It’s Over for Turnover: Retaining Talent in Cyberspace

Dr. Almerindo Graziano

CyberRanges is a leading vendor of CyberRange technology that focuses on providing large-scale capabilities for experiential training and education in the cybersecurity industry. Almerindo Graziano, the CEO of CyberRanges, emphasises the crucial role of leadership, vision, and alignment with company values in ensuring staff retention. Graziano believes that when a company’s vision and values resonate with its employees, they are more likely to stay, leading to increased loyalty and a stronger team.

In addition to prioritising staff retention, Graziano is passionate about creating value rather than solely focusing on profit. He argues that companies should strive to provide value to their employees and society as a whole, rather than just pursuing financial gains. Graziano’s approach aligns with the principles of responsible consumption and production, as outlined in SDG 12.

The analysis also highlights a concerning gap in skills within the security sector. It argues that this gap exists because security education and training have become commodified, with a primary focus on profit rather than the quality of education and the skills imparted to students. The sentiment here is negative, indicating a concern about the direction in which security education and training have been heading.

To address this gap, the analysis suggests government intervention is needed to increase the accessibility of security education programmes. By starting these programmes in schools and making them more widely available, governments can help bridge the skills gap and ensure that security training and education are accessible to all, not just a privileged few. This approach not only supports SDG 4 (Quality Education) but also aligns with SDG 10 (Reduced Inequalities) by advocating for equal access to education.

Overall, the analysis highlights the importance of CyberRanges’ mission in providing large-scale experiential training and education in the cybersecurity industry. It emphasises the necessity of leadership, vision, and values alignment for staff retention. The analysis also sheds light on the need for a shift towards value creation rather than profit maximisation in the industry. Additionally, it draws attention to the commodification of security education and advocates for government intervention to ensure widespread access to security education programmes, promoting equality and reducing skills gaps in the field.

Oliver Väärtnõu

The analysis reveals key points about Cybernetica and the challenges in the cybersecurity industry. Cybernetica is known for creating mission-critical IT systems based on extensive research and development. They primarily serve governments and critical infrastructure providers. In the evolving cybersecurity industry, attracting and retaining talent is a significant challenge. The Estonian government’s investment in cybersecurity has intensified competition. Companies like Cybernetica are offering perks and aligning workplace values and missions to attract talent. Mismatch between words and actions can lead to talent loss. Creating a positive work environment and engaging employees in research projects contribute to talent retention. Estonia has tripled the number of people studying computer science, but attracting individuals to pursue PhDs remains challenging. Industrial degree programs are being established to bridge the IT skills gap. Successful cooperation between the government and the IT industry in Estonia is essential. Overall, Cybernetica’s expertise and the challenges in the cybersecurity industry highlight the importance of talent attraction, retention, workplace values, education, and government-industry cooperation.

Filippo Cassini

Filippo Cassini is the Global Technical Officer for 4inet, a leading global cybersecurity provider with a wide range of products. His primary role focuses on serving larger, strategic customers and partners by offering top-notch solutions. However, one significant challenge he faces in his position is sourcing highly skilled talent from the market with a minimum of 10 years of cybersecurity experience. Once talent is acquired, retention becomes another obstacle for the company.

In order to attract skilled professionals, Cassini is open to forming partnerships in Saudi Arabia. By establishing collaborations in this region, 4inet aims to tap into the talent pool and bring in qualified individuals to strengthen their workforce. This approach aligns with the company’s goal of achieving decent work and economic growth, as well as promoting partnerships for sustainable development.

The field of cybersecurity constantly evolves with the emergence of new technologies and business models. Staying up-to-date with these advancements is crucial for 4inet. Cassini recognizes the challenge of keeping pace with emerging technologies and adapting to new business models. To tackle this challenge, the company understands the importance of involving and engaging their engineering team. By anticipating future developments and actively involving their engineers in decision-making processes, 4inet ensures that they remain at the forefront of the industry.

Furthermore, engineers in the cybersecurity field prioritize work environments that are not only financially rewarding but also involving, engaging, and entertaining. Retention strategies implemented by 4inet encompass investing in future technologies and creating an engaging atmosphere for their employees. By providing an environment that stimulates growth and innovation, they aim to retain their valuable talent.

