How to retain the cyber workforce in the public sector? | IGF 2023 Open Forum #85
Event report
Speakers and Moderators
Speakers:
- Regine Grienberger, Cyber Ambassador Germany
- Folake Olagunju, Program Officer Internet & Cybersecurity at Economic Community of West African States ECOWAS
- Yasmine Idrissi Azzouzi, Cybersecurity Programme Officer, ITU
- Natalia Spînu, Director, European Institute for Political Studies of Moldova, Cyber Security Expert
- Komitas Stepanyan, Director Central Bank of Armenia
Moderators:
- Martina Calleri, Onsite Moderator
- Laura Hartmann, Online Moderator
Table of contents
Disclaimer: It should be noted that the reporting, analysis and chatbot answers are generated automatically by DiploGPT from the official UN transcripts and, in case of just-in-time reporting, the audiovisual recordings on UN Web TV. The accuracy and completeness of the resources and results can therefore not be guaranteed.
Knowledge Graph of Debate
Session report
Full session report
Martina Castiglioni
The European Cyber Security Competence Centre (ECCC), operational from this year, plays a key role in the ambitious cyber security objectives of the Digital Europe Program and the Rise of Europe Programs. Together with member states, industry, and the cyber security technology community, the ECCC aims to shield European Union society from cyber attacks. It is a positive development that demonstrates a proactive approach to cyber security in Europe.
However, despite numerous cyber security initiatives, the skills gap remains a significant challenge. While public and private investment initiatives aim to close this gap, the situation is still concerning. Simply having a large number of initiatives does not guarantee a reduction in the skills gap. This ongoing issue requires further attention and efforts to ensure a skilled workforce meets the demand for cyber security professionals.
On a positive note, the Cyber Security Skills Academy serves as a single entry point for cyber security education and training in Europe. Supported by €10 million in funding, the academy aims to develop a common framework for cyber security role profiles and associated skills, design specific education and training curricula, increase the visibility of funding opportunities for skills-related activities, and define indicators to monitor market progress. The existence and support for the Cyber Security Skills Academy are promising steps in addressing the skills gap and providing comprehensive education and training opportunities for those interested in cyber security.
In conclusion, the European Cyber Security Competence Centre (ECCC) actively works towards achieving the cyber security goals of the Digital Europe Program and the Rise of Europe Programs. However, the persistent cyber security skills gap remains a challenge that needs attention. Efforts are being made through various investment initiatives, and the establishment of the Cyber Security Skills Academy shows promise in bridging this gap. By prioritising education, training, and skill development, Europe can strengthen its cyber security capabilities and effectively protect its society from cyber threats.
Audience
According to the information provided, Sri Lanka is currently facing challenges in implementing cybersecurity policies. Despite the development of a five-year policy for cybersecurity, the implementation process is proving to be difficult. This negative sentiment suggests that Sri Lanka is struggling to effectively address cybersecurity issues and protect its digital infrastructure.
In addition to the cybersecurity challenges, Sri Lanka is also experiencing a talent deficit in the IT sector. It has been highlighted that there are around 30,000 vacancies for graduates in the IT industry. This negative sentiment underscores the need for more qualified professionals in the field to meet the demands of the growing industry. It implies that the lack of skilled talent could potentially hinder the growth and development of the IT sector in Sri Lanka.
However, amidst these challenges, there is a glimmer of positivity in the form of strong collaboration. The speaker emphasises that building capacity within the government can only be achieved through collaborative efforts. This positive stance recognises that partnerships and cooperation between different stakeholders are crucial in improving the government’s ability to address various issues, including capacity building. It implies that by working together, the government can enhance its capabilities and effectively meet the demands of the ever-evolving digital landscape.
Furthermore, it is acknowledged that the digital world is inherently imperfect, and no system is completely safe from hacking. The speaker provides examples, such as the Pentagon and the White House, to support this argument. This negative sentiment highlights the notion that despite advancements in cybersecurity measures, there will always be weaknesses that can be exploited by hackers. It suggests that the focus should not solely be on finding a foolproof solution, but also on continuously improving and adapting cybersecurity measures to mitigate risks.
In conclusion, Sri Lanka is currently facing challenges in implementing cybersecurity policies and addressing the talent deficit in the IT sector. However, there is optimism for building capacity within the government through strong collaboration. It is also acknowledged that there is no foolproof solution for preventing hacking, as systems will always have vulnerabilities. These insights highlight the need for ongoing efforts to strengthen cybersecurity measures and foster collaboration to effectively address digital challenges in Sri Lanka.
Yasmine Idrissi Azzouzi
The global shortage of cyber security professionals is a pressing issue, with a current deficit of 3.4 million individuals. Unfortunately, the public sector faces difficulties in competing for talent due to a lack of funding. To bridge this workforce gap, it is crucial to raise awareness about the diverse range of roles within the cyber security field and its multidisciplinary nature. Contrary to popular belief, cyber security is not solely a technical domain but encompasses various disciplines.
Addressing the underrepresentation of certain communities, including women and youth, in the cyber workforce is essential. By promoting inclusivity and diversity within the field, we can encourage more individuals from these communities to pursue careers in cyber security. This aligns with the goals of SDG 5: Gender Equality and SDG 4: Quality Education.
Furthermore, there is a revolving door between the public and private sectors in cyber security. To attract and retain qualified professionals, it is imperative to invest in their development and well-being. Upper-level positions face a significant shortage, and professionals in the public sector often experience excessive workloads. This highlights the importance of investing in cyber security professionals to ensure an efficient and effective workforce.
To address these challenges, it is proposed to appeal to individuals’ sense of purpose and prestige. Promoting the opportunity to work for the government and contribute to national security can be enticing to potential candidates. By framing the cyber security field as challenging and impactful, it becomes more attractive to individuals seeking meaningful work.
In conclusion, the shortage of cyber security professionals is a global concern that requires immediate attention. Raising awareness about the diverse range of roles, addressing underrepresentation in certain communities, investing in professionals, and promoting the sense of purpose and prestige associated with working in the field are vital steps to bridge the workforce gap. By doing so, we can ensure a more secure digital landscape and contribute to the goals of SDG 8: Decent Work and Economic Growth.
Marie Ndé Sene Ahouantchede
The ECOWAS region, encompassing West African countries, is currently grappling with escalating cybersecurity challenges due to the rapid advancement of digital technology. This digital transformation brings about new opportunities for malicious cyber activities, resulting in a negative sentiment towards the region’s cybersecurity landscape.
One significant issue exacerbating the situation is the acute shortage of skilled cybersecurity professionals. The percentage of government and public sector organizations equipped with the appropriate cyber resources to meet their needs is alarmingly low, standing at just 29%. Furthermore, projections indicate that by 2030, an estimated 230 million people in Africa will require digital skills, highlighting the pressing need to address the inadequacy of skilled cybersecurity professionals to meet this demand. The limited supply of these professionals in the ECOWAS region is viewed as a negative contributing factor to the cybersecurity challenges.
However, it is encouraging to note that ECOWAS and West African governments are taking proactive steps towards mitigating the situation through the implementation of positive cybersecurity education and training initiatives. Under the umbrella of the Organization of Computer Emergency Response Teams (OCYC), the ECOWAS Commission launched the ECOWAS Regional Cybersecurity Hackathon—an event aimed at fostering innovation and collaboration to address cybersecurity challenges within the region. Additionally, an advanced training program was provided to member states, focusing on enhancing their capabilities in managing and responding to computer security incidents in 2020. These initiatives indicate a positive effort being made to strengthen cybersecurity education and training in the region.
A significant concern facing African countries is the brain drain in the field of digital professions. Despite endeavors to attract digital professionals, the public sector’s salary policy remains insignificant when compared to the global digital talent shortage. This brain drain further exacerbates the shortage of skilled cybersecurity professionals in the ECOWAS region, compounding the challenges faced and reinforcing the negative sentiment.
As a recommended course of action, the inclusion of education and training initiatives, alongside public-private partnerships, within the national strategy is deemed crucial to addressing the talent shortage in the field. Noteworthy examples include Benin’s Ministry of Digital Affairs collaborating with the Smart Africa Digital Academy to develop cybersecurity education, and the signing of a Memorandum of Understanding between Togo and the United Nations Economic Commission for Africa (UNECA) to establish the African Center for Coordination and Research in Cybersecurity. These partnerships demonstrate the importance of collaboration and concerted efforts across various sectors to bridge the talent gap and bolster cybersecurity capabilities.
In conclusion, the ECOWAS region is facing significant cybersecurity challenges as a result of digital transformation, leading to a negative sentiment. The shortage of skilled cybersecurity professionals aggravates the situation, further compounding the negative sentiment. However, ECOWAS and West African governments are implementing positive cybersecurity education and training initiatives, countering the shortage to some extent. African countries are experiencing a brain drain in the digital professions, adding to the challenges faced. Education and training, in conjunction with public-private partnerships, are recommended as integral components of the national strategy to combat the talent shortage. These insights highlight the need for concerted efforts within the region to strengthen cybersecurity capabilities and address the evolving cybersecurity landscape.
Regine Grienberger
The discussion centres on the crucial requirement for cyber experts within the public sector to ensure digital sovereignty. The need for digital sovereignty is being deliberated in both Germany and the European Union. It is argued that governments must have control over their own networks to assert their sovereignty in the digital realm.
To address this issue, it is suggested that a portion of the digital or digitisation budget be allocated for cybersecurity measures. Specifically, the cybersecurity agency recommends setting aside 15% of the budget for this purpose. Additionally, pooling cybersecurity services for multiple public institutions and moving data to the cloud are seen as effective strategies to strengthen cybersecurity in the public sector.
