Ina Steyn, Absa.

When asked what security roles are the hardest to fill, local cybersecurity professionals have a long list. Cloud and application security skills are needed, as are security engineers, network security, database security and pen testing professionals, as well as malware analysts, privilege access management professionals and skilled incident response and cyber forensic practitioners. Finding, and holding onto, cyber talent has never been harder.

This cybersecurity skills shortage is felt across every industry in South Africa, and globally, which means that businesses are hiring from a very limited skills pond, which only increases competition for top-tier candidates, says Ina Steyn, head of security education and awareness at Absa. “The global demand for cyber talent has meant that we’re increasingly competing with not just African companies, but also with global companies,” says Kerissa Varma, managing executive for cybersecurity at the Vodacom Group. This struggle to find the right cyber competencies creates additional cyber risk for organisations, according to Fortinet’s ‘2023 Global Cybersecurity Skills Gap’ report. A high percentage of the leaders who took part in the study attribute some of the breaches they’ve experienced in recent months to a lack of cybers skills among IT professionals Upskilling For Grant Hughes, principal cybersecurity architect at Engen, upskilling is the only way to address this problem. “Good cybersecurity practitioners value development. They value training, attending conferences, completing industry certifications and engaging with their industry peers.” Unfortunately, many companies are averse to upskilling because they know that this only makes their employees more attractive to their competitors, upping the chance that they will be headhunted, he says. “This is the wrong way to look at it. People will stay when they are well paid, engaged, respected and valued. They will leave when they are not. By limiting training and development, you are not only doing yourself an injustice, you’re also doing an injustice to the industry at large.”