How to retain the cyber workforce in the public sector? | IGF 2023 Open Forum #85

11 Oct 2023 05:45h - 06:45h UTC

Event report

Speakers and Moderators

Speakers:
  • Regine Grienberger, Cyber Ambassador Germany
  • Folake Olagunju, Program Officer Internet & Cybersecurity at Economic Community of West African States ECOWAS
  • Yasmine Idrissi Azzouzi, Cybersecurity Programme Officer, ITU
  • Natalia SpĂ®nu, Director, European Institute for Political Studies of Moldova, Cyber Security Expert
  • Komitas Stepanyan, Director Central Bank of Armenia
Moderators:
  • Martina Calleri, Onsite Moderator
  • Laura Hartmann, Online Moderator

Table of contents

Disclaimer: This is not an official record of the IGF session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed. The official record of the session can be found on the IGF's official website.

Knowledge Graph of Debate

Session report

Martina Castiglioni

The European Cyber Security Competence Centre (ECCC), operational from this year, plays a key role in the ambitious cyber security objectives of the Digital Europe Program and the Rise of Europe Programs. Together with member states, industry, and the cyber security technology community, the ECCC aims to shield European Union society from cyber attacks. It is a positive development that demonstrates a proactive approach to cyber security in Europe.

However, despite numerous cyber security initiatives, the skills gap remains a significant challenge. While public and private investment initiatives aim to close this gap, the situation is still concerning. Simply having a large number of initiatives does not guarantee a reduction in the skills gap. This ongoing issue requires further attention and efforts to ensure a skilled workforce meets the demand for cyber security professionals.

On a positive note, the Cyber Security Skills Academy serves as a single entry point for cyber security education and training in Europe. Supported by €10 million in funding, the academy aims to develop a common framework for cyber security role profiles and associated skills, design specific education and training curricula, increase the visibility of funding opportunities for skills-related activities, and define indicators to monitor market progress. The existence and support for the Cyber Security Skills Academy are promising steps in addressing the skills gap and providing comprehensive education and training opportunities for those interested in cyber security.

In conclusion, the European Cyber Security Competence Centre (ECCC) actively works towards achieving the cyber security goals of the Digital Europe Program and the Rise of Europe Programs. However, the persistent cyber security skills gap remains a challenge that needs attention. Efforts are being made through various investment initiatives, and the establishment of the Cyber Security Skills Academy shows promise in bridging this gap. By prioritising education, training, and skill development, Europe can strengthen its cyber security capabilities and effectively protect its society from cyber threats.

Audience

According to the information provided, Sri Lanka is currently facing challenges in implementing cybersecurity policies. Despite the development of a five-year policy for cybersecurity, the implementation process is proving to be difficult. This negative sentiment suggests that Sri Lanka is struggling to effectively address cybersecurity issues and protect its digital infrastructure.

In addition to the cybersecurity challenges, Sri Lanka is also experiencing a talent deficit in the IT sector. It has been highlighted that there are around 30,000 vacancies for graduates in the IT industry. This negative sentiment underscores the need for more qualified professionals in the field to meet the demands of the growing industry. It implies that the lack of skilled talent could potentially hinder the growth and development of the IT sector in Sri Lanka.

However, amidst these challenges, there is a glimmer of positivity in the form of strong collaboration. The speaker emphasises that building capacity within the government can only be achieved through collaborative efforts. This positive stance recognises that partnerships and cooperation between different stakeholders are crucial in improving the government’s ability to address various issues, including capacity building. It implies that by working together, the government can enhance its capabilities and effectively meet the demands of the ever-evolving digital landscape.

Furthermore, it is acknowledged that the digital world is inherently imperfect, and no system is completely safe from hacking. The speaker provides examples, such as the Pentagon and the White House, to support this argument. This negative sentiment highlights the notion that despite advancements in cybersecurity measures, there will always be weaknesses that can be exploited by hackers. It suggests that the focus should not solely be on finding a foolproof solution, but also on continuously improving and adapting cybersecurity measures to mitigate risks.

In conclusion, Sri Lanka is currently facing challenges in implementing cybersecurity policies and addressing the talent deficit in the IT sector. However, there is optimism for building capacity within the government through strong collaboration. It is also acknowledged that there is no foolproof solution for preventing hacking, as systems will always have vulnerabilities. These insights highlight the need for ongoing efforts to strengthen cybersecurity measures and foster collaboration to effectively address digital challenges in Sri Lanka.

