IGF 2022 Day 3 WS #420 Skills of tomorrow: youth on the cybersecurity job market

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> MODERATOR:  Okay, I think we can start and we have all necessary things ready.  I would like to welcome you all on the panel for Skills of tomorrow for the cybersecurity job market.  In today's session we would like to talk about what is the current situation at the job market cybersecurity graduates, so their education and high school and secondary school and different kind of courses, if it has prepared them well for what challenges this meeting on the job market, and if they have the necessary skills that actually the employers look for.

So, these are a few questions for which we will look for answers at our panel and our speakers will share their personal experiences, observations and also their opinions and ideas of how different problems that we can observe on this topic could be tackles.

Here today with us, we have the following speakers, and I will quickly introduce them.  The first speaker will be Teuntje from Netherlands and self‑employed translator and teacher to be, works as assistant manager for Insight a company that focuses on educating and empowering children on the and protecting rights.  She will give us a presentation about the research of Dynamic Coalition of Internet standards, security, and safety, which this research was an inspiration for today's panel, and this would be the first time we could hear some parts of this research publicly.

Then I think in an hour there will be an official announcement of the research, but here we will have some kind of teaser and we will have selected issues from the research.  Then also we have coordinator of Polish Internet safer and researcher in the field of digital technologies in the context of cultural phenomenon and cultural practices and in the field of child and online safety.  She's also the author of publications and educational tools and member of International Working expert groups.

And 2018 listed among 100 persons recognized for the contribution of development of digital competence.  On the right there is Nancy Wachira from North America school of Internet Governance and a member of North America Regional Large Organization and has a Bachelor of Science in Business Information Technology and has over five years of experience as technical support, and recently graduated from two‑year diploma program in cybersecurity.

On further right there is Samaaila Director of Communication and cybersecurity expert association in Nigeria and cybersecurity professional with interest in cybersecurity, awareness and culture, digital forensics, Internet governance and leaderships, he provides training, consultancies, and advisory services to SMEs and startups within and outside of Nigeria.  He was listed as an IFSEC, global influencer in security 2022, under the cybersecurity professional's category.  He was also recognized in 2018 as the cybersecurity champion in cybersecurity experts’ association of Nigeria.

Also, our last but not least online speaker Mohamed Ali Jauhar a member of the youth standing group and computer engineer and an AI researcher currently studying for master of science in computer science with specialization in systems and artificial intelligence.  He's interest lies in the intersection of privacy, security, and AI.  He's a fellow at Open Minded, developing privacy and preserving AI tools.  He also holds the position of Secretariat at the Internet Society group.  These are our brilliant speakers here today with us we will have Teuntje but first we would like to ask two questions about the online tool of Mentimeter about how the research results will look like.  Let me share my screen.  Could you please make me a co‑host.  Okay.

Okay.  You should be able to see a QR code.  You can scan with your phone or go on www be menti.com and use 2677 6310.  I will give you a moment to do that.  It's one more time, www be menti.com.  Code is 2677 6310.

Okay.  Let's go to the first question.  Still if somebody hasn't joined already, you can see.  Yeah.  Much better.  Thank you.  Here is the first question.  I think I can move this.  Please put your answers here and I will quickly in a moment show the correct answer.  Okay.  One more minute.  I think the statistics stopped ‑‑ oh, okay.  You are making it difficult to get the perfect moment to show the answer.  Okay.  Let me show it.  Yeah.  Most of you choose correctly.  It's problem‑solving and team work.  So, let's get to the second question.  Okay.  10 seconds more.

Okay.  Thank you to everyone that filled out the poll.  The correct answer is cybersecurity manager.  Okay.  (Laughing).  I'm sorry.  Doesn't count.  7 people actually chose the correct answer.  Now I'm passing the floor to Teuntje who will explain more why we have results as these ones.  The floor is yours.

   >> TEUNTJE MANDERS:  Thank you.  You can start the presentation.  Yeah.  My presentation is starting and Amelia introduced myself but I will do that as well.  I am from the Netherlands, and I actually studied translation, and while working at a freelance translator I translated a workbook for children on how to use the Internet in a safe way, which passwords to use and not to use your birthday for everything, and I realize I found that super interesting and it really became a passion of mine, which is why I was sent to the IGF, and this is my first IGF, so thank you all for being here.  Yeah.  What I'm going to be talking about is the research with I did that the IS3C and that is about closing the gap between the needs of the super security sector and skills of tertiary education graduates.  Now, quickly something about the IS3C, the IS3C Internet Standards and Safety Coalition.  Set up here in IGF 2020 by my colleague and there are now six working groups working on subjects and mine is one of them.  The research we did consisted of three different steps.  The first step was conducting interviews with cybersecurity industry leaders in 16 different countries.  The next step was desktop research and final step was a survey that we sent out and received answers to from respondents over 65 countries.

The interviews consisted of 3 categories, that existed of competencies, requirements, challenges, and best practices.  The result was this model of transversal and professional competency, and next was survey.  The survey was to collect quantitative model to confirm the model that we have here to define the gap that there is and collect further examples of good practices.

So, the report isn't officially presented yet, so you all get a very secret sneak peek.  It will be presented in like 20 minutes, so I have to apologize because I will be needed there.  But I'm going to give you the results already to make up.

What we learned from the research that we did is we got a clear image of the transversal and professional competencies that are needed in the cybersecurity industry.  The rating of transfers of competencies of graduates in the cybersecurity industry is rather good to average.  There is certainly a big interest for the subject, and less than 50% of industry rates the level of graduates as too low or moderate.  The impact on companies is big, and as I and probably you as well heard multiple times during the IGF is there are too little women and too little youth working in the sector.  And to conclude all of that, yes, there is a gap.

