Is HPE's required talent pool available in Ireland? How does HPE work to develop talent? Building relationships with universities etc
Across the world, cybersecurity talent remains at a premium and in some instances unattainable as there is currently negative unemployment in the sector. In fact, by 2022, it’s estimated the industry will have 1.8 million unfilled cybersecurity jobs. And as hackers and cyber threats grow more formidable, that’s a scary problem. To tackle this as we build our cyber team and our future pipeline, we focus our efforts on building new talent alongside expanding the skillset of our own subject matter experts.
To that end, Hewlett Packard Enterprise’s cybersecurity team has partnered with a number of third-level institutes along the undergrad, post-grad and PhD level security modules/courses. This initiative is really helping us grow a future talent pipeline across the full spectrum of job levels whilst demonstrating to our existing employees that we are heavily invested in building out their cybersecurity careers with HPE.
Currently, 30% of our current cybersecurity employees have completed or have commenced a sponsored MSc in cybersecurity from an Irish higher education institute, subsidized by the Irish government with the rest paid by HPE.
As we’ve grown our cyber operations over the last four years in Galway, we’ve both successfully upskilled traditional IT operatives plus recruited graduates from cyber (and non-cyber) technical backgrounds. Companies can’t afford to wait around for the perfectly well-rounded, seasoned cyber professional because the truth is they don’t exist – so we strongly believe that you must be willing to invest in fostering and training this talent both internally and externally.
In this respect, our annual graduate and internship programs have always proven to be a rich hunting ground for new talent. New graduates can expect to receive an initial 12 weeks of boot camp when they onboard into HPE to prepare them for cyber operations within a large enterprise, before joining a front-line function like our Cyber Fusion Center where they will receive an immersive and broad introduction to cybersecurity operations on-the-ground. After 12 months, we’re ready to rotate employees into other disciplines such as data science, advanced threat hunting, cyber intelligence, and risk and compliance areas.
We also have a return to work program aimed at anyone who wants to return to work after a career break, such as those who stepped away to have a family, relocated or were serving as caregivers. For the criteria, an interest in IT is a plus but we have candidates of many different backgrounds, experience levels and educational background apply, which gave us a really unique and diverse pool to recruit from. Most importantly to us, they all show a desire to learn about the world of security!
How does Irish talent in this sector compare with the USA and tech clusters globally?
Ireland continues to punch above its weight with regards to attracting and retaining talent.
Five of the top 10 worldwide security software companies are located in Ireland and we already have incredibly strong cyber clusters established in Cork and Dublin.
Having access to candidates from EU territories has also really helped to helped in providing us access to an additional deep and diverse talent pool. This cultural and thought diversity is key to building out any high performance cyber team.
Does HPE see long term value in engaging with communities, connecting and educating at grassroots levels; helping children in particular to stay safe in an increasingly complex world?
Yes, we do. Basic cybersecurity literacy is so important especially as kids become reliant and independent on the internet and social media. Regardless of age, we believe that everybody should have a grasp of cybersecurity fundamentals and awareness. And since children are getting online younger and younger, we feel it is really important to educate them on the consequences of sharing their personal data online early on. The internet is so much a part of everyday life now, and children don’t know what it’s like to live without it, so they are unaware of how their information can be used in a malicious way. We see long-term value in educating children at a grassroots level about cybersecurity because not only does it keep kids safe, it may spark a longer-term interest in STEM or cybersecurity that will inspire their future careers.
Can you outline projects like HPE’s work with Girls Scouts of USA to develop tech skills?
Our cybersecurity team – specifically a group of very passionate and talented women on our Galway team – worked to launch a curriculum and interactive online game called Cyber Squad, which aims to teach Girl Scouts fundamental cybersecurity knowledge and skills. The idea was to simulate the real-world impact of risky online behaviour, and to teach kids to take what they see on the internet beyond face value. In partnership with Galway’s Romero Games, we specifically decided to launch this in a fun, gamified format instead of your average training class, with the goal being to get girls excited about exploring STEM, and fighting the bad guys – in this case, the bad guys being cybercriminals. The game teaches them to safely and defensively navigate the internet, covering four key domains: personal information and digital footprint; online safety; privacy and security; and cyberbullying.
