Cybersecurity: The Millennial Dimension

For corporations and governments across the globe, cyber-attacks are now far more than an ethereal threat. In recent years, high-profile attacks from Shamoon to WannaCry have dealt a reality check to the world—a harsh reminder that no organization is too mighty to suffer the effects of a digital blow. For the Middle East, the evolving threat is of particular concern with several countries boasting some of the highest internet usage rates globally and ambitious smart city ventures with a digital core. If the need to combat malicious cyber activity weren’t already pressing enough, these smart ambitions increase the urgency even further for the region and raise a question that is of relevance not only to the Middle East but worldwide: where is the cybersecurity talent that will keep the growing threat at bay?

Herein lies the issue; while there have been many successful advancements in cybersecurity technologies in recent years, the same positive trend is absent when it comes to cybersecurity talent. The severity of the shortage is a global phenomenon, with a deficit of 1.8 million cybersecurity workers estimated by 2022.² In the Middle East and North Africa (MENA) specifically, the shortage is expected to reach 400,000 by 2019 ³—but the region has an advantage.

Millennials—people born between 1982 and 2000—can be a solution to the problem and fortunately for the Middle East, it has young populations in abundance. For example, nearly half of Saudi Arabia’s local labor force is comprised of Saudi nationals under the age of 35. ⁴ These figures are also very prominent in other MENA countries, such as Jordan and Egypt, where around 70% of the population is under 30 years of age.

Here’s why it matters: not only are millennials expected to account for three-quarters of the global workforce by 2025, but they were also born into the Internet age. For many at the younger end of the scale, life before smartphones and social media is the stuff of history books—and nowhere is this truer than the Middle East. Across the region, internet penetration rates are amongst the top five percent globally, while on the mobile front, there were 365 million unique subscribers in MENA by mid-2017, accounting for 63% of the region’s population.⁵

So, with a deep pool of tech-savvy talent at its fingertips, the Middle East must now strive to attract, train, and retain this invaluable workforce. The task may seem as formidable as the cyber threats that loom on the horizon, but with a structured approach, it is achievable. Here’s how the region’s government, industry, and academic stakeholders can play their part.

Government

First, it is important to map the talent supply. To do this, governments can invest in tools similar to the United States National Institute of Standards and Technology (NIST) CyberSeek, which provide detailed data to employers on the size of a particular cybersecurity workforce, the average cost of such workers, and the difficulty involved in sourcing talent for specific cybersecurity occupations.

With the landscape established, governments can work with the private sector to develop national cybersecurity career frameworks that translate talent supply and demand indicators into job profiles, factoring-in the motivations and expectations of millennials to ensure job satisfaction and employee retention. The neutral role of government helps establish standardized and well-balanced frameworks that consider both the needs of job providers and the interests of job seekers.

It is also critical that a bridge is established between educators and employers. To this end, governments can work to establish scholarship programs. For example, the US National Science Foundation provides scholarships to students on certain cybersecurity-related degree programs in return for service at various levels of government upon graduation.

Furthermore, the Middle East must build robust government cybersecurity corps of local nationals who can be trusted with sensitive data. Members should be recruited early so they can be given the proper exposure and then be incentivized with scholarships and government cybersecurity opportunities when they join the workforce.

Industry

To map the workforce demand, industry must have a clear understanding of the cybersecurity risks they face. To this end, it is important for industries to develop risk reports that inform workforce needs. With a better understanding of the workforce demand, industry can re-craft the value propositions of jobs to align vacant positions with the motivations of millennials. For example, millennials have expressed interest in dynamic and evolving careers, so cybersecurity employers can emphasize the importance of adaptable and adventurous characteristics to many roles.

However, while millennials desire dynamic careers with clear opportunities for progression, few have the technical skills or knowledge to secure such careers in the cybersecurity space. To address this, organizations can adopt a “hire-then-train” strategy that enables employees to obtain advanced technical certifications on the job.

And it’s not only training that millennials lack; many have minimal work experience too—a problem for an industry where opportunities for inexperienced candidates lacking industry credentials can be few and far between. With this in mind, it is important for organizations to reduce barriers to entry-level positions and increase training opportunities such as apprenticeships.

Academia

Government and industry are central to nurturing the cybersecurity workforce, but education providers have a vital role to play in offering initial exposure to the profession. This can be done, for example, through university participation in cybersecurity research, industry career sessions and co-op internships, where students alternate semesters of academic study with semesters of employment.  Ideally, however, exposure should be offered to students at a younger age so they are receptive to the messaging from industry. There are many innovative ways to achieve this, such as the UK’s CyberFirst Girls Competition, which guides 13-15 year olds through competitive activities in cybersecurity, coding and computer networking.

From competitions to training to government initiatives, if the Middle East’s cybersecurity stakeholders work hand-in-hand, then the future, not just of the region’s digital defences, but of its millennial population, can be secured. The cyber threat is ever-present, but with the right people in place, MENA can be in safe hands.

¹ The State of Broadband 2016, United Nations Broadband Commission

² Center for Cyber Safety and Education™ eighth Global Information Security Workforce Study (GISWS) - sponsored by (ISC)²® and Booz Allen Hamilton

³ The 2015 (ISC)2 Global Information Security Workforce Study, Frost & Sullivan Market Study in Partnership with (ISC)2 and Booz Allen Hamilton

⁴ Saudi Arabia General Authority of Statistics

⁵ ‘The Mobile Economy Middle East and North Africa 2017’, GSMA