However, the IS3C also came up with some recommendations, and the recommendations that we noted is to improve education and training and to make teaching less theoretical and more connected to everyday issues.

The awareness needs to be raised ‑‑ no, I'm sorry, the importance needs to be attitude of cybersecurity at all levels of education and cybersecurity is a personal responsibility like health and well‑being and it should be included in education ‑‑ in the education curriculum at all levels of education to make the Internet a safer place.

Next, the collaboration between industry and education must be improved.  This will make sure that education stays up to date on emerging technology trends, has greater access to up‑to‑date resources, and a better understanding of the current competency requirements.

Then diversity needs to be boosted.  Women and young people must be encouraged to work in the cybersecurity sector.  Diversity is necessary everywhere, but as in the technology.

Lastly, the recruitment procedures must be upgraded.  A career in cybersecurity could be more attractive to young people, especially girls, if during their childhood and teenage years they could discover the exciting challenges, opportunities, and flexibility that this field has to offer.

So, what the IS3C can do here and what we plan to do in the future is that we could set up a hub that could act as observatory of good practices and ensure ongoing dialogue.  We could help raising awareness in industry about the advantages of establishing a closer cooperation with education sectors for exchange of information in order to support development of better adapted teaching programs, and we could help with capacity building to promote knowledge sharing across sectors, for example, through train the teacher programs.  We could help encouraging and supporting the education of the under 30 group and women in capacity building ‑‑ in capacity‑building programs developed with representatives of industry.  And we would support the revision and update of education curricula and development of targeted teaching and learning resources.  Perhaps the last one ‑‑ oh, no you can see it there.  The last one would be setting up a training program for the Global South.  That was basically it on the report.  As I said, I will have to leave in a bit, but please feel free to reach out to me either on LinkedIn on the email address that was just shown or through the website.  The report will be visible there as well soon.  If you would like to share any input on education if you're from the cybersecurity sector, these steps we can still are to take and we can always use input, and we can also always use funding, that is my remark.  Thank you so much for giving me the time to say this, thank you for listening and back to you.

   >> MODERATOR:  Thank you.  I think it was a very interesting research and presentation.  I think it's an honor that we were one of the first audiences to hear it, so thank you a lot and don't worry about going to the other session.  We totally get it.

So, with that, I would like to move to the next part of our panel which is the first round of speaker inputs.  The first speaker will Nancy Wachira, please, the floor is yours.

   >> NANCY NJOKI WACHIRA:  Thank you.  Hi, everyone.  It's a pleasure to participate in this session.  I am so glad because Skills for Tomorrow and being a youth in the cybersecurity market is something that young people we are looking forward to getting into this year, and it's good at that we have this conversation so that those who are coming after us can have a perspective on where to begin and how to grow in the journey, so my perspective about what areas to observe or have experience in cybersecurity market to begin with, most programs that we get into cybersecurity will start by being taught by going through emphasis of security planning and compliance and maybe learning more about auditing and getting real skills and deeper technical perspective, landing in cybersecurity and how you can skill up to even contribute in policy meetings.  Thank you.

   >> MODERATOR:  Thank you a lot, Nancy.  Now I would like to give the floor to the online speaker, Mohamed.  Mohamed, the floor is yours.

   >> MOHAMMAD ALI JAUHAR:  Can you hear me?

   >> MODERATOR:  We can hear you.

   >> MOHAMMAD ALI JAUHAR:  Thank you.  Thank you for giving me the opportunity.  So, I would basically like to talk about the landscape of cybersecurity education in India.  What happens in India is that the first thing is that cybersecurity is (?) in India.  The reason is that we don't have that much good cybersecurity integrated programs, first of all.  And I mean, there are the problems for cities like the incentive is not there, or actually we're seeing current cybersecurity (?), and not a very clear what was there for to follow with any potential ‑‑ if I want to become a cybersecurity expert or cybersecurity professional, I don't have any ‑‑ (speaking softly).

When we're talking about hurdles in particular, one survey that was already highlighted is that we have a lot of gap in the data at the universities and that we actually acquire in the job market so what I would say is the biggest hurt is that we need to close this gap, close this ‑‑ remove this barrier of the difference in the landscape of what we have in the university, how we teach the students, what we teach them, and what actually comes in the practice of industry or in the government.

So, with that, I would like to pass it over to the next speaker and we'll come back to my points later.  Thank you.

   >> MODERATOR:  Thank you, Mohamed.  I give the floor to Samaila.

   >> SAMAILA ATSEN BAKO:  Thank you for having me on this issue.  I think like most of you have realized, the issues would vary from one country to another and so some people talk about barriers in terms of lack of opportunities and lack of educational programs in the universities.  For instance, in my country, I think there is about five schools who has programs and I don't think any of the programs are five years old.  So, you can imagine in a country where we have about, I think, over 14 young people using bank accounts who have to use Internet banking and things like that, or how ‑‑ who or what people are supposed to protect the infrastructure in the banks, right.  So, we find out that a lot of people who are working in the sector properly outside of the country and maybe in Europe maybe come back home to try to fix things, so that's the situation there.

And I think also because of the lack of, what I say, seamless integration of academic industry, a lot of skills today are not really relevant in today's application.  So, in situations today where the curriculum is outdated and there is no political will, in quotes, to fix that and to make it modern so that it can solve people's problems, and we also don't have a situation where industry, for instance, maybe the banking sector is seen to disclose.  We need these three core skills to fill these kind of gaps because it causes loss to the economy and banks, and at that doesn't transfer into revised curriculum, so there is that gap.

There is also the issue of poverty, you know, and people want to gain cybersecurity and how many of them have computers.  I don't want to go into the issue of infrastructure, but I'm sure we all know that's an issue in Africa.  I'm going to stop there so I don't raise too many issues.