Another important aspect highlighted in the discussion is the need to increase cyber literacy amongst the workforce. It is acknowledged that humans often form the weakest link in the cybersecurity chain. To mitigate this, there is an idea to conduct a cybersecurity month in October, during which colleagues can be informed about various cyber threats and receive training on how to handle them.
Furthermore, it is emphasised that the public sector requires not only technical experts but also individuals who possess the ability to effectively communicate with management. The importance of having employees with a dual skill set, generic knowledge combined with cyber expertise, is highlighted. It is suggested that such individuals can be hired and then upskilled or reskilled while on the job.
In an interesting proposition, one speaker advocates for job rotation instead of retaining trained experts solely in the public sector. This would involve training individuals within the public sector, releasing them to work in private companies, and subsequently gaining them back later in their careers. This proposal aims to provide a more comprehensive skill set for cyber experts and foster collaboration and knowledge exchange between the public and private sectors.
Overall, the discussion centres on the various strategies and recommendations to address the shortage of cyber experts in the public sector and enhance digital sovereignty. By implementing these measures, it is believed that the public sector can effectively tackle cyber threats and safeguard national interests in the digital domain.
Lara Pace
The analysis examines several aspects of cybersecurity in both the public and private sectors. It begins by discussing the potential benefits of job rotation from the public to the private sector in cybersecurity. Understanding the challenges faced by the public sector within the private sector can lead to innovative solutions. Laura’s experience transitioning from the public to the private sector while focusing on global cybersecurity serves as evidence. This suggests that job rotation can positively enhance cybersecurity expertise and knowledge transfer between sectors.
The analysis then addresses the issue of retaining cybersecurity professionals in the public sector. Creating a clear and inclusive environment with well-defined career pathways is essential for keeping professionals. The report notes that professionals, including those in cybersecurity, have a natural desire to progress. By offering attractive career advancement opportunities and fostering an inclusive workplace culture, the public sector can improve retention. This argument is supported by the idea that a supportive work environment leads to higher job satisfaction and employee loyalty.
In terms of incentivization in cybersecurity, the analysis takes a neutral stance, suggesting that incentives do not have to be solely monetary. While specific evidence or arguments are not provided, the report proposes that recognition, career development opportunities, and job flexibility can be effective motivators for cybersecurity professionals. This implies that non-monetary incentives can attract and retain skilled individuals in the field.
The analysis also emphasizes the importance of effective human resource training in cybersecurity, paired with job creation initiatives. Currently, cybersecurity training often happens in isolation, leading to trained personnel leaving their geographic region. To address this, the analysis recommends a coordinated national effort that integrates comprehensive training programs with job creation strategies. This holistic approach can bridge the cybersecurity skills gap and provide more employment opportunities.
Lastly, the analysis acknowledges that cybersecurity is not always a top national priority. It suggests that when implementing initiatives, it is crucial to consider concurrent efforts that prioritize job creation. This ensures that cybersecurity professionals trained in the country remain in the field. It highlights the need for a balanced approach that aligns cybersecurity goals with other national priorities, such as industry and innovation.
In summary, this analysis provides insights into various aspects of cybersecurity in the public and private sectors. It discusses the benefits of job rotation, the importance of creating an inclusive environment for talent retention, and the value of non-monetary incentives. Additionally, it emphasizes the integration of training and job creation as a coordinated effort and advocates for balancing cybersecurity priorities with other national initiatives. These findings and recommendations contribute to a comprehensive understanding of cybersecurity and provide guidance for policymakers and organizations in navigating this evolving landscape.
Komitas Stepanyan
The analysis explores the urgent need to enhance the pipeline for cyber security professionals in Armenia. To address this issue, a range of initiatives has been implemented in the country. One initiative involves collaborating with renowned universities in Armenia to develop and nurture a skilled workforce in the field of cyber security. Furthermore, a campaign led by the deputy governor of the Central Bank of Armenia aims to raise awareness about the career opportunities and importance of pursuing a career in cyber security.
Specialized training is seen as vital in enabling professionals to effectively recognize and respond to cyber incidents. These training programs focus on incident response, forensic research, and compliance/audit of cyber security incidents. By equipping professionals with these specialized skills, they will be better prepared to handle and mitigate cyber threats and attacks.
In addition, the analysis highlights the unique appeal and satisfaction that can be derived from working in the public sector. While monetary motivation is important, the impact and sense of purpose associated with public sector work are highly valued. Public sector professionals have the opportunity to make a difference in the lives of thousands or even millions of people.
Efforts are underway to establish a nationally recognized Computer Emergency Response Team (CERT) in Armenia. This is essential for effectively responding to and managing cyber security incidents at a national level. Additionally, there are plans to apply for membership in FIRST, an international organization focused on incident response. These efforts demonstrate a commitment to enhancing cyber security capabilities and collaborations with global counterparts.
In conclusion, the analysis underscores the need to expand the pipeline of cyber security professionals in Armenia. Collaborations with universities, specialized training programs, the appeal of public sector work, and the establishment of a national CERT and potential membership in FIRST are all key components in fortifying the country’s cyber security landscape. These initiatives are crucial for addressing cyber threats, safeguarding critical information systems and infrastructure, and ensuring a secure digital environment.
Laura Hartmann
According to the World Economic Forum’s Future of Jobs report, there is currently a global shortage of 3.4 million cybersecurity professionals. This shortage is largely due to the increasing digital economy and the rising threat of cyber-attacks. The speakers highlight the need for a growing number of skilled individuals in the field of cybersecurity to address these challenges.
One of the main issues discussed is the public sector’s struggle to retain cyber professionals. Due to the lack of funding, many public sector organisations are finding it difficult to compete with private sector companies in attracting and retaining talented individuals in the cybersecurity field. This poses a significant problem considering the increasing number of cyber-attacks that require effective cybersecurity measures.
To tackle this issue, the speakers suggest the implementation of cross-industry initiatives and cyber capacity-building initiatives. Cross-industry initiatives involve collaboration between different sectors to raise awareness and address the issues related to cybersecurity. This approach allows for a broader perspective and a more comprehensive response to the challenges faced in the digital world.
Furthermore, the speakers emphasise the importance of holistic approaches starting from education. They argue that raising awareness about cybersecurity and building a solid foundation of knowledge in this field is crucial for public safety. This holistic approach also involves management understanding the need for investment in cybersecurity.
The analysis also reveals a positive sentiment towards cyber capacity-building initiatives, especially for developing countries. The speakers mention initiatives implemented by GIZ, commissioned by the Federal Foreign Office of Germany, to improve cyber capacity in partner countries. This highlights the importance of addressing the shortage of skilled professionals in the cybersecurity field not only in developed nations but also in developing nations.
In conclusion, the analysis highlights the growing global shortage of skilled professionals in cybersecurity due to the increasing digital economy and the threat of cyber-attacks. The public sector faces difficulties in retaining cyber professionals, and cross-industry initiatives and cyber capacity-building initiatives are proposed as solutions. A holistic approach, starting from education and raising awareness, is crucial for public safety. Additionally, the importance of addressing the shortage of skilled professionals in the cybersecurity field in developing countries is emphasised.
