Cybersecurity is no longer an exclusive domain reserved for individuals with specialised technical degrees.
In an ever-evolving digital landscape, cybersecurity is more essential than ever. As digitalisation continues to permeate each aspect of our daily lives, organisations have to be equipped with the necessary cybersecurity measures to defend themselves against cyber attacks.
The widespread adoption of digital services means that almost any spike in online activity, such as the recent 10:10 sales or upcoming Black Friday events, provides attackers with leverage to easily penetrate organisational networks and systems. In fact, Kaspersky’s latest report shows that there’s been a threefold increase in cyber attacks against small and medium businesses in Singapore within the first half of 2023.
This comes at a time when the proliferation of new technologies, such as generative AI and cloud computing, has impacted how we traditionally secure networks and systems. While these tools have increased the efficiency and scalability of how many enterprises operate, they have also given rise to increasingly sophisticated and frequent cyber threats that demand innovative security solutions.
A vigilant and well-prepared cybersecurity workforce, as well as a robust and adaptive cybersecurity strategy, is critical. However, the increasing complexity of cyberattacks, coupled with the 2.16 million cyber workforce gap in the face of unprecedented demand remains a significant challenge.
The growing need for skilled cybersecurity talent
To address the expanding threat landscape, the cybersecurity industry has to adapt swiftly. Not only is there a need to increase the pool of skilled cybersecurity workers, but existing cybersecurity talent also have to keep themselves up-to-date with new developments in the industry, and ensure that they are trained in the latest skills and technologies.
For entry-level professionals, or those seeking to enter the profession without a relevant degree, certification can provide an entry point into the field. Entry-level certifications enable individuals who do not necessarily have relevant experience to demonstrate they have the required foundational knowledge, skills and abilities to pursue a cybersecurity career. These certifications provide a standardised and recognisable means of assessing an individual's cybersecurity knowledge of core subject areas as well as capabilities such as problem-solving and analytical thinking. For instance, ISC2’s entry-level Certified in Cybersecurity (CC) certification will give individuals access to online self-paced training and examinations to equip learners with critical cybersecurity skills and evaluate them across core domains such as security principles and network security.
In Singapore, the Cyber Security Agency (CSA) has recently announced a dedicated Cybersecurity Talent, Innovation and Growth Plan designed to grow and develop the cybersecurity workforce and industry. As part of this plan, there are initiatives that not only encourage the development of innovative cybersecurity solutions, but also provide opportunities for mid-career professionals to convert into cybersecurity roles, and non-cybersecurity professionals to acquire foundational cybersecurity skills that they can incorporate into their existing roles.
Embracing alternative pathways into cybersecurity
Beyond certifications and training programmes, organisations also play a pivotal role in broadening cybersecurity hiring.
Cybersecurity professionals have historically come from IT backgrounds, and many of these individuals pursued a traditional education path and earned their degrees in computer science or a related field. While this has undoubtedly produced many highly skilled cybersecurity experts, it has its limitations, especially in the face of the growing workforce gap. It's become apparent that alternative pathways exist outside of the IT sector and organisations need to embrace individuals from diverse backgrounds and skills to bolster our cyber defences.
ISC2’s 2022 APAC Hiring Managers Report found that non-technical competencies are just as important when assessing a candidate, such as problem-solving (39%) and analytical thinking (35%). More specifically, hiring managers must work with HR to ensure alignment on job descriptions, realistic expectations of candidates and a focus on recruiting individuals with the right skill sets, even if they lack technical attributes.
Further, it is imperative to encourage individuals in adjacent or STEM (science, technology, engineering and mathematics) backgrounds who are interested in cybersecurity to pick up relevant skills or take on cyber roles. In fact, under CSA’s new SG Cyber Associates program, CSA is partnering with professional bodies and training partners to introduce foundational cybersecurity training to professions such as engineers, auditors and lawyers. As part of this, ISC2 and CSA will collaborate to provide 10,000 Certified in Cybersecurity (CC) training and exam spaces for individuals wishing to broaden their cybersecurity skillset or pursue a cybersecurity career, equipping individuals with their first professional certification.
Diversifying the future cybersecurity workforce
This shift in embracing individuals from alternative pathways has not only broadened the horizons for aspiring professionals but has also removed or reduced many of the obstacles that once limited entry into the field.
It reveals that cybersecurity is no longer an exclusive domain reserved for individuals with specialised technical degrees. Instead, it's an open invitation to individuals from various backgrounds, experiences and talents who share a common passion for safeguarding the digital world. Diversity is vital to the growth and success of cybersecurity. By bringing more voices to the table, the industry can better address existing problems, strengthen professional competencies and create lasting change.
Clayton Jones is the managing director for Asia-Pacific at ISC2