Governments and the private sector have to do more if Canada wants to overcome the shortage of cybersecurity talent needed to meet online threats, experts stressed during a security conference.
While universities and colleges have in the past five years greatly boosted the number of cybersecurity-related courses they offer from 400 to 1,300, it’s still not enough, Michele Mosca, co-founder of the Institute for Quantum Computing at the University of Waterloo, told the annual SecTor conference in Toronto.
One group alone in Germany is funding 150 university faculty-level research positions in cyber security, he noted.
Meanwhile in Canada there is a lot of spending on what he calls “projects.” For example, the federal Innovation department recently announced the availability of $80 million in cybersecurity spending, which includes money for training.
“It’s a good start,” said Mosca, “but we need a lot more.”
The Information Technology Association of Canada, an industry trade group, has started a new talent alliance, and recently Rogers Communications, the Royal Bank and Ottawa’s FedDev Ontario agency announced a $30 million fund to create the Rogers Cybersecure Catalyst for training and research in Brampton, Ont.
“The bottom line is … we have to create more capacity,” Mosca said. “There’s no way we can keep up with what’s needed with the current investment.”
He emphasized that this has to change rapidly” so post-secondary institutions can do more training and R&D.
“The handful of us in Canada in this space are working hard, we’re busy starting companies, mentoring startups, advising government — you can’t squeeze much more out of the people we have.”
Mosca was one of four people on a panel discussing the security industry in Canada.
Leah Macmillan, Ottawa-based senior vice-president of global marketing for Trend Micro, said companies have to expand their search for talent, and nurture them when they’re found.
“We can’t wait for people to magically graduate,” she said.
For example, Trend Micro Canada has created its own seven-week certification training programs for recent graduates, some of whom may not know a lot about cybersecurity, and hires those with the most potential. That includes graduates from Queen’s University’s commerce program for business-related positions in cybersecurity.
Industry needs to encourage diversity on cyber teams, she added.
Stephan Jou, chief technology officer at Interset (recently bought by U.K. giant MicroFocus), a user behaviour analytics firm, said his company tries too contribute cyber and data science education material to Ottawa-area post-graduate schools. Other firms could do the same, he said, to raise the next generation of graduates.
Leo Lax, executive managing director of an Ottawa early-stage accelerator called L-Spark, said post-secondary institutions could also help increase talent by offering more continuing education and professional courses.
“We have to figure it out as an ecosystem,” he suggested.
The panel had nothing but effusive praise for the skill of cybersecurity talent here.
Jou raved about the number of Canadian experts in artificial intelligence. It’s one reason why the U.S government chose his firm — even when it was small and young — to be a supplier to “three-letter” agencies, he said.
MicroFocus bought Interset for its talent, not the number of customers, he said. And Interset is being turned into the centre of focus for analytics for all MicroFocus products, he added.
He described Ottawa, Toronto, Montreal as an “incredible nexus of [AI] talent not available anywhere else.”
Lax, who urged Canadian firms to help support startups, noted L-Spark has found several big companies — Telus, BlackBerry Limited, Solace and G+D Mobile Security — to back a proof of concept secure Internet of Things wireless platform for testing applications. Four startups have been provided with software development kits to create secure IoT products that can run on the stack.
Mosca noted the race to build quantum computers is providing many opportunities for companies to build quantum-resistant solutions.
As for whether that alleged Canadian trait of being nice is a help or a hindrance to cybersecurity careers, Trend Micro’s Macmillan argued Canadians have risen in the international firm in part because we “aren’t threatening.”
“I’ve been told we are politely aggressive,” said Jou. “That seems to have worked.”