Session transcript
Laura Hartmann:
Okay, hello. Yes, so welcome everyone today, the audience in the room and also joining virtually for our open forum on how to retain cyber professionals in the public sector. My name is Laura Hartmann. I work for the German Development Agency, GIZ, specifically on cyber capacity building, and I’ll be moderating the session today. We are very privileged to be joined by a distinguished panel with speakers on site and joining virtually from the public and private sector, who will bring in various perspectives and share national, regional, and global insights, and also present very concrete initiatives on how this issue could be addressed. For the audience on site and online, you’ll have the chance to actively join the discussion after our speakers’ inputs, and before we start the session and before I give it over to the speakers, I’ll give you a few framing points why we are here today to discuss this. So, I think we are all aware that our digital economies are expanding, technologies are getting more sophisticated, and the number of cyber attacks and incidents is rising. What is not rising to a required extent is the number of cyber professionals protecting our infrastructures. So, according to the Future of Jobs report published by the World Economic Forum this year, there’s a shortage of 3.4 million globally in cyber security, and to support our global economy, the number is only rising. Secondly, organizations are currently competing for talent, mainly by paying more and more to the same pool of people. So, one could argue that this exacerbates the staff shortage, and also the public sector cannot compete here because of a lack of funding. And thirdly, the whole topic is particularly important with an eye on developing cyber capacity building initiatives. So, as GIZ, for example, we are commissioned by the Federal Foreign Office of Germany to implement cyber capacity building initiatives with partner countries from different contexts, and since the start, since we have implemented, since we started implementation, partners, all partners voiced the same issue that they fear that re-skilled, up-skilled people will just leave the public sector. So, our panel aims today to find answers to this challenge, and how to close this gap in cyber security professionals, especially for the public sector. I’m happy to introduce you to our first speaker of our session now, which is Yasmin Idrissi-Azouzi. Yasmin is a cyber program officer at ITU, and works in the Bureau of Development. She’s been leading cyber capacity building projects mainly for women, but also in the field of child online protection. She’s involved in national cyber policymaking, strategy development, and capacity
Yasmine Idrissi Azzouzi:
building. So, Yasmin, over to you. Thank you. Thank you very much, Lavra, and for this very timely and very important topic as well, thank you for the invite to share. So, what I think is that it really boils down to making the field attractive, and the way to do that is twofold. Of course, quantitative measures are important to attract people. In fact, many communities are underrepresented in the cyber workforce, including women, including youth, and people often just don’t envision themselves in cyber security jobs. They’re not aware of the many opportunities that are present in the field in this important and growing workforce. There needs to be a need to raise awareness on the types of roles that are needed. Cyber security is just not technical, it’s highly multidisciplinary, and we often forget that the public sector is also schools, securing schools, securing hospitals, securing ministerial departments, and other key critical infrastructure for some countries. So, the need is really there to focus on attracting marginalized communities as well. One way of doing that, the public sector can do this as well, sometimes better than the private sector, and that’s offering some benefits like gender-sensitive work arrangements, childcare, parental leave, etc., so that there’s also a better inclusion of women. And so, that’s on attracting people on a quantitative point of view, but also, it’s important that once they’re there, they need to stay, and the idea is to be able to retain them, and the best way to retain them is through some qualitative measures. One of them is to offer opportunities for career progression and leadership roles, even for people that have technical profiles, be able to offer them that capacity to jump from a fully technical role to one more of leadership and maybe policy. And there needs to be this accommodation, in a way, for multidisciplinary roles. What is often observed is that there is a shortage among upper-level positions as well, so we need to just acknowledge that there is a revolving door between the public and the private sector, and really invest. So, the investment should be twofold. Obviously, investment in people is key, but also investing in technology. I mean, cybersecurity professionals in the public sector are often very overworked, doing the job of several people sometimes. So, sometimes, investing in software that can automatize some aspects can help, can be, you know, certainly of help, but of course, I think the most important is really to invest in people. The idea is to, you know, have people in your institutions be encouraged to take part in capacity-building programs, and at the ITU, we do offer them for the public sector, for example, and I would take a little moment to explain a couple of them. So, one is the cyber drills, and these are these comprehensive holistic exercises that are cross-country, cross-regions, that are for people in the public sector taking care of national policies and national incident response as well, and these are usually for also for exchange between countries and trying to understand the lessons learned and the common challenges. Another project and program that we have for people in the public sector, very specifically for women, and that’s her cyber tracks, in which we are collaborating with the foreign federal office of Germany, with Regina here, and the GIZ as well, and the idea of this is to, of course, allow for women not only to participate in national cyber policy making and cyber diplomacy at international level, but also to do it meaningfully through, obviously, training in understanding better the diplomacy, better the policy for the technical profiles, but also having a holistic approach of providing mentorship, providing role models, and networking, which is something that is definitely key in this field, trying to understand that the challenges that you are going through, other people have gone through, and that you’re not sort of alone on this. So, as introduced by Laura at the beginning, there are, of course, the salary motivator that often is an issue between public sector and private sector, but what the public sector can do is offer what we call long-term motivators that are not like a higher salary, which is a short-term motivator. So, one thing that we can focus on is really to promote that this is an opportunity for working for something that is challenging, try to appeal to people’s sense of purpose, which, of course, is not only the case in cyber security, but in the public sector in general, trying to see if you believe in a mission where you are contributing to something that is for the betterment of your overall country and society. And one thing that we can do, and that is often overlooked, and in the cyber security community, we always sort of have this echo chamber, but it’s important to look at other fields. You know, there are a lot of studies on turnover rates and maintaining sort of employee engagement in the public sector, and the public sector does have some strengths. Obviously, job security, stability of income, some non-financial benefits, as I mentioned, you know, parental leave, paid leave, pensions. Also, of course, I mean, the prestige for working for one’s government. So, meaningfulness, definitely accomplishing something of real value, satisfaction and pride of the work that has been performed, and the possibility to progress as well. But one thing, and that’s last but not least, I will really conclude on that, that’s the recognition, because with all the training in the world, I think I like this sort of metaphor of a plant. You know, you can give it all the water, the nutrients it needs. In this case, obviously, it would be education and training, but it will not grow without sunlight, without, you know, shedding the light on it. So, shedding light on people’s accomplishments and giving them value as people, not just, of course, numbers, is definitely something that can be helpful in attracting more people and retaining them, and making them also proud to be working in the cyber security workforce for their government. Back to you, Laura. Thank you, Yasmin, for the input. So, I think
Laura Hartmann:
the key points that we heard from Yasmin was that we should pay more attention, or in the public sector, more attention should be paid on promotion strategies. So, really shifting the awareness of people that are maybe not so attracted to the field, cyber security, as a working field. So, underrepresented groups, marginalized groups, women, so that they, so that we can give them the possibility with cyber capacity building initiatives to join the workforce. Also, I think the opportunity for technical staff to switch to leadership roles, managerial roles, and vice versa. I think these are some key points that we should keep in mind for the discussion later, and I would now give the floor to one of our speakers online, Martina Castiglioni. She’s a program officer of working in the ECCC, which is the European Cyber Security Competence Center and Network. Before joining the ECCC, she was the head of training and advisory services at the Italian Cyber Security Competence Center, and was heavily involved in the development of cyber security training campaigns at national level. She worked in cyber security advisory services and supported operators of critical infrastructures, and her expertise includes cyber security risks management, governance, cyber security auditing and assessments, and crisis management. Thank you, and over to you, Martina.
Martina Castiglioni:
Good morning, everyone. Could you hear me? Yes, we hear you. Okay, thank you. Could you also see me? Not yet. We cannot see you at the moment. Okay. Maybe that still changes. Okay. So, by the way, good morning, everyone, or good afternoon. Firstly, thanks for inviting me here, and this is really the third time I will try to bring here a glimpse of what is going on in Europe regarding this topic, and in particular, what is going on under the competence of the European Cyber Security Competence Center, ECCC. As mentioned by Laura, indeed, I’m working for this new center focused on cyber security. I’m indeed calling from Bucharest, where the European Cyber Security Competence Center is located, and let me introduce in a few words the role of this center. The center was established in 2021, but is operational from this year, and the center, together with the member states, together with the industry and the cyber security technology community, has the aim to shield the European Union society from cyber attacks and maintain research excellence and reinforce the European Union industry in this field, and also boost the development and deployment of, of course, advanced cyber security solutions. The center, the ECCC, will play a key role in delivering on the ambitious cyber security objectives of the DEP, the Digital Europe Program, and the Rise of Europe Programs, and these two programs, of course, have also the aim to narrow the cyber security skills shortage of Europe, both in public and in private sector. I would like to explain better that this center, the ECCC, of course, is operating in a new framework, European Cyber Security Framework, because it’s working together with the so-called network of NCC, so National Coordination Center. So, in this way, each member state will have a contact point under the, a contact point for the European Cyber Security Competence Center, and we receive fundings from a European program, and we’ll develop cyber security capacity building activity at national and regional level, and promote cyber security educational program, programs at national and regional level, under the big hat of Europeans, of the European Cyber Security Competence Center. In this way, we aim to facilitate the collaboration and the sharing of expertise and capacities among Europe, in particular among the research, the academia, the public authorities, under the so-called Cyber Security Competence Community, that is the third player of this new European Union framework, after the Competence Center, and after the NCC’s networks. So, of course, the initiatives that are going on in Europe to tackle the topic of this agenda, based on the fact… fact that the security of the European Union cannot be guaranteed without the most valuable asset, our people. So as shown by the latest report at European level, mainly published by INISA, a larger number of cyber security incidents have also targeted public administration and governments in member states and public bodies at European and national level. So we need professionals with the skills and competencies to prevent and defend the Union, including its most critical infrastructure, against cyber attacks and ensure its resilience. But also we need skilled people that are needed to implement the cyber security legislations to deliver the cyber security legal and policy requirements, otherwise those pieces of legislations will not achieve their objectives. So regarding the initiatives that are going on so far in Europe, of course we have many public and private investment initiatives focusing on closing the cyber security skills gap also in the public sector. Of course these initiatives already existed, but the situation shows that the cyber security skill gap still represents a huge issue and it might be referring to the lack of synergies and coordinated action that have been taken so far to close the cyber security skill gap. Indeed the Europe’s Digital Decade Policy Programme 2030 has set the target of increasing the number of ICT professionals by 20 million by 2030 and also narrowing the cyber security skills gap that we have in the public sector by the cyber gender skill gap that we have in this field. I would like to mention this concrete initiative that is going on, that has been established in particular this year, the so-called Cyber Security Skills Academy, the academy, I will refer to this with the word academy, that will be our single point of entry and synergies for cyber security education and training and will offer also funding opportunities and specific action for supporting the development of cyber security skills. Of course the main focus will be on skilling the cyber security professionals in Europe and the implementation of this academy will be supported by 10 million funding from the so-called Digital Europe Programme and the European Cyber Security Competence Centre indeed will implement the strategic objective cyber security under this programme. The academy so far has its concrete representation in a dedicated website that is available, is public available, but strategically and operationally the academy refers to four pillars. The first one is fostering knowledge generation through education and training by working on a common framework for cyber security role profiles and associated skills. And here I would like to mention that ENISA has defined a specific European cyber skills competence framework that defines the roles and profiles competencies of cyber security professionals and this will be our first basis for the academy to define and assess the current skills, the skills that we need and monitor the evolution of the skills gap and provide indication of specific new needs also for the public sector. Another important pillar will be of course designing a specific cyber security education and training curricula suitable for these specific roles and here I would like to mention the project CyberSecPro founded by DEDEP which brings together 17 higher education institutions and 13 security companies from 16 member states in order to collect the best experience and become the best practice for all cyber security training programs that will be developed under the academy. Then I would like also to mention that this is a responsibility of each member state. Indeed the NCCs, the National Coordination Centre, are invited to explore how to set up the so-called cyber campus in each member state. The cyber campus would aim at providing pools of excellence at national level for the cyber security community and the academy will help their networking and the coordination of the activities of the different cyber campus in each member state. This responsibility that each member state has, it refers to a specific piece of our legislation, European cyber security legislation, because each member state in Europe according to European legislation should adopt as a part of the national cyber security strategy specific measure in view of mitigating the cyber security skill shortage. Then I would like to mention briefly the last important pillar of this academy initiative and then I will close. I know that the time is running out. Of course we understood that we have to better gain visibility of the different initiatives that are going on in Europe. So another important pillar of the academy will be ensuring a better visibility over the available funding opportunities for skills-related activities in order to maximize their impact. And in this objective, I would like to mention that there is going on a specific working group managed by the European Cyber Security Competence Centre in collaboration with the NIS and with the Commission that has the aim to map all the initiatives and all the cyber security training initiatives and all the cyber security funds opportunities related to the narrowing the cyber security skill gap. So in this way with a better overview and an efficient overview of the current cyber security funds related to this specific topic, of course this will help to better define the priorities in terms of fundings of this academy and of the Digital Europe programme broadly. Then I will close this overview of the academy. Of course I mentioned that another important pillar of this academy will be defining indicators to monitor the evolution of the market and be able to assess the effectiveness of the actions of the academy. So under the academy a specific methodology will be developed that will allow to measure the progress to close the cyber security skills gap. We will be defining specific cyber security indicators to monitor the evolution of the cyber security labour market in order to be able to assess and to re-elaborate and to adjust funding opportunities and the activities that are going on. There will be specific KPIs on cyber security skills by the end of 2023 that will be elaborated by ENISA and in this way with this KPI we will be able to collect data on indicators and also report on them with the first collection by 2025. Because another issue that has been revealed so far is that we didn’t have a specific report about cyber security skills gap based on common indicators, common KPIs. And of course this has been an issue to better identify the priorities to take with the issue of cyber security skills gap in particular also at public sector. So with this new advancement in terms of elaborating KPIs, elaborating reports, in this way of course this will be an important pillar for the overall achievement of the cyber security academy. I will come back to you Laura and sorry if I take more time.
