SINGAPORE: Following news that a new academy will be set up in Singapore to train cybersecurity professionals in the government and critical information infrastructure (CII) sectors, industry insiders said it is a step in the right direction given the current shortage of such expertise.
Deputy Prime Minister Teo Chee Hean on Tuesday (Sep 19) announced the Cyber Security Agency (CSA) will develop the academy, in partnership with US-based cybersecurity vendor FireEye, to equip these professionals in incident response and malware analysis.
This received positive feedback from those in the industry, with Darktrace managing director Sanjay Aurora saying that it is “encouraging” to see the country take the lead in training cyber experts through the new academy and the ASEAN Cyber Capacity Programme.
This was echoed by Palo Alto Networks regional head for Singapore and Malaysia Alvin Tan, saying it was encouraged the CSA is setting up the academy and that with the “right mix of people, process, technology and an integrated mindset”, knowledge sharing can be brought to the “next level of maturity”.
“CHRONIC SHORTAGE” OF TALENT
Another cybersecurity expert, Mr Naveen Bhat, managing director for Asia Pacific at Ixia, a Keysight Business, said the country is already taking a leadership role in fighting cybercrime but in order to succeed, it needs talented people to defend the country, its institutions and enterprises.
“However, the currently available talent pool for competent cyber experts is fairly thin. The gap between demand and supply of trained people is growing all across the Asia-Pacific region. In order to close the gap, Singapore will have to take the initiative in building a trained workforce,” he added.
Mr Bhat’s point was reiterated by Quann’s managing director Mr Foo Siang-tse, who said that there is a “chronic shortage” of cybersecurity professionals globally, Singapore included. In fact, Mr Foo observed that there is a dearth of cybersecurity professionals with more than 10 years’ experience here.
Additionally, the company’s recent survey found that 91 per cent of surveyed Singapore companies are in the early stages of security preparedness, with a majority of them indicating an absence of a dedicated cybersecurity resource, the executive noted.
“This talent crunch is a major factor that limits cybersecurity teams’ efforts to deal with cyber threats,” Mr Foo said.
“Despite increasing automation in cybersecurity and proliferation of devices powered by artificial intelligence, the lack of human talent with the right skills, instincts and deep experience has never been more critical.”
The talent crunch issue was also highlighted by Mr Matt Loeb, CEO of the Information Systems Audit and Control Association (ISACA), who said six out of 10 companies’ C-suite “do not believe their staff can handle anything beyond simple cybersecurity incidents”.
This statistic was from its global 2016 State of Cybersecurity Study, Mr Loeb told Channel NewsAsia in an interview on the sidelines of the Singapore International Cyber Week conference.
BEYOND BOOK SMARTS
But the issue of equipping professionals with the requisite skills in today’s IT security landscape is beyond just making sure they get the right certifications, Ms Theresa Grafenstine, chair of ISACA’s board of directors, said during the same interview.
Ms Grafenstine, who is also the inspector general of the US House of Representatives, said with the increasingly sophisticated threat landscape facing organisations, they “do not just want a good test-taker” with a string of qualifications.
More importantly, these professionals need to take their knowledge gleaned off books and manuals to implement and execute strategies and actions, she explained.
This is why the non-profit association created its Cybersecurity Nexus (CSX) platform to train professionals according to their level of experience and in an environment simulating real-life attacks without the accompanying risks if this is done on a corporation’s network, the ISACA executive said.
“Here, they can understand the latest hacker tools, but don’t do harm on the enterprise network,” Ms Grafenstine added.
The CSA and ISACA had signed a memorandum of understanding on Tuesday to collaborate on building up cybersecurity capability and workforce development, including working on the latter’s Cybersecurity Risk-based Capability Assessment tool.
This tool, Mr Loeb explained, would allow CIIs, for instance, to assess their own cybersecurity posture against a defined industry checklist, and from there, give them insight on which areas they need strengthening.
Ultimately, these initiatives will help to deepen Singapore’s talent pool, which is critical as cybersecurity has been said to be the enabler for the country’s Smart Nation ambitions.