   >> MODERATOR:  Okay.  We will have two more rounds of inputs to touch on them.  Don't worry.  And now I'm passing the floor to Anna.

   >> ANNA RYWCZYNSKA:  Hello.  Thank you very much.  Hello, everyone.  Actually, the gaps of cybersecurity is an issue of such a great concept as per example life‑long learning, like for example myself.  When I started doing the, there was no social media at all.  When I started public relations manager in CSR, there was no social media at all.  So, like we really must have an ability to adapt, otherwise we cannot exist in the profession that appears in the future.  It touches such great concepts as inclusiveness, right, like we've heard in the very beginning, and like openness to innovation and change, and actually digital technologies also enter all parts of life, so like everyone, all citizens even in personal and private life, some issues related to cybersecurity, to safety, to technical security, and of course therefore we need more and more and more experts.  That's why we sit here, that's why we think, because it touches our life.  It's not something like oh, let's find experts in cybersecurity....  It's our life!  It's so much related to cybersecurity, our money is related to cybersecurity.  That's why it's so crucial that we talk about it.

And in this debate, I represent the area of the developing digital skills of young people of children, and mostly from the perspective of their safety but as from the perspective of raising and developing the digital competencies.  We run Polish safer Internet center and it's a safer that has awareness activities, but as helps kids in everyday life related to cyberbullying when they face hate, we have helplines for them, and we also deal with legal content.  So, these are the actions that we do all the time, but as doing the awareness part.  We, of course, deliver to schools lots of materials.  Before we deliver the materials to schools, the resources the teachers need, we check what they need, we check their biggest challenges, and I would like to share with you some data that we got from the recent report, from the recent like it was a little research we've done among Polish teachers, and what they said is 30% of teachers say that the area of online safety is absolutely discussed in schools, and almost 30% say there is a lack of teachers with appropriate competencies and this is the huge problem because when we have experts in cybersecurity, they don't go to school, especially they don't go to primary school, and of course depends on the country, but in Poland, teachers earn really little money.

So, as can you imagine, they are not full of cybersecurity experts.  Almost 30% ‑‑ no.  Now we go.  Almost 60% say that the curriculum is not adapted to the technologies of the environment so it changes not fast enough.  Almost 60% say there is no time in the curriculum to properly develop the subject.  Even if there is a competent teacher, she or he would say I have completely no time.  I have like maybe two hours a week, and that would be a lot to talk about safety.  And they know that they need absolutely more.  And all of them, they are absolutely sure that this topic is absolutely crucial, and they need to initiate students’ interest in this subject and in developing their careers in these directions, and they are also totally sure that it should be implemented from the various levels of education, and this is also what we've heard from the report.

And teachers point out also the important role of parents, because it's also crucial to have awareness to know that they also have basic passions and interest because we can't have all cybersecurity experts in the world and but if they have potential, they can also help schools and kids into developing those passions.  Therefore, still lots of challenges, we see challenges in front of schools, and really like primary and secondary schools because this is when it all is starting to happen, and the big challenge is at home.  Thank you for now.

   >> MODERATOR:  Thank you.  Without any further delay, I am starting the second round of input from speakers, so the order will be the same, so Nancy?

   >> NANCY NJOKI WACHIRA:  Okay.  I also have a perspective of the question of how official education part has prepared for career in cybersecurity.  So, to my opinion, as a young person, you might be the most technical and capable applicant in an interview room, but you might not be able to get the job in cybersecurity.  The reason is because we have similar and well‑developed set of skills that young people need to acquire, not only technical skills to enable them to get a job.  So, if you're a people‑centered person, employers are looking for technical skills as well as knowledge but as looking for someone who can get along with people and someone who can work in an environment with diversity and still deliver results.  So as young people, we need soft skills more, which we call them human skills, and apart from the technical skills of being in a job.  Thank you.

   >> MODERATOR:  Thank you.  The next person speaking will be Mohammad.

   >> MOHAMMAD ALI JAUHAR:  Great.  I would just like to first comment on what was said.  So, yeah, I agree that the landscape that we are living in that we are working in changes a lot, so we need to be quick to adapt to the changes that they bring.  And also, one point that you said that is maybe similar it what is happening here as well, is that the quality ‑‑ (Speaking off mic).

I guess that is because of the immense brain drain that we have in almost all fields in India, so maybe that is the effect of that, but yeah, we have for example a lot of good technical institutes, but the issue is that most of the technical institutes, they have very specific research capabilities in cybersecurity and they all work kind of very ‑‑ not in a very innovative way, so that the future is that we don't have a very good program.

Also, in the interest to the point I would like to say the problems stated about Nigeria, especially regarding the lack of courses and programs, at universities maybe when they actually have the programs, they're really new.  I mean it is a problem that is like synonymous with the whole Global South, and even in many European countries we see that there is a problem that is ever there.  And what I see particularly in the context of India is that the reason behind all of these problems may be currently that I would not like to actually look at further field but what I'm saying is because of the popularity of artificial intelligence and data science, so most of the programs right now focus on these topics only.  I mean, that makes sense financially, (?) but for the ecosystem.

Then the job market there is a catch .22 where companies don't want to invest in the cybersecurity role and the thing is that the kind of jobs that we have, they are for example ‑‑ wide capabilities which I can enter in to become a cybersecurity professional but companies are not willing to take that bet.  They are to take additional training programs, which sometimes like cost even greater than full accredited program.  So, all of this set disadvantage in the job market and a lot of unfull for service degree professionals in India and more than 50% is left unattended right now.  Okay.  I will stop with that.  Thank you.

   >> MODERATOR:  Thank you.

