Twentytwo13

‘Malaysia Cyber Security Academy will help boost number of experts in the country’

Murugason R. Thangaratnam

Malaysia has a skills gap and an ageing cyber security workforce, especially at the senior management level.

So said cyber security expert Murugason R. Thangaratnam (main image), who noted that the problem is not exclusive to Malaysia alone, but is a global issue.

“We need new blood, skilled blood. However, there is not a magic cyber tree that we can simply pluck skilled resources from to bridge this gap,” said Murugason, who is the co-founder and chief executive officer of cyber security company Novem CS.

“There are different methods to bridge the overall gap, of which one part is through the development of cyber apprenticeships … keen young blood to mould into the cyber security professionals of tomorrow. But this is merely one way to start building tomorrow’s cyber security workforce and should be done in conjunction with other initiatives; like hiring well-rounded IT professionals and teaching them the nuances of cyber security.”

“So, it is rather refreshing to note that CyberSecurity Malaysia (CSM) is in the process of establishing the Malaysia Cyber Security Academy (MCSA) to create and shape the nation’s future professionals.”

He added that Malaysia needs up to 26,430 cyber security personnel by the end of 2025, and that figure is expected to rise to 28,068 the following year. This is based on research carried out jointly by CSM, the Skills Development Department, and the Centre for Instructor and Advanced Skill Training in 2023.

“According to CSM, there are 16,765 cyber security personnel in Malaysia as of July 2024. As the leader in national cyber security capacity development, CSM will transform the existing Cybersecurity Professional Development programme into MCSA.”

As MCSA is expected to begin operations in the second quarter of this year, Murugason said it is the industry’s hope that this academy provides a platform for the accelerated development of subject matter and technical experts, combining theoretical learning in conjunction with, and augmented by, practical, real-world experience.

“This is not the answer to everything, but an approach to address a major part of the skills gap. Cyber security is a big topic and not something that consists of a single course and one area in which to get your hands dirty.

“If you want to ‘do cyber’ then you need to understand technology in all its glory, and security, and adversaries, and intelligence, and risk, and data, and analytics.”

He added that this is where MCSA needs to be a little more creative in its approach to building its proposed Technical Vocational Education Training (TVET) programme to produce competent, burgeoning, globally acceptable cyber security professionals.

“The simple premise is to provide the fullest experience of an apprenticeship programme to maximise the return on investment in the apprentices, with a fully rounded foundation. The foundation is crucial.

“Kudos to the Digital Ministry, CSM, and all the other key stakeholders for recognising that the talent gap needs to be addressed and that the need is urgent. The journey is going to be long, but starting is key to getting the intended results.

“There are many other ways to build more skilled cyber security professionals, and an effective public-private-person partnership ecosystem will certainly accelerate the process. It is essential to work with established partners. There are providers who will undertake almost all of this, in terms of theoretical learning, assessments, projects, some support services, and measurement against success criteria.

“This removes a lot of overheads, though MCSA would still need to provide most of the organisation’s delivery and practical coordination. This obviously has benefits; arguably cheaper, and a lot of the leg work is taken away. However, a word of caution: Often, these partners will be chosen based on price (i.e., the cheapest), which does not necessarily mean that one will get a good partner, or the ideal one.”

He added that finding the best training courses and delivery partners will provide a better-quality learning experience and credibility to the individual, which will offer additional value when it comes to employability.

Murugason said that although MCSA is tailored towards becoming a cyber security academy, in the long run it can easily be transformed into a wider technological apprenticeship academy.

“Most of the existing apprenticeship schemes broadly focus on single areas of expertise. By utilising an approach that provides wider exposure to technology and the operations therein across teams and concepts, we will be able to build a new generation of technological employees with far more knowledge and cognisance of IT than a siloed apprenticeship approach ever will.

“An apprentice developer with an understanding of wider integration and operational constructs, networking, security, customer service, and service management will be a far superior asset than one who concentrates solely on development, in isolation,” he said.