Laura Hartmann:
Thank you Martina. So highlighting what you just said, just two highlights. Thank you first of all for giving us an overview of what the EU institutions and agencies do. And I think it’s really interesting what you said on the lack of synergies between them on regional level. So this highlights the need for even more coordinated approaches on cyber capacity building again. Also to retain, re-skill, attract and up-skill people. And it’s reassuring that the ECCC takes initiative on EU level. And then also I think what came clear is that we need to really focus on the concrete role. So what kind of professions do we want to have in the jobs market. So these have to be first identified, pointing to the need of conducting studies on that. So what kind of job roles are really needed because if you Google that, if you research for that, it’s always about the workforce gap in cyber security but never about concrete roles. And so yeah, coming back to the panel and the speakers, happy to give the floor now to Komitas Stepanian on my left. Komitas is the Technology and Cyber Security Director at the Central Bank of Armenia. And he’s part of the team working for national level digital transformation including cyber security in Armenia. He’s a short-term consultant for the World Bank for Digital Transformation and GovTech activities and also works partly for the IMF for cyber security initiatives and programs. Komitas, please have the floor.
Komitas Stepanyan:
Much better. Thank you very much for this opportunity to speak in this very important panel. Actually, you have already mentioned a couple of important things like there is a huge shortage of cyber professionals and how to fill this gap. And another thing that cyber security is quite wide. Everyone talks about the cyber security skills shortage but what kind of special shortage do we need. For example, if you Google, you can find that right now almost all companies including public sector, they need database admins, network admins, people who can really understand how the entire technology server infrastructure works. These are little technical but these are part of cyber security. Overall, let me explain how Central Bank of Armenia is a public institution and how my country overall, what are we doing, how we are trying to fill this skill gap in the public sector. First of all, we need to increase the pipeline. To do that, there was an interesting initiative and campaign run by the leadership of the Central Bank of Armenia. Imagine the deputy governor of Central Bank of Armenia was leading the team and we met most recognized universities in Armenia, top five universities in Armenia to talk with the management first of all and to see what kind of programs, what kind of specific subjects or syllabuses can be developed for different universities. And secondly, we met all students to promote this activity. I was dreaming that when I was a student, somebody could come to my university to talk about this initiative that for example, being a young student in second or third grade, I can have a chance to join to the public sector and work for the Central Bank of Armenia or Minister of Finance or other public institution. So it had a huge impact and we had great response from different universities. We continued this campaign. We collected more than 300 CVs and did an interview to identify 30 talents to torture them for six months to have a team working for cybersecurity. Currently, it’s very important to have incident response team for any public institution. This is one of the main strategic objectives. Two years ago, we established an information system agency who is responsible for three main pillars. First is digital identification, national level. Second is the interoperability of the public institutions and not only public institutions. And third pillar is cybersecurity. So this institution is responsible for working with academia, with different universities to create specific subjects based on our needs to fill this gap. After that, we work with the international recognized organizations to provide specific training for 25 people, which has been carefully selected from different public institutions, from different ministries, agencies, including Central Bank and a couple of commercial banks as well. We had special training for incident response, for forensic research and for compliance and audit of cybersecurity incidents. Because once again, if there is not enough capacity to recognize that there is an incident, then it’s going to be end of day. And according to the statistics, like cyber breach identification, an average time for cyber breach identification is over 200 days, according to the statistics. So imagine cyber criminals are hacking your environment and after 200 years, you can be able and some institutions, unfortunately, are not able to identify that their systems are breached. So this was the second initiative. And right now, this process is going on and I’m waiting to the results. The exam will be at the end of October. It’s an ongoing process and I hope a couple of my colleagues will get certified, will become certified for incident, cybersecurity incident response, which is really very important. And we would like to continue this training program and a couple of them who are already certified can become like trainers or they can share their experience with others. We are also closely cooperating with the private sector because we all know that lots of good professionals work for private sector. We have already heard that public sector cannot be attractive if you are looking only salary. Private sector pays more, but public sector has its own beauty because we are working for a mission. Mission and challenge is more important for many, many ones. So during your career, mainly at the middle of your career, you may rethink that money is a very short motivator, as Yasmina already mentioned. And I fully agree with this. But the objective, what are you doing? And when you empower your young colleagues that whatever you do will have an impact on thousands or maybe million people, it can be the most great motivator for them. So we are continuing this program and I hope after another year we’ll have more certified professionals. Also we are working for setting up a national CERT. And it’s also an ongoing process and after that we would like to have a recognized national CERT to work with the international other CERTs and after that we’ll apply for being a member of FIRST. At this moment, I hope this helps as a concrete example.
Laura Hartmann:
Thank you very much for your points, Komitas. the most or what became clear is mission and purpose, right, that you mentioned that can account for maybe the lack of funding or just so private companies are paying more. It’s the top one argument for the lack of cybersecurity skills in the public sector. Happy to take this into discussion later. So just to speed up a bit because we’re running a little bit short in time, I’ll give the floor now to the second virtual speaker that we have today, Marie Ndeye-Sene Ahuangde. She is a digital specialist with 22 years of experience in the field of information systems and digital transformation and in August last year she joined the ECOWAS Commission where she works as a program officer for your applications and e-government and is there responsible overall for coordination and the driving of the digital transformation efforts on behalf of the Commission in ECOWAS. The floor is yours, Marie.
Marie Ndé Sene Ahouantchede:
Thank you, Laura. Good morning, everyone. I’m very delighted to have this opportunity to join the panel. So thank you on behalf of our Commission in question. ECOWAS is the economic community of West African states. I’m not the main resources in cybersecurity, but I will try to share in this panel ECOWAS approach and perspective on cybersecurity, especially on the workforce. So ECOWAS… One second. Can you try to switch off your video so that we also have the chance to see you in the room? Thank you. Can you see me, please? Yes, we can. Perfectly. All right. So ECOWAS region and widely Africa face growing cybersecurity challenges. I’m sure that you are aware of that. And this is a result of the digital transformation that has given rise to new opportunities for malicious cyber activities. Many studies have pointed out the urgent need for a skilled workforce capable of effectively answering the growing cyber threats that the region is facing. Globally, in digital skills, it was announced in 2023 at the 12th Assize for African Digital Transformation in Madagascar that the need for digital skills in Africa will reach 230 million people by 2030, while just the 5% to 10% of this need are covered depending on the country. Specifically, if we talk about cybersecurity, the CAPMG’s 2023 cybersecurity outlook mentioned that the percentage of government and public sector organization with appropriate cyber resources to meet their needs is only 29%. Given the persistence of the critical needs for cybersecurity professional, the coordinated regional approach of ECOWAS, the ECOWAS cybersecurity agenda, aims to increase cyber resilience in the region and to support member states in strengthening their capacity building, which certainly requires the availability of a skilled cybersecurity workforce. The supply of cybersecurity specialists in ECOWAS region, I can say, is under capacity in the face of the exploding demand. To address this concern, ECOWAS Commission and West African government are multiplying efforts in cybersecurity education and training initiatives, identification of cybersecurity talents, capacity building cooperation, partnership, and awareness. For example, at the regional level, in collaboration with EU, the OCYC project is the West African response on cybersecurity and fight against cybercrime was set up. As a mean of building a sustainable cyber workforce in the region, under OCYC, the ECOWAS Commission launched the ECOWAS Regional Cybersecurity Hackathon. This hackathon helped to build a regional pool of cybersecurity youth to assess the level of the region’s maturity in terms of skills in cybersecurity and fight against cybercrime and also to increase the interest of youth in digital security. To upskill professional, still under OCYC, the ECOWAS Commission and its partner are supporting the judicial authorities of the region to tackle the need through global capacity building initiatives. In the same dynamic, I can say that the advanced training was provided in 2020 to member states with the computer security incident response team in order to enhance capabilities for handling cyber incidents and managing threats. As part of operation in cybersecurity, a joint platform G7 ECOWAS for advancing cybersecurity was launched also in September 2022 to increase partnership for the continued implementation of ECOWAS cybersecurity agenda for resilient cyberspace in West Africa. At the national level, the country in West Africa have adopted a series of cybersecurity measures including the development of cybersecurity education. As an example, I can cite the National Digital Academy that was being launched to offer advanced training to Beninese trainers and managers in ICT, artificial intelligence, and cybersecurity. This is the outcome of the partnership between Benin’s Ministry of Digital Affairs and Smart Africa Digital Academy. Despite the efforts I just mentioned, African countries are facing a real brain drain. To attract digital professionals, the public sector generally apply a specific salary policy such as the bonus founded on the base salary. This remains insignificant in a global context of digital talent shortage and the major consequence of which is a brain drain. Aware of the inadequacy of the public sector to compete with the private sector and of the attractiveness of the market for cybersecurity talent, education and training are now recommended to be included in the national strategies. The public sector is also exploring a multi-stakeholder approach involving private sector and international partners. A good example of collaboration in Togo is the Memorandum of Understanding signed with UNECA, the United Nations Economic Commission for Africa, to collaborate on establishing the African Center for Coordination and Research in Cybersecurity. And I know that efforts are ongoing to fast-track the realization. I wanted also to share the following best practices of public-private partnership is the specific case of the strategic partners between Togolese Republic and a company named Asseco Data System in Poland. This partnership gave birth in 2019 to Cyber Defence Africa. It is a joint venture company that offers cybersecurity services mandated by the Togolese Republic to ensure security information system in Togo and beyond its border. The partnership combined the CERT with a national SOC. Given the limits of the public sector in terms of its ability to keep its talent and the global shortage of cybersecurity, the way out that I see for our region to elaborate national cyber workforce and education strategies, develop cybersecurity capacity building and education plan, introduce gender diversity by getting girls interested yearly, revamp the public recruitment process and condition, expand the talent pool by collaboration, invest in training and development program to promote cyber certification, to develop the talent inside the public sector. Also, to finish, the last way out I see is to follow ITU guideline when developing the national cybersecurity strategy, especially on the cyber capability and capacity building and awareness raising. Thank you, Laura. This is what I wanted to share with you, what is going on in our region. Thank you very much.