   >> SAMAILA ATSEN BAKO:  I think I will continue from where he stopped.  He mentioned something about lack of entry‑level opportunities, and again using Nigeria as the case study, we see situations where a lot of companies all want to hire people who have about maybe 6 or 8 or 10-years’ of experience in the industry, and for one wants to hire someone with 0, 1, or maybe 2 years of experience because nobody wants 0 talent.  They want finished products and they want someone that can come in and wow everybody.  What happens over time is you have an industry where some people who can't find jobs end up going back to software development, you know, going back to similar industries or other emerging technologies like Blockchain, for instance, or things like that because they see at least they can freelance and do some of those roles and get paid.

The issue now is that over time when those skilled people decide to upgrade, maybe go to Netherlands or Canada or UK like we see every day now, those vacancies become open and nobody with 4, 5, 6 years of experience to fill the roles and that's why the report, which is quite accurate, that the roles to fill the manager is that is very true for many countries because a lot of times those people are ‑‑ you can imagine 50 companies fighting for the same 10 people.  So, you work here for 6 months and you get a new offer.  They are literally begging you to take the offer.  You ask what you are you earning?  We'll double it.  No one wants to start with the person of 0 experience or 1 year or 2 years because they don't want to spend the time training the person.  There is also the fear that if I train the person, then the person leaves.  If the issue is if you don't train the person, then the problems persist, right.  At some point in the industry we need to be honest with ourselves and realize we need to do these things to create what we call a talent pipeline where you have people who are doing internships while they're still in the university and people doing internships before the university so they get insight into the area, and they're just not coming out of a classroom where they're taught by lecturer and taught practical skills gained during internships and if the educational sector improves or curriculum becomes better, then we have them learning practical skills using real‑world tools that they eventually get to use on the job because there is a huge difference between what is in class and what is in the industry.  Employers spend a lot of money and time having to train, meanwhile they want someone to hit the ground running on day one.

Second thing is HR processes, and happy to report this issue because this issue is mostly HR problem, human resource we're talking about, right, and happy I was in a session not too long ago with some HR people, right, and we were talking about this kind of topic, and I was surprised and impressed to find out some companies now are reducing barriers to entry.  What do I mean?  They're reducing the, relegating things like maybe master's degree to the back, it's not number one requirement, not compulsory, it's now like nice to have.  Right.  We are seeing situations where employers are now changing positions so they're testing for your actual skills and not just asking you the general question that anybody can Google and know the answer and pass an interview, because I tell you like, there are like five questions that you come across in every interview in any country in the world, can you ask and they will tell you.  So how do you do the good ones if anyone can Google the answers and know the questions you're going to ask before the interview.  So having people refine their processes to test if the role says, if the role is for what we manage devices and logs and response incidents, ask questions along those lines and may even give practical session to show you have those skill.  So, I think if the HR processes keep evolving in this way, then there are less likely ‑‑ we are less likely to have this gap because more people who are with the rules will be found and hired.  Thank you.

   >> ANNA RYWCZYNSKA:  In this opportunity I would like to go back to the problematics of inclusiveness because actually the key element, one of the key elements of reaching the cybersecurity experts, but love all of reaching the holistic perspective to the topic, to the holistic perspective of the problem and wide perspective also of the needs of society is to be inclusive and have more women.  That's what we've heard in the report to have more women this cybersecurity environment within cybersecurity experts.  It has also another dimension, and many you have known, women are also vulnerable to some certain types of harms that happens online, and it was also said during many of the IGF sessions that women offer suffer more from sexting situations especially when the material leaks than women are most frequently the really big victims of situations.  Women are often attacked online, women are often very victims of, sextortion so having more women as cybersecurity experts might be even better for the better security of girls using and women using the network.  And prevent these dangers.  And of course, as we said before the effort to bring them, must have started at the very early levels of education, and they should be especially encouraged also during the computer classes because we know also from the research that very often, they're not so much paid attention by the teacher during the class, that is boys who are more paid attention.  There is a lot of like cultural bias in all of these processes, and very often the IT teacher ‑‑ and very often at home and we also know it from the research and I know it by myself from the ITIs, the interviews I've done within one of the research that I've done with the families, it was the research about the IT practices at homes and really it was in Poland but I think it also happens in many other countries and these are those who buy technology, decide what technology to use, who if I cans all the IT tools at home, so we still have ‑‑ it's really quite a gender‑based activity and doesn't make girls to be more like actively participating in this part of technology, even at home.

Academia has also lots to do because it is said that if you see like role models or if you have like a professor in academy that would be for example a woman or representative of minority, then it gives like good example to the students that they can also choose this path.  It's also very good to involve succeeding representative of authorities to speak to students to show how they could do it, how they were able to succeed.

However, of course, the problem doesn't stop there because we have ‑‑ we can have lots of willing and women that being ready, even coming from the education, like really ready, but then we have lots of managers who don't know how to be inclusive and are not really open.  So, we need lots of trainings for managers and businesses still.  We think lots of things have been done, but there is really a lot to be done if the future as well.

   >> MODERATOR:  Thank you to all the speakers for the second round of input.  Now I would like to ask our audience both on site and online if you have any questions to our speakers because now, we have to moment to ask them and those online can write it in the chat and those on site can raise their hand.

