How to Meet the Growing Demand for Cybersecurity Professionals
How can U.S. enterprise security professionals learn from their Irish colleagues to fill cybersecurity roles?
Like a deadly virus poised to attack, cybercrime has never been more threatening given how consumers, companies and governments live their lives online today. This has made software security a requirement rather than an option, but such massive demand has understandably created what many American companies consider their biggest challenge: finding trained professionals to develop and execute security software. Analysts are predicting there will be 3.5 million cybersecurity job openings worldwide by 2021, which has left U.S. companies scrambling for solutions.
While creating products that automate more security tasks and beefing up internal training programs are common approaches for American firms, an increasing cadre of companies has taken a different path. Understanding that the booming U.S. economy has led to an inadequate domestic supply of all software professionals, but particularly security pros, many firms are establishing overseas operations in locations with greater availability of workers and lower overall costs of doing business.
“Cluster” concept helpful
In addressing the skills shortage, Europe’s “cluster” concept has been particularly beneficial, in which companies in a specific market in a certain region team with local government agencies, researchers and academia to achieve common goals. Although done for 20 years or more, clustering has been seen lately in the security sector in places such as Norway, Denmark, Sweden, Finland, Ireland and Israel.
Some of these countries have a strong military focus for their security clusters such as Israel. However, nations without a large military or close ties between government and defense typically concentrate on the multinational and business sides, which is advantageous for American security firms looking for promising overseas locations for development offices.
For this reason, many American security companies have development centers in Ireland, which offers one of Europe’s youngest and most highly educated workforces as well as strong government support of international companies when it comes to taxes, regulations, R&D assistance and worker training programs.
U.S. Companies Locating in Dublin and Cork
Symantec set up shop in Ireland in 1991 and has been joined by five of the world’s top 10 security software firms, such as McAfee, Trend Micro, Malwarebytes, FireEye, SolarWinds and others. Recent companies to land include Vectra Networks, Tenable, Ciphertechs, e-Sentire and Cylance.
Beyond the exclusive security providers are tech firms developing specific security products like IBM, Dell EMC, Mastercard, HP Enterprise, DocuSign, Qualcomm and Johnson Controls. At present, there are more than 6,000 security professionals working in Ireland and more than 40 multinationals there, the majority being U.S. companies.
Need for Skills in Cloud and Threat
According to Mike Banic, Vice President of Marketing at Vectra, “One of the things we find in Ireland is there are a lot of engineers that have great cloud skill sets,” he says. “They have cyber experience and the platform-level experience we need for cloud. Having those skills allows us to have the team take ownership of a complete product.”
Another plus for Vectra is the availability of security engineers with skills in threat-based security rather than just policy-based security, he explains. “In our search for talent, we choose locations that have people who are experts in threat rather than just policy,” says Banic.
The “cosmopolitan” and large international workforce in Ireland was another draw, he says. “It allowed us to achieve a greater business scale at a reasonable cost. We can hire a strong team, it would be cost competitive and we would realize significant benefits from the talent pool of the individuals in the process.”
Collaborating for the Future
The critical mass of security companies there helped kick off the nation’s government-supported cluster organization, Cyber Ireland, near the end of 2018.
The endeavor, hosted by the Cork Institute of Technology, follows a long term effort “to try to address the skill shortage in cybersecurity,” according to Dr. Eoin Byrne, cluster manager of Cyber Ireland. It also has a broader mandate, too. “We’re trying to bring together industry, academia and government to address the needs and challenges of industry,” he explains.
This synergistic approach began with extensive industry input from major American tech firms with Irish operations such as Microsoft, Google, Facebook, IBM, SAP, Dell and many others. Dr. Byrne notes that despite competitive positions among participants, they worked together to define and plot strategies, with one critical goal of producing more professionals for these companies to hire.
Industry-Defined Training and Programs
Demonstrating the collaborative nature of clusters, Ireland has a new, well-funded training effort, the Cybersecurity Skills Initiative that is training 5,000 new cybersecurity professionals within three years who will then be employed by firms in the country, with the lion’s share going to multinationals. Trained graduates have already begun entering some of the many firms that have joined the initiative.
Dr. Byrne notes that Ireland’s educational sector is a plus in creating training programs, as well support from many research centers where security is a focus area. The enthusiastic response and strong participation by industry sets the stage for future success, he believes. “They want to be part of Cyber Ireland to address the talent and skills gap,” he says.
A top initiative on the part of company participants is for “Cyber Ireland to explore the potential for a national cybersecurity research center,” he says. “That’s going to be something that we’ll be looking at over the course of the next two years.”