- Cybersecurity is not just an IT problem - it requires the application of multidisciplinary skillsets.
- Firms' cybersecurity teams should be as diverse as the cybersecurity challenges we face today.
- Everyone from English literature graduates to fine arts students has important skills that can be leveraged in this arena.
We talk a lot about closing the global cyber talent gap, but we do not talk nearly enough about closing the cyber confidence gap - the gap felt by non-IT applicants when perusing a very technically worded job application. Contrary to perceptions that have dogged the cyber industry and academia, no matter what one has studied - whether fine arts, English literature or education - each brings relevant and necessary skills that can help to upgrade the traditional cyber-skills toolkit.
Globally, 70% of cyber talent comes from an IT background. This lack of educational diversity belies a long-accepted systemic equivalency between cyber skills and IT skills.
However, cybersecurity is not just an IT problem, it is an every-sector problem. This is becoming devastatingly apparent with COVID-19, as we witness our critical infrastructure sectors - healthcare, manufacturing, utilities - come under cyberattack. The recent attacks on the WHO and hospitals around the world not only undermine health responses but are potentially endangering lives. Cybersecurity is our shared social responsibility because “effective cybersecurity safeguards digital trust, spurs innovation and progress in society, enhances the social responsibility and accountability of organizations”. It is only by hiring cyber professionals from all backgrounds - finance, communications and mathematics - that we can be in a strong position to truly share this responsibility.
Have you read?
By limiting cyber recruitment, hiring and upskilling efforts to IT talent, there are also undesirable spillover effects - such as excluding individuals who tend to be underrepresented in IT to begin with, namely women, minorities and indigenous populations.
As cyber issues become omnipresent, we must transform our recruitment practices and open doors to talent from non-traditional backgrounds for two main reasons:
Necessity: Our cyber workforce and skills need to be as diverse as the evolving cyber challenges.
Strategy: With their unique set of transferable skills and knowledge, multidisciplinary talent constitutes an as-yet under-utilised talent pool that will help bridge the global 2.3 million cyber talent gap.
The workforce of the future no longer prepares for work by gaining formal qualifications in a one-off degree and assuming a linear career trajectory. In a Fourth Industrial Revolution system where skills are the labour market currency, our future workforce needs to constantly re-evaluate and transform their skillsets. With emerging cyber roles demanding new and more diversified skills, that “perfect candidate” simply does not exist. In fact, new cyber-risks will create unfilled roles for which there are no existing skill matches. Therefore, we must stop recruiting for a circumscribed set of skills, but rather hire people for their ability to transfer skills, willingness to learn, and passion for the subject.
The following are some excellent examples of high-potential transferable skills from non-traditional education disciplines. These skills were mapped out by the Global Shaper Montreal hub’s Inclusive Cyber Project.
When it comes to sourcing information, not only are English literature students skilled in looking at things anew through critical lenses, they also excel in researching the merit, trustworthiness and value of different information. Finance students are comfortable with employing research-based assumptions in contexts with low amounts of background information. They can wield probabilistic tools to model, analyse, and prioritise threats in order to arrive at a conclusion. International development studies students function well in collaborative, multi-stakeholder environments, and are adept at consulting with analysts and experts.
Once information is gathered, business students are well positioned to translate technical jargon into language and arguments that can persuade business decision-makers. Public policy students’ experience in writing policy briefs enables them to distil the most pertinent information for the reader. Fine arts students, meanwhile, can articulate and visualize the necessary information and engage the audience with creative techniques and content; such techniques can be leveraged to simulate attack paths, and discern relationships and patterns.
Some education disciplines come with very specific sets of knowledge and skills. Health studies students are familiar with the concepts of confidentiality and privacy, particularly the legal obligations surrounding patients’ personal health information. They are also experienced in preparing for, responding to and preventing crises.
Engineering students also have important transferable skills beyond IT. Industrial engineering students learn systems thinking, and are able to break down and plan complex systems. Their familiarity with audit processes allows them to bring continuous improvement and optimisation thinking to their projects. Electrical engineering students undertake courses on design principles and methods, covering design specifications, parameters, optimisation, implementation, troubleshooting and refinement, translating theoretical security best practices into processes, solution design, architecture, training, and awareness campaigns.
Speaking of training and awareness campaigns, education students can lead knowledge-transfer, awareness and training sessions which can streamline organisational change-management. They are skilled in equipping the target audience with the right tools to automate processes once the training or knowledge transfers are complete.
These examples illustrate the kinds of skills we need to bring on-board as new cyber-risks surface. We must empower such non-traditional talent with the ability to communicate the value of their transferable skills to employers, while at the same time enabling employers to recognise the value of these skills and to be more inclusive and equitable in recruiting from multidisciplinary backgrounds. By shifting the perception of cyber talent among applicants, industry and academia, we can minimise the cyber confidence gap which will ultimately close the global cyber talent gap.