In summary, Filippo Cassini’s role as Global Technical Officer at 4inet involves catering to their strategic customers and partners with top solutions. The challenges he faces include sourcing skilled cybersecurity professionals, retaining talent, and keeping up with emerging technologies and new business models. The company’s strategies involve forming partnerships in Saudi Arabia, actively involving their engineering team, and creating an engaging work environment to ensure the long-term success of 4inet.

Jess Garcia

In this expanded summary, we will delve into key points highlighted by several speakers. Oney Security, a leading service provider in digital forensics and incident response, is led by CEO Jess Garcia. Oney Security efficiently responds to incidents and effectively confronts adversaries in customers’ networks.

One notable aspect of Jess Garcia’s work is her active involvement in teaching at the SANS Institute for over two decades. Her teaching engagements have spanned various locations worldwide, showcasing her expertise and commitment to cybersecurity education.

Talent retention in the cybersecurity industry emerges as a complex issue that requires special attention. It is acknowledged that HR departments are designed to handle the challenges that come with managing a large workforce, particularly in large organizations. However, the solutions implemented for talent retention cannot be uniformly applied across the board, especially when there is a shortage of skilled professionals in the market.

Furthermore, the importance of tailoring retention strategies to suit the specific needs and stages of employees’ lives is emphasized. Retaining a 22-year-old employee may differ significantly from retaining a 35-year-old employee. Additionally, it is noted that motivation factors for cybersecurity professionals go beyond monetary incentives.

The necessity for tailor-made solutions is underscored, which involves focusing on knowledge growth and considering motivation factors beyond financial rewards. Recognizing this need, Oney Security has adopted this approach by establishing an oversized HR team and creating dedicated departments such as knowledge management.

Upon analyzing these key points, it becomes apparent that Oney Security, under the guidance of CEO Jess Garcia, is proactive in responding to incidents and threats in customers’ networks. Jess Garcia’s extensive teaching experience at the SANS Institute highlights her commitment to cybersecurity education.

Moreover, the complexity of talent retention in the cybersecurity sector is recognized, and the importance of personalized strategies is emphasized. Oney Security’s focus on knowledge growth and factors beyond financial motivation showcases their dedication to developing effective retention methods.

Overall, this expanded summary showcases the various perspectives on Oney Security, its CEO Jess Garcia, and the challenges and strategies associated with talent retention in the cybersecurity industry.

Orhan Osmani

In a panel discussion on cybersecurity workforce challenges, industry experts addressed the growing number of job opportunities in the field, with 5.5 million jobs currently available. Retaining talent has become a significant struggle for organisations due to the high demand for cybersecurity professionals. Filippo Cassini, Global Technical Officer and Senior Vice President of Engineering at Fortinet, noted that the average industry retention rate is around 20%. However, some companies have successfully achieved a remarkably low 4% retention rate by implementing unique strategies. Sharing these successful approaches with others in the industry was also highlighted as important. Almerindo Graziano, Chief Executive Officer and Co-Founder of Cyber Ranges, pointed out that smaller companies also face challenges in retaining cybersecurity talent, despite having fewer resources. They still need to find effective ways to keep their skilled professionals engaged and committed. Jess, Head of Industry and Partnerships Center for Cybersecurity at 1E Security, shared insights into her company’s retention strategies. Although she did not disclose specific details, she acknowledged the value of a well-defined retention strategy tailored to the needs of the cybersecurity industry. Oliver Vartanu, Chief Executive Officer at Cybrentica AS, emphasized the significance of fostering a collaborative and innovative work environment to retain employees. He stressed the importance of providing a platform for professional growth, teamwork, and knowledge sharing within the company. Vartanu also emphasized the need to avoid toxic work environments in order to create an atmosphere where employees feel supported and valued. Akshay Joshi, Head of Industry and Partnerships Center for Cybersecurity at WEF, highlighted the need to address the demand and supply imbalance in the cybersecurity profession. He emphasized the importance of creating a compelling domain for professionals to attract and retain talent through enhanced education, training programs, and awareness campaigns. The panel also discussed the role of governments and educational institutions in stimulating the supply of cybersecurity professionals. They debated potential actions that governments and education systems could take to encourage individuals to pursue careers in cybersecurity. While specific recommendations were not mentioned, the discussion underscored the importance of collaborative efforts between industry, academia, and governments to bridge the skills gap in the cybersecurity workforce. In conclusion, the panel discussion provided insight into the challenges faced by organisations in retaining cybersecurity talent due to high demand. Strategies such as sharing successful approaches, fostering collaborative environments, and stimulating interest through education and governmental support were discussed as potential solutions. The panelists’ insights offered valuable perspectives on addressing cybersecurity workforce challenges.

