In cybersecurity, the present moment is one of both opportunity and crisis. The demand for cybersecurity professionals is growing rapidly, but there are simply not enough trained professionals to meet the current needs.
“It’s a field where the demands have increased extremely rapidly, but it requires specialized training,” says Charles Finlay, Founding Executive Director of the Rogers Cybersecure Catalyst. “So, we face a situation in which we have this great need for trained personnel, and we don’t have that personnel.”
While there may be a serious skills gap in the cybersecurity sector, it’s a gap that can be filled through cross-disciplinary thinking and collaboration between different sectors. In a changing online landscape, cybersecurity is an area where government, the private sector, and academia can and must work together.
The demand for new cybersecurity professionals is clear: businesses and governments increasing their online presences (a trend amplified by the pandemic) has led to a proportional rise in cyberattacks, necessitating new talent. But there is also a growing skills gap even among trained cyber professionals.
“The traditional pathway to cybersecurity starts with network technology,” says Rushmi Hasham, Director of Development and Accelerated Cybersecurity Training Programs at the Rogers Cybersecure Catalyst. “And yes, network topography is a traditional way of entering into cybersecurity, but now we have to understand the cloud. Cloud security is showing up and saying, ‘We don’t care about the network – we’ve got our own set of technologies.’”
Hasham also notes that as technology becomes more complex, a crucial skills gap for both industry newcomers and trained professionals is data analytics. “With data analytics, all you’re doing is looking at a screen filled with data. It’s not screaming out to you, ‘Hey, I’m the threat!’ It’s more, ‘I’m the anomaly in your daily traffic – can you find me?’ How do you then analyze that data and make decisions based on the five things that are sticking out? So analytical skills are no important in cybersecurity, and we’re seeing that gap becoming more prominent.”
The Rogers Cybersecure Catalyst represents a hub for cross-disciplinary thinking – a Ryerson University initiative that brings together knowledge from both public and private sectors. Its programs include the Catalyst Cyber Accelerator (a commercial accelerator that provides earlystage Canadian cybersecurity businesses with resources and mentorship from industry professionals), Simply Secure (a collection of e-learning modules and resources to help smalland medium-sized businesses prevent and respond to cyberattacks), and the Cybersecure Policy Exchange (which develops and supports policy solutions for pressing cybersecurity issues)
When academic institutions and companies work together to innovate, it is an extremely effective and important combination,” says Finlay. “On the innovation side, colleges and universities develop new technologies, techniques, and processes, and those can be commercialized by companies. On the labour market side, academic institutions play an extremely important role in training workers. They’re training workers for positions in the public and private sectors, so when those sectors work together, both needs are met.”
This idea is core to another Catalyst initiative: the Accelerated Cybersecurity Training Program (ACTP) offers an intensive seven-month training and certification program to give people from diverse backgrounds the skills they need to launch cybersecurity careers. Diverse backgrounds are key: in an evolving landscape, skills developed in one industry can be vital in a seemingly unrelated field.
Hasham recalls one ACTP alumnus who came to cybersecurity after a long career in social work. “Think about what he goes through every day. Think about his communication skills, and his ability for behaviour analysis, and his ability to stay calm. A company hired him, and now he is thriving in that environment because the transferable skills kick in.
“That’s what’s absolutely unique about cyber. It is an industry of people who come from a whole bunch of different backgrounds, and we pull on our past experiences and the skills that made us successful, and we get to apply them to cyber. Cyber can’t teach you crisis management, but you can learn that from other careers. Cyber teaches you how to be on the mitigation or offensive side, and the other skills you bring yourself.”