1,205 vacancies in cybersecurity: how to fill the void? Let’s anticipate! More than 4 years later, it is still commonly accepted that the talent war is still raging in the world of IT and more specifically in the world of cybersecurity...
DataNews’ headline in April 2018 (and as shown already Agoria): "War of Talents" in the IT sector: 'The best attack is defense'. The scarcity of computer scientists in the labor market, already more than four years ago, has still not been solved. The specificities have changed - the requests too - but the void is always very present. Analysis and anticipation with Gregorio Matias.
More than 4 years later, it is still commonly accepted that the talent war is still raging in the world of IT and more specifically in the world of cybersecurity. Agoria (as a reminder, Agoria brings together nearly 2,000 technology companies in the manufacturing, digital and telecommunications sectors in Belgium), as part of its recent study (First Socio-Economic Study on The Cyber Security Sector In Belgium, November 2022) raised another 1,205 vacant positions in cybersecurity. Just that.
This talent war, MCG and especially myself as CEO for more than 20 years, we know it very well.
Beyond being a specialized and recognized actor in the world of cyber-security, MCG also delivers training for businesses and jobseekers (through recognized training centers). These courses cover both: basic and advanced cybersecurity concepts, "IT Security" in general but also the "Cloud Security", "Risk Approach" methodologies, threats and vulnerabilities, etc. This historic activity was already present at creation, more than two decades ago now.
As a major player in talent training, we have seen "hype cycles" that a famous economist has identified in the years 1936. As a reminder, and in a simplified way, John Maynard Keynes explained some scholarship cycles on the basis of "beauty competitions".
The underlying idea of this fictitious beauty contest (launched in a Londonian newspaper of the time) was to demonstrate by analogy - the adoption of a collegial conception of beauty - that stock market prices were not determined by their intrinsic value, but rather by perception, common, that have market players.
If we apply this idea in the context of the employment market (and more precisely in the IT one), we can detect the fashion phenomena to which all the actors adhere by perception of the evolution of the market.
According to Gartner (American business consulting and research in the field of advanced techniques), which publishes annually the "Hype Cycle" curves in the IT, most technological innovations follow the same adoption curve passing through 5 phases. Let's take a concrete example: In 2009-2010, the Gartner's Hype Cycle predicts a beautiful future (short-term) to the Cloud.
This has made some actors say that the future was in the training of developers and not more people with infrastructure and cyber security profiles, because the Cloud would make all this available. This has resulted in a fall in the offer of training in these trades, with a shortage of talent availability, as we know it.
From hype to another, next to this first "fashion" phenomenon, we are making a clear face today with a "hype cycle" for cybersecurity.
All market analysis institutes, and therefore all the actors in the Cybersec industry, anticipate more than 20% annually for their income (study Agoria). It is therefore obvious that we are witnessing - and will also assist - a phenomenal growth of societies announcing as specialized in cybersecurity. But is there enough quality ?
Agoria reports 441 companies specializing in cybersecurity in Belgium - including 106 for Wallonia. But what does it actually mean: be formed in cybersecurity or deliver cybersecurity services? These questions must be asked. Because at the heart of these companies specialized in cybersecurity, there are the trained ones of yesterday and tomorrow!
These 2 fundamental questions seem to us both essential and complex. Take the example of the implementation of backups. Is it realistic to say that it is an activity of "cybersecurity" assuming that this essential notion exists since the day the computer science appeared (back to the 80s ...)?
Another example: do you sell a Firewall without additional security services or without activating them, all without a prior definition of a security architecture? Is it cybersecurity? Personally, me Gregorio Matias, CEO and cybersecurity consultant for more than twenty years, I do not believe it.
Focus now on the quality of training. For several years, we have literally seen the graduate cycles in "Cybersec" rise: whether it's bachelor or master, offers multiply and "students" have something to do their shopping. Really good?
As a Cyber-Security Expert, and CEO of MCG (and therefore Talent Recruiter in Cybersec), I would like to share one of my experiences: I recently received a student in his latest year of a cybersecurity bachelor. He was talking to me about his expertise in "pentesting" (in english in the text: penetration, intrusion and vulnerability test of an IT eco-system for example to identify the faults, risks and threats).
On the other hand, this young man has unfortunately confessed to me his deep lack of knowledge in terms of cloud, potential cybersecurity solutions and even hybrid architectures. The basis. A height, yes!
In short, this student received "advanced" training without having received "basic" training. It reminds me of an expression: "put the cart before the horse". Should we be satisfied with these training gaps?
Belgium as a whole (and Wallonia more particularly) needs to train talents that will allow its economy to develop, and people to emancipate intellectually and socially.
The initiative of the public digital agency, with the Cyberwal by Digital Wallonia program, is essential. In our case, especially the training pillar.
Wallonia, and Belgium, need talents with different profiles but, in all cases, real talents in cybersecurity and no cosmetic sprinkling with a beautiful marketing seduction label in training offers.
Training is a very serious subject that will determine the experts and the managers of tomorrow.
The same goes for the real actors of cybersecurity. Without identification and recognition of these real actors, and their effectiveness, companies and organizations (customers) will be disappointed, and even worse, trust in the sector will not improve, deteriorate and ultimately the level of resilience of the region and the country won’t grow!
In all humility, as a cyber-security expert, and CEO of MCG, a company located in Louvain-la-Neuve and specialized in the field of cybersecurity for more than twenty years, we are fighting each day to be alongside our customers, offering them effective, realistic, and consistent solutions. All in a human and responsible environment.
And not putting out smoke and mirrors ! Quality cybersecurity is clearly at that price.
To learn more about efficient solutions that are adapted to your cybersecurity needs that we offer at MCG, contact one of our experts.
Let's assess your Cyber Security together