Even if Canadian organizations have installed firewalls, intrusion-detection systems, and other tools to ward off cyberattacks, there’s still one IT security threat that looms larger than ever before: a lack of skilled people to manage those technologies and continually develop a defence-in-depth strategy to protect data.
Demand for cybersecurity talent across the country is growing by seven per cent a year, according to research conducted by consulting firm Deloitte and the Toronto Financial Services Alliance. This includes an estimated 8,000 cybersecurity roles in Canada that, ideally, need to be filled in the next six months.
The race to hire people with cybersecurity skills reflects an urgent need by Canadian companies to defend themselves against the malware attacks and other incidents that have plagued them recently.
In its fourth Canada Security Insights Report, technology firm VMware’s Carbon Black division surveyed 251 CIOs, CTOs and CISOs to benchmark the frequency and severity of data breaches over the past year.
A whopping 86 per cent said their organization suffered a data breach in 2020, with 88 per cent of them considered “material.” Seventy-eight per cent, meanwhile, said attack volumes increased, and 79 per cent noted cyberattacks became more sophisticated. More than half, or 56 per cent, said they are worried there’s more to come this year.
Increased opportunities to learn cybersecurity skills
To some extent, cybersecurity training is still in its infancy in Canada, focused largely around universities that offer only bachelor’s or professional degrees in the space within the past five years. Companies like Springboard are helping to change that.
With offices in San Francisco, Toronto, and India, Springboard recently launched Cyber Security Career Track, an online bootcamp that aims to help prepare the next generation of cybersecurity analysts who will work with network and IT security teams.
Springboard is also offering a job-placement guarantee for an entry-level position in cybersecurity, or students will get their tuition reimbursed. This means the bootcamp experience goes beyond guiding them during classes and labs, making Springboard accountable for helping address Canada’s cybersecurity talent shortage.
Nidhi Gupta, Springboard’s general manager of cybersecurity programs, said the six-month, self-paced program was intended to provide flexibility for students along with access to real-world expertise through mentors who work at well-known tech firms and startups.
“We teach the principles, give them the frameworks and train them using hands-on labs, but it’s the mentorships that keep students current with what’s happening in the industry. The students come out having the complete cybersecurity skillset to succeed on a network and information security team,” Gupta said. “The mentors are the ones hiring, which means they know the kind of problems students will be using this curriculum to help solve.”
Those who enrol in the Cyber Security Career Track can come from a wide variety of backgrounds, including law enforcement, the military or even the accounting sector, said Roger Huang, a cybersecurity professional, who acts as an advisor to Springboard. Others, he added, might have started in more traditional areas of IT but are ready to take their career in a new, even more mission-critical direction.
The average salary for a cybersecurity analyst in Canada starts at about $100,000, according to Springboard.
“There are some people who might have been looking to study coding and trying to decide whether they want to become a software engineer who are now looking at becoming a cybersecurity analyst,” Huang said. “Sometimes it comes from a more humanitarian drive, to respond to the incidents we’ve seen in the headlines and to help make Canadian companies more resilient against cyberattacks.”
Keeping cybersecurity skills current and relevant
One of the challenges with defending against data breaches, of course, is the increased sophistication of cybercriminals — both in terms of the approaches they use and the possible attack vectors they could target.
Whereas hackers might once have focused on breaking into the IT department of a major bank, for instance, data and applications now need to run far beyond the traditional perimeter of an organization’s headquarters. The shift to working from home during COVID-19 only made IT environments more decentralized. In fact, the VMware Carbon Black study found 78 per cent of Canadian cybersecurity professionals believe attacks increased due to employees working remotely.
As a result, Gupta said it’s important that cybersecurity education be treated as a work in progress. Springboard plans to do major updates to what’s covered in its bootcamp at least every six-to-seven months, for instance. It also develops the curriculum in partnership with CompTIA, an IT industry association well known for its certification programs.
This means Springboard can make sure that capstone projects tie into the kind of challenges that are relevant to the latest security incidents, Gupta added. Unlike other programs where the topic of a capstone project is up to the student, instructors request those in the bootcamp to lead a “structured walkthrough” of a penetration test in a fictional company.
A structured walkthrough is an organized procedure for a group of peers to review and discuss the technical aspects of various IT, security, and IT audit work. The major objectives are to find errors and to improve the quality of the product or service that’s being delivered, she explained. The students have about a half dozen deliverables that they have to develop as part of their capstone project.
Huang said once graduates enter the field, they find themselves highly motivated by the opportunity to prevent worst-case scenarios from happening.
“There’s a real drive towards that sense of purpose,” he added. “This is not just about a salary.”