Addressing Cybersecurity Skill Shortages in the GCC

Gulf women in cyber lead work to address GCC’s cybersecurity skills gap

The UK-Gulf Women in Cybersecurity Fellowship Programme is a UK FCDO funded program for women from the six GCC countries in senior cybersecurity positions. In collaboration with Ipsos and Protection Group International (PGI), the 2020-2021 cohort of the Fellowship has released a report from the first phase of research into cyber skills in the Gulf region, Addressing Cybersecurity Skill Shortages in the GCC Region.

The report details the findings of foundational research into how cybersecurity skill shortages can be addressed at organizational, national, and regional levels.

The research was conceived, commissioned and executed by the UK-Gulf Women in Cyber Fellowship Skills Syndicate Group with the support of Ipsos and PGI. It was based on a range of interviews with senior female professionals working in cyber security roles across the region.

Dr Haya Almagwashi, Cybersecurity Consultant and Fellowship Skills Syndicate Lead believes that this report will help senior leaders prioritize the actions required to make the industry and wider business resilient to digital threats.

“The globe is fronting fluctuating complex cybersecurity threats and challenges at various levels which requires collaborative efforts to address these shared challenges. A capable highly skilled cybersecurity workforce is a key enabler to any efforts towards achieving this goal. Therefore, it was intriguing to lead the research work into cyber skills with an elite team of female cybersecurity professionals from the region,” Dr Almagwashi said.

Mrs Nahla al Balushi, Head of Information Security at the Central Bank of Oman, who also worked on the report, added: “Identifying the critical skills in cyber security specifically required in the Gulf Region will help in addressing the gaps in the market and streamlining the cyber security curriculum taught at schools and universities.”

The key findings from the report include:

The top three critical cyber security skills in the Gulf

For interviewees, Cyber Threat Intelligence Management, Incident Response and Governance were the most in-demand skillsets in the GCC region. Interviewees also highlighted the importance of cybersecurity-specific leadership and training skills across their organizations.

The challenges in building sustainable cyber security workforces

The limited integration of cybersecurity into the wider business processes of organizations was cited as a central challenge impacting cybersecurity professionals at all levels. Problems include siloed working practices and a lack of support from management and inter-departmental peers. In many GCC countries, the lack of cybersecurity career frameworks are causing training and development challenges for employees and managers at organizational and even national levels although the report highlighted the recent Saudi Cybersecurity Workforce Framework (SCyWF) as a possible solution.

The future of building a successful cyber security workforce

Knowledge sharing and practical training, together with leadership and soft skills were identified as vital for building a successful cybersecurity workforce. The overwhelming majority of interviewees stressed the importance of knowledge sharing and exposing new talent to real-life scenarios to bridge gaps in cyber security experience and overcome the largely theoretical cyber security education and training that is currently available. One of the central themes of the report is the requirement for leadership and soft skills to be developed in parallel as interviewees felt that technical skills in isolation are not enough to equip practitioners to deal with the demands of cybersecurity roles.

The keys to cyber security retention

Recognition and development were identified as key to cybersecurity staff retention in the Gulf. Interviewees noted that the jobs within the cybersecurity profession were developing a reputation for overworking or even burning out their staff. This contributes to a lack of skilled and diverse individuals being identified, developed and maintained. Additionally, there is a strong requirement across the industry for a level of financial and cultural commitment from management to invest in development, technology, welfare and support.

The importance of multi-skilled cyber security professionals

The research also highlighted a need for a greater number of an organization's cybersecurity workforce to be more multi-resource professionals—versus specific penetration testers or incident responders, which are expensive resources if not being utilized for those specific skills most of the time. The specific markets for these jobs need to saturate along with salaries to make recruitment more viable and sustainable.

Members of the Fellowship’s 2021-2022 cohort are now working with Ipsos and PGI on phase two of this research which aims to further substantiate the report’s findings via a quantitative assessment of grassroots opinion. The results of this phase will be announced in the second quarter of 2022.

Wafa’ Nimri, PGI’s General Manager for the Levant, who heads the UK Gulf WIC Fellowship Secretariat says that PGI is very proud to continue its involvement with this important program.

“The Fellowship plays a significant role in addressing the acknowledged gender diversity challenge faced by the cybersecurity sector globally, by featuring the research and roles of prominent women in cybersecurity. And the strong data and innovative thinking about skills growth in the GCC region for the sector generated by the work of the two cohorts will provide invaluable foundations for future cyber security capability building initiatives by governments and regional organizations,” Miss Nimri said.

Download

Related news