Cyber Workforce Vs. Cyber R&D Human Capital
When the media and various pundits mention a growing need for cyber security experts, they rarely mention what types of experts are actually missing. Specialties vary greatly – Analysis, research, engineering, incident response, investigation and others require different backgrounds and training. Most of these occupations can be roughly categorized under what is called the “cyber security workforce” – The workforce responsible for the security of organizations, working either from within the organizations (usually under a CISO) or delivering a service from the outside.
There is another category, just as important – The “cyber security R&D human capital” – These are the women and men who research, design, develop and build cyber security products and services. They are the backbone of a market that has been growing exponentially, with Israel as one of its leaders. In my previous role as Head of Human Capital Development at the Israeli National Cyber Bureau, I led the effort to enhance this group in numbers and quality on a national level.
Software Engineers Vs. Cyber Experts
Even though cyber security is a distinct field in Information and Communication Technologies (ICT), most cyber security companies, which provide products or advanced services, rely on human capital similar to other software companies. Some find it surprising that most developers in these companies are not cyber security experts, but rather software engineers that could have worked in any other ICT company. However, cyber security companies usually have a small core of ״cyber experts״. While their software engineering colleagues build effective products with minimum errors, cyber experts focus on errors in programs that might be exploited. They are an essential part of product design, data science and analysis, research and other fields in a cyber security company, that demand expertise in the intricacies of cyber threats. A cyber security company can manage with a relatively small number of these experts, but it can not exist without them.
The Israeli “Military Path” to Cyber
One of the main reasons for Israel’s prominent role in the cyber security market stems from its mandatory military service and its unique security challenges. Each year, the military gets to “cherry pick” some of the best and brightest to deal with cyber intelligence and warfare. In order to make the best of their time in the service of their country, the military has devised and perfected highly intensive courses, which allow high school graduates to handle complex technological challenges after only a few months.
Many of these go on to become cyber experts in the industry. Moreover, most Israeli cyber security companies would have a hard time functioning without them. However, this path is very limited in numbers. Ultimately, for the cyber security industry in Israel to grow, it needs more experts than this route can provide.
An Alternative Path
The military cyber training courses are hard to emulate. They are extremely intensive compared to what is customary for civilian training. Their staff is usually made up of some of the best developers, while outside the military, they rarely do anything other than development or engineering work.
Even so, the dire need for more cyber experts has created an opportunity. For the past few years, ITC has succeeded in training promising young professionals in cyber security, and placing them in R&D roles. It has done so by creating a highly intensive course tailored to the needs of the industry and taught by industry experts. Our industry partners, recognizing the potential to hire more talents, have joined us by delivering some of the training themselves. In the coming years, we are expected to train even more cyber security experts, and hopefully support the growth of this important industry.
In the picture: ITC participants working on cyber security projects at Check Point, as part of their training.
Original post by Tom Ahi Dror on LinkedIn
For more information about our Cyber Security Pro course, please visit: