‘Curiosity is the number one skill you need to have in cybersecurity’

16 Nov 2023

Virginia Lee (centre). Image: TCS

We speak to Virginia Lee of TCS Ireland about the need for more upskilling and diversity in cybersecurity as technology continues to advance at warp speed.

Last month, a survey conducted by Hiscox found that nearly three in four Irish businesses had experienced a cyberattack in the previous 12 months. Perhaps more worryingly, Ireland stood out as the country most likely to pay ransoms when data is breached.

What this points to is quite likely a need in Ireland to bolster the cybercrime sector, which was estimated to be worth around $300m a year ago. The economic cost of cybercrime, however, is closer to the tune of €10bn – one that continues to grow.

This means that now more than ever, companies need to equip themselves with the tools and talent to prevent future cyberattacks. Virginia Lee of Tata Consultancy Services (TCS) thinks the answer lies in investing in the skills of employees.

“The cyber landscape is rapidly changing and the biggest challenge is keeping abreast of the changes happening across all cyber domains,” said Lee, who is the strategic head for cybersecurity at the TCS Global Delivery Centre in Letterkenny.

“Organisations need to embrace the challenges and understand the need to constantly upskill their workforce, regardless of level they are at. Employees should be encouraged to stay updated on the latest cybersecurity trends, tools and techniques.”

According to Lee, encouraging employees to continuously improve their skills and knowledge helps ensure they are “well prepared” to tackle emerging cybersecurity challenges and keep up to date as compliance requirements evolve.

“We have some very successful cyber engineers who have come from non-cyber, non-technical backgrounds and industry needs to be more open to these types of resources and the value of transferable skills,” she said of the need to invest in cross-functional teams.

Need for diversity

Among other measures suggested by Lee for upskilling employees are mentorship programmes between veterans and new members, collaboration with academia and threat simulations to increase employee confidence in tackling cybersecurity incidents.

“We also need to keep pushing to change the diversity within the sector,” she added. “Progress is being made but we have a way to go still.”

Like most other tech-related fields, there is need for greater representation of women in cybersecurity to bridge the gap between the genders in the sector. For Lee, this can be done through more education and outreach, internships and promoting role models.

“People have a preconception around what cybersecurity is and the type of people who work in the domain. My experience is it couldn’t be wider,” she said, adding that there needs to be a change in perception of cybersecurity as male-dominated to one that values diversity.

“We need every skillset from technical, project management, languages and marketing. There are all sorts of roles for all types of interests and people often don’t realise.”

But diversity in cybersecurity is more than just about the different skills that go into it. Lee said that there has been a recent uptick in the new cyber courses in areas such as cybersecurity operations and cyberpsychology.

“Having these options available through traditional third-level education all helps build a pool of cyber resources,” she said.

“There are also many options outside of the traditional pathways, from free online training platforms for specific security tools to free training courses for foundational level certifications.”

‘Show me what learning you’re doing’

Many platforms have free open-source versions available that people can download and try out. There is also an abundance of free online resources, Lee said, such as those listed on the Open Web Application Security Project.

“One piece of advice I give to anyone asking about moving into a cyber career is to demonstrate your interest to me, show me what learning you’re doing,” she said.

“We can always discuss certain learning pathways or options, but curiosity is the number one skill you need to have in cybersecurity and if you can demonstrate that you’ll do okay.”

It’s not just the new entrants to cybersecurity that should be paying attention. Lee said that top management should “set the tone” for security by adhering to best practices and policies and that their commitment “reinforces the importance of security” in the organisation.

TCS, for instance, has several training programmes targeted at different types of users, from technical cybersecurity courses for engineers to broader ones aimed at general security awareness.

“Providing comprehensive and regular training covering various aspects of security, conducting awareness campaigns, encouraging feedback and having user-friendly policies will all assist in creating a strong security mindset reducing the risk of security breaches and creating a more resilient environment.”

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Vish Gain was a journalist with Silicon Republic

editorial@siliconrepublic.com