Organizations everywhere face the perfect storm of cybersecurity challenges. As AI accelerates the number and speed of threats, advanced technology and skilled human analysts are crucial to establishing effective defenses. Digital transformation initiatives are creating an extended attack surface for endpoints that often runs the team must ensure that endpoints when using outdated infrastructure and budget constraints. Regardless of the unique challenges facing entities, executives are concerned – 72% of leaders report increased cyber risks in their respective organizations, while nearly half of leaders are concerned about severe damage to their operations.
While businesses struggle to cope with this new reality, security leaders around the world face additional and unique challenges different from their U.S. counterparts, especially developing countries. The skills gap continues to widen and requires nearly 5 million professionals to fill a vital role globally, up 19% from 2023. Some regions struggle with limited IT educational resources and training opportunities, making it more difficult to find or improve skilled talents. In addition to finding the right practitioners, many leaders say they lack the necessary resources to help existing employees improve their skills. More than a quarter (26%) noted that it was difficult to retain people with demand skills, while 22% said they worked hard to provide professional development opportunities for existing employees.
In addition to personnel-related barriers, changing regulatory requirements, aging infrastructure, general lack of connectivity (or 5G deployment challenges), and limited modern resources are of great significance to business leaders and security professionals in many regions. All of these factors must be considered when we work together to find solutions to build a global pipeline of cybersecurity talent.
A scalable, sustainable approach to developing cybersecurity talent
I recently participated in the 2nd Annual Cyber Capacity Building (GC3B) in Geneva, Switzerland, chaired by the Swiss Federal Ministry of Foreign Affairs and worked with the Global Cyber Expertise Forum. Although the dialogue covers various topics related to cybersecurity capacity building, talent development is a recurring topic of discussion.
One of the keynote speakers of the event would be better said: “Building network capabilities is not only about technology; it is about people. We can build all the capabilities in the world, but if we don’t have the labor force to implement and manage it, then it will do more harm than good.” Another participant reiterated this view, saying that the decisions made by countries on the development of cyber labor “will determine not only who thrive, but who can survive.”
Just like the threat landscape that defenders must navigate every day, developing sustainable cybersecurity talent pipelines presents unique challenges, from conceptual planning to real-world implementation. Although there is no one that works for all approaches, there are many frameworks and existing partnerships designed to address this issue and we can seek best practices. For example, the World Economic Forum’s Strategic Cybersecurity Talent Framework for 2024 outlines the unique but interconnected components of developing and managing cybersecurity talent. This framework provides viable solutions to attract talent, train and improve the current workforce, and recruit and retain the right talent.
Just last month, the World Economic Forum released additional guidance on how public-private partnerships can help grow the global cyber workforce to address growing cyber inequality across organizations, sectors and economies. By leveraging shared expertise, these public-private partnerships can create new employment paths and play a crucial role in closing the talent gap in cyber, especially in areas where there are often no funds or infrastructure to attract experienced security practitioners.
Building a network talent pipeline through partnerships: A real-world example
Fortinet’s work in Morocco provides an example of how well-crafted partnerships can help develop network-passing pipelines, especially in underresourced areas. Through the Code 212 initiative, Fortinet has worked with two ministries and 12 Moroccan universities to integrate hands-on cybersecurity training for students in many disciplines. We recently completed a week-long train training course with 29 professors representing all 12 universities. These “code 212 schools” prepare over 100,000 young people for digital careers each year to support Morocco’s broader capacity-building goals.
Network security capacity building requires continuous cooperation
The growing complexity of threat landscapes today illuminates cyber inequality and makes certain areas particularly vulnerable. By working together across boundaries and departments, we can develop effective and practical solutions to make resources, technology, knowledge and talent more accessible to enhance their defense capabilities.
Like most cybersecurity challenges, no country or organization can successfully address capacity building. We need coordinated, ongoing partnerships between industry, academia, nonprofit organizations and government agencies. It requires scalable and sustainable models and requirements that allow us to think about the qualifications of network work and to actually value the true value of skills, experience, certification and alternative educational pathways.
Read more about the crucial role of public-private partnerships in building tomorrow’s online workforce in this blog post.