Yasmine Idrissi Azzouzi

The global shortage of cyber security professionals is a pressing issue, with a current deficit of 3.4 million individuals. Unfortunately, the public sector faces difficulties in competing for talent due to a lack of funding. To bridge this workforce gap, it is crucial to raise awareness about the diverse range of roles within the cyber security field and its multidisciplinary nature. Contrary to popular belief, cyber security is not solely a technical domain but encompasses various disciplines.

Addressing the underrepresentation of certain communities, including women and youth, in the cyber workforce is essential. By promoting inclusivity and diversity within the field, we can encourage more individuals from these communities to pursue careers in cyber security. This aligns with the goals of SDG 5: Gender Equality and SDG 4: Quality Education.

Furthermore, there is a revolving door between the public and private sectors in cyber security. To attract and retain qualified professionals, it is imperative to invest in their development and well-being. Upper-level positions face a significant shortage, and professionals in the public sector often experience excessive workloads. This highlights the importance of investing in cyber security professionals to ensure an efficient and effective workforce.

To address these challenges, it is proposed to appeal to individuals’ sense of purpose and prestige. Promoting the opportunity to work for the government and contribute to national security can be enticing to potential candidates. By framing the cyber security field as challenging and impactful, it becomes more attractive to individuals seeking meaningful work.

In conclusion, the shortage of cyber security professionals is a global concern that requires immediate attention. Raising awareness about the diverse range of roles, addressing underrepresentation in certain communities, investing in professionals, and promoting the sense of purpose and prestige associated with working in the field are vital steps to bridge the workforce gap. By doing so, we can ensure a more secure digital landscape and contribute to the goals of SDG 8: Decent Work and Economic Growth.

Marie Ndé Sene Ahouantchede

The ECOWAS region, encompassing West African countries, is currently grappling with escalating cybersecurity challenges due to the rapid advancement of digital technology. This digital transformation brings about new opportunities for malicious cyber activities, resulting in a negative sentiment towards the region’s cybersecurity landscape.

One significant issue exacerbating the situation is the acute shortage of skilled cybersecurity professionals. The percentage of government and public sector organizations equipped with the appropriate cyber resources to meet their needs is alarmingly low, standing at just 29%. Furthermore, projections indicate that by 2030, an estimated 230 million people in Africa will require digital skills, highlighting the pressing need to address the inadequacy of skilled cybersecurity professionals to meet this demand. The limited supply of these professionals in the ECOWAS region is viewed as a negative contributing factor to the cybersecurity challenges.

However, it is encouraging to note that ECOWAS and West African governments are taking proactive steps towards mitigating the situation through the implementation of positive cybersecurity education and training initiatives. Under the umbrella of the Organization of Computer Emergency Response Teams (OCYC), the ECOWAS Commission launched the ECOWAS Regional Cybersecurity Hackathon—an event aimed at fostering innovation and collaboration to address cybersecurity challenges within the region. Additionally, an advanced training program was provided to member states, focusing on enhancing their capabilities in managing and responding to computer security incidents in 2020. These initiatives indicate a positive effort being made to strengthen cybersecurity education and training in the region.

A significant concern facing African countries is the brain drain in the field of digital professions. Despite endeavors to attract digital professionals, the public sector’s salary policy remains insignificant when compared to the global digital talent shortage. This brain drain further exacerbates the shortage of skilled cybersecurity professionals in the ECOWAS region, compounding the challenges faced and reinforcing the negative sentiment.

As a recommended course of action, the inclusion of education and training initiatives, alongside public-private partnerships, within the national strategy is deemed crucial to addressing the talent shortage in the field. Noteworthy examples include Benin’s Ministry of Digital Affairs collaborating with the Smart Africa Digital Academy to develop cybersecurity education, and the signing of a Memorandum of Understanding between Togo and the United Nations Economic Commission for Africa (UNECA) to establish the African Center for Coordination and Research in Cybersecurity. These partnerships demonstrate the importance of collaboration and concerted efforts across various sectors to bridge the talent gap and bolster cybersecurity capabilities.