Laura Hartmann:
Thank you very much, Marie. Your input is very well noted and appreciated. I think you’ve highlighted one point that is specifically important, the note that you put forward of the brain drain. You’re facing challenges that go well beyond the cybersecurity workforce gap. I think we should be aware when working in cyber capacity building initiatives and partner initiatives with countries from the global south that this is a multi-challenge LA and that we should be aware of that. I think now over to the fifth speaker of this panel, which is Ms. Regine Grienberger. She is the cyber ambassador at the German Federal Foreign Office and a career diplomat. Her professional path has focused on EU foreign relations, EU economic and financial issues and common agricultural policy. Dear Regine, as the FFO has been increasingly involved in cyber capacity building for the past years,
Regine Grienberger:
what would be your lines of thought on the topic? Thank you, Laura. First of all, I want to say I appreciate very much what all the other speakers on the panel have said because it is really highlighting the very complexity of this problem of how to retain the cyber workforce in the public sector. I’m speaking as a servant who is both working inside a public institution that has experience and experiences the shortage of experts, but also as somebody who is engaged in cyber capacity building. It has been mentioned cyber tracks. Marie mentioned the ECOPASS action plan and other projects that we think or we hope are helpful to establish a new or better substrate for cyber experts with our global partners. One thing I wanted to say before I advance with my notes is a discussion that I often have with my counterparts and that is, does the public sector really need cyber experts or can everything be outsourced to the private sector? We have a discussion going on both within Germany but also within the European Union and I think many of you will know this perhaps from home, the discussion about what is digital sovereignty, this ambition to have a digital sovereignty as a government or as a state, what does it demand from governments and certainly having control on our own networks as governments is one important part of digital sovereignty and so I would answer this question, is it possible to outsource cyber security to the private sector? Yes, we’ve seen very good examples where this works very well, for example in Ukraine that is relying heavily on the private sector to maintain government networks in times of war, but you also have to take care of covering your own needs with your own experts. Our cyber security agency gives the recommendation to set 15% of your digital or digitization budget aside for cyber security measures including personnel and also training and I think this is also a good benchmark if you are thinking about how much will this cost me, so 15% is a good rule of thumb of how much it will cost at least. Martina described the demands or the requests stemming from the new NIS directive, so our updated European cyber security regulation. In Germany we assume that the number of cyber experts needed for critical infrastructure will be x8 what we have now because x8 institutions will appear on the list of entities that have to follow or have to comply with the standards of this new regulation and you can imagine that this means about 10,000 of cyber experts missing within the moment that this regulation enters into force. This can only be dealt with if we take it really seriously also as public sector that we have to really find and also build these experts. I have two immediate remedies perhaps to propose. One is pooling. We recommend this also for example for you mentioned schools and universities I would say also municipalities perhaps they are too small to afford their own cyber security expert but certainly not too small to join forces with other municipalities in a similar situation and pool cyber security services for several public institutions. And the other one and that is also a lesson learned from Ukraine is moving things to the cloud makes it also much easier to take care of cyber security so I’m not recommending a specific offer from a specific corporate company but we have seen that this helps because it’s then well protected by the most advanced and sophisticated tools. A third recommendation that I would like to make is make it a little bit easier for the few cyber experts you have by raising the digital and cyber literacy of your workforce in general. So we are for example conducting a cyber security month in October actually these days to inform our colleagues about cyber threats how they are themselves high value targets for cyber criminal organizations and state actors conducting espionage operations so that they know a little bit better how to protect themselves with easy means because I mean that’s a cliche but the weakest link in the cyber security chain is always the humans so my recommendation make it easier by increasing the cyber literacy of your workforce. Okay then now what kind of experts are actually needed it was also been mentioned already so I would say and I see it in contact with my colleagues also from our IT department you need technical experts and you need also people who are able to speak the language of management and hierarchy so that the higher up levels of management of a ministry for example for example, understand the need and the requests, understand also the need to invest and to raise these costs because it’s a costly exercise to improve cyber security. So I think by, you know, by hiring one person that can actually speak the language of management, you might be able to free money to hire 10 more experts who then do the groundwork. And then in exchange with my colleague from the IT department, I also learned that they’re basically always hiring people that are not up for the job that they are meant for. So they are always hiring people who have generic, more generic knowledges than needed, but then are upskilled or reskilled on the job or so by their colleagues or by short-term cyber security reskilling or upskilling programs that we buy from the market. So then there was this issue of competition with the private sector. Of course, mostly it will not be the case that money and salary offerings are adequate to attract the workforce. But purpose is. Purpose is really an important thing. And purpose is not only, you know, the recognition by the higher levels, but also understanding at which part of the machine you are actually working. So a more holistic view of cyber security might also help to retain people in the sector if they understand that in the public sector they are allowed to really contribute to a bigger picture that they also understand. Plus, job security, flexible work arrangements, I think, especially for women, also the particular protection that civil servants have in the public sector is something interesting. Of course, this is not for all workplaces, but for some, for example, for our ministry, that is an argument for women to join the foreign office and not a private sector company. Then there is also this, so there is this idea, it’s not worth training experts in the public sector because they will be stolen by private companies afterwards. So I don’t invest. So I would recommend, don’t think in these terms. Think of it in terms of job rotation. So you train the people as public sector, you release them to private companies, and you gain them back at a later stage of their career. I think this is particularly true in all the field of IT experts. They have so many opportunities and usually are also curious people. So you should let them look at other opportunities and perhaps gain them back. And my last point is we are in a very transformative period of time with regard to IT digitization and cybersecurity. So our job profiles and the educational profiles, and somebody mentioned it, was it Marie or Laura, these, you know, these curricula that we have in high schools and graduate schools and universities and business schools are perhaps not up to date. So we would, we should work with our, for example, in our case, Ministry of Education and Ministry of Labor to update also the job profiles, educational profiles, so that the institutions are really also able to produce the kind of, you know, knowledgeable people that we need.
Laura Hartmann:
Thank you. Thank you very much for this comprehensive input, Regina. And I will directly give it back to our last speaker joining virtually. She’s Laura Pace. Laura has just under 15 years of international experience working in building cybersecurity capacity across the world. And she has worked for multilateral and national government academia and is now working for PGI in the private sector, where she’s the head of the capacity building practice. Laura, it’s my pleasure to hand it over to you.
