2024-07-20 –, Track 1
What if South Africa weren’t just consumers, but renowned in the global cyber community; known for our innovative people, groundbreaking contributions, and pioneering companies? What would that look like, how could we get there, and would it be worth it?
Prevailing winds suggest we are at the start of a decline: a dwindling pool of entrants, an erosion of skills, and a market too narrow to sustain or inspire greatness. This slow death spiral threatens to undermine what we could be.
In this keynote, I want to warn us away from the dark path, and towards a future where South Africa is propelled from an increasingly tenuous periphery to the centre of all things cyber.
I’m not a futurist, but I’ve gotten ok at seeing what’s coming - and South Africa’s cyber security is in a state.
With barely 4% of those who write Matrix graduating with some sort of technical qualification a few years later - and few places willing to take on and train new entrants, we have a pipeline problem.
With mid-level skills emigrating - we have too few replacement, and too few people to train the newbies.
The remaining seniors are expensive, and need to deploy their skills towards commercial activity to sustain that expense.
This creates a market where only the biggest/richest companies can afford cyber security skills. The top 100 are over-serviced, while the middle 1000 are under serviced.
But BigCo’s aren’t always there to help - some use their purchasing power to push for the lowest price - only willing to pay top dollar for international skills or when poaching. The latter, combined with emigration serving to drive double digit salary growth in cyber year on year, while price increase are low single digits.
This creates a race to the bottom where those supplying the skills are squeezed to find more and more cost savings - turning to employing people outside South Africa, or selling their skills outside the country - further exacerbating the skills available in country.
Then, the people who do best in a race to the bottom are criminals, the corrupt and the dishonest. And with security often a market for lemons - the buyers can’t always discern.
This leaves little opportunity for new startups to enter a market occupying either extremes - with few with the skills to train, let alone able to afford to train.
But what could it look like instead?
A country renowned for cyber, with a thriving community, numerous top-tier researchers and companies. New entrants would be excited to join because they could accelerate into a scare skills niche with worldwide employability. Companies would have growing cyber teams able to provide well paid careers for these people. The market would be better able to discern and afford top tier skills, while also having better options at the mid-level, avoiding charlatans. South Africa’s renown for cyber would earn more opportunity outside the country, serviced remotely from within ZA. The forex would benefit the economy more generally. The work would further serve to give our people more and varied experience - driving more innovative research contributions and pioneering companies.
How could we get there?
We need to fix a few things:
* The community
* The market
* The training pipeline
* The research
* The support for entrepreneurs
But it’s doable. Cyber is still small enough to have an outsized impact. We don’t need to fix all of South Africa’s problems to do it. And some of where we’re at are opportunities.
Will you try dent the world with me?
Long time hacker and cybersecurity researcher and more recently, business leader.