In conclusion, the ECOWAS region is facing significant cybersecurity challenges as a result of digital transformation, leading to a negative sentiment. The shortage of skilled cybersecurity professionals aggravates the situation, further compounding the negative sentiment. However, ECOWAS and West African governments are implementing positive cybersecurity education and training initiatives, countering the shortage to some extent. African countries are experiencing a brain drain in the digital professions, adding to the challenges faced. Education and training, in conjunction with public-private partnerships, are recommended as integral components of the national strategy to combat the talent shortage. These insights highlight the need for concerted efforts within the region to strengthen cybersecurity capabilities and address the evolving cybersecurity landscape.

Regine Grienberger

The discussion centres on the crucial requirement for cyber experts within the public sector to ensure digital sovereignty. The need for digital sovereignty is being deliberated in both Germany and the European Union. It is argued that governments must have control over their own networks to assert their sovereignty in the digital realm.

To address this issue, it is suggested that a portion of the digital or digitisation budget be allocated for cybersecurity measures. Specifically, the cybersecurity agency recommends setting aside 15% of the budget for this purpose. Additionally, pooling cybersecurity services for multiple public institutions and moving data to the cloud are seen as effective strategies to strengthen cybersecurity in the public sector.

Another important aspect highlighted in the discussion is the need to increase cyber literacy amongst the workforce. It is acknowledged that humans often form the weakest link in the cybersecurity chain. To mitigate this, there is an idea to conduct a cybersecurity month in October, during which colleagues can be informed about various cyber threats and receive training on how to handle them.

Furthermore, it is emphasised that the public sector requires not only technical experts but also individuals who possess the ability to effectively communicate with management. The importance of having employees with a dual skill set, generic knowledge combined with cyber expertise, is highlighted. It is suggested that such individuals can be hired and then upskilled or reskilled while on the job.

In an interesting proposition, one speaker advocates for job rotation instead of retaining trained experts solely in the public sector. This would involve training individuals within the public sector, releasing them to work in private companies, and subsequently gaining them back later in their careers. This proposal aims to provide a more comprehensive skill set for cyber experts and foster collaboration and knowledge exchange between the public and private sectors.

Overall, the discussion centres on the various strategies and recommendations to address the shortage of cyber experts in the public sector and enhance digital sovereignty. By implementing these measures, it is believed that the public sector can effectively tackle cyber threats and safeguard national interests in the digital domain.

Lara Pace

The analysis examines several aspects of cybersecurity in both the public and private sectors. It begins by discussing the potential benefits of job rotation from the public to the private sector in cybersecurity. Understanding the challenges faced by the public sector within the private sector can lead to innovative solutions. Laura’s experience transitioning from the public to the private sector while focusing on global cybersecurity serves as evidence. This suggests that job rotation can positively enhance cybersecurity expertise and knowledge transfer between sectors.

The analysis then addresses the issue of retaining cybersecurity professionals in the public sector. Creating a clear and inclusive environment with well-defined career pathways is essential for keeping professionals. The report notes that professionals, including those in cybersecurity, have a natural desire to progress. By offering attractive career advancement opportunities and fostering an inclusive workplace culture, the public sector can improve retention. This argument is supported by the idea that a supportive work environment leads to higher job satisfaction and employee loyalty.

In terms of incentivization in cybersecurity, the analysis takes a neutral stance, suggesting that incentives do not have to be solely monetary. While specific evidence or arguments are not provided, the report proposes that recognition, career development opportunities, and job flexibility can be effective motivators for cybersecurity professionals. This implies that non-monetary incentives can attract and retain skilled individuals in the field.

The analysis also emphasizes the importance of effective human resource training in cybersecurity, paired with job creation initiatives. Currently, cybersecurity training often happens in isolation, leading to trained personnel leaving their geographic region. To address this, the analysis recommends a coordinated national effort that integrates comprehensive training programs with job creation strategies. This holistic approach can bridge the cybersecurity skills gap and provide more employment opportunities.

Lastly, the analysis acknowledges that cybersecurity is not always a top national priority. It suggests that when implementing initiatives, it is crucial to consider concurrent efforts that prioritize job creation. This ensures that cybersecurity professionals trained in the country remain in the field. It highlights the need for a balanced approach that aligns cybersecurity goals with other national priorities, such as industry and innovation.

