The complexity of IT security is increasing, but the number of available specialists is not growing with it. That is a challenge and an opportunity for Belgian security professionals. How do they solve it?
Belgian companies are more aware than ever of the dangers lurking in the digital world. Arming themselves against those threats is another matter. In Belgium, international and local players keep their customers safe, despite the limited availability of ready-made talent.
In that context, security company Jarviss is trying to break through, not only domestically but also in the Netherlands. Jarviss was co-founded four years ago by Jo Vander Scheuren, who at the time was already making a name for himself with SecureLink. Spotit is another local party, and has been around a lot longer. The company, which was co-founded by Steven Vynckier, does already have a large international footprint. Talent is also an ongoing challenge for Spotit.
Lack of talent
“It’s not easy to find qualified personnel in the world of cybersecurity anyway,” Vynckier said. “That has to do with education: IT professionals graduate with general knowledge but no specific skills.”
Small as well as large companies thus struggle to get the right people on the payroll. “Even very large companies fail to find the necessary specialized knowledge,” Vander Schueren knows. A security partner then offers solace.
More with less
Jarviss solves the problem in part by doing as much as possible with as few people as possible. The company draws on the way U.S.-based Palo Alto Networks manages its own security: automation. Says Vander Schueren, “That company has a Security Operations Center staffed by just eight people, during business hours.”
read also
Made in Belgium: quality label for security?
The tool behind that SOC uses AI to highly automate the work of SOC employees. “AI can not only distinguish noise from what is important,” Vander Schueren further clarifies. “For many problems, the technology can also immediately implement the solution automatically.”
Ready-made puzzle
Experts must then look only at the incidents that are in a gray zone. Technology helps there, too. Vander Schueren: “An analyst for such a problem will typically look at other sources and put all the puzzle pieces together. With us, that too is automated via APIs. Within minutes, a customer receives a report in clear language, including possible actions. All that’s left is a business decision.”
Vander Schueren estimates that eight out of 10 problems are automatically solvable. Twenty percent of incidents do require human help, which is of course available. However, the technology allows Jarviss to offer customers an SOC at a reasonable price tag, without requiring an army of experts watching a wall of screens 24/7. That value proposition resonates in the Belgian and European markets
Training yourself
Sooner or later, of course, you need an expert. Spotit has a bigger scale, and therefore a bigger appetite for people. To find talent, Vynckier and his team are taking matters into their own hands. “We have our own academy,” he explains. “We put graduates on the payroll from day one, and offer them six months of training. The first three months they work on certificates, as well as soft skills such as presentations. The months after that, each person can choose their own direction with specific training.”
You can take courses and take training, but at the end of the day you need experience from the field
Jo Vander Scheuren, co-founder Jarviss
To give that young talent experience, Spotit places them with clients at its own expense as a kind of interns. “It’s not easy to find good people,” Vynckier reiterates, “but we have a lot of exciting projects to attract talent. For end clients, it’s often even more difficult.”
Experience from the field
Vander Schueren understands the need to intervene at the training level itself. “The security world is so complex. We recruit specialists who indeed know perfectly well how to use a firewall of a certain brand, until they have to manage that firewall as part of a complex network. To do a good job in the world of cybersecurity, you need a very broad knowledge.”
“There are initiatives in education to put more focus on necessary skills,” notes Vander Schueren. “But in house training remains indispensable. You can take courses and take training, but at the end of the day you need experience from the field.”