With quantum computing threats looming, are South-east Asia’s governments plugging cyber talent gaps quickly enough? One data scientist says No.
With the global cyber threat landscape growing, and various industries facing talent gaps, governments are naturally rushing to spruce up their proactive cyber postures.
Yet people such as undergraduates, job seekers and mid-career-change professionals have not been taking up the challenge quickly enough despite the attractive incentives.
What can governments in South-east Asia do to promote faster and timely increases in cyber talent pools to address national plans to spruce up cybersecurity?
What areas of cyber training are important for the well-rounded education/upgrading/re-education of all levels of workers — in order to render talent that is truly qualified to fill the urgent job gaps?
CybersecAsia.net interviewedQuek Han Yang, Chief Data Scientist, Ensign Labs, Ensign InfoSecurity, for some answers.
CybersecAsia: What do you surmise are the reasons for the scarcity of data science professionals and the ways available to plug the talent gaps quickly?
Quek Han Yang (HY): Cybersecurity is often perceived as a highly technical and complex field of discipline, especially for those without prior education, training, or experience in the engineering and computer science industries.
However, the field of cybersecurity is very broad, ranging from research-and-development to technology implementation and system integration to operations, incident response, to policy and crisis management.
In many of these fields, the lack of an engineering background or prior relevant engineering experience can be overcome through training that comprises theoretical knowledge in the area of work, and more importantly immersive hands-on experiences and industry mentorship.
The latter is especially critical given the rapid shifts around us in the world of digitalization, and the increasing complexities of cyber threats. These programs should also be designed for different skill competencies and age groups — beginner to advanced; undergraduates to mid-career-change professionals. Also:
- Internship programs can be designed to engage and inspire youth. Our own internships, for example, have offered over 185 placements to tertiary and post graduate students across South-east Asia.
- Such targeted internship programs offer a better understanding of cybersecurity operations in the real world, and the different roles available in the industry.
- Another idea we champion is awarding bond-free scholarships to senior-year students specializing in the relevant degree-level disciplines.
- Government can support firms to expand such programs by providing training subsidies and tax incentives for individuals and employers that invest in cybersecurity training and certification programs. Important areas of cyber training include understanding and applying cybersecurity principles to projects; network and endpoint security; secure coding practices; use of AI in cybersecurity and cryptography; to name a few.
- Training should cover the use of tools and technologies commonly used in the industry such as firewalls, endpoint detection and response, AI tools, etc. Soft skills — such as problem-solving, critical thinking skills and effective communication — are vital for equipping cyber professionals to deal with unknowns and crises.
Finally, research-and-development also plays a critical role to tackle the increased complexities of cyber threats. Increased direct grants for this field can help governments and industries strengthen cybersecurity talent capabilities to keep up with the fast-evolving cyber threats.
CybersecAsia: What are your views on increasing the pool of data scientists that want to join the cybersecurity sector to apply their talents? How can governments in the region pull their regional weight in attracting not just regional data science professionals but also those from other regions?
HY: The age of AI-driven cyber threats is imminent. Developing AI technologies for cybersecurity is no longer a luxury but a necessity. Hence, attracting talents to develop AI technologies for cybersecurity is an important and urgent task.
Talents are attracted by several factors, namely:
- meaningful hard problems
- resources to tackle hard problems
- opportunities to translate them into solutions
- opportunities to rope-in other talented friends into the field
Resources such as compute, data and stable infrastructure are important to developing AI and generative AI technology for cybersecurity. Cities that possess these attributes will have a much higher chance of attracting talents and form hubs of innovation.
CybersecAsia: With cyber talent pools already lagging, how do you envision quantum computing to impact the cybersecurity landscape in the near future? Is the world moving fast enough to handle post-quantum cyber threats sufficiently? What unknowns should governments and private sectors cater for when planning for cyber resilience and reducing talent gaps?
HY: One area of significant concern is the quantum impact on encryption algorithms. Possibly in the near future, attackers can use quantum computing in the future to decrypt the data or alter and re-sign encrypted documents digitally, thus undermining the confidentiality of the data and integrity of the document. For now, data owners could start to use new post-quantum computing encryption algorithms to digitally sign documents in readiness for quantum threats.
On the data science front, quantum computing can revolutionize ways to perform complex simulations, speed up optimization algorithms, and enhanced machine learning techniques. This could lead to breakthroughs in areas such as new types of AI models for cybersecurity, drug discovery, materials science, and optimization problems.
As governments invest significantly in post-quantum cryptography research and development, it is unclear when large-scale, fault-tolerant quantum computers will be available to support such algorithms. Coupled with the talent gap in quantum research, the world would need to move faster to keep pace with post-quantum cyber threats.
When planning for cyber resilience, governments and private sectors should cater for unknowns such as technological uncertainties that arise from the scalability, reliability, and practical implementation of quantum computing. The solution is to monitor developments in the field closely and adapt strategies accordingly. In addition, robust regulatory frameworks on the ethical use of quantum computing technologies should also be in place.
CybersecAsia thanks Han Yang for sharing his info security insights with readers.