Girl Scouts who complete the program and game will receive a patch to display on their uniforms/vests certifying their newfound cybersecurity savvy and smarts.
We launched this program specifically with Girl Scouts Nation’s Capital, a local council of the Girl Scouts reaching the greater Washington D.C. region, and aimed at girls ages 9-11. But there has been an overwhelmingly positive reaction to both the curriculum and game, and we’re now committed to expanding the cybersecurity curriculum to additional age groups, schools and youth organisations internationally.
Locally, our Irish team have used the curriculum to teach children in Galway-based primary and secondary schools and to date, we have presented the curriculum to over 500 students and staff.
In 2020, HPE has plans to sponsor further cyber skills initiatives into local schools including more advanced areas including cryptography, networking and secure coding.
As Director of HPE’s Cyber Defence operations in Ireland, can you outline the general state of the landscape as regards the threats which hackers pose to companies and individuals?
Several of the world’s economic regions (including Europe) now consider cyberattacks and the subsequent business interruption as the greatest risk big business faces today. Relatively recent ransomware attacks like the NotPetya campaign are a great illustration of just how devastating attacks can be on businesses that are not fully prepared to repel and mitigate cyberattacks.
Arguably the threat landscape is morphing at its fastest rate to date and the level of malware attacks are increasingly in scale, speed and sophistication. Today, the scale of a data breach is just massive – we used to worry about breaches of maybe 10,000 records, but now we’re talking about millions of records in a single incident. And cybercriminals are now using tools like machine learning to accelerate their attacks and the speed at which they exploit vulnerabilities.
But perhaps the most alarming thing that has changed is sophistication. Today we’re dealing with hacktivists, nation-states and large cyber organised crime groups who have resources far beyond your average enterprise. They know how to cleverly disguise their attacks to trick even the wariest of employees into clicking, whether that’s emails carefully crafted to look like they’re from a supplier with an urgent inquiry or a C-suite exec promising your next bonus — right down to logos and signatures.
And while hackers’ footsteps used to be easy to spot, today cybercriminals are using more nefarious techniques to cover their tracks — or even make it look like attacks are coming from someone else. In fact, today, hackers are packaging up and selling threats as software services, complete with subscriptions, updates, customer support and guarantees of numbers of infected devices. The cybercrime economy is just so formalized and so structured that today, you don’t even need to know code or need to be a smart hacker to launch a formidable attack — you just need enough motive and money.
Organised cyber criminals are making billions from a relatively new "opportunity" for crime. Are big companies, broadly speaking, finding it hard to keep pace with the evolution of cyber crime?
The threat landscape is continually morphing, and with digitisation only increasing exponentially, big business certainly can’t afford to sit still for a moment.
In addition to the obvious financial motivations, cybercriminals are launching attacks based on ideological and political motivations too, but our intelligence shows that attackers are grouping together into syndicates and pulling resources now in order to maximise their financial gain.
Most large enterprises should already have in place a dedicated cybersecurity organisation, especially following the introduction of GDPR where organisations had to make a significant investment in their people, processes and technology behind cyber. This certainly helped shift a lot of big businesses to a more secure footing.
However, you have to constantly invest in your people and technology to ensure you remain best positioned to meet that ever evolving challenge. Hackers are continually upleveling their game and using the same advanced tools and technologies we do so companies can never be too content—we need to continually be evolving too. We need to be right all the time, but it only takes hackers one time being right to break through our defences.
Is there cohesion between large corporations as they seek to pool resources in a bid to counter cyber crime?
Certainly – as we all share a lot of common adversaries, but through the power of many, there is significant potential to share resources and intelligence even further to give us the best chance to stay one step ahead of the attackers.
In Ireland, we’re now starting to observe very effective alliances being formed such as the National Cyber Security Cluster, which brings together big business, government and third-level education. HPE has a representative serving on the board and we’re looking forward to promoting the joint collaboration and innovation opportunities we see in common areas such as threat intelligence.