Interview: IT security and the current skills gap

October is National Cybersecurity Awareness Month in the US and the Department of Homeland security is calling for more attention to be paid to securing systems.

But whilst cybersecurity is a growing industry we risk a developing skills gap where workers aren't qualified or prepared for jobs in the field. We spoke to Andrew von Ramin Mapp, CEO of Data Analyzers, a cyber security and digital forensic firm, to get his view on how the industry can address this.

We're seeing ever more sophisticated cyber-attacks in recent years. Is the security industry struggling to keep up?

The industry is definitely struggling to keep up, it has always been a cat and mouse game, but over the past few years the momentum has accelerated drastically and the industry at large was not prepared for it.

In the past, a lack of corporate awareness among executives and boards of directors meant the required funding to properly implement and adequately maintain a secure network and cyberinfrastructure was unavailable. Because of recent public scrutiny things have shifted a little and the security industry is trying to catch up.

Are there misconceptions about what working in cybersecurity involves?

There's often the assumption that all information security professionals spend their day hacking into their clients or their own systems to remove any vulnerabilities. Sure that can be part of the profession if your job includes penetration testing and vulnerability assessments.

However, a large percentage of professionals spend more time writing reports, or security policies and analysing gigantic quantities of repetitive system and network logs.

Does the education sector need to up its game in providing the right skills?

The education sector adapts relatively quickly to the needs of corporate America. The problem is cybersecurity involves a large spectrum of individual skills which require a strong understanding of the underlying technology and cannot be mastered in a short time frame. The education sector could potentially narrow the curriculum to develop specialisations within cyber security in order to prepare a graduate for a specific entry level role within the industry.

Would businesses benefit from hiring people without traditional security qualifications and training them in house?

If they can find passionate individuals and have the resources to do so, then yes of course. With this recruiting method, companies can emphasise training on the specific needs, possible threats and risk factors specific to their business.

Do we need to raise the profile of cybersecurity generally to make it a more attractive career option?

No, cybersecurity has received a lot of attention in recent years from the media, business sector and academia. Great initiatives designed to encourage students to participate in cyber competitions like The Collegiate Cybersecurity Championship Cup have also increased awareness.

Such events help elevate the interest and skills of university students who have an interest and passion for cybersecurity.

Image Credit: Africa Studio / Shutterstock