Lara Pace:
Hi, Laura, good afternoon. It’s been fascinating listening to my colleagues and understanding all these initiatives that are on the way. I guess you’re quite tight for time. Yes, that’s correct. Can we can we do overtime by five minutes, please? Yes. OK, so I think I’m going to leave I’m going to leave you with a couple of points. So essentially, I’ve been working internationally for 15 years and the beginning of my career really focused on developing governance structures and cybersecurity strategies and really creating plans at the national level. And now, having done that for so many years, I’m focused on essentially doing the same, but in helping governments really build the human resource to implement those strategies. There were a couple of points that I I I I picked up on, which is now the ambassador’s point about jobs rotation, which is fundamental, I think this might sound a little bit controversial, but I think if you have skills and expertise in the public sector that suddenly moves into the private sector, that could fundamentally be seen as a positive. I’m in no way encouraging brain drain here, but essentially responding to cyber attacks and cyber incidents requires a whole ecosystem approach. So suddenly you’re sat in the civil service and you are working with private sector individuals that have been trained by the public sector and also understand the challenges of the public sector. So I’m now sat in the private sector thinking about the challenges for the national perspective and can offer interesting solutions. So that’s one point I wanted to make. And I really agreed with Yasmin’s contribution in terms of retention of skills in the public sector, in terms of really creating an inclusive environment, having very clear career pathways so people can understand where they can progress, because as human beings, we all want to progress and better ourselves both personally and as an organization or as a national institution. And the last thing is incentivization. And that does not necessarily equate with more money. The last point I wanted to make was, I think, and sometimes I’m guilty of this, as a cybersecurity professional working internationally, I think, you know, cyber is the ultimate priority at a national level. And actually, we really need to consider if we are going to make interventions in terms of skilling up and training, that there is also a similar initiative happening to ensure that the jobs are being created to retain that talent, especially in emerging markets. We get a lot of requests and we see a lot of RFPs for governments to have like skilling programs. But sometimes that happens in like a silo. And what happens is you have this very intense sort of skilling up program, and then the expertise does not remain within that geography. So I think it’s really important that it has to be a two pronged approach or maybe not a two pronged. I think about capacity building as a 1980s hair comb. You know, each tooth has to come all together like in a national coordination effort. Yeah, I think I wanted to leave you with just those key, key, key points. We work from Latin America and the Caribbean all the way to the Pacific, helping governments scale up. So, yeah, I think somebody mentioned academies, which is one of the things that we do. But I thought I would just leave you with those two comments because I know you’re very tight for time. Thank you very much, Lara.
Laura Hartmann:
So if we have some more minutes, can we allow for a question from the from from the from the audience? Or is there even a question from the audience? Please come in. Yes.
Audience:
I’m from the government of Sri Lanka, and we closely got many benefits from EU and some of the partner countries in capacity development and including of the development of the cybersecurity strategy and the policy. So we developed the policy for the five years. So then now the challenge is to to implement it so that we feel that I’m a civil servant for the past 23 years. So by the time the word ransomware came to to to the to the to media. So so we we just grab it. But nobody in the public sector had hardly heard of it. And we got the private sector experts to explain. So time to time we have the collaboration with the private sector. And and and and we have also in a separate track, the military and the forces, armed forces, they have their own kind of cyber defense. But we keep it in a very strategical way to bring their knowledge to the normal civil service work and other work. Somebody mentioned about the capacity building and curriculum change. I think I’m the remote speaker. I think we we gave this into the most of the ICT or or digitalization related curriculum school and academia. But we as a country face a challenge of losing the talent from the market to going overseas, a private sector itself. So we are a small country of 20 million. We we have a currently in the IT industry has about 30,000 vacancies for the graduates so that there’s a challenge for the private sector itself. So we the without a collaboration, the capacity building within the government itself won’t be a won’t be a sustainable solution. That’s the way I see it.
Laura Hartmann:
And and yeah, it’s. Thank you very much. Any of the speakers would like to come in or leave it with. The note agreement. OK, so then I would like to thank you all for listening. Thank you very much to our speakers joining virtually at the very early morning in Europe and in Africa. And thank you very much to the speakers here on the panel. And you want to make note. Yes, please. Hello. Hi, thank you. We are hearing to you lots of things you are discussed, but we know that many of the time
Audience:
government and private sector has a hacking. But I want to know how to fully save any government or any private sector by hacking. Can you tell me something? So the question was, if I understand correctly, how to fully secure the government system from hacking attacks? I can try being very technical. I started my career in a very technical level, and now I’m at the leadership level. There is nothing which is impossible to hack in the world. And there will not be because digital world is imperfect. Always there will be weaknesses which can be used to hack systems, different types of systems, maybe Pentagon, I don’t know, White House. We’ve seen such kind of activities and we’ve seen in the future. There is nothing 100 percent possible to be safe. And technology always has weaknesses. OK, thank you very much. I think we need to close the session now to give the floor to the other session
Laura Hartmann:
that’s coming and that’s about to take place here. So, yeah, I think let us just all agree that really a holistic approach is very, very important. So the so beginning from the education and then an ecosystem approach that our last speaker has voiced. Lara, I think that’s fundamental. So cross industry initiatives, really, so that we go from a nice to have to public to really raise the awareness that it’s a public safety issue as well. And ultimately, yes, we need people that can talk to management, that understand that there’s the need for investment and that translate this. So thank you very thank you very much, everyone. And happy IGF. Thank you. You’re an inspirational talk. Yeah, I. But here at the venue. You have a very tight schedule. There is. Very much more great. Here. But. Would the left of the.
Speakers
Audience
Speech speed
177 words per minute
Speech length
498 words
Speech time
169 secs
Arguments
Sri Lanka is struggling with implementing cybersecurity policies
Supporting facts:
- Sri Lanka has developed a five-year policy for cybersecurity
- Implementation of the policy is proving to be a challenge
Topics: cybersecurity, policy, Sri Lanka
Sri Lanka faces a talent deficit in the IT sector
Supporting facts:
- The speaker is a civil servant from the government of Sri Lanka
- Currently, the IT industry has about 30,000 vacancies for graduates in Sri Lanka
Topics: Sri Lanka, IT sector, talent deficit
The digital world is imperfect and there’s no system that is 100% safe from hacking
Supporting facts:
- The speaker stated that there will always be weaknesses in systems that can be hacked, citing examples such as the Pentagon and White House
Topics: cybersecurity, government systems, private sector, hacking
Report
According to the information provided, Sri Lanka is currently facing challenges in implementing cybersecurity policies. Despite the development of a five-year policy for cybersecurity, the implementation process is proving to be difficult. This negative sentiment suggests that Sri Lanka is struggling to effectively address cybersecurity issues and protect its digital infrastructure.
In addition to the cybersecurity challenges, Sri Lanka is also experiencing a talent deficit in the IT sector. It has been highlighted that there are around 30,000 vacancies for graduates in the IT industry. This negative sentiment underscores the need for more qualified professionals in the field to meet the demands of the growing industry.
It implies that the lack of skilled talent could potentially hinder the growth and development of the IT sector in Sri Lanka. However, amidst these challenges, there is a glimmer of positivity in the form of strong collaboration. The speaker emphasises that building capacity within the government can only be achieved through collaborative efforts.
This positive stance recognises that partnerships and cooperation between different stakeholders are crucial in improving the government’s ability to address various issues, including capacity building. It implies that by working together, the government can enhance its capabilities and effectively meet the demands of the ever-evolving digital landscape.
Furthermore, it is acknowledged that the digital world is inherently imperfect, and no system is completely safe from hacking. The speaker provides examples, such as the Pentagon and the White House, to support this argument. This negative sentiment highlights the notion that despite advancements in cybersecurity measures, there will always be weaknesses that can be exploited by hackers.
It suggests that the focus should not solely be on finding a foolproof solution, but also on continuously improving and adapting cybersecurity measures to mitigate risks. In conclusion, Sri Lanka is currently facing challenges in implementing cybersecurity policies and addressing the talent deficit in the IT sector.
However, there is optimism for building capacity within the government through strong collaboration. It is also acknowledged that there is no foolproof solution for preventing hacking, as systems will always have vulnerabilities. These insights highlight the need for ongoing efforts to strengthen cybersecurity measures and foster collaboration to effectively address digital challenges in Sri Lanka.
Komitas Stepanyan
Speech speed
169 words per minute
Speech length
942 words
Speech time
334 secs
Arguments
Need for Increase in Pipeline for Cyber Security Professionals
Supporting facts:
- Initiatives to collaborate with top recognized universities in Armenia
- Campaign led by the deputy governor of the Central Bank of Armenia to promote this career option
- Selection of 30 talents for specialized training
Topics: Cyber Security, Professional Development, Educational Institutions
Necessity of specialized training for recognizing and responding to cyber incidents
Supporting facts:
- Provided training for 25 individuals chosen from public and commercial sectors
- Focus on incident response, forensic research and compliance/audit of cyber security incidents
Topics: Cyber Security, Specialized Training
Efforts to establish a national CERT
Supporting facts:
- Plans for setting up a nationally recognized CERT
- Aim to apply for membership of FIRST
Topics: Cyber Security, National CERT
Report
The analysis explores the urgent need to enhance the pipeline for cyber security professionals in Armenia. To address this issue, a range of initiatives has been implemented in the country. One initiative involves collaborating with renowned universities in Armenia to develop and nurture a skilled workforce in the field of cyber security.
Furthermore, a campaign led by the deputy governor of the Central Bank of Armenia aims to raise awareness about the career opportunities and importance of pursuing a career in cyber security. Specialized training is seen as vital in enabling professionals to effectively recognize and respond to cyber incidents.
These training programs focus on incident response, forensic research, and compliance/audit of cyber security incidents. By equipping professionals with these specialized skills, they will be better prepared to handle and mitigate cyber threats and attacks. In addition, the analysis highlights the unique appeal and satisfaction that can be derived from working in the public sector.
While monetary motivation is important, the impact and sense of purpose associated with public sector work are highly valued. Public sector professionals have the opportunity to make a difference in the lives of thousands or even millions of people. Efforts are underway to establish a nationally recognized Computer Emergency Response Team (CERT) in Armenia.
This is essential for effectively responding to and managing cyber security incidents at a national level. Additionally, there are plans to apply for membership in FIRST, an international organization focused on incident response. These efforts demonstrate a commitment to enhancing cyber security capabilities and collaborations with global counterparts.
In conclusion, the analysis underscores the need to expand the pipeline of cyber security professionals in Armenia. Collaborations with universities, specialized training programs, the appeal of public sector work, and the establishment of a national CERT and potential membership in FIRST are all key components in fortifying the country’s cyber security landscape.