   >> AUDIENCE MEMBER:  Thank you so much for your contributions.  I really enjoyed them.  My name is Ethan.  I am a tech lawyer at Access Partnership and also in ISOC, IGF Global Youth Ambassador and my question, I have a question and a statement.  The question is really speaking to the cultural aspect of things, and maybe I'm talking in an African context, but what can we do to address the cultural barrier to accessing the cybersecurity job market?  I mean if you ask my parents, they would have told ‑‑ they will tell you and they told me that I should be a doctor are a pilot, you know, so we have these things as Africans, these career points that we are expected to take because those are the ones that we know, and those are the ones that we're comfortable with.  And perhaps that links to a point at that one of the panelists was talking about, which is around poverty because those are the, again, career paths that we know are stable.  So, there is a big cultural, essentially my question, there is a cultural aspect to this and how can we address that to ensure that going forward, there is excitements a a youth.  If I'm excited about being in the cybersecurity sector, there are support structures around that in the cultures and communities to encourage participation in the sector.

And then the statement is really on more practical terms and I think we should and we can as a sector just say there will no longer be unpaid internships in this sector because, again, it links to this whole story because if now I'm trying to do the cybersecurity thing and I've left the whole doctor and pilot course, and it's not as stable and it's not working out, and I'm not being paid as a young intern trying to get the experience that I need to be valued in this sector and skillsets I need to be valued in the sector, it's a hard journey, and often many of our youth are turning away from it.  These are conversations we can speak on a personal note and conversations we've had with many African youth around this and they end up just going back to the traditional career pods, and then they also in turn tell their kids, no, you must be a doctor, you must be a pilot, and that's not to say that we don't appreciate the doctors in the room and pilots, but effectively there are practical issues too.  So cultural and practical issues and what can we do about that is my question.

   >> MODERATOR:  Everybody wants to respond.  Now just very shortly and I will pass to another speaker.  Very shortly, I think all of what you said is a matter of awareness.  Actually, the sector of cybersecurity is for example in Poland, it's very much understood as a sector with lots of money, so we don't need this kind of explaining to the society because yeah for the IT people there are always some job waiting, and it seems like a really, really stable job.  But awareness comes with ‑‑ comes with cooperation and with alliances, so the best way is always to build a big network of stakeholders, to have on board government, non‑governmental organizations, and to have media and then like building, but real, real alliances, real cooperations so we can get to the people we would like to pass.

>> I mean Anna physically said.  I won't touch on awareness anymore.  And I like what you said about as an industry agreeing to make the job worthwhile, you know, for the employees, you don't want to hire someone and say I need to work three more jobs to feed myself, they wouldn't give their all in the office because they're thinking jobs they have to do and close to run to the next job.  If you really want, I think what the point is if you want people to be focused and want people to give the best on the job, then the job needs to be worth the while.  Remember like I mentioned earlier, remember what we were calling the engineer or (?) mass exit, we're having the most skilled tech people leaving the country for better jobs in other countries, and so if you don't make the work environment enticing, if you don't make the financial benefits enticing or other benefits, you know, how do you want to attract the best talent.

So I think another thing that is truly that can be done, and I think which we are already doing in Nigeria, we've had conversations within ourselves, at least some of us who are familiar in the NGO space, and we're trying to see how we can create opportunities for this internship, and we're talking to our trends, CSOs, CTOs, CEOs, and can we create certain internship for three months, four months, six months where the young people can come, do you have room for one more entry‑level person, and then to pig‑‑back on that, we have a lot of people now organizing mentorship programs, organizing webinars for entry‑level people and I've spoken about four or five alone, so there is that much effort and collaboration within the industry to create, you know, build the skills in these new ones and also create opportunities for them to get to work because that's ‑‑ because everybody wants to be able to earn a living.

   >> MODERATOR:  About the cultural aspect of the job such as cultural doctor and lawyer, I think it will begin with our mind set and educating those ahead of us, those who may not have a different perspective about new jobs in cybersecurity and maybe they haven't seen successful people in IT who make good money like maybe those who are doctors and lawyers.  So, a different perspective of mindset will also help us overcome the cultural bias.

Thank you.

   >> MODERATOR:  Thank you.  Also, Mohammad, would like to say something?

   >> MOHAMMAD ALI JAUHAR:  Yeah.  I mean to talk about money all the time, that is good what we actually want.  But what I say is that in the future, a lot of cybersecurity jobs by the comments because cybersecurity is like a two‑way and a lot is happening and we need defenders like maybe the financial institutions and we also need protection in the public space as well.  So, what I would like to highlight is that apart from the money, we also have a kind of prestige perspective as well, and in that sense maybe in the different areas and more in general they can have as same contribution to our society as cybersecurity professional working for the government or government agency or maybe government entities that maybe a police officer to the people and country and everything.  We also need to look into this aspect because honesty in the future, more jobs will be created but cybersecurity professionals in the government sector, then maybe in the industrial sector.  I guess that would be a good incentive as well.  Thank you.

   >> MODERATOR:  Thank you, Mohammad.  I hope the speakers responded to your question.  And now we have another hand up in our chat, so Nicholas, can you take the floor.

   >> AUDIENCE MEMBER:  Good afternoon, good morning, good evening to everybody.  My name is Lenin, I'm Internet Society youth ambassador and happy to also be a lawyer who is interested in tech law.  I have a master's in tech and telecommunications.  I wanted to respond to the cultural question that my colleague Ethan asked.  I think that those of us who have younger siblings have a role to play in shaping our parent's perspective on what are considered traditional and profitable professions.  What I notice is that my parents, for instance, take my order in what I have to say as an elder, but very important when it comes it my younger sibling’s trajectory of education, and so personally what I have done is I have younger brother that is about 10 years old, I enrolled him in bootcamp and on vacation he goes to coding classes and does this.  He started designing stuff.  And I notice that my parents were getting fascinated by the fact that he can do those things.  And I was also realize particularly within cybersecurity when you learn the skills early enough, you actually are able to do gigs and make money with it even before you're formerly employed into a sector, so I would encourage particularly those of us on the African side that those of us with younger siblings should make it a point to expose our younger siblings to acquiring these skills early so our parents can perhaps see the value of those skills in order to reshape the perceptions of the traditional doctor and lawyer roles.  Thank you.

