How Universities Are Tackling the Cybersecurity Job GapSenior Cybersecurity Lecturer on Role of Universities in Bridging the Talent Gap
In a 2022 study, (ISC)2 found that the cybersecurity workforce in the Asia-Pacific region was growing at a steady pace of 15.6%, but much needs to be done to reduce the rising workforce gap as businesses ramp up investments in cybersecurity solutions. Steve Kerrison, a senior lecturer in cybersecurity at Singapore's James Cook University, recently discussed how the country's universities are rising to the challenge.
In addition to a workforce shortage, Asia-Pacific businesses face challenges such as workers' lack of domain expertise and challenges in communicating cybersecurity best practices to relevant stakeholders.
Several universities and technical schools in the region have launched elective cybersecurity courses in recent years to meet the rising demand for skilled professionals and increase domain experience. Kerrison said that James Cook University recently created the country's first-ever bachelor's degree program in cybersecurity by tapping into a pool of researchers and experts to bring industry knowledge into teaching programs.
He said universities also are making efforts to include advanced courses in artificial intelligence, machine learning and deep learning to make their programs more relevant to today's emerging cybersecurity challenges. "We have colleagues and peers in other institutions, and we meet to understand what the industry needs. We are also members of various industrial bodies such as (ISC)2 and CREST, and that helps us academics understand what to put in our educational materials," Kerrison said.
Kerrison, who previously served as chief technology officer at Singapore-based Microsec, said it is challenging for businesses to integrate a variety of technologies with cybersecurity tools and services. He said every business has a unique set of problems that requires a custom technology solution. Relying on a single vendor or deploying a myriad of solutions poses risks and operational challenges, he said.
Businesses should evaluate new solutions based on their benefits and return on investment, according to Kerrison. Log analysis solutions, for example, ingest information from a wide variety of data sources in real time and generate actionable insights, thereby enabling better integration. "Businesses should look at investing in these focal points to minimize complexity," he said.
Kerrison also touched on a third major challenge - how to communicate effectively with relevant stakeholders and the board about cybersecurity challenges and make a business case for purchasing new solutions. He believes universities must take up the challenge of arming budding professionals with nontechnical skills that help improve communications with management.
"One has to communicate technology concerns to nontechnical people, which is never easy," he said. "They also have to communicate the existing risk level and the options the business should pursue to minimize risk. Cybersecurity professionals need to keep in mind the fact that they are not just investing money, but creating value, and this allows the business to innovate further in the future."
In this video interview with Information Security Media Group, Kerrison discussed:
- The state of cybersecurity education;
- In-demand skills for cybersecurity programs;
- Communicating risk to boards and senior management.
Kerrison conducts research into IoT for Industry 4.0 at Singapore's James Cook University. He previously worked at Microsec, a Singapore startup creating cryptographic security products for IoT devices. Prior to moving to Singapore, he worked as a senior research and teaching associate at the University of Bristol's Department of Computer Science.