Training professionals to respond to unknowable threats is the critical challenge for the cybersecurity industry. And, for IT professionals working in the area, it means that continuous professional development (CPD) is not just a course here and there: it is an ongoing, daily part of the job.
“Attackers are constantly developing new tactics, techniques and procedures, while defenders often struggle to keep pace,” says Jaap Meijer, cybersecurity and privacy officer with Huawei.
“Personal users face threats such as phishing, identity theft, ransomware and malware, which can result in financial loss, reputational damage, and emotional distress.
“Businesses grapple with sophisticated attacks like data breaches, supply chain compromises and cyber espionage, jeopardising sensitive information, operational continuity and financial performance.”
‘A gas emergency would quickly turn into an electricity emergency. It is low-risk, but high-consequence’
The secret to cooking a delicious, fuss free Christmas turkey? You just need a little help
How LEO Digital for Business is helping to boost small business competitiveness
‘I have to believe that this situation is not forever’: stress mounts in homeless parents and children living in claustrophobic one-room accommodation
Vaibhav Malik, cybersecurity and resilience partner at Deloitte – which provides a range of cybersecurity services to clients, including advisory, implementation and service operations – says the past five years have seen a significant increase in cyberthreats.
“Cyber experts must build a culture of trust and empowerment among employees, allowing them to take initiative when faced with challenges that impact their work performance,” he says.
“We strongly encourage asynchronous learning for our staff, as there are so many moving parts to the changing cyberthreat landscape, new regulations and modernisation of technology. We constantly reidentify our challenges and reactivate our own standards to stay ahead of the cyberthreat.”
Meijer agrees that constant vigilance requires ongoing education.
“Staying abreast of the latest threats, vulnerabilities and countermeasures requires a dedicated commitment to professional development,” he says.
“Traditional training methods may fall short in addressing the dynamic nature of the field. To bridge this gap cybersecurity professionals need access to tailored and up-to-date learning resources that align with their specific roles and responsibilities.”
David Prendergast, senior manager for cyber and strategic risk at Deloitte, says there are important benefits for firms that train their staff in this area.
“Some businesses may be concerned that if they upskill or train staff they will seek outside opportunities – the flipside of this is having staff that remain but are untrained.
“But we consider learning and development to be a key differentiator as part of the whole package in our staff retention strategy.”
Dave Feenan, network director at the Technology Ireland ICT Skillnet, says there are growing employment opportunities in the cybersecurity sector.
“In order for Ireland to remain competitive and attractive for foreign direct investment we need to make sure that we are investing in and future-proofing the skills and competencies required to keep Ireland cybersecure,” he says.
“Cybersecurity is now the fastest growing area in tech – which is why there has never been a better time to upskill in this critical field.
“With a severe workforce shortage and ever-increasing demand for enhanced and robust cybersecurity systems, there are vast opportunities emerging for skilled cybersecurity professionals.
“According to a recent ISC cyber workforce study, the size of the worldwide cybersecurity workforce has reached 4.7 million individuals, but there is still a global deficit of 3.4 million cybersecurity workers.”
So, how can Ireland address its own needs in this area?
Feenan points to a number of courses available through Technology Ireland ICT Skillnet, which is a Government backed business-support network that connects teams and individuals from companies of all sizes with highly subsidised training on courses that are co-developed by industry and academia.
These include, for instance, the MSc in cybersecurity at the National College of Ireland and the entry-level future in tech cybersecurity analyst course.
Other companies, such as Huawei, offer internal training opportunities.
“Cybersecurity is a top priority for us, so we invest significantly in developing our employees’ skills and knowledge,” says Meijer.
“Our comprehensive training programmes encompass a wide range of topics, from foundational cybersecurity principles to advanced technical skills. We offer both mandatory and optional training modules tailored to different roles and responsibilities within the organisation.
“To ensure our workforce stays current with the latest threats and best practices, we incorporate real-world scenarios and hands-on exercises into our training programmes. Additionally, we emphasise the importance of continuous learning by providing access to online resources, mentorship opportunities and industry certifications.”
Deloitte is another firm with a strong focus on training experts in cybersecurity.
“We are a training firm and have developed a wide range of training programmes – technical and non-technical – available to the cyber team and other employees,” says Prendergast.
“We collaborate with major tech companies to ensure our staff are trained in the latest and best cloud technologies. We also run multiple classroom training programmes, sponsor cyber certifications and have focused training for specific industries and business areas, such as banking and payments.
“We run a wide range of workshops and training sessions, including lunch-and-learn style over-web conferences, at a global and local level.
“We use our Deloitte Academy to organise cyber boot camps for junior staff and provide access to a bespoke lab environment for penetration testing, supported by dedicated research time.”
Prendergast sees research as being crucial to stay ahead of attackers’ techniques.
“We use labs to simulate attacking environments, allowing us to learn through practical experience rather than just theoretical knowledge,” he says. “Active practice creates skills that are worth more than having theoretical knowledge.”
Easy cybersecurity training for small business
In a recent collaboration, Technology Ireland ICT Skillnet, in association with Mastercard, launched the Global Cyber Alliance Toolkit for Small Business, which addresses the most common cyber risks affecting small firms that conduct any aspect of their business via email or over the internet.
“The structure and content of the toolkit enables small businesses to precisely target and resolve common weaknesses so they can focus more time and resources on their core business objectives,” says Dave Feenan, network director at the Technology Ireland ICT Skillnet.
“Research has shown that implementing these steps across a business can significantly reduce the cyber risk they face.”
- For more information, google search ICT Skillnet Global Cyber Alliance Toolkit for Small Business