In summary, this analysis provides insights into various aspects of cybersecurity in the public and private sectors. It discusses the benefits of job rotation, the importance of creating an inclusive environment for talent retention, and the value of non-monetary incentives. Additionally, it emphasizes the integration of training and job creation as a coordinated effort and advocates for balancing cybersecurity priorities with other national initiatives. These findings and recommendations contribute to a comprehensive understanding of cybersecurity and provide guidance for policymakers and organizations in navigating this evolving landscape.

Komitas Stepanyan

The analysis explores the urgent need to enhance the pipeline for cyber security professionals in Armenia. To address this issue, a range of initiatives has been implemented in the country. One initiative involves collaborating with renowned universities in Armenia to develop and nurture a skilled workforce in the field of cyber security. Furthermore, a campaign led by the deputy governor of the Central Bank of Armenia aims to raise awareness about the career opportunities and importance of pursuing a career in cyber security.

Specialized training is seen as vital in enabling professionals to effectively recognize and respond to cyber incidents. These training programs focus on incident response, forensic research, and compliance/audit of cyber security incidents. By equipping professionals with these specialized skills, they will be better prepared to handle and mitigate cyber threats and attacks.

In addition, the analysis highlights the unique appeal and satisfaction that can be derived from working in the public sector. While monetary motivation is important, the impact and sense of purpose associated with public sector work are highly valued. Public sector professionals have the opportunity to make a difference in the lives of thousands or even millions of people.

Efforts are underway to establish a nationally recognized Computer Emergency Response Team (CERT) in Armenia. This is essential for effectively responding to and managing cyber security incidents at a national level. Additionally, there are plans to apply for membership in FIRST, an international organization focused on incident response. These efforts demonstrate a commitment to enhancing cyber security capabilities and collaborations with global counterparts.

In conclusion, the analysis underscores the need to expand the pipeline of cyber security professionals in Armenia. Collaborations with universities, specialized training programs, the appeal of public sector work, and the establishment of a national CERT and potential membership in FIRST are all key components in fortifying the country’s cyber security landscape. These initiatives are crucial for addressing cyber threats, safeguarding critical information systems and infrastructure, and ensuring a secure digital environment.

Laura Hartmann

According to the World Economic Forum’s Future of Jobs report, there is currently a global shortage of 3.4 million cybersecurity professionals. This shortage is largely due to the increasing digital economy and the rising threat of cyber-attacks. The speakers highlight the need for a growing number of skilled individuals in the field of cybersecurity to address these challenges.

One of the main issues discussed is the public sector’s struggle to retain cyber professionals. Due to the lack of funding, many public sector organisations are finding it difficult to compete with private sector companies in attracting and retaining talented individuals in the cybersecurity field. This poses a significant problem considering the increasing number of cyber-attacks that require effective cybersecurity measures.

To tackle this issue, the speakers suggest the implementation of cross-industry initiatives and cyber capacity-building initiatives. Cross-industry initiatives involve collaboration between different sectors to raise awareness and address the issues related to cybersecurity. This approach allows for a broader perspective and a more comprehensive response to the challenges faced in the digital world.

Furthermore, the speakers emphasise the importance of holistic approaches starting from education. They argue that raising awareness about cybersecurity and building a solid foundation of knowledge in this field is crucial for public safety. This holistic approach also involves management understanding the need for investment in cybersecurity.

The analysis also reveals a positive sentiment towards cyber capacity-building initiatives, especially for developing countries. The speakers mention initiatives implemented by GIZ, commissioned by the Federal Foreign Office of Germany, to improve cyber capacity in partner countries. This highlights the importance of addressing the shortage of skilled professionals in the cybersecurity field not only in developed nations but also in developing nations.

In conclusion, the analysis highlights the growing global shortage of skilled professionals in cybersecurity due to the increasing digital economy and the threat of cyber-attacks. The public sector faces difficulties in retaining cyber professionals, and cross-industry initiatives and cyber capacity-building initiatives are proposed as solutions. A holistic approach, starting from education and raising awareness, is crucial for public safety. Additionally, the importance of addressing the shortage of skilled professionals in the cybersecurity field in developing countries is emphasised.

Speakers

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more