   >> MODERATOR:  Thank you.  Would any panelist like to respond or somebody in the audience?  I saw somebody.  Yeah.

   >> AUDIENCE MEMBER:  Good afternoon, everyone.  My name is Cynthia and I'm one of the ISOC Ambassadors 2022, and one of the founding leaders of the Association of Privacy Lawyers in Africa and I would like to contribute to the discussion that you are having today.  I really get excited when I get in rooms and discuss cybersecurity because as a woman, I'm one of the beneficiaries of Cyber Safe Foundation a foundation in Nigeria and I was trained in cybersecurity, and with my background in legal, it really becomes difficult to prosecute matters touching on cybersecurity in court.  The program gives me an opportunity to understand cybersecurity governance, risk, and compliance, and what really got me excited was actually analyzing a malware and conducting an analysis of skill that I couldn't learn in law school or anywhere else, but with the program I really appreciate the Cyber Safe Foundation CEO and it's being trickled down to other African countries and we're even having one of the programs starting next year in Kenya, and I'm open to mentoring more youth because I meet very many young women asking me how did you get into the space.  It's an exciting to be.  My phone is always ringing because people want me to work for them, but it's only one here and we really need to have the capacity and have more women in the space and youth in the space and even children.  And adding to what Lenin is talking about in terms of cultural perspective and changing it in a professional setup, then we have many students joining universities, but then they tend to take up courses that are not really current and the old regime courses, as they are said, but then with advancement in technology and digital advancement, it means we really need to take up courses that are relevant and applicable to the current industry standards.  Yeah.  That's my contribution.  Thank you.

   >> MODERATOR:  Thank you, Cynthia.  Do we have any other contributions from the audience on site or online?

   >> AUDIENCE MEMBER:  Okay.  Good afternoon.  I mean this is a very great panel.  Yeah.  My name is Samila from Gambia once again.  I just have a contribution to actually make.  I learned a lot from here, but as I want to take Gambia as a case study.  In my country, we have less than 5 cybersecurity experts that I know of, so yeah, so I work for the government, I'm in Civil Society and I do a lot of things.  So, like you mention, you receive a lot of job offers outside, you know, always travel to Ghana and other places.  But I mean around two years ago, there is something that you know we came up with that is trying to give back to the community, and this obviously involves our includes us if the government doesn't change the curriculum, like can I think of taking the curriculum to the government or to the institutions or schools.  So, what we did is created a community, you know, a cybersecurity community and started creating hubs in universities and colleges.  So, you see you will have students that are studying HR, and we cannot tell them you know what, cybersecurity is not all about technical, like, and you have other areas that HR people can come into.  You know, and that has actually proven to be very, very useful.  And the other recommendation that I think I would want to make is that from within, you know, not just our country but within Africa, we should create synergies and also connect.  But what I mean by this is that we are very limited, you know, experts in the whole continent, and you have a whole lot of job opportunities, and also have a whole lot of people that want to join the industry but they don't have people to mentor them.  So, you see, and you know five people experts in a population of 2.5 million people, you know, it becomes very, very difficult to mentor all of those people.  So, when you open application, you know, for people to apply, you have 100 people, but just 20 set, you know, and you're denying almost 80 people access to the same industry.  So, the other thing that we did is, okay, you don't have to, you know, be a cybersecurity expert to work for a bank to earn money, so we kind of introduce bounty programs that are some of the online jobs that you can get to have but for all of these you need mentors, and when we great the synergies in Africa alone, it will make the world easier and we'll have more people entered into the industry.  And this is actually showcase something two weeks ago when central bank was hit by ransomeware you have only two people in the country to go and check that.  So, you know, I mean the government is new thinking, what are you going to do about this?  And I'm too busy somewhere, someone is too busy somewhere, and they have to import people from the U.S. to pay them a huge amount of dollars, you know, and the bank probably will be bankrupt or maybe the company will go.  So, you see that this is a challenge, you know, so thank you so much.

   >> MODERATOR:  Thank you a lot.  We also, okay, here is one more hand.  Firstly, there was a hand here.  We'll go this and this.  Here also.

   >> AUDIENCE MEMBER:  Hello.  I am Aris from the Philippines.  I think I am the furthest person in terms of geographically here currently, and what sparked my interest is earlier when I was listening to the presentation, it was mentioned there that learning, you know, the awareness level of students whenever they are going to start learning up to the part where they're going to go into their respective careers, it's really important for us to be able to maintain digital competence and include it with regards to ‑‑ because digital competence also includes safety, and when we talk about safety, cybersecurity an also included there.  So, if we are going to maybe include it ‑‑ I don't know, it would be not really a framework because we really cannot force governments, just like what my friend here mentioned earlier.  You cannot really force governments to provide guidelines for us to be able to shape up the curriculum, but you know at schools, they can do it on their own little way.  There are a lot of frameworks out there, and they just have to get some of those and apply it with themselves, and it would be really good to ebbing pose students as young as they are with concepts of cybersecurity.  With regards to the cultural thing earlier, maybe that, if we're going to start early, they might change perspective because they might get interest while they are learning it from the beginning that they started learning, and it will be more developmental because the curriculum is saying so.  So, if they would be able to get that interest, it would really not very, very difficult for them to go into that field.

But one thing that is really, really important is that we really need to give opportunities for these specific students to learn and also maybe to practice what they have learned because if we're not going to give opportunities for them, that will be very, very difficult also.  You know, it will bring down their interest.  Thank you so much.

   >> MODERATOR:  Thank you.  We have had hands up somewhere in that area.  Two hands up.  Okay.  Who was the first one?

