As new cybersecurity threats emerge, it’s easy to overlook a growing problem: the talent gap. As threat actors continue to evolve their tools and techniques, how can organizations keep pace with evolving threats while facing a skills shortage?
Here we speak with Riccardo Ocleppo, founder and CEO of the Open Institute of Technology.
Security magazine: Tell us about your title and your background.
I am the founder of Docsity and OPIT (Open Institute of Technology). As an entrepreneur passionate about education, I develop products and services that positively impact millions of people. Since Docsity’s founding in 2010, we have reached over 20 million enrolled students and partnered with over 250 universities around the world to improve and promote their programs. This experience inspired me to create OPIT, which aims to revolutionize technology-driven higher education with innovative, flexible, career-focused degree programs that democratize access to higher education in technology fields .
Security magazine: Some argue that a traditional graduate degree is necessary to work in the evolving field of cybersecurity, especially when it comes to AI. What do you think?
While a traditional college degree can provide valuable foundational knowledge and critical thinking skills, the fast-paced nature of the cybersecurity field (especially in areas like AI) means that hands-on, real-world training is just as important . Many of the most successful cybersecurity professionals have backgrounds that combine formal education with real-world experience and lifelong learning.
The approach we find works best is to combine a strong academic foundation – both technical and managerial – with opportunities for applied projects, internships, and industry certifications; this allows students to be better prepared to embark on careers in cybersecurity. A theoretical understanding of topics such as governance, network security, cryptography, risk management, and other cutting-edge areas is indeed important; however, the ability to actually implement these technologies to solve complex and evolving security problems is what employers are looking for.
Security magazine: How can practical AI training be directly applied to the ever-evolving cybersecurity market?
The cybersecurity landscape is constantly evolving, and AI is accelerating this process. Think deep fakes, next-level social engineering, AI malware generation/adaptation and much more. On the other hand, AI and machine learning are also proving to be valuable tools for identifying patterns, automating responses, and staying one step ahead of sophisticated cybercriminals.
In this context, it is as important to teach students how AI can be used on both sides (on offense and defense) as it is to allow them to test these things first-hand. This involves developing skills – through practice – in areas such as:
- Applying Natural Language Processing to Analyze Threat Information and Security Logs
- Automating Incident Response and Security Operations with AI-Driven Systems
- Leveraging Generative AI to Create Synthetic Data for Security Testing
The next generation of cybersecurity professionals must know and use these technologies to solve ever-evolving cybersecurity challenges.
Security magazine: What are the concrete ways to close the cybersecurity skills gap?
I believe a multi-pronged approach is needed in cybersecurity higher education:
- Offer more specialized cybersecurity degree programs, certificates, and professional development courses to create a larger pipeline of qualified talent.
- Integrate more project-based learning, internships, and real-world simulations into cybersecurity programs to provide students with hands-on experience.
- Encourage professionals in related fields like computer science, data science, and software engineering to explore cybersecurity through bridging programs and skills development initiatives.
- Debunk the myth that cybersecurity professionals are super techies. Cybersecurity is a multifaceted field, including both technical and managerial aspects. Cybersecurity professionals can come from a wide variety of backgrounds.
- Work closely with employers to understand their evolving needs and adapt training offerings accordingly. Leverage industry partnerships to provide students with mentorship and job placement support.
- Actively recruit and support underrepresented groups in cybersecurity to expand the talent pool and bring diverse perspectives to the field.
Security magazine: Is there anything else you would like to add?
Certifications also play a crucial role in ensuring that professionals in the field are recognized for their skills in the field. It is a way to prove the skills acquired through training and your practical experiences. However, it is important to emphasize that the learning process does not end there. The constant and rapid evolution of cyber threats requires constant commitment from the student to stay up to date with the latest trends.
My advice for staying up to date is to participate in extracurricular training, read articles and specialist publications, sign up for webinars and online conferences, join groups and receive newsletters on the subject. Investing in continuous self-improvement allows professionals to stay relevant in their industry and can open up new career opportunities.