defenders (much like the SAPS), and they have the time and resources to plan and execute their mischief. Perhaps more companies prepared to take the risk of on-the-job training could make a difference?

Share this article:

Further reading: