Cheng Lai Ki

Addressing the Skills Gap: Bring in the non-technical side of cyber security.



Cyber security has often been regarded as a technical career, given its predecessor origin of Information Technology (IT) Security and relevance to computers. With our growing dependence on technology, the cyber security sector is hard-pressed to be agile and adaptive to address increasingly sophisticated threats ranging from tech-savvy criminals to nation-state hackers. This hard-press for more solutions has revealed that the cyber security sector is in the midst of a “skills gap”. A problem that is especially prevalent across the Asia-Pacific region, given it’s rapidly modernizing IT space.


Or is there a skills gap?


 What if I told you there is no skills gap? That the skills required to empower the cyber security sector are, in fact, readily available to both customers and Security-as-a-Service (SaaS) providers? Despite being a well-documented problem, it’s highlighted a greater underlying flaw in how the gap is perceived.



Find a Business Analyst

According to Forbes, Telstra’s 2017 Cyber Security report indicated that 59% of Asian organizations experienced a security event that interrupted business operations at least once a month. Cyber security is first and foremost, a business problem that is concurrently tied to the IT field.


Understanding that it is a business risk, Business Analysts are adeptly positioned to provide the most relevant and effective support. This can range from ensuring compliance with emerging security regulations and assisting with prioritizing key business operations to support Disaster Recovery Plans (DRPs) or Business Continuity Plans (BCPs). Moreover, Business Analysts need to be cyber security experts in their own right. This is because everything can be hacked and businesses all critically depend on technology to support most - if not all - their operations.



Hidden Gem of Social Science

The term ‘cyber security’ is essentially the security of all contents and user interactions within the digital environment known as cyberspace. The key terms here are ‘user interaction’ and ‘environment’, something that has already been explored in academia. In 2013, researchers at Carnegie Mellon University in the United States (US) collaborated with scientists from the Army Research Laboratory and other American universities to integrate social science disciplines, such as psychosocial analytics, to develop methods to enhance machine learning based security capabilities.


SaaS providers and internal security departments may consider branching out to candidates with academic or professional experiences in social science to enhance their security capabilities. Candidates with criminology or law-enforcement experiences can significantly empower forensic investigations and incident response teams. Whereas candidates with media or marketing experience can empower disaster communication protocols or narratives to ensure minimal reputational loss during and after a security event.



Expansion into Security Studies and Traditional Sectors

Larger conglomerates no longer occupy the international business space. The internet saw to that by empowering smaller to medium-sized enterprises (SMEs) with the abilities to prosper from the global marketplace. However, this also opens the doors to Advanced Persistent Threats (APTs) and organized attacker profiles (e.g. Nation State Hackers). This is already evident from cyber attacks such as STUXNET and NanHaiShu, two cyber security events allegedly instigated by government agencies with political motivations.


While business may wonder why they might be targeted, the answer resides within how their business contributions to national developments in regional economies, security capabilities, and political influence. Candidates with security studies, political science, and intelligence experiences can empower threat intelligence teams in generating scalable risk management plans against potential APTs.



People, Processes, and Technology

Cyber security strategies need to be holistic to address people, procedural, and technological challenges concurrently. Rather than dunking all onto an IT team that may lack insight towards social and business issues, consider empowering their ability to protect your business through closer communication with key business analysts, security academics, or criminal investigators.


Intelligence experts can support people solutions through identifying suspicious activities indicating an impending malicious threat. Law enforcement experts can assist with incident responses and managing insider threats. Business experts can support the determination of business risks and priorities associated with cyber security events. Media experts can assist in outlining effective media strategies to preserve a company’s reputation after a cyber security event. Criminologist can assist threat intelligence teams to determine threat trends and tailor intelligence reports supporting key security decisions. Social scientists and mathematicians can help development teams identify the right data sources to support advanced machine learning driven security solutions!


Despite the greater adoption of technical solutions, hackers remain human and are often incentivized by human motivations of greed or power. The skills gap doesn’t exist but is a figment of our narrow perception of what it means to work in cyber security. Cyber security is not just a field for technical professionals, but others too, from different walks of life and professional experiences. Finding the right people to address the right gaps is the only way forward towards holistically creating a safer cyberspace.


Posted by Cheng Lai Ki

Cheng Lai Ki is a Cyber Operations Consultant in Horangi’s headquarters in Singapore. Equipped with advanced degrees in Criminology, Intelligence, and International Security, he brings with him over eight continuous years working and researching in the security field. He was a former military officer from the armed forces, where he was an instructor specializing in strategy and operational tactics. Professionally and academically published within the field of cyber security in Europe and Asia, Cheng Lai Ki brings a unique cross-industry and interdisciplinary perspective towards cyber security. He is actively involved in Horangi’s intelligence, security management and incident response operations with clients in the APAC region.


cybersecurity careers technology


Horangi Cyber Security Blog

Also tagged Cyber Security, Risk Management, Horangi Storifier, Horangi Warden, Slack

Storyfier Now Integrated With Slack — Release Notes: June 2019
Everything You Need To Know About Web Server Pentesting

Also tagged Vulnerability Assessment, Risk Assessment, Cyber Strategy, Risk Management

The Cost of Cyber Attacks to Businesses