South Africa’s cybersecurity workforce shortage mirrors global trends, but also faces local factors like underinvestment in basic education, underserved communities, digital literacy gaps and challenges with data access.
According to the 2023 Investigation into the Cybersecurity Skills Gap in South Africa by de Jager from Nelson Mandela University, who surveyed IT professionals across South Africa in 2023, 61% of the participants report that more than half (51%) of their cybersecurity positions remain unfilled.
South African organizations are particularly struggling to find candidates with cloud security, SOC analyst and threat hunting expertise. Further, local skills providers need to focus on real-world applications and certifications that directly match job market demands.
The 2023 Cyber skills gap report by Fortinet confirms that South African organizations struggle to hire and retain cybersecurity talent, and 64% of respondents feel that the shortage of cybersecurity skills creates additional cyber risks for organizations.
The Cybersecurity Workforce Study released by global information security-focused non-profit organization (ISC)² in 2023 estimates that 3.4 million professionals are needed to fill the worldwide cybersecurity workforce gap. The EMEA region requires 317 050 professionals.
Prioritizing Practical and Relevant Certifications
The demand for practical experience and job-ready skills is a common theme across both local and global reports. KnowBe4 Africa recently conducted a cyber skills survey which highlighted that certifications that provide network engineering principles as well as security foundations such as CompTIA Security+ as well as vendor specific qualifications in Microsoft Azure and AWS security would be most beneficial for entry-level job seekers.
Hands-on Linux, Microsoft and Security tooling skills were listed as essential building blocks for building a baseline of cybersecurity knowledge, beyond just the theory but with focus on practical experience.
Providing training environments where learners can work on live security systems or simulated attacks is critical. Respondents listed roles to be filled in cloud security (44%), SOC analysts & threat hunting (42%), risk, governance and compliance (39%), rediteaming and offensive security (37%) and security in application Development.
Leveraging Local Industry Partnerships
One of the most effective strategies for skills providers in South Africa is to establish strong partnerships with local industries. Collaborating with organizations to tailor training programs based on real-world needs can help create a direct pipeline from education to employment. These partnerships can also provide students with internships and mentorships, which are crucial for bridging the gap between classroom learning and real-world application.
These industry partnerships are behind the MiDO Cyber Academy, founded in 2023 through support from the UK Foreign, Commonwealth & Development Office (FCDO), KnowBe4, NClose and other industry partners aiming to provide underserved students pathways out of poverty while addressing the cybersecurity skills challenge.
The KnowBe4 Cybersecurity Skills Needs Analysis revealed that 65% of respondents offer internships, and 56% provide mentorship programs. By connecting learners with these opportunities, skills providers can ensure that students not only gain technical expertise but also develop a professional network that increases their employability.
Addressing the Diversity Challenge
The underrepresentation of women, ethnic minorities and individuals from underprivileged backgrounds in South Africa’s cybersecurity workforce remains a significant issue. Both global and local reports emphasize the need for diverse talent pools. South African skills providers must proactively address this by developing inclusive training programs.
Offering scholarships, mentorship programs and targeted outreach to underrepresented groups can help bridge this gap. Programs that focus on attracting women and minorities to the field will not only help to meet the country’s growing cybersecurity needs but will also foster innovation by incorporating a range of perspectives.
Soft Skills Are Key to Success
While technical skills are crucial, soft skills such as communication, problem-solving and critical thinking are cited as being even more important than technical skills (91% versus 32% for the latter). Cybersecurity professionals need to collaborate with various teams and communicate complex issues to non-technical stakeholders. The KnowBe4 Cybersecurity Skills Needs Analysis identified that 79% of employers view written communication, problem-solving and self-motivation as essential skills for cybersecurity roles.
For local skills providers, this means developing programs that integrate soft skills training alongside technical expertise. Courses should include opportunities for students to practice explaining technical concepts to non-experts, work in teams and think critically about real-world cybersecurity issues and be able to motivate themselves to continuously stay curious and keep learning.
Adapting to Emerging Technologies
The cybersecurity landscape is constantly evolving, with new threats arising from cloud computing, IoT and AI-driven attacks. South African skills providers must ensure their curricula keep pace with these changes. The World Economic Forum Strategic Cybersecurity Talent Framework emphasizes the need for adaptable training programs that can respond to the fast-paced developments in technology.
Providers should offer micro-credentialing and specialized courses on topics like cloud security, DevSecOps and AI security to ensure that professionals are equipped to handle the next generation of cybersecurity threats. Updating course content regularly and incorporating training on emerging technologies will give South African learners a competitive edge.
Focus on Retention and Well-Being
Once trained, the challenge becomes retaining cybersecurity professionals. High levels of stress and burnout are common issues in the industry. The Investigation into the Cybersecurity Skills Gap in South Africa and other global reports highlight the need to provide a supportive working environment for cybersecurity professionals.
For skills providers, this means preparing learners for the realities of the industry while also offering mental health resources and training in work-life balance. Organizations must prioritize employee well-being and create flexible working environments to keep their cybersecurity teams engaged and productive.
Conclusion: A Call to Action
By focusing on practical training, industry partnerships, diversity and adaptable curricula, local educators and training institutions can build a workforce ready to meet the challenges of an increasingly digital world.
That way we not only address the national skills gap but shape the future of cybersecurity and youth enablement in the country. We need to expose learners to project work, internship opportunities, mentorships or practical masterclasses. Please reach out if you or the organization you work for can get involved in achieving this vision.