These initiatives are crucial for addressing cyber threats, safeguarding critical information systems and infrastructure, and ensuring a secure digital environment.
Lara Pace
Speech speed
172 words per minute
Speech length
668 words
Speech time
233 secs
Arguments
Job rotation from public to private sector in cybersecurity can be positive
Supporting facts:
- Understanding the challenges of public sector within private sector can lead to the development of interesting solutions
- Laura herself has transitioned from public sector to private sector, maintaining a focus on global cybersecurity
Topics: Cybersecurity, Job Rotation, Public Sector, Private Sector
Retention of cybersecurity professionals in public sector needs a clear and inclusive environment and career pathway
Supporting facts:
- People as an instinct want to progress and this applies to professionals in cybersecurity too
Topics: Cybersecurity, Public Sector, Retention, Career Pathways
Incentivization in cybersecurity need not equate to more money
Topics: Incentivization, Cybersecurity
Human resource training in cybersecurity should go hand in hand with job creation
Supporting facts:
- Cybersecurity training often happens in silo and the trained personnel then do not stay within the geography
- Effective skilling program and job creation has to be a coordinated national effort
Topics: Cybersecurity, Human Resource Training, Job Creation
Report
The analysis examines several aspects of cybersecurity in both the public and private sectors. It begins by discussing the potential benefits of job rotation from the public to the private sector in cybersecurity. Understanding the challenges faced by the public sector within the private sector can lead to innovative solutions.
Laura’s experience transitioning from the public to the private sector while focusing on global cybersecurity serves as evidence. This suggests that job rotation can positively enhance cybersecurity expertise and knowledge transfer between sectors. The analysis then addresses the issue of retaining cybersecurity professionals in the public sector.
Creating a clear and inclusive environment with well-defined career pathways is essential for keeping professionals. The report notes that professionals, including those in cybersecurity, have a natural desire to progress. By offering attractive career advancement opportunities and fostering an inclusive workplace culture, the public sector can improve retention.
This argument is supported by the idea that a supportive work environment leads to higher job satisfaction and employee loyalty. In terms of incentivization in cybersecurity, the analysis takes a neutral stance, suggesting that incentives do not have to be solely monetary.
While specific evidence or arguments are not provided, the report proposes that recognition, career development opportunities, and job flexibility can be effective motivators for cybersecurity professionals. This implies that non-monetary incentives can attract and retain skilled individuals in the field.
The analysis also emphasizes the importance of effective human resource training in cybersecurity, paired with job creation initiatives. Currently, cybersecurity training often happens in isolation, leading to trained personnel leaving their geographic region. To address this, the analysis recommends a coordinated national effort that integrates comprehensive training programs with job creation strategies.
This holistic approach can bridge the cybersecurity skills gap and provide more employment opportunities. Lastly, the analysis acknowledges that cybersecurity is not always a top national priority. It suggests that when implementing initiatives, it is crucial to consider concurrent efforts that prioritize job creation.
This ensures that cybersecurity professionals trained in the country remain in the field. It highlights the need for a balanced approach that aligns cybersecurity goals with other national priorities, such as industry and innovation. In summary, this analysis provides insights into various aspects of cybersecurity in the public and private sectors.
It discusses the benefits of job rotation, the importance of creating an inclusive environment for talent retention, and the value of non-monetary incentives. Additionally, it emphasizes the integration of training and job creation as a coordinated effort and advocates for balancing cybersecurity priorities with other national initiatives.
These findings and recommendations contribute to a comprehensive understanding of cybersecurity and provide guidance for policymakers and organizations in navigating this evolving landscape.
Laura Hartmann
Speech speed
138 words per minute
Speech length
1716 words
Speech time
744 secs
Arguments
Increasing digital economies, sophisticated technologies and cyberattacks require a rising number of cyber professionals
Supporting facts:
- The Future of Jobs report by the World Economic Forum reveals a global shortage of 3.4 million in cybersecurity
- The public sector is struggling to retain cyber professionals due to lack of funding
Topics: Digital Economy, Technology Advancement, Cyber Security
Public sector faces difficulties in retaining cyber professionals
Supporting facts:
- Increase in cyber attacks needs effective cybersecurity measures
- Shortage of skilled professionals in cybersecurity is a global challenge
Topics: Public Sector, Cyber Security, Staff Retention
Cyber capacity building initiatives are important especially for developing countries
Supporting facts:
- GIZ, commissioned by the Federal Foreign Office of Germany, implements cyber capacity building initiatives for partner countries
- Same issue of upskilled people leaving the public sector is raised by all partners
Topics: Public Policy, Cybersecurity Capacity Building, Developing Countries
Holistic approach is important starting from education to raising awareness about cybersecurity
Supporting facts:
- At a leadership level, nothing is impossible to hack in the digital world
- Management understanding for the need of investment in cybersecurity is crucial
Topics: Education, Cybersecurity, Public Safety
Report
According to the World Economic Forum’s Future of Jobs report, there is currently a global shortage of 3.4 million cybersecurity professionals. This shortage is largely due to the increasing digital economy and the rising threat of cyber-attacks. The speakers highlight the need for a growing number of skilled individuals in the field of cybersecurity to address these challenges.
One of the main issues discussed is the public sector’s struggle to retain cyber professionals. Due to the lack of funding, many public sector organisations are finding it difficult to compete with private sector companies in attracting and retaining talented individuals in the cybersecurity field.
This poses a significant problem considering the increasing number of cyber-attacks that require effective cybersecurity measures. To tackle this issue, the speakers suggest the implementation of cross-industry initiatives and cyber capacity-building initiatives. Cross-industry initiatives involve collaboration between different sectors to raise awareness and address the issues related to cybersecurity.
This approach allows for a broader perspective and a more comprehensive response to the challenges faced in the digital world. Furthermore, the speakers emphasise the importance of holistic approaches starting from education. They argue that raising awareness about cybersecurity and building a solid foundation of knowledge in this field is crucial for public safety.
This holistic approach also involves management understanding the need for investment in cybersecurity. The analysis also reveals a positive sentiment towards cyber capacity-building initiatives, especially for developing countries. The speakers mention initiatives implemented by GIZ, commissioned by the Federal Foreign Office of Germany, to improve cyber capacity in partner countries.
This highlights the importance of addressing the shortage of skilled professionals in the cybersecurity field not only in developed nations but also in developing nations. In conclusion, the analysis highlights the growing global shortage of skilled professionals in cybersecurity due to the increasing digital economy and the threat of cyber-attacks.
The public sector faces difficulties in retaining cyber professionals, and cross-industry initiatives and cyber capacity-building initiatives are proposed as solutions. A holistic approach, starting from education and raising awareness, is crucial for public safety. Additionally, the importance of addressing the shortage of skilled professionals in the cybersecurity field in developing countries is emphasised.
Marie Ndé Sene Ahouantchede
Speech speed
113 words per minute
Speech length
1047 words
Speech time
558 secs
Arguments
The ECOWAS region faces growing cybersecurity challenges due to digital transformation.
Supporting facts:
- ECOWAS region faces growing cybersecurity challenges due to new opportunities for malicious cyber activities.
Topics: Cybersecurity, Digital Transformation
There is a critical need for skilled cybersecurity professionals in ECOWAS region, and the supply is under capacity.
Supporting facts:
- The percentage of government and public sector organization with appropriate cyber resources to meet their needs is only 29%.
- The need for digital skills in Africa will reach 230 million people by 2030.
Topics: Cybersecurity, Skill Gap
ECOWAS and West African governments are implementing cybersecurity education and training initiatives.
Supporting facts:
- Under OCYC, ECOWAS Commission launched the ECOWAS Regional Cybersecurity Hackathon.
- An advanced training was provided to member states with the computer security incident response team in 2020.
Topics: Cybersecurity, Education and Training, Capacity Building
African countries are facing a real brain drain in the field of digital professions.
Supporting facts:
- Despite the efforts to attract digital professionals, the public sector’s specific salary policy remains insignificant in the face of global digital talent shortage.
Topics: Brain Drain, Digital Professions
Education and training are recommended to be included in the national strategy, along with public-private partnerships, to deal with the talent shortage.
Supporting facts:
- Benin’s Ministry of Digital Affairs partnered with Smart Africa Digital Academy to develop cybersecurity education.
- In Togo, a Memorandum of Understanding was signed with UNECA to establish the African Center for Coordination and Research in Cybersecurity.
Topics: Education and Training, National Strategy, Public-Private Partnerships
Report
The ECOWAS region, encompassing West African countries, is currently grappling with escalating cybersecurity challenges due to the rapid advancement of digital technology. This digital transformation brings about new opportunities for malicious cyber activities, resulting in a negative sentiment towards the region’s cybersecurity landscape.
One significant issue exacerbating the situation is the acute shortage of skilled cybersecurity professionals. The percentage of government and public sector organizations equipped with the appropriate cyber resources to meet their needs is alarmingly low, standing at just 29%. Furthermore, projections indicate that by 2030, an estimated 230 million people in Africa will require digital skills, highlighting the pressing need to address the inadequacy of skilled cybersecurity professionals to meet this demand.
The limited supply of these professionals in the ECOWAS region is viewed as a negative contributing factor to the cybersecurity challenges. However, it is encouraging to note that ECOWAS and West African governments are taking proactive steps towards mitigating the situation through the implementation of positive cybersecurity education and training initiatives.
Under the umbrella of the Organization of Computer Emergency Response Teams (OCYC), the ECOWAS Commission launched the ECOWAS Regional Cybersecurity Hackathon—an event aimed at fostering innovation and collaboration to address cybersecurity challenges within the region. Additionally, an advanced training program was provided to member states, focusing on enhancing their capabilities in managing and responding to computer security incidents in 2020.
