What skills are needed to address cyber security?


A few months ago I received a card in the post from my 83-year-old mother telling me how much she is enjoying using the iPad I gave her and taught her how to use.

Around the same time, visiting a friend’s house, his teenage son picked up a postcard that had arrived that day addressed to him.

“What’s this?” he asked.

“A postcard,” replied his Dad.

“Who opened it?”

Generally speaking, when it comes to communications technology the confusion is not so much around skills needed but in methods employed.

No doubt there will be any number of courses developed around cyber security to add to the plethora of computer security courses already available. There is, however, another gap here: between cyber and security; it is wrongheaded to think that one is an extension of the other, in the same way you would never expect a local nurse to provide a neurological diagnosis.

The reality of cyber crime is that:

  1. The stupidity of employees leaking information (unwittingly or otherwise) enables most attacks;
  2. Law enforcement agencies have limited resources and, as a result, pitiful capacities to investigate and track down perpetrators; and
  3. The legal instruments to deal with perpetrators, in any event, are patchwork in the rare cases they actually exist.

All of this only addresses cyber attacks.

More worrying is the entirely legal use of digital communications technology to enable transnational crime and terrorism. I emphasise the ‘entirely legal’ aspect because the use is not illegal, but the purposes are, just as making phone calls is legal; the problem arises when you are ordering a hit, as opposed to pizza. As such, the only way to control use would be to restrict all users — and the only people to suffer would be legitimate users, since criminals will find ways around any controls.

If we are to talk about cyber security skills, therefore, we should not only look to technical skills, which will be an ever changing, moveable feast, but also broaden our outlook to include developing security cultures, cyber policies, investigative capacity and social norms.

Regarding technical skills, this moveable feast demands not specific skill sets, as such, but the ability to speedily develop methods to detect and deter. Public bodies and academia are not equipped to do so; after all, criminals have no need of peer review and controlled testing, they try something and, if not caught, keep doing it until it becomes too dangerous to do so.

We also need to take into account the fact that younger generations aspire and learn differently. Remember, this generation’s heroes are not academics or intellectuals, but individualistic opportunists — Gates, Jobs, Zuckerberg — pursuing personal wealth and managing through the cult of personality.

To follow in their footsteps means becoming proficient in cyber skills, for which an expensive university course is unnecessary, since you can learn at home, online and in your own time, and once you have acquired the necessary knowledge, find work almost immediately, or create your own products.

Major skill sets needed for the future then would surely be the likes of learning how to learn, risk management, and ethical decision-making.

Meanwhile, younger generations — like my friend’s tenage son — are communicating, learning and developing in completely different ways and don’t know – or possibly even need to know – what we are talking about.

And, I fear that in examining these issues we are — like my mother — coming to the party late, and still wanting to do things


Be the first to comment on "What skills are needed to address cyber security?"

Leave a comment

Your email address will not be published.