Akshay Joshi

The analysis highlights several key points regarding talent management in cybersecurity. Firstly, there is a significant shortage of 5.5 million professionals in the cybersecurity field, which has grown by 2.1 million in recent years. This shortage underscores the urgent need for skilled individuals in this sector. The attractiveness of a cybersecurity career is driven by the potential for greater financial gain and exposure to different areas within the field.

Effective talent retention is crucial for success in cyberspace. A survey of leaders found that 60% view talent attraction and retention as the most important factor in achieving cyber resilience. However, retaining talent in cybersecurity is challenging due to the multitude of job opportunities available outside the industry. People leave not only due to organizational factors but also because of the vast opportunities for career advancement elsewhere.

Limited awareness about cybersecurity as a career option among non-technical individuals is a significant barrier to talent management. For instance, none of the 150 MBA students surveyed were considering a career in cybersecurity, highlighting the need to raise awareness and attract diverse talent to the field.

Recruitment practices also contribute to the talent shortage in cybersecurity. Job descriptions often require highly technical skills and entry-level certifications, making it difficult for newcomers to enter the industry. Misalignment between recruitment practices and the demand for cybersecurity professionals exacerbates the shortage.

Creating clear professional pathways and demonstrating job potential are essential for attracting and retaining talent in cybersecurity. By establishing progression routes and showcasing the numerous opportunities available, organizations can incentivize individuals to pursue careers in the field.

Additionally, prioritizing employee well-being is crucial in such a demanding industry. Burnout is common in cybersecurity and leads to high attrition rates. Providing support systems and prioritizing employee well-being can improve talent retention.

Implemented a widely accepted strategic cybersecurity talent framework is recommended. This framework would provide a cohesive strategy for talent management and help address the talent shortage. Adoption of this framework by the industry and government is critical for success.

Promoting diversity by design is also vital in cybersecurity talent management. By introducing gender diversity and reducing inequalities, organizations can build a more inclusive and innovative workforce.

In conclusion, the analysis indicates that talent management in UK cybersecurity is heading in a positive direction. However, challenges such as the talent shortage, limited awareness, misaligned recruitment practices, and employee well-being need to be addressed. By tackling these issues and implementing the suggested approaches, the UK can strengthen its cybersecurity workforce and effectively combat the growing threats in cyberspace.

Orhan Osmani:
and Chief Executive Officer, 1E Security. Dr. Almirendo Graziano, Chief Executive Officer, Co-Founder, Cyber Ranges. Oliver Vartanu, Chief Executive Officer, Cybrentica AS. Filippo Cassini, Global Technical Officer and Senior Vice President, Engineering, Fortinet. Akshay Joshi, Head of Industry and Partnerships Center for Cybersecurity, WEF. Orhan Osmani, Moderator, Senior Cybersecurity Coordinator, Development Sector, International Telecommunications Union, ITU. Thank you. Good afternoon, everyone. Thank you for joining us here today. And we have a great group of panelists here. We are different from previous panel, it was all female, now all male panel. So the topic is interesting. So we’d like to go straight away into the content of it. I just would like to start with a simple fact, which recently, like two days ago, IC2 released a new report on workforce. And at this moment, we are at 5.5 million jobs available in cybersecurity. And this one creates another challenge for speakers here to retain their talent in their organizations. And to start with, I would just start with a question for all the panelists. I would like to take by order from Almerindo towards the end to Filippo. Just kindly to introduce yourself, your organization, what you do, and what are the challenges currently you face in brief, and then we can go to the rest of the questions. Almerindo, floor is yours. Thank you, Orhan.

Dr. Almerindo Graziano:
My name is Almerindo Graziano. I’m the CEO of CyberRanges. We are a vendor of CyberRange technology, which is specialized in experiential training and education. And we deal with the challenge of providing large-scale capabilities to develop the experience and the professionalism of the young and current generations.

