What skills are in short supply within SA’s cybersecurity industry

Technology industries are in a constant state of flux, evolving at a rate that is even difficult those who are well entrenched to keep track of. The South African cybersecurity industry is no different.

In recent years as a result of the pandemic and a move to a hybrid working model among other things, cybersecurity is being looked at differently at the boardroom level.

As such, it has become a necessity to have the most up-to-date cybersecurity skills within your organisation, regardless of how quickly the threat landscape evolves.

With that in mind we recently spoke with Emmanuel Tzingakis, technical lead for Sub-Saharan Africa at Trend Micro, to find how the local cybersecurity industry has fared throughout 2023 to date, as well as what types of skills organisations are in need of.

Lay of the land

While cynics would find it easy to view South Africa as behind the curve on other regions in terms of cybersecurity skills, Tzingakis is not, highlighting the fact that the local talent pool is among some of the best in world.

“I think we have some of the best cybersecurity experts in the globe, especially when you compare ourselves to the rest of Africa and the Middle East,” the Trend Micro technical lead asserts. “When you have a look at the local universities, the access to knowledge and qualifications like CISSP (Certified Information Systems Security Professional) is superb, and we have all of that availability here in South Africa.”

That said, Tzingakis is cognisant of the fact that South Africa’s cybersecurity industry has a problem when it comes to retaining talent.

“We’re losing skills to other countries. From a cybersecurity perspective we have some of the best skills in the world, and as a result we often lose them to other regions. I don’t believe we have the right retention policies, mechanisms, and incentives in place within organisations,” he emphasises.

Continuing a focus on cybersecurity in South Africa and the current state of affairs, Tzingakis makes mention of the impact that the pandemic has had. We have, since the end of lockdown and the move to a hybrid or remote working model, seen South Africa become a highly attractive target for cyber criminals. This in his view, is not simply a local issue, but one that is plaguing organisations across the globe, which is now forcing businesses to adapt rapidly.

“I think a lot of organisations, not just in South Africa, have been impacted because their business model and the way they do business has changed dramatically as a result of the pandemic. You have a lot more people connecting from home for example, connecting their business computers to home networks which not necessarily have the right security protections on it. This in turn caused a whole lot of headaches for organisations, and this model has continued well after the pandemic,” notes Tzingakis.

“This new model is forcing organisations to speed up their digital transformation, relying less on on-premise infrastructure and moving to the cloud, as well as changing their cybersecurity strategies given far more people are working from home. This has forced organisations to look at cybersecurity differently,” he continues.

On the horizon

Shifting to the the skills that will become sought after or needed in South Africa over the coming year, Tzingakis highlights operational management as being important moving forward.

“Being able to monitor you environment and ensure that it is not only safe, but that you’re getting a return on investment on the solutions that you have purchased will be critical. A lot of organisations are looking for that sort of skill, an analytical type of skill, where people are able to do threat hunting across the environment, and convert that information into a solution that can correctly protect an organisation,” he points out.

The other area that is lacking in his view, and will need addressing with the right skills in future is strategic security planning.

“Understanding how to implement security, how to implement risk management, how to implement a framework, how to implement the right policies and processes. These are skills that will be needed in order to keep an organisation safe,” stresses Tzingakis.

“That is where our country’s biggest skills shortage is to be honest. There are individuals who are able to analyse different threats, create firewalls, handle endpoint security, and these are relatively easy skills to attain, but having the experience to look at security holistically is definitely an area that we lack in South Africa,” he explains.

When asked whether these critical skills can be learned at an institution or require on-the-job experience, Tzingakis says a combination of the two is ideal.

“There are institutions that offer access to these types of skills, but really it takes both. If you look at the CISSP qualification for example, you require five years of actual work experience before you can be fully certified as an Information Systems Security Professional,” he believes.

“You need a combination of education and experience in order to be effective in this space,” he concludes.

With the South African cybersecurity industry not short on talent, it looks like making environments more attractive to remain professionals will also play a key part in retention and therefore developing the experience needed to couple with skills.

[Image – Provided]


About Author


Related News