The Importance of Equal Training in CybersecurityBy Sofía Hanna | Thu, 06/17/2021 - 16:44
While cyberattacks are increasing, the prevalence of cybersecurity professionals to prevent and fight them is not increasing accordingly, warned experts during the “Cybersecurity Skills Shortage: How to Equally Address It” panel. To get sufficient professionals to protect companies, the sector has to focus in attracting an overlooked demographic: women.
“It is necessary to address the actions necessary to close the gaps in cybersecurity in Mexico. If women entered the field, the country’s GDP would increase and so would sales of private businesses. The more the need grows, the more people are needed,” said Angeles Vela, General Manager at Csoftmty. While more women have entered the field, the sector still does not have the necessary professionals.
To address Mexico’s shortage of cybersecurity experts it is necessary to enhance technical education, explained Anahí Flores Ordorica, Campus Manager at IronHack. “The sector needs almost 2 million more people. But where are they going to come from? Technical education is the key but in Latin America, access to education is often poor. We have to ensure that there is information available through events such as this one where we are able to discuss the subject.” The priority, explains Ordorica, should be ensuring that current and future generations have this access to this information to take the first step towards learning the professional opportunities in this area.”
This mission will be impossible if the sector does not bring together industries, academia, public institutions and governments, explained Augusto Hintze, Director of CIIC. “We must have this ecosystem to accelerate the process,” he said. Companies, governments and individuals must be aware that they are a target and put together a group to generate awareness of the risks.
The best way to address the shortage of skills is to know exactly which skills are necessary, explained Berenice Guerra, Technical Consulting Engineer-Security Leader at CISCO and WISE. “You have to identify the roles and gaps in the security and find a way to train people to cover them. It is necessary to first define what a cybersecurity engineer is. After that, schools must develop complete training programs,” said Guerra. However, Mexico does no train cybersecurity engineers as such, she added, leading companies to rely on non-specialized people.
To provide equitable access to cybersecurity training for all, three steps must be taken, explained Hintze. The first is to review the maturity level of each organization, the second is to understand social engineering and the third is to search for an expert to help define the steps to follow. “Cybersecurity is an issue that affects everyone. Babies are now born with cell phones. Everyone should be concerned about their safety online. The information is there but companies must learn how to access and use it. At the end of the day, certifications are becoming more and more common because they are practical and up-to-date,” said Guerra.
Companies must understand that cybersecurity experts are essential, explained Vela. If they cannot be found through external hiring, businesses should develop their own. “Any company can do this. It is just taking reskilling or upskilling. Do not wait for outsiders to train people; it takes a joint effort,” said Flores. Companies should also consider upskilling as part of their talent retention strategies. “Before salary lays personal development,” said Guerra. “There are options available so employees can expand their knowledge. There is this idea that the talent is outside of Mexico; we do not realize that the talent has been here all along,” said Guerra.
Finally, to build more diversity in the workplace companies should stop looking for men or women of a certain age or background, agreed experts. What they should look for is for those who have the drive to learn. “It is necessary to break technology myths that say that cybersecurity experts have certain gender, age and skills. We can all develop technological skills. If companies remove these labels, they can welcome a sea of possibilities. Remove labels and give everyone a chance,” said Flores.
Companies have to stop thinking of these professionals as those of a specific gender, explained Guerra. “You have to break away from the myth that there are no women in technology.” Instead, what companies should focus in increasing diversity by aligning business and cybersecurity goals, building repeatable processes, providing the correct training and suggest plans to close the gap between cybersecurity and businesses.