Could Your Grandma Be The Next Cybersecurity Expert?

I was in attendance of a panel discussion during RSA Conference 2018 that was focusing on emerging cyber threats and the challenges faced by corporations and governments in a digital world

Portrait of Tammy Strobel

I was in attendance of a panel discussion during RSA Conference 2018 that was focusing on emerging cyber threats and the challenges faced by corporations and governments in a digital world. Yes, the thrilling melting pot of modern security concerns.

However, there was one discussion point that stuck with me, and it was about how we think of cybersecurity experts today. I’d imagine the first thing that popped into your mind— just as it did mine—was the typical programming savant. A high profile black hat hacker, brought in to reverse engineer a company’s infrastructure, in order to find and eliminate security loopholes. Or maybe I’ve just watched one too many movies.

The reality of it, as echoed by panelists Zulfikar Ramzan, the CTO of RSA, and Narelle Devine, the Chief Information Security Officer at the Australian Government Department of Human Services, is that IT skills aren’t the most important thing you need to be a cybersecurity expert any more. And organizations are finding out that current education curriculums aren’t producing people with the right skills for the real world when they leave university.

In fact, there is currently a shortage of qualified people in this field. There is no such thing as hiring a cybersecurity specialist with 10 years of experience, because the skillsets required for such security needs didn’t exist 10 years ago.

Security firms talking about increased threat landscapes, and breaches that seem to be happening in greater frequency, are simply an effect of our world going digital.

Cybersecurity—the definition of the term bandied about today—is no longer an IT-only issue. It is a multifaceted problem that encompasses every aspect of our lives, with running a business or even a country. TL;DR. As long as there is internet, there will be cybersecurity concerns.

And because of this, human skills are required more than ever. And this goes beyond the need to align technical jargon with business goals. I’m talking about the skillsets needed to understand and deal with growing digital threats that can’t be detected or stopped by your run of the mill firewall and anti-virus.

Psychologists for example, can be employed within a cybersecurity team to combat the increase in sophisticated social engineering techniques. These are the threats that attempt to hack the human connected to the system rather than the system itself.

Lawyers also have a role in cybersecurity to help develop new policy and processes, to identify and combat traditional criminal activity that’s moved into the digital space. For example, many cyber attacks aren’t really caused by hacking. They’re merely incidents of fraud; digital fraud yes, but still just fraud.

Following this vein, real world cybersecurity skills can be trained, or re-trained into people that may have the aptitude to excel in a cybersecurity environment, without necessarily having an IT background. In the more traditional sense, Singapore’s Republic Polytechnic and Temasek Polytechnic works with RSA to operate studentrun Security Operation Centers. On the other hand, in Australia, there are programs to re-train veterans.

Further down the unconventional rabbit hole, it was brought up that truck drivers are supposed to have excellent facial recognition skills, which leads to very good pattern recognition. They can also stay focused for hours on end, which are exactly the kind of skills that a cybersecurity war room would need. There was even a suggestion of re-training retirees and the elderly as untapped talent sources, as they may already have skillsets that can be applied to the bold new cybersecurity frontier.

My Reading Room

By Zachary Chan