   >> AUDIENCE MEMBER:  Good afternoon, everyone.  My name is Simba and first, thank you very much for allowing me to put through a couple of comments.  The first is I'm very encouraged by this panel because there were more women than men, (Laughing).  For that reason alone, I'm encouraged that the world is headed in the right direction.  (Laughing).

My questions are sort of a reflection a little bit on my colleague from Gambia, and his point around the bank and one of the things I was raising is I think I suspect and you know I asked ‑‑ I'm not really in the cybersecurity space at all and I work with SMEs, particularly those in green infrastructure and trade.  And I think one of the things we've found when asking them about cybersecurity because we're looking at those who are in the digital space a little bit, is you know what are your thoughts around digital and around cybersecurity and very few of them have anything to say about that.  And so I suspect there is an issue of having not been burnt, you know, so even a national government is waiting until their fingers get burnt.  What more for some of the smaller players in the space to act?  And I think my first question then is how do we encourage them to act before getting their fingers burnt, you know, the proverbial parent telling you not to touch the plate.  How do we tell the SMEs this?

And then a second point around that is the creation around the talent pipeline.  I like the idea of the talent pipeline but find it at odds with the idea of unpaid internships, particularly with the small business, and I think there is a role that small businesses can play in the development of particularly those with very little experience, and I would just like some comments around that, you know, what role do you think small businesses can play if the training of, particularly the unexperienced?  Thank you.

   >> MODERATOR:  Thank you a lot.  We will collect just one more input.  Then I will pass the floor to our speakers to respond.

   >> AUDIENCE MEMBER:  Thank you so much.  So, my name is Monisala from Ethiopia.  I am a manager of Elavite, a tech company.  So, currently we've identified all the problems and solutions regarding cybersecurity, and most of them ‑‑ most of the problems being the lack of teachers, resources, opportunities, infrastructures, and so on.  And some of the solutions that we've come up with are motivating the youth, especially women, working on education, internships, awareness and so on.

So, one of my questions is, why haven't there been a platform where cybersecurity enthusiasts can come together and share information regarding cybersecurity?  It could be creating opportunities for each other or just sharing normal information with each other because awareness only I don't think that will cause a lot of good progress because with the tech information that the youth have, it's easier to be ‑‑ it's easier to cause harm and be like a hacker and then sell information on the black market.  Like they could make millions because they lack this source and awareness and this internship opportunities now we've discussed about, so can we create this platform where the youth can come together and share knowledge with different generations that have like already made it up there and have like the jobs, the descriptions, and so on so we can reduce the cyberattacks.  Thank you.

   >> MODERATOR:  Thank you a lot for all the questions and all the inputs.  So, now I am giving the voice to our speakers maybe in the same order as previously.  Nancy, start here.  Okay, Anna, you are chosen to be first one.

   >> ANNA RYWCZYNSKA:  Should we now address what we have heard to come up with final statements in what moment we are in okay.  Oh, my God it was so many interesting things coming from the room.  I thought with the colleague from the Philippines and what you said about the education, this is the field of my competency, so education is absolutely crucial so then you don't have the cultural bias because you learn from the very beginning.  I'm not sure if I caught your idea well about those fingers burnt, but I would like to concentrate also on parents, because about parents and fighting, there is also cultural bias.  We have two observations.  They would all like to be guardians, like to protect or make their kids addicted.  They are very ‑‑ guides like they don't see themselves as the guides online as well, the guides of how the kid can be expert in technology.  They all give phone, smart phone especially, give technology and leave alone or just perceive as protectors, just not to happen something bad there.  They also need to be the guides also online like they are guides offline on how to develop, how to become professionals in life, and what's also for me is very crucial are those trainings and courses because we said a lot about education and inclusiveness, and we have many people who really would like to become cybersecurity experts.  We have people who would like to change jobs because together with the digital revolution, we have many people who really will have to change jobs and adapt to the world that is changing.  But it's a crucial ‑‑ it's a huge problem because as was said in the report, it was also said here I think among also speakers, that there is a huge expectation even for the entry‑level employees, so the industries always expect and the companies expect that you will come with a lot of experience that you don't actually have, and so some free courses, free trainings, cooperation between many different institutions to be able to finance also those trainings is really, really in the future important to get really cybersecurity people and to get cybersecurity people to the places they're really, really needed like we've heard here that there is only a few of them, and the needs are absolutely enormous.  Thank you.

  >> MODERATOR:  Thank you a lot, Anna.  Maybe now I give the floor to the online panelist, Mohammad.

   >> MOHAMMAD ALI JAUHAR:  Thank you.  So, what I would like to say is at that we're talking about cybersecurity because for the security of the data space that is intertwined with our physical space and we need to have a very competent cybersecurity professional and pool of cybersecurity professionals all over the world.

So, what I am think something that we cannot solve this issue if we take different issues separately.  We need to think about it in a more holistic way, and perhaps we need to create an ecosystem, perhaps an ecosystem of the amount of cybersecurity professionals, and responding to that they should have few good training programs as well important than other diploma or others.

What I would say is if you take an example of GDPR, what it does was appointment of data profession officer, and what is required for every organization to have a DPO, and so what the GDPR created is a demand of around 75K DPO officers, and so what we could see ‑‑ what we could get from this pattern is that we don't have any security framework in most of the countries around the world and only a very few countries.  If legislation and parliaments and legislative bodies, we ask to frame or come up with frameworks for cybersecurity and privacy, they would in effect create in effect cybersecurity professionals enforceable by law, and in effect more focus on training of professions and with that a very good outline of cybersecurity institutions who are producing cybersecurity professionals and employed by the different organizes all over the country.  And to answer one of the questions from one of the participants, when talking about parents, it's a very big issue particularly as raised for small businesses, and many of them are not able to actually pay for internship but if we require a regimen where training can happen but without incurring a cost on the organizations, one option is that we could (?) academic credits or start internships, yeah, that could be one option.

