In order to successfully meet the complex security threats and challenges the Gulf Cooperation Council (GCC) faces, the region\u2019s cybersecurity workforce needs to diversify, according to a cross-section of technology professionals.\n\nAs a fledgling industry in the Middle East, the cybersecurity sector still needs to build a diverse, multi-skilled workforce to ensure it can detect, respond to and prevent cyberattacks as the number of malicious attacks on both the public and private sector grows.\n\nThe Gulf region, however, has a specific set of obstacles to overcome in order to achieve this goal. For example, Wafa\u2019 Nimri, Levant general manager for digital risk management company Protection Group International (PGI), believes that part of the reason behind the GCC\u2019s general cyberskills shortage is that many in the Middle East consider cybersecurity careers less attractive than medicine or engineering.\n\nWhile focused technical specialists are very much needed \u2014 particularly in areas like incident response, threat intelligence, forensic analytics and penetration testing, today\u2019s security sector would greatly benefit from more multiskilled professionals, according to a recent report, Addressing Cybersecurity Skill Shortages in the GCC Region, released by the UK-Gulf Women in Cybersecurity Fellowship Programme in collaboration with Ipsos and PGI.\n\n\u201cMost companies seeking to build a cybersecurity function will be looking for a few players who can turn their hand to multiple tasks,\u201d says Ruaa Al-Jassar, a member of the Cyber Security and Emergency Response Team at Communication and Information Technology Regulatory Authority (CITRA) Kuwait. \u201cFocused specialists are important, but currently, since the gap in cybersecurity roles is so large, a workforce with diverse cyber skills can perform various necessary tasks outside a single specialisation.\u201d\n\nTechnical and soft skills must go hand in hand \n\nA diverse skill set also needs to include more soft skills, in areas such as communication, engagement and problem-solving, according to the cybersecurity skill shortages report.\n\n\u201cCore technical skills like ethical hacking and forensics are \u00ad\u2014 and will continue to be \u00ad\u2014 critical for cybersecurity roles, but cyber professionals need to be able to communicate and explain their findings and recommendations to non-technical managers in terms of business risk,\u201d says Nimri. \u201cAnd, as cybersecurity teams grow in size, more senior professionals will also require a workforce welfare management element. This requires specialists who can both observe operationally, and support emotionally to inform development, wellbeing and recognition.\u201d\n\nAl-Jassar also points out that in the future some technical skills may well be automated, while technical expertise combined with interpersonal skills will be harder to automate.\n\n\u201cAccording to the World Economic Forum\u2019s (WEF) Future of Jobs report, emotional intelligence (EQ) is ranked within the top 10 skills of the future, whereas it was absent from previous lists,\u201d she notes.\n\nA diverse cybersecurity workforce is needed \n\nUnfortunately, many in the Middle East view cybersecurity as a neurotypical man\u2019s game, says Nimri.\n\nThis belief has exacerbated the cyber-skills shortage in the region as a huge number of potential female and neurodiverse recruits \u2014 those who think in ways that are not considered typical \u2014 are being lost, making it harder to fill the ever-growing number of unfilled cybersecurity roles. \n\n\u201cThe world is a diverse place and the workforce needs to reflect that. At the moment the cybersecurity discipline doesn\u2019t, which means we\u2019re missing vital pieces of the puzzle,\u201d Nimri says.\n\nThe prevalent cultural narrative points to cybersecurity as a demanding career requiring long hours and the ability to be on call, which historically, as care givers, wasn\u2019t considered a good fit for women.\n\n\u201cMany women have families to care for and cybersecurity\u2019s 24\/7 working mandate, with expectations that you can work weekends and evenings, is very difficult if you have a family to care for,\u201d notes Eng. Sara Al-Khleifi, head of cybersecurity governance and oversight at Qatar Central Bank (QCB).\n\nBut many women are challenging these stereotypesproving that it is possible to have a family and a cybersecurity career.\n\n\u201cI\u2019m seeing more and more women in this field, and in leadership and decision-making roles, while having families \u2014 my manager is an example,\u201d says Al-Jassar.\n\nNeurodivergent people can also have skills and qualities that lend themselves particularly well to cybersecurity roles, but in the past little has been done to find and support these individuals\n\nThe good news is that change is coming. Nimri says that the learning and working tools for these individuals are being built across the Middle East, enabling them to work alongside their neurotypical colleagues effectively and on the same level.\n\nHow to improve diversity \u2013 of skills and people\n\nThere\u2019s no quick fix, no silver bullet solution to the GCC\u2019s cyber skills shortage, but the time to act is now, according to security professionals. This starts with changing the image of cybersecurity: raising awareness of how lucrative a cyber career can be, the social standing it offers and the wealth of opportunities it brings.\n\nMore local universities need to offer cybersecurity courses, but perhaps focus on developing a wider range of skills rather just specialisations, and Al-Khleifi believes that providing more hands-on experience at this stage will also do much to help the skills gap.\n\nProfessional development must continue in the workplace, with employers ensuring that their cybersecurity staff continue to keep up to date with the latest technical skills while also developing their soft counterparts.\n\nInclusivity also needs to be brought to the forefront in order to develop a more diverse workforce, and the sector can be made to look more inviting to women and the neurodiverse by building societal awareness of the roles these individuals are already successfully playing in the cybersecurity sector.\n\nThe Women in Cybersecurity Middle East (WiCSME) group is a great example of this, as to date it has connected 1,300 female cybersecurity professionals across the MENA region and introduced them to peers, mentors and role models.\n\nSupport is also coming from government supported initiatives, like the UK-Gulf Women in Cybersecurity Fellowship. \u201cThis empowers members to get involved in the wider community which in turn empowers a much broader group to step up and take on new roles, develop their skills and pay it forward to others, whether that focus is on gender, physical ability, neurodiversity, culture or age,\u201d says Nimri.\n\nShe also advises building career pathways for these individuals to help them develop and grow as cybersecurity professionals, leveraging the use of mentors along the way to help them understand the strength of their skills and how to go about building their career.\n\nCybersecurity is about identifying threats and coming up with solutions. Bringing diverse experiences, ways and thinking and skills to these challenges will greatly increase success, and help the region to develop a well-rounded workforce that other regions will aspire to replicate.