Diversity is key to the Gulf’s cybersecurity success, security pros say

In order to successfully meet the complex security threats and challenges the Gulf Cooperation Council (GCC) faces, the region’s cybersecurity workforce needs to diversify, according to a cross-section of technology professionals.

As a fledgling industry in the Middle East, the cybersecurity sector still needs to build a diverse, multi-skilled workforce to ensure it can detect, respond to and prevent cyberattacks as the number of malicious attacks on both the public and private sector grows.

The Gulf region, however, has a specific set of obstacles to overcome in order to achieve this goal. For example, Wafa’ Nimri, Levant general manager for digital risk management company Protection Group International (PGI), believes that part of the reason behind the GCC’s general cyberskills shortage is that many in the Middle East consider cybersecurity careers less attractive than medicine or engineering.

While focused technical specialists are very much needed — particularly in areas like incident response, threat intelligence, forensic analytics and penetration testing, today’s security sector would greatly benefit from more multiskilled professionals, according to a recent report, Addressing Cybersecurity Skill Shortages in the GCC Region, released by the UK-Gulf Women in Cybersecurity Fellowship Programme in collaboration with Ipsos and PGI.

“Most companies seeking to build a cybersecurity function will be looking for a few players who can turn their hand to multiple tasks,” says Ruaa Al-Jassar, a member of the Cyber Security and Emergency Response Team at Communication and Information Technology Regulatory Authority (CITRA) Kuwait. “Focused specialists are important, but currently, since the gap in cybersecurity roles is so large, a workforce with diverse cyber skills can perform various necessary tasks outside a single specialisation.”

Technical and soft skills must go hand in hand

A diverse skill set also needs to include more soft skills, in areas such as communication, engagement and problem-solving, according to the cybersecurity skill shortages report.

“Core technical skills like ethical hacking and forensics are ­— and will continue to be ­— critical for cybersecurity roles, but cyber professionals need to be able to communicate and explain their findings and recommendations to non-technical managers in terms of business risk,” says Nimri. “And, as cybersecurity teams grow in size, more senior professionals will also require a workforce welfare management element. This requires specialists who can both observe operationally, and support emotionally to inform development, wellbeing and recognition.”

Al-Jassar also points out that in the future some technical skills may well be automated, while technical expertise combined with interpersonal skills will be harder to automate.

“According to the World Economic Forum’s (WEF) Future of Jobs report, emotional intelligence (EQ) is ranked within the top 10 skills of the future, whereas it was absent from previous lists,” she notes.

A diverse cybersecurity workforce is needed

Unfortunately, many in the Middle East view cybersecurity as a neurotypical man’s game, says Nimri.

This belief has exacerbated the cyber-skills shortage in the region as a huge number of potential female and neurodiverse recruits — those who think in ways that are not considered typical — are being lost, making it harder to fill the ever-growing number of unfilled cybersecurity roles. 

“The world is a diverse place and the workforce needs to reflect that. At the moment the cybersecurity discipline doesn’t, which means we’re missing vital pieces of the puzzle,” Nimri says.

The prevalent cultural narrative points to cybersecurity as a demanding career requiring long hours and the ability to be on call, which historically, as care givers, wasn’t considered a good fit for women.

“Many women have families to care for and cybersecurity’s 24/7 working mandate, with expectations that you can work weekends and evenings, is very difficult if you have a family to care for,” notes Eng. Sara Al-Khleifi, head of cybersecurity governance and oversight at Qatar Central Bank (QCB).

But many women are challenging these stereotypesproving that it is possible to have a family and a cybersecurity career.

“I’m seeing more and more women in this field, and in leadership and decision-making roles, while having families — my manager is an example,” says Al-Jassar.

Neurodivergent people can also have skills and qualities that lend themselves particularly well to cybersecurity roles, but in the past little has been done to find and support these individuals

The good news is that change is coming. Nimri says that the learning and working tools for these individuals are being built across the Middle East, enabling them to work alongside their neurotypical colleagues effectively and on the same level.

How to improve diversity – of skills and people

There’s no quick fix, no silver bullet solution to the GCC’s cyber skills shortage, but the time to act is now, according to security professionals. This starts with changing the image of cybersecurity: raising awareness of how lucrative a cyber career can be, the social standing it offers and the wealth of opportunities it brings.

More local universities need to offer cybersecurity courses, but perhaps focus on developing a wider range of skills rather just specialisations, and Al-Khleifi believes that providing more hands-on experience at this stage will also do much to help the skills gap.

Professional development must continue in the workplace, with employers ensuring that their cybersecurity staff continue to keep up to date with the latest technical skills while also developing their soft counterparts.

Inclusivity also needs to be brought to the forefront in order to develop a more diverse workforce, and the sector can be made to look more inviting to women and the neurodiverse by building societal awareness of the roles these individuals are already successfully playing in the cybersecurity sector.

The Women in Cybersecurity Middle East (WiCSME) group is a great example of this, as to date it has connected 1,300 female cybersecurity professionals across the MENA region and introduced them to peers, mentors and role models.

Support is also coming from government supported initiatives, like the UK-Gulf Women in Cybersecurity Fellowship. “This empowers members to get involved in the wider community which in turn empowers a much broader group to step up and take on new roles, develop their skills and pay it forward to others, whether that focus is on gender, physical ability, neurodiversity, culture or age,” says Nimri.

She also advises building career pathways for these individuals to help them develop and grow as cybersecurity professionals, leveraging the use of mentors along the way to help them understand the strength of their skills and how to go about building their career.

Cybersecurity is about identifying threats and coming up with solutions. Bringing diverse experiences, ways and thinking and skills to these challenges will greatly increase success, and help the region to develop a well-rounded workforce that other regions will aspire to replicate.