The world is waking up to the ever-increasing threat of cyber-security as more and more people communicate and transact using digital devices. With the possibility of crypto-currencies replacing fiat money or cash, the need to get our cyber-security right is more pertinent now than ever, said Dr. Magda Chelly, CEO of Responsible Cyber, in an exclusive interview with The Independent Singapore.
Why is there a skills shortage and what is the shortfall?
We live in an age of Technami – a tsunami of technologies. The risks developing from these new technologies are also new and we need to find new ways of dealing with them.
When I first graduated, the demand for cyber security services to tackle cyber-attacks was almost non-existent. Companies were interested in CRMs, IT, digitalization, etc.
Therefore, new graduates were not yet encouraged to pursue a career in cyber security even though engineering studies often included cyber-security in their curriculum.
In the UK, Cybersecurity professionals earn an average salary of $116,000, or approximately $55.77 per hour. That’s nearly three times the national median income for full-time wage and salaried workers, according to the Bureau of Labour Statistics in the UK.
In Singapore, the talent gap, is currently estimated between 1,900 and 3,400 people. These jobs need to be filled in order to support the projected growth (in both domestic and export markets) of Singapore’s cybersecurity sector over the next five years. The average salary for a Chief Information Security Officer between SGD200k to SGD450k.
There will be a severe shortage of cyber-security professionals till 2028, when the new graduates will join the workforce.
What kind of skills do you look for?
The skills-sets required in this space is quickly evolving. It used to be technical skills a few years ago. But this has changed, and cyber-security risks are seen as business risks these days and is discussed at board meeting of both large and small companies.
In terms of technical skills, we specifically look for experienced professionals in the following areas:
- Threat and vulnerability assessment
- Incident and crisis management
- Security management
In my own experience, it has been very difficult to find security management professionals. The role would require a technical background and profile with a managerial position and a holistic approach. These profiles are very rare, unfortunately.
- Are there certification programmes for cyber-security professionals?
The best security experts are hackers themselves, they say.
It is a peculiar industry where street cred is more important than certifications and if you’ve hacked a site or two, you’ll be in a lot of demand.
That said, it does not augur well if you’ve hacked sites in an unethical way. There are laws around this and you may not get hired in a Fortune 500 company.
Companies tend to search for candidates with industry-recognized certifications, for example the (ISC)2 certifications like CISSP, or CSSP. These are examples of certifications assuring proven record, and expertise in the field which is recognised worldwide.
Thus, certification exams are demand, and enterprises have changed their approach when it comes to new hires.