In July, the US government announced the National Cyber Workforce and Education Strategy (NCWES) which is aimed at addressing both immediate and long-term cyber workforce needs.
This NCWES is aimed specifically at filling cyber job vacancies across the US, with President Biden saying the government is working to help communities — including those currently underrepresented in the cyber workforce or who do not envision themselves in cyber jobs or are not aware of the tremendous opportunity to join this important and growing workforce.
Many US government departments and private companies made commitments around education, training, internship and mentoring programs, but one joining hands in this effort was the Cybersafe Foundation. This Nigerian-based non-governmental organization has described itself as "on a mission to facilitate pockets of changes that ensure a safer internet for everyone with digital access in Africa" and has run cybersecurity awareness campaigns and training for the public and businesses.
In line with the NCWES, the Cybersafe Foundation will develop a cybersecurity ecosystem playbook specifically designed for Africa to help solve the hiring issue that the continent is facing: specifically, that those with the ambition to learn are not getting the best preparation in education, and too many leave the country and continent for work opportunities.
Confidence Staveley, co-founder of the Cybersafe Foundation, says the playbook could be a game changer for the continent, both economically and in terms of creating a pipeline of future security talent.
How Does This Help Address Africa's Cyber Skills Shortage?
Staveley says Africa has a "talent flight" where people get educated in Africa but go overseas for work. "There's a term called 'Japa' in Nigeria; it means leaving the country and going abroad because you want greener pastures," she says, acknowledging frustration where employers invest in training and education for an employee who then leaves the company.
A skills gap has grown in Africa because of a lack of opportunities due to students needing to learn more than just theory in the classroom, and with more rapid adoption of new technologies such as the Internet of Things (IoT) and cloud services. Academia needs to keep up.
One report claimed (PDF) a shortage of skilled security personnel impact most business' ability to hire and retain cybersecurity professionals, leading to more reliance on third-party security service provision.
"I believe Africa has the potential to become the talent capital in terms of cybersecurity of the world," Staveley says. "With a young population we can comfortably create enough talent on the continent. So, the talent flights won't be a challenge given the number of young people, we have millions of young people wanting to gain these skills."
Digital skills training is underway in Africa, but the greater challenge for businesses in seeking staff is not having the skills and knowledge to secure the data that is being collected, or awareness to ensure that the average person is using technology in a way that secure and safe. The missing skill is the ability to protect the data and the systems already in place, Staveley says.
One challenge is not having the resources to teach practical cyber skills, as universities teach programming on a whiteboard rather than getting more hands-on, and there is not enough of that practical education. It's more theory-based. Therefore, Staveley says enabling hands-on practical skills will be part of the playbook, too.
What Will the Playbook Encompass?
According to the NCWES launch statement, the Cybersafe Foundation's playbook will include lessons learned from previous exercises the company has run, and offer best practices that will support the development of the cyber workforce.
Staveley says the playbook will act as a map to foster development of a robust cyber workforce in Africa. She says a timeline for the playbook is currently being set, with the first version of it available in 12 months.
During the next year, there will be a series of consultations and reviews, feedback, and refinements from different stakeholders. "Coming together to solve that challenge, especially from the skills and workforce perspective, is something that we need a whole ecosystem approach to do," she says.
What Metrics Will Be Used to Gauge Success?
Staveley says the success of the playbook will be measured through what she calls a "multiplicity" approach, where she will look at the number of people who are able to get trained with cybersecurity skills, as well as the number who join the cyber workforce in the next five years.
"So every five years we will be able to assess how this playbook has been able to influence the ecosystem to then produce more talents and build the workforce," she days.
She acknowledges that this is not a problem that one organization can solve, and that it requires a collaborative effort to drive and influence changes.
There will also be qualitative impacts like case studies to showcase the successful transition of individuals into cybersecurity roles. This combination of qualitative and quantitative metrics will be assessed on the number of people being hired, the number of people being retained, the number of jobs being created, new training options, as well as the number of universities that will offer cybersecurity courses, and where curriculums are revamped.