Some 2.9 million jobs in cybersecurity in the world are vacant. Some 142,000 in Europe, the Middle East and Africa, according to the 2018 report Cybersecurity Workforce Study, of the international association that brings together these experts (ISC)two. There are hardly any companies, regardless of their size, that do not handle personal data in their day to day, and they are all susceptible to being stolen, regardless of how many data protection laws support them. As has been proven with scandals like the one in Theft of Facebook data by Cambridge Analytica or the attack that suffered Telefónica's servers in 2017.
"The vulnerability is located in the servers and in the systems that store them; the applications and technologies that are born and scale faster than their defense systems are also on target, "says engineer Miguel Ángel Pérez Sánchez, professor of the Master's Degree in Communication and Information Systems for Security at the Polytechnic University of Madrid and colonel of the reservation in the specialty of transmissions. You have to protect yourself, but there are not enough people to cover the demand of the companies. They lack superior studies to form them and flexible structures that retain them. Because to develop his work, the hacker demands to break the traditional rules. Theirs requires, among other things, flexible schedules, constant training and its own budget. And not all companies offer it.
"The incidents increase exponentially and companies have noticed. Spain is one of the countries with the highest percentage of attacks. You have to put your batteries, "says Pérez Sánchez. "They need cybersecurity all the companies that carry out data storage of people and those that do innovation and research as part of their business. The big ones, the medium ones … all need it. The small ones sometimes can not afford a department of their own; Outsourcing it to a consultancy is the best option. "
Ricardo Maté is the general director of the cybersecurity company Sophos Iberia. It helps companies to protect themselves against attacks and confirms the problem of the lack of trained workers in this field in Spain. "It's complicated to recruit talent. The banking sector and insurance are those that can afford to hire the best. The rest share the high demand and scarcity of profiles because there are few studies in cybersecurity and fewer students who need to be interested in a job that is very vocational and requires ongoing training, "explains the director.
Rupture of the model
Maté says that "we are facing a change in the total model". Because the companies that recruit these profiles assume that they must change their structures to adapt to them. "Hackers are breaking the traditional formula of work and management of equipment and tasks. They are very different personalities that do not fit into traditional organizational structures. The autodidacts need another type of schedule ", indicates Pilar Jericó, partner of the consultant BeUp. "Companies must allow them total flexibility, room for maneuver, operate by objectives and their own budget. I think hackers are the ones that best represent what the labor market will be like. "
Pablo Ruiz Encinas, a student of the official degree of Software Engineering at U-tad, has not finished his studies and is already working. A teacher from his school signed him up for Innotec Systems and offered him courses, forums, trips, lectures, master's degrees, certifications … "Working and studying at the same time is what we will always do in this job, there is no other way ", Says this" ethical "hacker. "We call ourselves that because we know a lot about security, but we do not use it to extort or steal, but to make a more efficient network. They painted us as dangerous people and that's why I do not think there were always many students willing to study this, but we have to break with the conception of the 'basement boy isolated from the world'.
"He is a manager, not a technologist. In fact, it is very close to the business and can decide what steps to take to protect the digital environment, "describes the Sophos executive. The Polytechnic professor adds that he is someone who "must know the networks and languages, cryptographic protocols, analyze and detect security threats, know prevention techniques, establish financial security" because the company that employs him, when attacked, " you can not stop your business and, at the same time, you must have time to verify who was, why and where the failure occurred; draw conclusions, implement them and that does not happen again ".
This profile comes, generally, from university disciplines such as computing and telecommunications. However, at the moment the public university has little offer focused exclusively on cybersecurity. "It is improving in training, but it is not urgent to define a degree, a career, a higher specialization … The problem is that it is a race that is evolving at great speed, and an effort should be made so that the teaching be accompanied to the news, "says Pérez Sánchez. And in this scenario, private companies tend to have more capacity to move fast, often helped by large companies (Indra and U-tad).
"Threats are growing rapidly and companies are seeing their business blow up. It is almost a state issue and there is no country more susceptible than another to be violated. The data is there, ready for someone to put their nose in them, "explains Ruiz Encinas. "From the point of view of security, you must assume that they are going to attack you," says Pérez Sánchez. "The attack focuses are on normal people who have a computer; in all ICT, in companies that move money. Also in the municipalities and ministries, "he adds.
All the experts consulted agree that cybersecurity is a very vocational discipline. Precisely in the vocation is where more investment are doing the training centers. Universities like U-tad go out to look for their future students. "We are getting close to the schools because that is where there are more erroneous concepts to be banished. It is necessary to awaken vocations, but above all among women, because no profession goes of genres, but of talents ", explains the coordinator of the official degree of Software Engineering of U-tad, Paco Marzal.