Upskilling For A Cyber-Secure World

Ravikumar Sreedharan, Managing Director, Unisys India and Head of Global Delivery Network, UnisysSreedharan leads the company's operations in India, which include more than 5,000 employees

The cyber threats in our world are constantly evolving. As a result, it is only anticipated that the skill requirements of cybersecurity specialists will evolve accordingly. According to a survey, in 2017, 55 percent of enterprises surveyed required three months or more to fill vacancies in cybersecurity positions and 37 percent reported that less than 1 in 4 candidates possessed the qualifications required. It is moot to say that building and maintaining a capable cybersecurity team today is a tremendous challenge.

A report from Frost & Sullivan and(ISC)2 discovered that the global cybersecurity workforce will have more than 1.5 million vacancies by the year 2020. At the same time, the cybersecurity industry is a fast-growing market, with IDC forecasting it growing to a $101 billion opportunity by 2020. So, we must ask ourselves, how do we reconcile this talent shortage? The answer may lie in upskilling.

The foremost advantage of upskilling is that it can be adjusted to suit the most relevant skills an organization requires or prefers. Added to that, is the sense of gratitude or loyalty that the trained individuals harbor towards the organization. The organization is thus seen to be earnestly thinking and working towards the employees’ career growth. The intuitive conclusion that follows is that employees see themselves as a true asset to the organization. However, there is a flipside to upskilling employees as perceived by an organization.

Upskilling as a Prisoner's Dilemma
The challenge in upskilling existing employees is that organizations risk sinking investment into a resource that can soon leave or be lured away to a more lucrative opportunity. As a result, organizations are hopeful that individual employees will nurture their skills without actually making investments directly towards their development. A solution that some organizations have found to this dilemma is the golden handcuff method. For instance, a law firm may pay the university fees for an employee to get a law degree with the stipulation that the clerk remains with the law firm for specified number of years after graduation. This can be a potential route to maintain technical staff and close
the skills gap we see in digital and security disciplines.

The impending deficit of cybersecurity professionals combined with high attrition rates can render organizations unable to acquire and retain the requisite expertise to respond to a constantly evolving threat environment. The growing risks presented by cyber attacks translate into the fact that organizations must find a solution to the cyber security skills gap. Upskilling is a viable option, but an option that has to be weighed against the potential loss of the most developed employees.

In order to be prepared for the anticipated increase in security breaches, organizations need to vigorously upskill existing employees

Considerations Surrounding Cyber-security Upskilling
The inclination of IT professionals to move into IT security presents a great opportunity for organizations to upskill existing IT staff. This would help lessen the burden on organizations in terms of the number of new IT security experts they need to recruit. If organizations are amenable to putting employees with an interest in IT security through certifications such as CISSP(Certified Information Systems Security Professional)and CISM (Certified Information Security Manager), both the organizations and the employees will be better equipped for the future.

So, how does an organization optimize the practice of upskilling for its IT security employees?

Firstly, an organization ought to re-examine its workforce strategy. Does it know what skills it requires in the foreseeable future to operate a successful security program? Organizations must realize that skills and experience can come from a variety of sources, and adjust their hiring strategy accordingly.

Secondly, organizations need to improve their outreach and engagement. Organizations must think beyond the usual career fairs and recruitment plans of the past. There is a pressing need to develop other educational programs and to start building a firm recruiting base. It is imperative to build a local cybersecurity ecosystem by connecting with government organizations, educational institutions, and other concerned groups.

Thirdly, it is important for organizations to have a robust support program for employees. Mentorships, rotational assignments and other such opportunities help cybersecurity employees gain experience and learn. Organizations now need to keep employees involved by granting them the creative freedom to work on different projects and discover new technologies and services.

Finally, there needs to be an emphasis on continuous learning and upskilling. Numerous online courses on cyber security are available today and organizations should leverage them to upskill employees in a flexible and cost efficient manner. A field as dynamic as cybersecurity requires constant education and exploration. Organizations ought to also be open to employees from other areas of their business who express interest in cybersecurity career paths.

There is an indication these days that the industry is responding to the shortage of skilled cyber security professionals by upskilling existing staff. It is also encouraging to see the number of IT professionals who wish to transfer into cybersecurity, which could help bridge the skills gap. In order to be prepared for the anticipated increase in security breaches, organizations need to vigorously upskill existing employees, and also educate all other staff in the organization as to the importance of security.