Not only IT gurus required in cybersecurity fight, say experts
Soft skills, other vocations needed as cybersecurity industry deals with talent shortage
Talk cybersecurity and most think of hackers in dark hoodies, speaking IT jargon hunched over computers.
However, experts say that the industry must realise cybersecurity is not just about the IT language and its skills, especially at a time when the sector is still plagued by a shortage of talent and the threat of cyber threats loom large.
"It is not just an IT business," said Ms Narelle Devine, Chief Information Security Officer for Australia's Department of Human Services, whose staff has grown from 25 to about 200 in the last two years.
Speaking at a media roundtable yesterday on the sidelines of the RSA Conference 2018 Asia-Pacific & Japan, she said that while there is a need to hire those with the technical expertise, experience in other vocations is needed in the industry.
Ms Devine said: "You actually also need psychologists, you need lawyers, you need intelligence specialists and you need people that can communicate, so we needed marketing people and communications people,"
Ms Magda Chelly, who also spoke at the roundtable, said a psychology background would be extremely useful in the case of "social engineering attacks", where people are the targets rather than actual IT infrastructure to steal information.
The managing director of cybersecurity advisory and training firm Responsible Cyber told The New Paper: "There is a lot of emotional intelligence that comes with building the right social engineering attack... So what is at stake here is the psychology of the person."
Soft skills like effective communication can also help businesses understand the value of cybersecurity.
The Cyber Security Agency of Singapore (CSA) said in its 2017 annual report that instances of phishing, website defacement, malware infections and ransomware had risen.
Dr Zulfikar Ramzan, RSA's chief technology officer, said at the roundtable: "One thing to recognise is that cybersecurity is a phenomenally multi-faceted problem. It is not something we can address using one guy with super skills."
Dr Ramzan said that cybersecurity teams need to ensure that they build a common language with their business counterparts and that their roles align with the goals.
Both Ms Chelly and Ms Devine agreed that re-training and upskilling those who are passionate about cybersecurity but may not have an IT background is a good way to expand the current talent pool.
Ms Devine, whose department has started to train and deploy military veterans in cybersecurity roles, said: "There's a bunch of vocations out there that really nicely lend to moving to cyber as we become more mature, and we try to embrace all of those different cohorts in one big happy family."
Get The New Paper on your phone with the free TNP app. Download from the Apple App Store or Google Play Store now