Subscribe
  • Home
  • /
  • Business
  • /
  • Cyber security industry must do more to address skills shortage

Cyber security industry must do more to address skills shortage

Christopher Tredger
By Christopher Tredger, Portals editor
Johannesburg, 29 May 2024
(From Left) Independent management consultant and advisor Winston Hayden, Dale Simons, founder, MiDO Group, de Wit Coetsee, director, de Wit Coetsee Consulting, Conrad Roos, head of GRC, The Foschini Group, and Professor Elmarie Biermann, director, Cyber Security Institute.
(From Left) Independent management consultant and advisor Winston Hayden, Dale Simons, founder, MiDO Group, de Wit Coetsee, director, de Wit Coetsee Consulting, Conrad Roos, head of GRC, The Foschini Group, and Professor Elmarie Biermann, director, Cyber Security Institute.

Cyber security experts have expressed concern over a shortage of cyber security skills, and have stressed the need for collaboration between government, academia, and the private and public sectors to support learnerships and internships.


During a panel discussion at the ITWeb Security Summit Cape Town 2024 Conrad Roos, head of GRC, The Foschini Group, said there are many statistics that reflect an industry under increasing pressure.

Roos said according to the World Economic Forum (WEF) 71% of global organisations have unfilled cyber security positions.

Mediator Winston Hayden, independent management consultant and advisor, said according to ISC2 research, globally there are 3.4 million cyber security positions available.

Professor Elmarie Biermann, director, Cyber Security Institute, said the issue was not specifically about a lack of skills, but often related to a lack of experience.

“Organisations have difficulty in recruiting people with the ability to hit the ground running … they have the theory, but don’t have the experience and that is what companies are looking for, because it’s expensive to train people,” said Biermann.

The panel agreed that the situation is exacerbated by unrealistic expectations on the part of businesses, with some setting the bar for entry into the industry at an unattainable level.

Roos said according to ISACA’s State of Cyber Security 2023 research, 34% of the cyber security workforce is aged between 35 and 44 years old, and only 9% fall into the younger age group.

Focusing on this industry disparity, de Wit Coetsee, director, de Wit Coetsee Consulting, said cyber security should be part of the national curriculum, and this education should be ongoing, from tertiary education into internships, mentorships and learnerships.

“We see university students who have theoretical knowledge about security operations but struggle to apply this knowledge in practice,” said Coetsee.

He added that the increasing levels of burnout among cyber security professionals has compounded the challenge to recruit and retain talent.

Dale Simons, founder, MiDO Group, said that despite a 40% graduate dropout rate and South Africa’s high unemployment rate, especially among the youth, there is an obvious opportunity with the projected exponential growth of the cyber security industry.

Simons said academies play an important role in training and equipping work-related training.

Members of the panel agreed that the situation calls for a disruptive solution, that represents the fastest pathway into the industry.

Panellists added that while many businesses make a formal degree mandatory, there is just as much value in candidates who demonstrate a willingness to learn.

Share