Jess Garcia:
Hello, everyone. I am Jess Garcia. I am the CEO of Oney Security. We are a service provider in the digital forensics and incident response side. What basically we do is threat adversaries in our customers’ networks. And whenever there is an incident, we respond to those incidents in the most efficient way possible. I’m also an instructor with the SANS Institute. I’ve been teaching for SANS for more than 20 years now, all around the globe. So it allows me to see the reality also of all the, let’s say, professionals, and in many cases, young people, who are trying to get a career in this space. So it’s a good balance for this conversation we’re going to be having.

Oliver Väärtnõu:
Hello, everyone. I’m Oliver Värtnö, CEO of Cybernetica, an Estonian IT powerhouse. We say that we create mission-critical IT systems. But before I talk a little bit about Cybernetica, what we do, and what kind of challenges we face, I’d like to thank the organizers, the site and NCA, for once again inviting me to this excellent forum on cybersecurity. And I really value the discussions that we’ve had here. But back to Cybernetica. So we say that we build mission-critical IT systems. And in fact, we have kind of three pillars that are really important for us. The foundation of our work is actually research and development. We really commit our organization to do a lot of work on cybersecurity, on information security, and basically, with that, building our expertise in the domain and pushing the domain forward. Secondly, we build systems for our customers, mostly mission-critical systems, mostly for governments or national critical infrastructure providers. And thirdly, we also provide cybersecurity services in order to help our customers to understand whether their systems are resilient and secure. And yeah, of course, we are facing a lot of challenges when we’re talking about talent attraction and retention. This is a very, very highly evolving industry, and especially in Estonia, where, as our president mentioned yesterday, the cybersecurity budget is growing by the government, I think in the last two years, five times. If you look at the increase of, for example, venture capital into Estonia in order to attract talent, then we are, in fact, operating in a super-competitive environment and have to survive there and have to find our way there.

Akshay Joshi:
Hello, my name is Akshay Joshi, and I lead the broader operations of the Center for Cybersecurity at the World Economic Forum. I feel very privileged to have an opportunity to share some thoughts on the topic today, which is incredibly important, one that we need to address together. We publish the Global Cybersecurity Outlook, a flagship report each year at the World Economic Forum Annual Meeting in Davos. Last year, actually this year, in 2023, when we published it, 60% of leaders that we surveyed came forth and said that they view talent, attraction, and retention as perhaps the single key, most important factor towards cyber resilience. Add to that, Oran mentioned right now that there is a shortage of 5.5 million professionals. It’s important to state that last year, ISC2 shared a number which was 3.4 million. So if we do the math, that number has grown over a period of year by 2.1 million. The shortage is massive, and therefore it generates a supply and demand asymmetry. As long as there is a supply and demand asymmetry, cybersecurity is very attractive for people in the field who continue to pursue opportunities for greater financial gain, and more importantly sometimes for exposure to different areas of cybersecurity. Obviously you want to have dynamic experiences if you’re progressing in the field. So in light of some of these challenges, it puts a disproportionate burden on retention because it’s not just, people are leaving not just because of what you are doing or not doing as an organization, but because the opportunity is so huge. My hope is though that at some point through the public-private efforts, we will be able to reduce this gap, and at that point, I think the single biggest factor that will keep us and be a determinant of how successful we are in cyberspace is essentially a focus on retention, which is what we’re going to be talking about today.

Orhan Osmani:
Filippo?

Filippo Cassini:
Yeah, so my name is Filippo Cassini. I’m Global Technical Officer for 4inet. 4inet is a global leading cybersecurity provider. We do have a large product range. We cover about 40, 45 different technology across our product line, and on my specific role inside the company, it’s essentially focused on our most large and strategic customers and partners, providing top solutions, things which are kind of cutting edge, and considering the span of technology for my company, the challenge is of course to be able to have access to the top people in the market. These people become available to our customers. I’m generally looking for people with at least 10 years of experience in cybersecurity, and of course, once I have them, retention becomes the next challenge, so thanks a lot for having me here. It’s really a pleasure to come and share, and I’m also looking at partnerships inside Saudi Arabia to be able to attract those talent in our company.

Orhan Osmani:
Thank you. Thank you, Filippo. I think I’m gonna go back again to you on a question. How unique is the retention challenge for cybersecurity domain compared to other industries? And considering the new technological developments and so on, as we know, the average of the industry is about 20%. We know some of the colleagues here that have good retention at 4%, and they need to share their secret recipe how they are doing that, but please, from your end, you have 150 staff in your technical team. What are the challenges, and how different are from other sectors? Thank you.

