How Israel Closed The Cybersecurity Skills Gap
How Israel Closed The Cybersecurity Skills Gap
We talk a lot about how the cybersecurity talent shortage, in the United States and around the world, is increasingly dire…with little hope of it improving anytime soon. We talk about the fragmented cybersecurity training landscape in America, the lack of standardization in job roles, the unprepared university graduates, and confusing credentials. In short, while the U.S. is arguably one of the leading nations in cyber capabilities we talk a lot about how the states are getting the talent part of the equation wrong.
But some countries are getting it right. Take Israel for example. They are widely considered a hotbed of cybersecurity professionals and startups. So much so, in fact, that companies like Microsoft, Barclays, and TD Bank have opened offices in the country specifically to tap into its available expertise. A recent data survey found that Israel had more than 166 startups, with a total of $1.3 billion in exits in 2017. So what makes Israel special and successful when it comes to breeding cyber talent?
1. Mandatory Military Service
Israel’s mandatory conscription means that every citizen who turns 18, minus Arab citizens or others with religious or other exceptions, must serve approximately two years in the IDF, the Israel Defense Service, which includes the country’s ground, air, and naval forces. The military, in Israel and the United States, is arguably the most sophisticated proving ground to learn and hone today’s cybersecurity skills. They’ve been doing it since before modern computing, after all. Born out of cryptography and signals intelligence, conscripts that work in the IDF have the opportunity to work in the intelligence services that now focus on “military-grade” cyber skills so coveted across all sectors.
This model has been in place since 1949, essentially immediately upon its creation. Utilizing national-level standardized testing, the armed forces recruits and places talents in technical or combat units and provides them with the necessary skills and experience. The result is a highly trained pool of cybersecurity professionals. In fact, 90 percent of adult Israelis in the high-tech sector have performed prior military service.
2. Unit 8200
Often regarded as a crack cybersecurity and intelligence team, Unit 8200 is in many ways the Israeli version of America’s NSA which started as a signals intelligence (SIGINT) agency, tapping phone lines and intercepting targeted communications. Unlike our NSA, everyone who enters IDF is screened before entering the service and Unit 8200 gets to pick whomever it wants to join its ranks. Think about that for a minute. Unit 8200 doesn’t just select from a group of applicants, they select from the entire pool of young, malleable, Israeli citizens.
Once in Unit 8200, the culture of R&D and a general start up mentality are everywhere. From the McKinsey-esque interview and screening process to the entrepreneurial culture and lack of traditional military regard for rank, Unit 8200 isn’t just teaching new recruits cyber skills. It’s teaching them how to think critically. And officers in Unit 8200 aren’t expected to be there forever: the average rate of service is four years and has an annual turnover rate of 25%. This in itself exercises an interesting skill since those creating new technologies are more likely to not be there to see them completed, so developers have to design with the idea that others will finish the job.
3. Government Planning and Investment
Israel also boasts a robust state-wide infrastructure that prioritizes and invests in national level priorities like cybersecurity. For example, the Israeli Innovation Authority, the Ministry of Economy and Industry, and the National Cyber Directorate recently announced a $24 million program to further invigorate the country’s cyber industry.
Having government injections of funding and support into any industry, particularly cybersecurity, set the stage to incentivize and foster cybersecurity startups, companies, and talent. It sends the message that cybersecurity is a priority and a field that candidates should want to pursue and backs the talk up with tangible stimulants like money, innovation centers, and incubators.
Additionally, the government routinely commits to fostering higher education institutions and reinforces its commitment to backing the technology sector. And it’s not just through grants and direct investments. Aggressive tax incentives and eased visa requirements attract companies looking to locate in Israel. Those incentives have paid off. To date, EMC, Deutsche Telekom, Paypal, Oracle, IBM, and Lockheed Martin have all relocated their R&D centers to Beersheba.
Working Too Well
Ironically, last year reports started surfacing that Israel’s effectiveness and reputation in cybersecurity were actually impacting its availability of combat troops. It turns out that cyber roles are more attractive when the cybersecurity marketing piece has been nailed, the training has a great reputation, and creating a pipeline to post-military careers is a federal priority.
Back To The States
A lot of the components that have made Israel so successful in recruiting and training cyber talent aren’t replicable in the United States – at least not easily. Israel as a country is roughly the same size landmass as the state of New Jersey and just eclipses the population of New York City at 8.712 million inhabitants. In terms of scope and scale, national level military service commitments, investment, and education institution efforts would be more substantial and logistically complicated. Moreover, the notion of mandatory military service in the United States hasn’t been revisited seriously since Vietnam. Despite the lack of contextual congruence, there are still valuable lessons to be learned. Whether it’s gleaning from Unit 8200’s process of seeking candidates who demonstrate an ability to learn quickly, adapt to change and succeed on a team or state and local efforts to invest in cybersecurity innovation hubs, we here in the United States can and should start to think about our own cyber talent a little bit differently. And maybe implement a few lessons learned from our neighbors and allies.