By SOPHIE DONOGHUE
BRUSSELS – The temptation for governments to use terrorism as a pretext to shut down civil disobedience sites will continue to rise in the future says Miloslav Kučera, a lecturer at Czech Technical University in Prague. He and others addressed the Information Security Solutions Conference (ISSE) here during 23-24 October.
Kučera’s research in the area of “hactivism” – or computer-based activism as a twist on civil disobedience – throws light on the connections between the unemployment and discontent of a young educated generation and the growing hactivist movement known as ‘Anonymous’.
The Czech researcher predicts that the rising number of highly educated but jobless youth in Europe who are angry and disillusioned with their society today “will lead to the formation of professional groups like Anonymous”.
According to Kučera, cyberspace will be “transformed into a pressure medium” which governments will attempt to limit by using cyber-terrorism as the justification. However, protest demonstrations – whether in actuality or in cyberspace – will be better synchronised and strategically managed than ever before through social media and mobile equipment, making the attacks ever more sophisticated, he argues.
At the same time, the unemployment rate carries a certain irony for Europe’s information security sector.
In remarks to the conference, the security certification organisation known as the International Information Systems Security Certification Consortium, or “(ISC)²”, underscored the growing skills gap that now afflicts the IT sector. Its most recent survey of IT security hiring trends and career development plans reveals a worrying development, namely that while security career opportunities are skyrocketing, employers face increasing difficulties in filling the jobs with qualified personnel.
“The funnel in the (IT security) job market is clogged.” observed Peter Berlich, the conference’s chair and (ISC)²’s president. His organisation estimates that Europe’s IT security workforce will need to double by 2015 from its size in 2010.
Indeed, many commercial organisations are struggling to find qualified candidates. A solid background of training, proven skills, and real experience are the most important factors, according to the responses from hiring managers in the survey. The demand for experience in candidates is a common “Catch-22” for recent graduates. They do not have experience therefore they do not get the jobs; without the jobs they don’t get the experience. It is a vicious circle.
According to Richard Nealon of (ISC)², “recent graduates do not have the sufficient qualifications and training” as the universities are not tailoring their courses enough to suit the job market today.
Nealon said many IT courses focus very little, if at all, on information security. “Colleges and universities have a role to play in ensuring that information security is part of their computer science curriculum,” he said.
Other conference attendees told SECURITY EUROPE that the ability in general of employers to recognise talented information security professionals is a problem in itself. Universities need to put filtering mechanisms in place to help companies pick out those candidates with real potential, they said. To make matters worse, they said most Masters’ degrees in this area tend to cater to candidates with experience gained from previous IT security work – and not for recent graduates or neophytes.
At the moment IT security firms are reluctant to employ trainees, even ones with qualifications, as they need a large amount of supervision at the beginning. This would suggest that a more “structural” or concerted effort is needed to develop a healthy job market for Europe’s information security needs, and to help managers spot potential talent. Both universities and companies need to invest time and money in this together. The unwillingness to invest in inexperienced graduates is tempting fate.
This exact same message can be heard from Europe’s public decision-makers responsible for cyber-security, as recently reported in this publication. (See our October article, “Cyber-security points to far closer public-private cooperation, say national officials, but how to get business effectively on board?”)
As the saying goes, “no pain, no gain”….