Filippo Cassini:
Yeah, so I would say, as you can see during this event, there’s a lot of discussion about emerging technologies, about what is the future, and that discussion actually forces a lot of interest and a lot of investment in those section, which in turn becomes startup companies. It becomes companies with new business models, with new ideas, and that has a kind of a tendency of attracting the top engineers, those that want to measure themselves and challenge themselves with the new stuff which is available in the industry. So for me, actually, the challenge is actually to preempt that kind of vision, be able to anticipate, and be able to involve my engineering team in what’s coming, something that kind of goes beyond sometimes the immediate interest of the rest of the company, which is, of course, focused typically in selling product. Because in general, engineers don’t only look at the salary, but they also look at how involving, how engaging, how entertaining the environment in which they are is, it is, right? So for me, that’s extremely important, to have a strategy, to work for a company that keeps investing in the future, keeps looking at what’s coming, so that the people inside of it is not just motivated by the revenue, but also by the technology that is coming in.

Orhan Osmani:
Thank you, thank you. Almerindo, your company is smaller than Fortinet. You face similar challenges. Maybe you can give us some insights.

Dr. Almerindo Graziano:
Actually, we are, I don’t know if we are lucky or good, because we actually have a very long tenure in our organization and we retain people very well. My feeling about the retention problem in cybersecurity, which is, I think, much greater than the other markets, because of security being such an important aspect of our life is that many organizations are… I’m sorry, I blame the leadership, as always we should do. And I believe the secret and importance is in leading and communicating the reason why we, as a company, exist and ensuring that we find people that are aligned with our vision and what we want to do. And as a company, our objective is not to make money. Our objective is to provide value. And then you need to find people that believe in that vision in the value that you want to provide. And then you’re gonna have some people that want to be aligned and believe in the vision of increasing the competence level in the world, the education. Some people want to defend the world. Some people want to provide attack tools and offensive tools. And I think it’s in this alignment that you find the strength and the retention, because if we just focus the retention on the financial value, then we compete with each other. But if we focus on the leadership, on the vision, on the value that we want to provide, it will be like auto-sorting algorithms that you see in programming, where people will start to see, okay, I like that leadership. I want to do that. I want to pursue that career. I want to be the best engineer, or I want to be the best trainer, or I want to be part of this team. And that’s where I think the leadership in a lot of organization is losing the focus, because they’re so driven by making money, which is ultimately, obviously, a byproduct of running a business, that they forget the reason why they create a company in the first place. And people, often, the biggest reason why they stay in the organization is because they marry a vision. They marry the culture. And the accumulation of people that believe in the vision makes it much harder then to leave the company, because then you don’t only live in the vision, but you live in a group of people that all believe in the same thing. And I think that’s the secret.

Orhan Osmani:
Thank you, Al. And I have a next question, but, basically, you have touched upon it, so I would like to address it to Jess. Maybe just continue where Al left it, because he opened it very well for you. What are the strategies? How do you do on your end? And so maybe you can share that recipe as well, like Al Merino, the 4% retention rate, which you have it in your company, would be a great story. Thank you.

Jess Garcia:
Thank you very much. I would like to make a differentiation, as we here all come from cybersecurity companies. Obviously, we are biased, right? Obviously, many of you are from other industries, and you may wonder, well, what if my industry is not cybersecurity? So I will make a differentiation. First, I will talk a little bit of how we see things, and then I will try to put myself in the skin of other organizations out there which have the same problem, but are not cybersecurity-focused. So the first thing I think which is very important is to understand that this is a very complex problem. We try, and our HR departments are designed to deal with large amounts of people, especially for large organizations, right? And they need, because of the size, because of how they are structured, to have a homogeneous process for all of them. What is the problem? When we come to a specific area, it may be cybersecurity, but it may be other areas where you don’t have so many people available in the market, you cannot apply the same solutions. And I think that’s the biggest problem we have, large organizations have for retention. If you try to apply the same policies for, let’s say, individuals who are in high demand, you’re gonna be failing, right? So that’s the first step. How do you solve that problem? The first thing is try to build a tailor-made, let’s say, suit for that collective. One of the things is exactly what Almerindo was saying. You need to motivate them. One of the most important things to understand in the cybersecurity sector is that individuals are not motivated by money, most of the times. Second is there is a difference between the different stages in their lives, and it’s not the same trying to retain someone who is 22 than someone who is 35, right? It’s gonna be a very different retention strategy. And you need to understand all these things. What we do specifically in my company, we’ve created, our company has, for instance, I don’t know the statistics, it probably is a very, very oversized HR team to be able to do that retention policies. We have created departments like knowledge management to make sure that they are motivated. They all the time are challenged to get more knowledge, which is one of the things that motivates all of us in the cybersecurity industry. Become a better professional. Tackle more complicated things. Those are the things that are gonna be motivating and retaining your talent. If your process is done, contemplate these specific things, unfortunately, you will not be able to retain them, okay? So my first advice would be, we need to adopt a posture where we focus on the policies that will retain those specific communities, and we make them, as Almerindo was also saying, a leadership thing, right? Because otherwise, HR will just do their jobs, and that’s not gonna be enough.

