Cyber Security: Addressing the skills gap | KPMG | NG
Share with your friends

Cyber Security: Addressing the skills gap

Cyber Security: Addressing the skills gap

As of 2015, ISACA boasts of 2000 resident members in Nigeria which indicates a low certification level amongst industry professionals


Related content

Cyber Security: Addressing the skills gap

A recent survey by Information System Audit and Control Assocation (ISACA) indicates that the global shortage of cyber security professionals would hit 2 million by 20191.

This is owing to the surge of demand for cybersecurity professionals in today’s industry.

Another survey indicates that the rate of cybersecurity job growth is three times more than that of noncybersecurity job growth within the same information technology industry.

One major challenge currently facing organisations today is the dynamic nature of threats as technology continues to act as a double-edged sword by opening up new criminal opportunities using its recent breakthroughs. Existing threat actors are constantly developing and improving their attack techniques to stay relevant in the cyber threat landscape.

Technology has been the touchstone of development in major economies of the world. Acquiring advanced technologies helped boot-strap economies of countries like China and India out of recessions at different points in their history. It is believed that poor technological capability remains one of the major constraints to Africa’s efforts to achieve its vision
of sustainable development.

One major solution to this would be developing policies to suit our peculiar environment and identifying critical innovation barriers to address and enable Africa achieve increased productivity and structural transformation of its economies. Technology-based businesses and solutions offer an opportunity for innovation and creation of powerful new disruptive business models yet to be seen in its relatively untapped market.

Capture young talents

As the global pool of entrepreneurs now boasts of young billionaires, it is clear that the teenage heart beats faster for business more than ever. Reason suggests that there is no better time to start a business than when brimful of youthful vigor, given the youthful exuberance and high risk appetite typically exhibited by the younger generation.

There is a constant influx of young technology entrepreneurs looking to launch new businesses and possibly collaborate with the government and communities to support their ideas.

Consequently, it has become essential for African governments to foster an enabling environment to nourish this growing innovation eco-system. Supporting and partnering with entrepreneurial hubs would go a long way in unveiling a lot of young individuals who could then pitch their startups on a platform and network with potential investors.

There is still a market for startups in the cyber security space. This should be encouraged, especially among the youth in Africa.

Information and Commuincation Technology (ICT) Education Curriculum Updates in Nigeria

Quality improvement in IT education is driven by a relevant and functional ICT curriculum. Prevailing issues such as job creation and poverty reduction can only be solved through a revised ICT curriculum. The mode of delivery of knowledge is currently not influenced optimally by ICT, though with the development of a National Policy on ICT in Education, Nigeria has predictably taken a step in the right direction. The National Policy on ICT Education is aimed at promoting ICT across all levels of the educational system. Key initiatives highlighted in the policy include the development of a National Standards for IT Education document which specifies requirements for the establishment of an IT curriculum governing teaching, learning and assessment at all levels of the Nigerian Education System, development of an e-curriculum portal for effective management of senior secondary school education curriculum and a student-PC ownership scheme aimed at enabling students of Nigerian Universities own brand new computers at subsidized costs.

Special Intervention Training Programs

The Nigerian Educational Research and Development Council (NERDC) is charged with a mandate to develop a curriculum with emphasis on creative thinking, entrepreneurial skills, and positive social and cultural values. Some of the most important developments in education have happened since the launch of the Internet. Students have become well versed in the use of smartphones, text messaging and using the Internet thus changing the mode of learning to include electronic media.

The Federal Government of Nigeria in its role to enhance access to qualitative education initiated an e-learning initiative to cut across all the Ministries, Departments and Agencies in the country. A committee was set up to steer this initiative in 2010 by the Federal Ministry of Education.

In addition, it is expected that the introduction of the Computer Studies/ICT curricula as a compulsory subject will facilitate the speedy integration and implementation of Information Technology in the government’s plans on capacity building and educational reform.

The Federal Government of Nigeria also plans to establish two super hubs in Abuja and Lagos as well as six regional hubs in the respective geo-political zones to facilitate practical skill acquisition amongst its citizens in the technology workspace encompassing cybersecurity, software innovations and so on.

Addressing the skills gap in Cybersecurity

Solving the growing cybersecurity challenges requires young skilled security professionals who are proactive and willing to combat existing cyber-security threats.

As the rate of cybersecurity incidents continues to escalate, the magnitude of related brand, reputation, and fiscal impact is driving organisations to address this risk. Executive leadership teams are demonstrating cybersecurity resiliency support by taking a more active role in enforcing policy, mandating security awareness training, supporting budgetary increases for cybersecurity-related technology and training, and modeling the way by adopting leading cybersecurity practices.

Although enterprises continue to increase spending and effort on cybersecurity, respondents constituting majorly cybersecurity managers and practitioners in a global survey conducted by ISACA and RSA Conference between November and December 2015, indicate that they struggle to fill positions with highly skilled workers.

Another survey shows that about 53% of organisations experience delays as long as 6 months to find qualified security candidates.

Relevant cyber security talent is becoming increasingly difficult to find in today’s ever growing cyber security field1. Recent reporting from the Center for Strategic and International Studies states that the shortage in cybersecurity skills does direct and measurable damage to organisations operating in today’s interconnected world.

Companies look favorably on cyber security professionals who are passionate and have taken the initiative to develop a deeper understanding of the ever-growing cybersecurity landscape.

Furthermore, high-value skills are in critically short supply, creating an employment environment in which enterprises experience difficulty filling positions. Practical skill competency and certification attainment are the key attributes that hiring managers consider when making cyber security position hiring decisions.

Therefore, an appropriate hiring strategy that emphasizes performance based certifications that require practical applicant cyber security skills is key to successfully filling open positions.

Certifications, which can be garnered in less time than a formal degree, have become a prevailing consideration when filling an open cyber security position. Certifications such as CISSP, OSCP and CEH are definitely a must have in filling the experience and skills gap within the cybersecurity industry.

As of 2015, ISACA boasts of 2000 resident members in Nigeria which indicates a low certification level amongst industry professionals. While certifications and degrees are an important factor in filling cybersecurity positions, hiring managers also look at practical experience garnered in similar positions before making their decisions. It is easy to list the number of certifications and degrees earned, but companies are looking to hire people who can come up with solutions to problems on the job and not individuals who can just answer questions on a certification exam.

In conclusion, possessing academic knowledge and certifications are clearly important distinctions to stand out in an applicant pool, but the real differentiators are hands-on experience in the field, which goes beyond that gained from the classroom.

This article is an excerpt from our Thought Leadership document "Building Cyber Security & Resilience in a Digital Africa" . Click here to download the publication.

© 2019 KPMG Professional Services in Nigeria, a limited liability company and a member firm of the KPMG network of independent member firms affiliated with KPMG International Cooperative (KPMG International), a Swiss entity. All rights reserved.

Connect with us


Request for proposal