The rapid rise in cybersecurity threats, coupled with a shortage of skilled professionals, poses a serious challenge for organisations striving to maintain a robust security posture. This issue, according to a senior expert leader, demands a strategic emphasis on cultivating highly skilled information security experts.
“The cybersecurity industry faces a critical shortage of skilled professionals. As digitalisation accelerates, each new technology requires rigorous security checks before entering daily use. Currently, the demand for IT talent is two to three times greater than the supply of new professionals,” said Dmitry Serebryannikov, Chief Hacking Officer, Positive Technologies in an interview with TechObserver.in.
“Addressing this requires a focused effort on training experts equipped to meet today’s evolving cybersecurity needs,” he said.
Edited Excerpts:
What are the biggest challenges in aligning cybersecurity education with the industry’s rapid evolution?
The cybersecurity industry faces a critical shortage of skilled professionals. As digitalisation accelerates, every new technology needs rigorous security checks before entering daily use. Currently, the demand for IT talent is two to three times higher than the number of new professionals entering the workforce.
At the same time, India’s rapidly advancing IT infrastructure is becoming an increasingly attractive target for cybercriminals. Our study found a 15% rise in cyberattacks in India in 2023, with a striking 46% increase in the second quarter of 2024 compared to the same period last year. Public sector and industrial targets remain the primary focus for attackers.
This surge in threats, combined with a shortage of skilled professionals, presents a significant challenge for organisations across the board. Addressing this issue requires a strategic focus on developing highly trained information security experts. Practical, hands-on programs that consider today’s evolving cyberthreats and incorporate global best practices are essential for building a robust defense.
How do you ensure training programs are proactive rather than reactive to emerging threats?
Certain core principles shape our approach to cybersecurity, which we call the “hacker approach.” Mastering this approach makes it easier for individuals to adapt to new challenges and environments. As practitioners, we conduct hundreds of security analysis and penetration tests each year, giving us advanced expertise that we integrate directly into our training programs.
Beyond training, we hosts major international events to foster knowledge-sharing among cybersecurity experts worldwide. Our experience shows that the skills gained from just 3-5-days in these cyber battles can be comparable to 1.5-2 years of work experience. We don’t just share knowledge; we train leaders who will protect the future.
What role do AI and machine learning play in shaping the future of cybersecurity education?
Artificial intelligence (AI) and machine learning (ML) certainly simplify both work and learning. It has become possible to automatically translate not only text but also videos into almost any language. This simplifies the assimilation of the material since you can learn everything in your native language. In the future, we expect AI assistants to be available to people in all spheres of life, including education.
Organisations are employing AI to enhance their cybersecurity efforts through automation and machine learning algorithms that can adapt to new threats. However, AI is also being used for malicious purposes. Cybercriminals are using AI to create more sophisticated and targeted malware that can bypass traditional security measures.
While traditional tools based on strict rules and signatures can effectively detect malicious activity once it occurs, machine learning can analyse user behaviour and other entities to prevent destructive actions and non-tolerable events before they happen.
What strategies are most effective in bridging the cybersecurity skills gap today?
The best way to upskill is to immerse yourself fully in the profession. To build a global and inclusive community of cybersecurity experts, we launched Positive Hack Camp, a free international project focusing on hands-on cybersecurity training. The annual initiative began in August this year, bringing together 70 students from 20 countries.
We have also launched open events for information security specialists in different countries. The meetings are attended by both company speakers and specialists from Russia, as well as local experts. The first meetup took place in Bengaluru on October 11.
Which metrics do you prioritise when measuring the impact of your training programs?
For us, the most important measure of success is seeing individuals complete their training, become professionals, and discover their true passion in cybersecurity. The impact of our initiative is reflected in the numbers. To date, we have trained over 13,000 specialists. We collaborate with about 70 universities, enabling over 3,000 students to learn from our experience annually. Additionally, at least 1,500 teachers partner with us to develop information security training programs.
