The importance of training in managing a cybersecurity skills shortage

According to a report released by Ireland-based multinational professional services company Accenture, a low investment in cyber security, and immature cybercrime legislation, makes South Africa a target for cybercrime, with the country registering the third-highest number of cybercrime victims worldwide[1]. In addition, as with other countries, the cybersecurity skills shortage is hindering the ability of businesses to effectively manage and stay ahead of constantly-evolving cyberthreats.

The lack of skills means businesses find themselves on the back foot, looking for individuals who are able to manage and run solutions, manage incident and security teams, and having to ensure the  implementation of a strong security posture. This is not isolated to a single  partner or end-user organisation, but is a global issue.

Last year, CNBC reported that the shortage of technology talent is particularly severe in the cybersecurity field, and that demand for skills is increasing ‘exponentially’ and shows no signs of lessening. This information was reported during a session on the talent shortage at CNBC’s 2021 Technology Executive Council Summit in New York City[2].

Best-of-breed technology alone is not the solution

Many organisations try to alleviate the skills shortage by buying high-end technologies. However, the problem cannot be solved simply by ‘throwing money’ at the problem, because, without the skills to understand the inter-operability between the solution, and how it needs to be implemented and managed, the purchase of best-of-breed technology is merely not enough.

In other words, without the right skills sets, companies remain at a disadvantage and remain vulnerable.

The importance of education in a local context

With regards to Africa, our education systems are often regarded as being less mature than in other, more developed continents and countries. As outlined in commentary from global professional services network Ernst and Young (EY), when compared to their peers in other countries, students in African schools frequently underperform on global benchmark tests[3]. As a result, the market is not always able to keep up with the pace of the technology being created and deployed elsewhere.

On a positive note, the South African government has outlined previously that it has a vision to address the local cybersecurity skills shortage. In 2019, the then-Deputy Minister of Communications and Digital Technologies, Pinky Kekana, explained that the government planned to create formal education qualifications ranging from diplomas for school leavers at NQF Level 5, to graduate and post-graduate degrees[4].

This included the development of roles and responsibilities for the cybersecurity sector, and planning for the engagement of private service providers to develop cybersecurity training programmes. She noted that there was also a need for a concerted and coordinated approach between the private sector, the government and academia to close the cybersecurity skills gap.

Investment required from both customers and system integrators

Over and above this planning, customers need to invest in skilled human capital to ensure they can manage, maintain and secure their own environments effectively and protect themselves. It is more beneficial for clients to complement the investment they are making on technologies with professionals to advise and assist them in that process.

In turn, system integrators need to invest in training so that they can provide their customers with the skilled technical support they need, in order to provide true value to their customers. Regardless of  how good or capable the technology is, there is always a human element backing this and if this is ineffective, weaknesses become apparent.

Companies therefore need to further invest in skilling up their teams to ensure that they are in the best possible position to deal with the ever-evolving threat landscape.

Walking the talk

At Exclusive Networks Africa, we have therefore built our extensive training services, allowing our employees and partners to skill up in a number of different ways.

Our training services include certified training on Fortinet and F5 solutions, both in person as well as through  virtual instructors. Additionally, we offer non-certified training on over 15 cyber security products within our  portfolio.

This not only improves our employees’ knowledge and expertise, but also invests back into individuals and ultimately our country and our local economy. It is only through concerted training efforts from a number of different parties, following a multi-faceted and partnership-aligned approach, that we will ultimately be able to deal with the current cybersecurity skills shortage that we are now facing.