These initiatives indicate a positive effort being made to strengthen cybersecurity education and training in the region. A significant concern facing African countries is the brain drain in the field of digital professions. Despite endeavors to attract digital professionals, the public sector’s salary policy remains insignificant when compared to the global digital talent shortage.
This brain drain further exacerbates the shortage of skilled cybersecurity professionals in the ECOWAS region, compounding the challenges faced and reinforcing the negative sentiment. As a recommended course of action, the inclusion of education and training initiatives, alongside public-private partnerships, within the national strategy is deemed crucial to addressing the talent shortage in the field.
Noteworthy examples include Benin’s Ministry of Digital Affairs collaborating with the Smart Africa Digital Academy to develop cybersecurity education, and the signing of a Memorandum of Understanding between Togo and the United Nations Economic Commission for Africa (UNECA) to establish the African Center for Coordination and Research in Cybersecurity.
These partnerships demonstrate the importance of collaboration and concerted efforts across various sectors to bridge the talent gap and bolster cybersecurity capabilities. In conclusion, the ECOWAS region is facing significant cybersecurity challenges as a result of digital transformation, leading to a negative sentiment.
The shortage of skilled cybersecurity professionals aggravates the situation, further compounding the negative sentiment. However, ECOWAS and West African governments are implementing positive cybersecurity education and training initiatives, countering the shortage to some extent. African countries are experiencing a brain drain in the digital professions, adding to the challenges faced.
Education and training, in conjunction with public-private partnerships, are recommended as integral components of the national strategy to combat the talent shortage. These insights highlight the need for concerted efforts within the region to strengthen cybersecurity capabilities and address the evolving cybersecurity landscape.
Martina Castiglioni
Speech speed
139 words per minute
Speech length
1716 words
Speech time
742 secs
Arguments
The European Cyber Security Competence Center (ECCC) is playing a key role in delivering the ambitious cyber security objectives of the Digital Europe Program and the Rise of Europe Programs
Supporting facts:
- The ECCC was established in 2021 and is operational from this year
- The ECCC, together with the member states, industry and the cyber security technology community aims to shield the European Union society from cyber attacks
Topics: Cyber Security, Europe, Competence Center, Digital Europe Program, Rise of Europe Programs
The existence of a large number of cyber security initiatives does not necessarily mean a reduction in the cyber security skills gap
Supporting facts:
- Many public and private investment initiatives are focused on closing the cyber security skills gap
- The situation shows that the cyber security skills gap still represents a huge issue
Topics: Cyber Security, Skills Gap, Public Sector
The Cyber Security Skills Academy is a single entry point for cyber security education and training in Europe
Supporting facts:
- The academy has a dedicated website and is supported by a €10 million funding
- The academy aims to develop a common framework for cyber security role profiles and associated skills, design specific cyber security education and training curricula, increase visibility of available funding opportunities for skills-related activities, and define indicators to monitor the evolution of the market
Topics: Cyber Security, Skills Academy, Education, Training
Report
The European Cyber Security Competence Centre (ECCC), operational from this year, plays a key role in the ambitious cyber security objectives of the Digital Europe Program and the Rise of Europe Programs. Together with member states, industry, and the cyber security technology community, the ECCC aims to shield European Union society from cyber attacks.
It is a positive development that demonstrates a proactive approach to cyber security in Europe. However, despite numerous cyber security initiatives, the skills gap remains a significant challenge. While public and private investment initiatives aim to close this gap, the situation is still concerning.
Simply having a large number of initiatives does not guarantee a reduction in the skills gap. This ongoing issue requires further attention and efforts to ensure a skilled workforce meets the demand for cyber security professionals. On a positive note, the Cyber Security Skills Academy serves as a single entry point for cyber security education and training in Europe.
Supported by €10 million in funding, the academy aims to develop a common framework for cyber security role profiles and associated skills, design specific education and training curricula, increase the visibility of funding opportunities for skills-related activities, and define indicators to monitor market progress.
The existence and support for the Cyber Security Skills Academy are promising steps in addressing the skills gap and providing comprehensive education and training opportunities for those interested in cyber security. In conclusion, the European Cyber Security Competence Centre (ECCC) actively works towards achieving the cyber security goals of the Digital Europe Program and the Rise of Europe Programs.
However, the persistent cyber security skills gap remains a challenge that needs attention. Efforts are being made through various investment initiatives, and the establishment of the Cyber Security Skills Academy shows promise in bridging this gap. By prioritising education, training, and skill development, Europe can strengthen its cyber security capabilities and effectively protect its society from cyber threats.
Regine Grienberger
Speech speed
138 words per minute
Speech length
1433 words
Speech time
621 secs
Arguments
Public sector needs cyber experts for digital sovereignty
Supporting facts:
- Discussion on digital sovereignty going on within Germany and the European Union
- Having control on our own networks as governments is one important part of digital sovereignty
Topics: Cybersecurity, Public Sector, Digital Sovereignty
Recommendations to tackle the shortage of cyber experts
Supporting facts:
- Cybersecurity agency gives the recommendation to set 15% of your digital or digitization budget aside for cyber security measures
- Pooling cyber security services for several public institutions
- Moving things to the cloud
Topics: Cybersecurity, Workforce Shortage, Public Sector
Increasing cyber literacy of workforce
Supporting facts:
- Conducting a cyber security month in October to inform colleagues about cyber threats
- The weakest link in the cyber security chain is always the humans
Topics: Cybersecurity, Workforce Development, Public Sector
Requirements of cyber experts
Supporting facts:
- Need technical experts and people who are able to speak the language of management
- Hiring people who have generic knowledges, then are upskilled or reskilled on the job
Topics: Cybersecurity, Workforce Requirements, Public Sector
Report
The discussion centres on the crucial requirement for cyber experts within the public sector to ensure digital sovereignty. The need for digital sovereignty is being deliberated in both Germany and the European Union. It is argued that governments must have control over their own networks to assert their sovereignty in the digital realm.
To address this issue, it is suggested that a portion of the digital or digitisation budget be allocated for cybersecurity measures. Specifically, the cybersecurity agency recommends setting aside 15% of the budget for this purpose. Additionally, pooling cybersecurity services for multiple public institutions and moving data to the cloud are seen as effective strategies to strengthen cybersecurity in the public sector.
Another important aspect highlighted in the discussion is the need to increase cyber literacy amongst the workforce. It is acknowledged that humans often form the weakest link in the cybersecurity chain. To mitigate this, there is an idea to conduct a cybersecurity month in October, during which colleagues can be informed about various cyber threats and receive training on how to handle them.
Furthermore, it is emphasised that the public sector requires not only technical experts but also individuals who possess the ability to effectively communicate with management. The importance of having employees with a dual skill set, generic knowledge combined with cyber expertise, is highlighted.
It is suggested that such individuals can be hired and then upskilled or reskilled while on the job. In an interesting proposition, one speaker advocates for job rotation instead of retaining trained experts solely in the public sector. This would involve training individuals within the public sector, releasing them to work in private companies, and subsequently gaining them back later in their careers.
This proposal aims to provide a more comprehensive skill set for cyber experts and foster collaboration and knowledge exchange between the public and private sectors. Overall, the discussion centres on the various strategies and recommendations to address the shortage of cyber experts in the public sector and enhance digital sovereignty.
By implementing these measures, it is believed that the public sector can effectively tackle cyber threats and safeguard national interests in the digital domain.
Yasmine Idrissi Azzouzi
Speech speed
162 words per minute
Speech length
1110 words
Speech time
410 secs
Arguments
it really boils down to making the field attractive
Supporting facts:
- there is a shortage of 3.4 million globally in cyber security
- public sector cannot compete here because of a lack of funding
Topics: Cyber Security, Public Sector
promote that this is an opportunity for working for something that is challenging
Supporting facts:
- try to appeal to people’s sense of purpose
- prestige for working for one’s government
Topics: Career Advancement, Public Sector
Report
The global shortage of cyber security professionals is a pressing issue, with a current deficit of 3.4 million individuals. Unfortunately, the public sector faces difficulties in competing for talent due to a lack of funding. To bridge this workforce gap, it is crucial to raise awareness about the diverse range of roles within the cyber security field and its multidisciplinary nature.
Contrary to popular belief, cyber security is not solely a technical domain but encompasses various disciplines. Addressing the underrepresentation of certain communities, including women and youth, in the cyber workforce is essential. By promoting inclusivity and diversity within the field, we can encourage more individuals from these communities to pursue careers in cyber security.
This aligns with the goals of SDG 5: Gender Equality and SDG 4: Quality Education. Furthermore, there is a revolving door between the public and private sectors in cyber security. To attract and retain qualified professionals, it is imperative to invest in their development and well-being.
Upper-level positions face a significant shortage, and professionals in the public sector often experience excessive workloads. This highlights the importance of investing in cyber security professionals to ensure an efficient and effective workforce. To address these challenges, it is proposed to appeal to individuals’ sense of purpose and prestige.
Promoting the opportunity to work for the government and contribute to national security can be enticing to potential candidates. By framing the cyber security field as challenging and impactful, it becomes more attractive to individuals seeking meaningful work. In conclusion, the shortage of cyber security professionals is a global concern that requires immediate attention.
Raising awareness about the diverse range of roles, addressing underrepresentation in certain communities, investing in professionals, and promoting the sense of purpose and prestige associated with working in the field are vital steps to bridge the workforce gap. By doing so, we can ensure a more secure digital landscape and contribute to the goals of SDG 8: Decent Work and Economic Growth.