Increasing use of interconnected digital technologies has driven up cybersecurity threats worldwide, including in the Middle East and North Africa (MENA) region. But there’s an even bigger concern facing the industry—a workforce that’s not growing quickly enough to handle a threat landscape that continues to expand in scale and complexity. To effectively address today’s cyber risks, governments and enterprises must have a workforce that is equipped to prevent, identify, and respond to more and more frequent attacks.
Enter MENA millennials—a bright, talented, and motivated segment of the population ready to join the future cybersecurity profession, which is facing a current gap of 2.9 million qualified workers around the globe. Engaging MENA millennials through better preparation across various levels, including government, employers, and academia, to establish a well-equipped and skilled cybersecurity workforce is a direct means to protect national security, business operations, information, brands, and finances. Below are top recommendations to build a robust cybersecurity workforce capacity in the region:
Create a local cybersecurity corps with a scholarship program
MENA governments can build a robust government cybersecurity corps of nationals that can be more readily trusted with sensitive data. This corps should be recruited early in school to be given the proper exposure to such opportunities at an early age, and then incentivized with education scholarships and selective government cybersecurity opportunities when they come of age. Government scholarship programs can be effective at attracting skilled cybersecurity talent for a broad range of cybersecurity roles.
Adopt a "hire-then-train" policy
While millennials are often thought of as tech-savvy, very few report receiving adequate technical skills or cybersecurity knowledge (e.g., security architecture, incident triage) in formal education programs. Consequently, organizations should adopt a "hire-then-train” strategy. They should offer benefits for employees to obtain advanced technical certifications after they have been hired. These training programs should also reflect the need for cybersecurity functions to be fulfilled by teams with diverse skill sets and should be coupled with efforts to grow junior employees through apprenticeship, formal on-the-job shadowing, and monitored performance that provides real-time feedback as they carry out their job duties.
Offer experiential cybersecurity learning
Schools must not only embed cybersecurity into the classroom but also offer students experiential cybersecurity learning programs. This can be offered through lab simulations, cyber ranges to exercise red/blue team scenarios, or cybersecurity competitions. An example is the UK CyberFirst Girls Competition, which provides a fun but challenging environment to inspire the next generation of women to consider a career in cybersecurity. In 2019, more than 3,000 teams from nearly 850 schools participated. Each team is guided by a mentor, often a teacher, through a set of competitive activities across the areas of cybersecurity, coding, and computer networking. There should also be opportunities to practice applying skills with cybersecurity employers. One such program would integrate co-op internships into a school’s cybersecurity curriculum where students would alternate semesters of academic study with semesters of employment with a cybersecurity employer, thus gaining guided instruction and mentorship from both an academic advisor at the school and a mentor or manager in the workplace.
With the need for robust cybersecurity—and the skilled professionals who can deliver it—only growing, there is clearly much work to be done in expanding the workforce. To ensure that they’re prepared for whatever threats to future may hold, MENA governments, businesses, schools, and other organizations must act now to make the investments necessary to bring more millennials into this increasingly important field.