Addressing Concerns of Offshoring Cybersecurity Resources: Prioritising Onshore Skills and Government Intervention

?In recent years, there has been a significant movement in how organisations manage and deploy cybersecurity resources, with an increasing proportion opting to transfer these tasks to external service providers. While this technique is financially efficient, it does not negate the business's risk, i.e., risk cannot be transferred to the service provider, and it raises serious concerns about the potential loss of skills and competencies in the local workforce.

With a diverse background in the military, law enforcement, cybersecurity, and academia, I am motivated to address these issues and advocate the value of local talent and government involvement in assuring technological and cybersecurity protection.

We continually see the government promote the importance of cybersecurity but rarely see support to industry to enable homegrown talent.

Outsourcing cybersecurity efforts to foreign countries increases the risk of organisations losing local skills and knowledge bases. Ensuring the continued growth and retention of highly skilled professionals is critical for a country's overall cybersecurity posture, as it can have long-term ramifications for effectively combating the growing threat of cyber attacks.

We continually see the government promote the importance of cybersecurity but rarely see support to industry to enable homegrown talent. The utilisation of offshore resources for critical cybersecurity initiatives places a significant risk on a country's security whether that be a government agency or business entity.

The presence of foreign cybersecurity operators in charge of sensitive information and systems may reveal vulnerabilities and raise questions about data sovereignty and integrity. Although the approach focuses on certain segments of the cybersecurity and data stack, both foreign businesses and local corporations managing off-shore entities are equally vulnerable to damages when something goes wrong.

The practice of offshoring has the capacity to worsen the existing scarcity of cybersecurity knowledge and capabilities in the country. The global practice of offshoring resources restricts local prospects for ambitious cybersecurity professionals, leading to a skills gap that weakens the country's capacity to effectively defend itself against cyber threats. It increases the pressure on cybersecurity professionals to be the foremost authorities and overall specialists in all aspects of security.

Effective cybersecurity leadership necessitates extensive knowledge in the field and ongoing learning and technical adaptation to stay abreast in this intricate and always-evolving?domain. Training inexperienced individuals to lead offshore teams is a formula for catastrophe.

Governments should support funding and co-funding courses and activities that encourage the development of cybersecurity competencies within the local workforce. This involves giving financial aid to students engaged in learning cybersecurity. Let's be clear here, it’s not about funding training organisations to deliver outdated courses.

Supporting veterans' transitions into cybersecurity professions is critical

The industry promotes the use of micro-credentials and industry certifications to help students obtain those certifications and transition into cybersecurity employment. As a new cybersecurity student, it is crucial to avoid investing time and money in a cybersecurity degree that does not adequately prepare you for a relevant career. The industry needs tactical skills not theory.

Governments can provide incentives and financial rewards to businesses that want to keep their cybersecurity activities domestic. Governments can encourage businesses to prioritise domestic cybersecurity resources by providing financial incentives for investing in local skills and infrastructure.

Supporting veterans' transitions into cybersecurity professions is critical because they have important skills and expertise that are well-suited to such initiatives. Government agencies can collaborate with business companies to provide tailored training programs and job placement opportunities for veterans, easing their transition into cybersecurity roles and enhancing national skills.

Governments can pass rules and regulations to control the movement of cybersecurity resources, ensuring that key services remain within the country's borders. Foreign partners may be required to follow stringent cybersecurity protocols and regulations governing data storage and processing in order to mitigate any national security threats and assure information integrity.

Outsourcing cybersecurity resources creates significant hurdles for native expertise and capabilities, jeopardising national security and creating personnel shortages. Government engagement is critical in resolving these issues and prioritising the creation and maintenance of national cybersecurity expertise. To protect the security of the nation's digital infrastructure and ensure technical and cybersecurity integrity in an expanding digital environment, governments can allocate resources to education, provide incentives for domestic production, support programs that assist veterans in transitioning to cybersecurity roles, and enact regulations on outsourcing activities.

?