Adi Dar, CEO and Founder of Cyberbit, is an experienced cybersecurity leader and chief executive who has repeatedly led the development and launch of successful products and services in highly competitive markets. Previously, as CEO of ELOP, Dar led the company’s growth to over $500M annual revenues and 1,800 employees. During this period, Dar also served as an Executive VP at Elbit Systems, Israel’s largest defense company, as well as a chairman and board member in numerous companies across the UK, Singapore, Belgium, India, and Israel.
CISO MAG had an opportunity to sit down with him and discuss some pressing issues related to cybersecurity.
You have stressed a lot on merging IT, OT, and IoT to create an effective cybersecurity strategy. What are the challenges with regards to that?
Now that IT and OT networks are converging, cybersecurity must also converge and deliver both security and continuous operations. This requires a very steep learning curve as keeping OT networks functioning smoothly now also requires protecting them from cyber threat that can disrupt or even halt operations. From my experience the only way to have an effective cyber security solution in these converged networks is by introducing a fully integrated IT-OT system that can monitor, detect, and respond to threats on both the IT space as well as the OT one.
A lot of security leaders talk about skill gap in the industry. Do you think certifications and more awareness about cybersecurity is bridging that gap slowly?
Certifications are certainly an important part of bridging the growing skill gap – they create the standardization and build the demand. A natural part of the cybersecurity industry maturing is establishing formal education, training, and certification programs. This is certainly a fast-growing area. We see proof of it every day at Cyberbit as colleges, universities and technology training institutes are rushing to open up new cybersecurity training centers. In the past there was really no way for companies to know what skills and experience a candidate had, so certifications will make sure there is an agreed upon minimum standard that all professionals should have. Certification programs will also help more new people enter the profession in an efficient manner. Our customers can use the Cyberbit Range not only to train, but to test graduates and verify that they can actually carry out everything they learned in a real-world setting. This gives potential employers reliable verification that new recruits have hands-on experience needed to perform well under pressure. But more than anything I’d say that the industry has begun to understand that investing in the human resource – in the cyber security professional is not less important, and in many cases by far more important than continuing to buy additional tools. Without the cyber experts knowing how to effectively operate these technologies – you’ll never be able to actually secure your networks
What are the things you should keep in mind while recruiting cybersecurity professionals?
The most important thing to keep in mind while recruiting cybersecurity professionals is to keep an open mind and be creative. The old recruiting paradigm of writing up a highly detailed job description that enumerates the ideal training and experience you seek doesn’t work for cybersecurity today because the candidate you describe simply doesn’t exists. If you get lucky you may receive one or two such resumes, but it will never be enough to keep your SOC fully staffed with skilled, reliable security analysts. Instead of hoping you will receive dozens of resumes from candidates with the perfect training and experience, look for creative new ways to grow your team.
The first thing I would recommend may be obvious, but it is worth repeating. Establish and maintain good active relationships with colleges and technical certification institutes that offer cybersecurity and IT training programs in your area. Offer free guest lectures and mentoring on cybersecurity and consider starting an internship or student job program. This is a wonderful way to identify and establish relationships with talented young students before they graduate and help them get some real, hands-on experience before they officially enter the job market.
Of course, you should advertise open positions externally, but you probably have a lot of potential talent already inside your organization. Try to identify talented, ambitious employees who would be interested in further developing their careers by retraining in cybersecurity. This is an exciting opportunity for employees to move into one of the fastest-growing technology fields and is a promising career development path.
Grow Your Own Team
The demand for cybersecurity pros is growing much faster than the supply. This means that employers need to be proactive and become part of the solution by developing their own training programs. Depending on the size and needs of your organization, you can build your own on-site training institute to certify and onboard new security analysts and offering ongoing training for experienced team members on the latest cyber threats.