Orhan Osmani:
Thank you, Jess. Olivia, I think I would like to follow up on what we are discussing here, maybe to add, this is what management can do to provide platform for people to grow inside the organization. But when you provide the platform, how the teams inside do innovation, teamwork, how that one changes the momentum in the company in terms of helping people to stay in the company? Because for sure, you don’t want to work in toxic environment. You want to work in an environment where people work together and share. How do you do that in your company?

Oliver Väärtnõu:
Yeah, first of all, I want to kind of give you a background a little bit about Estonia and the rate of transformation. So ever since Skype was sold to eBay and Microsoft, Estonia has been kind of quoted as the unicorn country in the world. And that has basically created a super competitive environment for talent. As, again, our president said yesterday, we have eight unicorns coming out of a country which is most per capita in the world. And Cybernetica is not a unicorn, but nevertheless, we have to compete in this market. And we have to also service our government and service our e-government ecosystem in order to protect it. So basically, we’ve been pushed a lot by our startup sector, actually, to take on a lot of the schemes for retention and attracting talent. When I came to Cybernetica, that was 10 years ago, the things were not that competitive. But nowadays, we have to offer all kinds of perks to people because they think that if you work in Bolt or Wwise or Microsoft, you expect the same thing to get also from Cybernetica. So we’ve done all that. And then we’ve also worked a lot on our values and on our core proposition to people. So why are we here? What is our mission? What are we doing? So we want to create a better world, a safer cyberspace. And we have to, like was said in the previous channel as well, we have to follow our actions through, actually. So these values, that is super important. When people nowadays see that you are talking one thing and doing another thing, then you’re starting to lose a lot of talent. What else we have done is we’ve started to look at how to bring interesting projects to people. Like I mentioned, we have one arm research, one arm development, third arm cybersecurity services. And nowadays, we are creating these cross-functional, cross-discipline teams inside Cybernetica to work on research topics, applied research topics. Whether it’s in the usage of AI for cybersecurity, whether it’s applying post-quantum encryption to certain, for example, electronic identity technologies, or whether it’s securing AI. So we offer people to work on research projects, to take away from their day-to-day jobs to work with top researchers and also top universities to find a little different way to their day-to-day jobs. This is not for everybody, but this is definitely something that these smart, ambitious people that Filippo was also referring to are actually looking for. And once they’ve done that, they can continue or move back to their day-to-day jobs and work there.

Orhan Osmani:
Thank you, Oliver. Question for Akshay. You mentioned earlier, you mentioned we need to address the demand and supply asymmetry. What actionable measures can be taken to create the cybersecurity as a compelling domain for profession and so on?