Right now because we're getting toward the conclusion, like the recent developments of cybersecurity in India, they have data protection bill in India as well as for the telecommunication bill as well and what it has done similar to GDPR, it has also made it a requirement that every organization should have certain privacy compliance officers and similar post, and what I am ‑‑ what I think is in the future, it will create ‑‑ it will force the universities and other institutions to create programs to create such positions, and it will end ‑‑ in a sense it will create a lot of jobs and a lot of good pipeline for how healthy cybersecurity job.  That is my input.  Thank you.

   >> MODERATOR:  Thank you a lot, Mohammad.  Nancy?

   >> NANCY NJOKI WACHIRA:  I will contribute my answer to part of her question about young people and what they can do, apart from creating awareness in the cybersecurity.  I also think it's also an initiative by young people to reach out to those, at least, who have made progress in their year in cybersecurity to seek mentorship from them because it's different from when people seek something and when they are really curious to learn from those who have gone ahead, they can really benefit a lot and they can take less time to get to where they want to be than when they are trying to figure out everything on their own.

And then as young people, too, building our career to a level whereby we are open to taking initiative and putting ourselves out there to show interest in things that we want, that can really help us to move closer to our goal and to be professionals of today and not tomorrow because we are living today.  Thank you.

   >> SAMAILA ATSEN BAKO:  I guess I'm the one that will round up because I have the mic last.  Usually last everyone said all that can be said but I'll see if I can find some gaps as you were saying.  First of all, I won't say misconception, there is but there is that it's expensive.  In a real sense, it's however, there are inexpensive ways to go about security.  I'll come to that and SMEs in a bit.

First, I want to briefly highlight this role of government, no matter what ‑‑ in most countries if not in every country, anything you want to do has impacts nationally, the political will, policy, and many other things, the laws that we shape that ‑‑ shape and drive that initiative.  So, I think that's the role of government.  In Nigeria, occasionally we have some initiative, seminars, conferences, things along those lines to try to boost knowledge of the industry to raise the awareness like we're talking about here.  And so but there is still a lot more that can be done by government, obviously.  So, I'm trying to highlight the government has a role to play and not all the SMEs.

Now coming to the SMEs, you know, I feel like they have less to lose, I'm sorry to put it that way, they have less to lose.  It's perfect, it's like if I were to go and practice and learn, and so SME, I feel like you have ‑‑ there is more room for like an intern to practice certain things.  When you look at the environment, can damage production environment, worst case, but I'm saying that because the organization is smaller, there are fewer maybe computers to monitor or servers to handle, fewer things, for me I feel like it's the best place for intern to learn and maybe going from there they get into bigger organizations.  That's just my personal opinion anyways.

I think SMEs are more in number than the big organizations, and I mean if you want to compare how many organizations as big as Google, more than 500 or maybe 1,000 in the whole world, but number of SMEs that use technology in Nigeria alone, if everyone creates two technology positions that follow up with the interns looking for opportunities, that's again my personal opinion.

Then like so like I said inexpensive resource ‑‑ we have intensive resources that can be used.  A lot of associations give you tools for free, some trial period, some discounted or treat, and some spans into the education industry and now we have platforms like Trihacmi or hack the box and many others providing either free or cheap platforms that students can go and learn and they're able to interact with some environment that mimics the real‑world environment.  Excuse me.  So, someone who goes through that kind of program for four months six months, you expect them to be at an advantage than someone who goes to university to four years and just taught with presentations slides or marker on the board.  Right.  I feel like we need to leverage these inexpensive avenues, and coming back to the SMEs, like I say can leverage the tools and also ‑‑ I'm sorry I just lost what I was about to say.

Can you leverage the tools and there is a lot of content online.  Can you go on YouTube, and there are some podcasts that are daily, weekly, monthly, so you don't need to be experts to educate yourself on security.  So, for the SMEs, the IT guy or cyber guy can always get this free content online to equip themselves and this ties back to education.

And then on the question of collaboration, I feel like we're trying as far as we can to be honest and really in Nigeria and really to an extent in Africa.  I'm for the sure I go to every conference and try to think what we can do together and I think at the very least we have webinar on awareness or how to get into the industry.  So, I think some collaboration, and so however I think it's in part by funding, allow us to do these things out of pocket or voluntary, so you can expect that there is a limit the impact that you can make.  And then I also think that we're not enough, like my brother from Zambia, Gambia said that there are just about five top people, and in Nigeria, I think there is a report that said there are about 3500 certified, so it may be more I mean but the population is over 200 million, so, so yeah, so just before you start clapping ‑‑ (Laughing), so I think we're doing what we can.  So again, enough hands to mentor or teach, there are so many hours in a day and we probably all have day job, so we're doing the things in the free time with when we should spend with family and spend time or whatever we like to do.  I can't remember last point because somebody said about it.  Thank you.

   >> MODERATOR:  Thank you a lot.  So, I think that our speakers did a very good wrap‑up of our session.  So, thank you a lot for being here and Nancy, Samaila and Mohammad online, and a big thank you to the online moderator making sure for the whole meeting that our Zoom participants are not left alone without right to have a voice, and so big thank you to Pedro from ISOC Brazil and also thank you to our Reporter Rafal from University cyberscience.  Big thank you to the audience for being active participants and it was great to listen to your comments, thoughts, and for asking questions.  It is always good to have active people on site.  Thank you a lot, and I really hope that it was an insightful session for you.  Thank you.