With so many emerging cybersecurity threats, it can be easy to forget about a notable, growing cybersecurity concern: the talent gap. As malicious actors continue to evolve their tools and techniques, how can organizations keep pace with the shifting threat landscape while facing a skills shortage? 

Here, we talk to Riccardo Ocleppo, Founder and CEO of Open Institute of Technology. 

Security magazine: Tell us about your title and background. 

I am the founder of Docsity and OPIT — Open Institute of Technology. As an entrepreneur passionate about education, I develop products and services that positively impact millions. Since founding Docsity in 2010, we've grown to over 20 million registered students and partnered with 250+ universities worldwide to enhance and promote their programs. This experience inspired me to establish OPIT, which aims to revolutionize technology-focused higher education with innovative, flexible, career-aligned curricula that democratize access to higher education in technology fields.

Security magazine: Some say it is necessary to have a traditional higher education degree in order to work in the fast-paced cybersecurity field, especially when it comes to AI. What are your thoughts on the subject? 

While a traditional university degree can provide valuable foundational knowledge and critical thinking skills, the fast-paced nature of the cybersecurity field, (especially in areas like AI) means that practical, hands-on training is just as important. Many of the most successful cybersecurity professionals have backgrounds that blend formal education with real-world experience and continuous learning.

The approach we find works best is to combine a solid academic grounding — both technical and managerial — with opportunities for applied projects, industry internships and certifications; this allows students to be best prepared to hit the ground running in cybersecurity careers. Theoretical understanding of topics like governance, network security, cryptography, risk management as well as other cutting-edge areas is indeed important; however, the ability to actually implement these technologies to solve complex, evolving security challenges is what employers are seeking.

Security magazine: How can practical training in AI can be directly applied to the ever-evolving cybersecurity market? 

The cybersecurity landscape is constantly shifting, and AI is accelerating this. Think about deep fakes, next-level social engineering, AI malware generation/adaptation and more. On the other side, AI and machine learning are also proving to be invaluable tools for identifying patterns, automating responses and staying ahead of sophisticated cyber criminals.

In this context, teaching students how AI can be used on both sides (attacking and defending) is as key as allowing them to test such things first-hand. This includes developing skills — through practice — in areas like:

• Applying natural language processing to analyze threat intelligence and security logs
• Automating incident response and security operations with AI-powered systems
• Leveraging generative AI to create synthetic data for security testing

The next generation of cybersecurity professionals needs to know and use these technologies to solve the constantly changing cybersecurity challenges. 

Security magazine: What are some actionable ways to close the cybersecurity skills gap? 

I believe a multi-pronged approach is needed in higher education in cybersecurity:

• Offer more specialized cybersecurity degree programs, certificates and professional development courses to build a larger pipeline of skilled talent.
• Incorporate more project-based learning, internships and real-world simulations into cybersecurity curricula to give students practical experience.
• Encourage professionals from adjacent fields like IT, data science and software engineering to explore cybersecurity through bridging programs and skills development initiatives.
• Debunk the myth that cybersecurity professionals are super tech profiles. Cybersecurity is a multifaceted field, including both technical and managerial aspects. Cybersecurity professionals might come from a wide variety of backgrounds.
• Work closely with employers to understand their evolving needs and tailor educational offerings accordingly. Leverage industry partnerships to provide students with mentorship and career placement support.
• Actively recruit and support underrepresented groups in cybersecurity to expand the talent pool and bring diverse perspectives to the field.

Security magazine: Anything else you’d like to add?

Certifications also play a crucial role in ensuring that professionals in the field are recognized for their skills in the field. It is a way to prove the skills acquired through training courses and your experiences in practice. However, it is important to highlight that the learning process does not stop there. The constant and rapid evolution of cyber threats requires a constant commitment from the student to stay up to date with the latest trends.

My tip for staying current is to participate in extracurricular training courses, read articles and specialized publications, sign up for webinars and online conferences, join groups, and receive newsletters on the topic. Investing in continuous self-improvement allows professionals to remain relevant in their industry and can open up new career opportunities.