Akshay Joshi:
Thank you very much. So you know, it takes me back. I went to business school in the UK, and a few months ago, I was actually back to interact with the students. Obviously, because I work in cybersecurity now, the topic moved towards cybersecurity and how it’s a promising domain. 150 students in the class, eventually you go for an MBA program, you have some amount of student debt, and you’re looking to land a promising career. If you took a guess, how many, what percentage of that group of 150 was considering a career in cybersecurity? Would there be any guesses? Zero. It was literally zero percent. And that’s the point. That you know, there is very limited awareness about cybersecurity as a career option for anyone who is not a technical expert. If you extend it further, and you speak to anybody in the cybersecurity industry, and you know, I mean, at the World Economic Forum Center for Cybersecurity, we have the unique privilege of speaking to some of the best minds in cybersecurity. Every leader has a lot of openness when it comes to hiring people from different domains. What happens when you get down to the job description? The job descriptions, essentially, are very technical in nature, and require certifications such as CISSP, CISM, and others, which an entry-level person trying to make a foray or a lateral move into cybersecurity cannot feasibly have because the way they are designed is they require a certain amount of experience. So we’re not putting money where our mouth is. We’re saying that we are open, we want to bridge that gap, that number keeps on going from 3.4 to 5.5, but at the same time, the approaches that we are taking to bring talent into the workforce are not, I wouldn’t say nobody’s doing it, but we’re not doing it at a scale that we can create opportunities for people. So at one level, there is a need for awareness. At a second level, there is a need for making sure that our recruitment practices are aligned, and eventually, we then need to go on to create pathways for people. And a lot of what my colleagues mentioned was about interesting opportunities. What happens once you enter the workforce? You need meaningful opportunities to be able to develop, and that’s the role of pathways over there. One of the other elements that I want to highlight is specifically around well-being. And that goes towards one of the strategic cybersecurity talent frameworks that we are developing at the Center for Cybersecurity at the World Economic Forum. The fourth element that we want to consider beyond what I spoke about is essentially well-being. This is an extremely demanding profession for anybody who’s gone through the ranks, and I think all my colleagues over here essentially have, can probably attest to the fact that this job comes with a lot of demands. How are we making sure that the people who are working in this domain have their well-being and interest taken care of? Mental well-being, I mean, a lot of people actually leave the industry because of burnout. So how are we creating the right mechanisms for people to join and thrive in the workforce is a big question for all of us. So for me, a strategic cybersecurity talent framework is essential, and it needs wider acceptance across government and industry as a whole.

Orhan Osmani:
Thank you, Akshay. I think, just I would like to ask the panelists here about what do you think about what governments and education can do about supply? Is there anything you can add on on that component? Do you think something can happen in the education industry or governments can do something to stimulate?

Dr. Almerindo Graziano:
Yeah, sorry if I may add. Yes, please. I think that one of the biggest problem that the gap, the skills gap exists today is because over the years, security education and training is become a business with the objective of making money. And we’ve lost sight of the value that it actually provides to society. So accessibility, I wouldn’t say commoditization, but definitely accessibility of educational program at university, starting from earlier age, even from high school or earlier, then university increases dramatically the uptake of security, the skilling. But if we live in a society where the training and education is only accessible to the few, then it becomes very difficult to then elevate the state of security and have more people involved in cyber security. And I would like to see more of that from the government. I can see how great activities being done in this country from that viewpoint. But across the world is not that common or not that accessible all the time. So that’s something that can really make a difference.

Orhan Osmani:
Thank you, El. Oliver, you wanted to add?

Oliver Väärtnõu:
Yeah, so we have in Estonia together with the industry really worked in cooperation with the government in order to have more talent to be brought to the IT sector and the cyber security sector. So we have, in fact, in the last 10 years, I think tripled the amount of people that are studying computer sciences in the Estonian universities, both bachelor’s degrees, master’s degrees. We are having little bit of a trouble attracting people to do their PhDs in computer science because just everybody sees that it’s so much easier to work, that’s number one. Secondly, the community is constantly providing input into the curriculum. So what do we see, what do we want from the universities that these young people should be trained about? So we have actually every year discussions with our IT academies on what are the specific skills that we are looking for in addition to, of course, basic programming skills, math, et cetera, et cetera. And finally, in order to make this smooth transformation, we are putting a lot of effort actually into training programs and even doing industrial bachelor’s degrees, industrial master’s degrees, industrial doctorate degrees. So there is a very, very kind of intertwined community that is pushing this industry forward. And currently it’s working. We are having problems with these top people trying to attract people into doing their PhDs because working is very lucrative at that point in time. But it requires the government to be open and it requires the government to listen to the industry. And we have that trust.

Orhan Osmani:
Thank you, Oliver. I think we’re running out of time. If anyone has something quick to say.

Akshay Joshi:
I think the only thing that I’d like to probably add is that the kingdom is doing this extremely well, but I think there is an opportunity as we bridge this gap and that is to introduce diversity by design. So I’d really encourage us to think about that element as well.

Orhan Osmani:
Sure, thank you everyone. And thank you for listening to us. And if anyone wants to catch up with us, we can be around so we can talk to you. Thank you very much for applauding for the speakers. Thank you very much.