Job seekers entering the cyber security market may have certification, but they don’t have experience and don’t know how to apply their theory in the workplace. They also struggle with communication and collaboration, which only accentuates the skills shortage issue.
This is one of the takeaways from a panel discussion on the first day of the 20th edition of the ITWeb Security Summit Johannesburg 2025 at the Sandton Convention Centre.
The panel comprised Conrad Roos, head of GRC at the Foschini Group (TFG); Nicole Cader, cyber security learning lead at Absa; Andy Kennedy, senior solutions engineering manager, UK, Ireland and SA at Cloudflare; as well as Dr Machiniba Sylvia Sathekge, founder and CEO of eTSHADI Consulting Services.
“This is an ongoing struggle,” said Roos. “The World Economic Forum says there is a shortage of four million cyber security skills globally. We see many entry-level candidates who have certification, but little to no experience.”
The panellists highlighted the demand for specific skillsets, including data analytics, cloud computing, endpoint security, networking and AI.
Kennedy said operators within these market segments are inclined to recruit people who have a similar background or understand a particular area with the requisite skills.
He added that Africa’s talent pool is diverse, and the market must consider working experience to change the status quo. “We must augment our approach to recruitment.”
Non-alignment of expectations
Dr Sathekge said there is a disconnect between the demand and supply of skills, exacerbated by non-alignment between what the market needs and what is available.
Absa’s Cader pointed out that it is an "experience versus numbers" issue and the entry-level candidates are part of the ‘instant generation’. “But we are in the long game. If you consider that youth unemployment stands at 45%, we have to train people."
Kennedy added there will never be a candidate who is skilled up in every discipline within cyber security, and the market cannot expect this. “No one has skillsets across all domains.”
Roos advised the market to “stop looking for unicorns”.
The panellists agreed that there is talent in SA, but there is a need to strengthen collaboration between information security teams, cyber teams and everyone within the organisation.
“Because cyber security is everyone’s responsibility,” said Kennedy.
Dr Sathekge said there are around 8 billion people in the world and a shortage of 4 million cyber security skilled workers. “Is it really a shortage or do we just want work-ready candidates?” she asked.
Roos said there is a shortage and this is relevant because of the need for a zero-tolerance approach to cyber security.
“The mindset must be that there is no acceptable loss when it comes to cyber security. We have a youthful employment service programme and we offer mentorship… we also have a risk management training programme developed in-house.”
Cader said there are enough people, but business leaders have to give these people a chance and not just talk about skills development and job creation, but act on these issues.
Panellists agreed that collaboration, training, mentorship and the offer of on-the-job experience are critical to address the skills supply-demand issue.
Companies are urged to collaborate in support of skills development and assisting job seekers to gain much-needed job experience.
New skills building Initiative
One example of an existing collaboration is Stellenbosch-based skills development initiative MiDO Academy.
Cyber security platform KnowBe4 Africa has partnered with the MiDO Foundation to provide free cyber security content licences.
Anna Collard, SVP, content strategy and evangelist at KnowBe4 Africa, said: “South Africa currently offers two SAQA-registered cyber security qualifications. The Occupational Certificate: Cybersecurity Analyst (NQF Level 5) is designed to equip entry-level professionals with foundational cyber defence skills. MiDO Cyber Academy is now officially accredited to deliver this qualification, alongside a small number of other approved providers.”
Collard added that SAQA also lists the Occupational Certificate: Cybersecurity Practitioner (NQF Level 6), a more advanced qualification that builds skills in threat detection, incident response and digital forensics. It serves as a progression pathway from the analyst certificate.
Both qualifications fall under the Occupational Qualifications Sub-framework, which emphasises competency-based, work-integrated learning.
“While many valuable industry certifications for cyber security analysts exist (such as CompTIA Security+), these two qualifications are currently the only SAQA-registered, credit-bearing options under the National Qualifications Framework (NQF). As part of MiDO’s programme, students also receive training and support to prepare for and write the CompTIA Security+ exam.”
“This accreditation is a game-changer,” said Dale Simons, CEO of MiDO Academy. “It allows us to equip young South Africans with industry-relevant cyber security skills that are nationally recognised, practical and in high demand. At the same time, it offers South African organisations a credible partner for building internal cyber resilience while advancing their enterprise development and skills strategies.”
Share