Talent shortage narrative challenged at Canada Ireland Summit 2022

Canada-Ireland Cyber Summit

At the Canada-Ireland Cyber Summit, experts discussed the evolving threat of cyberattacks and the ongoing talent shortage; however, when it comes to finding qualified employees with the right cybersecurity skills, at least one industry expert says it might be an issue of simply widening the search parameters.

On Sept. 20, Canadian and Irish cyber companies came together at Deloitte’s  headquarters in Toronto. In a suite enclosed by floor-to-ceiling windows overlooking Bay and Adelaide, cyber professionals from both countries brought insights from their sides of the industry, including presentations from keynote speakers.

The topic of talent development and talent shortages first arose during the initial panel which focused on cybercrime, ransomware and response to threats.

Left to right, Shannon Parker, Kelly Irwin, David Kennefick, George Al-Koura

George Al-Koura, CISO at ruby led the participants through several questions in the first panel.

“We have a professional skills shortage gap in Canada,” began Al-Koura. “We, I believe, have failed in our approach to actually developing talent in this industry.”

He stated that if a resume landed on his desk listing 10 or 15 certifications but less than four years in the industry, the candidate would not get an interview as “they’re not worth the time.”

Panelists of the first discussion also included Shannon Parker, cybersecurity director at Deloitte; Kelly Irwin, Electrical Safety Authority’s CIO; and David Kennefick, global engineering principal at Edgescan in Ireland.

Kennefick also acknowledged the talent gap. He noted that cybercriminals have grown savvy at recruiting talent. In the current cybercrime market, some tech professionals might unknowingly work on a piece of technology that will later be used to steal or extort data from a company.

Parker noted another major contributor to the cybercrime problem. Not only do many cyberattacks go unreported, but many law enforcement organizations lack the know-how necessary to investigate those that do make it into their radar.

Irwin mentioned that talk of skills shortages in tech and IT security has carried on for at least a decade.

“We can’t just convince everyone in the world to just stop going to school for anything else and just study IT security,” said Irwin.

However, she championed the idea of encouraging people with data analytics skills from other areas of a company to leverage their proficiencies within the security team.

Creating cyber-resilience is not just about education, but also about giving employees good reason to be on the side of their employer.

“You need to awaken their passion.”

Left to right: Kevin Buckley, senior development advisor, Enterprise Ireland; Philipp Kornitzky, Team Leader, Ontario Ministry of Economic Development, Job Creation and Trade; Sumit Bhatia, director, innovation and policy, Rogers Cybersecure Catalyst; Kevin Magee, CSO, Microsoft Canada.

The issue of the cyber talent gap recurred in the third panel, which focused on the Canadian and Irish cyber ecosystem. Microsoft Canada’s CSO Kevin Magee took the stage and spoke of the “tons of students” at colleges and universities who are brilliant and eager for entry into the cybersecurity industry, yet they cannot find a job.

“We should stop saying there’s a talent gap,” said Magee. “It’s not a talent gap. It’s really a leadership gap.”

He emphasized the need for the industry to shift its thinking and invest in greener talent coming out of academic institutions. Magee also questioned why many cybersecurity job posts request five years of experience for technologies that have not existed for more than one year.

“Why aren’t we taking the chance?”

In terms of best practices, he also suggested that companies train technologists to be leaders and managers to facilitate training of others, rather than simply promoting top talent.

Also present in this discussion was Sumit Bhatia, director, innovation and policy at Rogers Cybersecure Catalyst at Toronto Metropolitan University, a program that provides intensive training for entry into the cybersecurity field.

Prior to Magee’s comments on shifting the perception of where shortages exist in the industry, Bhatia told the audience that 81 per cent of the students in his program identify as BIPOC and 68 per cent of graduates are women.

While the industry has helped these groups gain some representation, the time has come to cultivate inclusion in those workspaces.

“We need to move forward, especially in an industry that’s been primarily male dominated. I think the effort that we have to put in towards inclusion has to be greater than what we’re doing in some of the other spaces.”