Loading IS3C ...................
The principal aim of Working Group 2 (WG2) is to identify gaps between the knowledge and skills of young graduates entering the cybersecurity sector and the expectations of the organisations that employ them. In its first year, WG2 has been documenting ways that countries and institutions are addressing this challenge and how promoting good practice that could be replicated elsewhere.
WG2’s Mission Statement explaining its objectives, projected outcomes, key tasks, and timeframe for its work plan are set out in its Mission Statement published in June 2021 accessible at: https://www.intgovforum.org/en/filedepot_download/3737/2590. This describes the group’s focus on examining how tertiary educational curricula, at all levels of education, need to adapt to ensure that school and college-leavers are equipped with sufficient knowledge and understanding of how deploying security-related standards helps individuals and businesses to engage securely and safely in the digital economy.
Because of society’s increasing dependence on cyber infrastructure and the major costs to business and society caused by cyberattacks, cybersecurity has become an important and expanding employment sector. The vocational and tertiary education sectors may have attempted to adapt their training and course curricula to meet the demand for expertise in cybersecurity.
However, a sample of mainly European stakeholder interviews conducted by WG 2 in the first half of 2021 produced the following, startling conclusions: o the creative, innovative potential of young people is not being tapped for the benefit of a more secure cyber future; o industry and government interviewees pointed to a low level of generic skills such as synthesis and analysis necessary for a career in cybersecurity and developing the pipeline of talent required for the increasingly digital society and economy;
students lacked some core skills such as holistic thinking and the ability to join the dots in complex problem-solving and had poor knowledge of operating systems, systems logic, network protocols and cloud technologies; o cybersecurity studies should better equip graduates with the ability to draft, strategize and develop a cyber-risk mitigation strategy, including the appropriate legal and compliance steps that need to be taken when responding to cyberattacks and reporting them to law enforcement; o students needed to develop an in-depth understanding of the different types of cyberattacks, the business systems that are most at risk, and the importance of an organisation-wide approach to cybersecurity.
Companies that were contacted by WG2 members during 2021 indicated they were keen to support exploring new approaches to meet the demand for trainees and graduates with more in-depth cybersecurity expertise. Examples of good practice cited by businesses included the establishment of a national hub in Denmark that brought together education and business, and a social engineering approach to recruitment developed in the Netherlands, where gender-balance is also a priority.
Next steps In its next phase of research, WG2 intends in the first quarter of 2022 to undertake, with the assistance of the Youth IGF, a further round of interviews with tertiary and vocational establishments in other geographical regions. This research will also include interviews with a more diverse range of business stakeholders. A preparatory step already taken has been outreach to universities in Australia, Morocco and Poland with the aim of: a) obtaining the views of leading academic experts on the findings of the initial phase of interviews; b) validating the methodology being adopted by the working group for its continued research. It is also hoped that this will lead to new partnerships between business and academia that will enhance the ongoing work of the IS3C coalition generally.
The final phase in WG2’s work plan in mid-2022 will be to undertake a worldwide stakeholder survey with the aim of consolidating the initial research findings with quantitative data. Open questions in the survey will also encourage respondents to share new ideas and examples of good practice. The final report setting out WG2’s findings and its policy recommendations and guidance for the vocational training and tertiary education sectors will be presented at IGF2022.
These outcomes will not only serve to reshape training programmes and educational courses so that they fully meet today’s cyber-challenges, but also encourage more young people to consider the cybersecurity sector as an exciting employment opportunity.
