IGF 2023 - Day 3 - Open Forum #85 How to retain the cyber workforce in the public sector? - RAW

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> MODERATOR: Hello.  Yes.

     Yeah, so welcome everyone.  Today.  The audience in the room and also joining virtually.  For our open forum on how to retain cyber professionals in the public sector.  My name Lara.  I work for GIZ specifically on cyber capacity building and I will be moderating the session today.  We are very privileged to be joined with speaks onsite and virtually from the public and private sector to bring in various perspectives and share national, regional and global insights and also present very concrete initiatives on how there issue could be addressed.  For the audience you will have the chance to join the discussion after the speakers' inputs.  Before we start the session and before I give it over to the speakers, I will give you a few framing points why we are here today to discuss this.

     I think we are all aware that the digital economies are expanding.  Technologies are getting more sophisticated.  And the number of cyber attacks and incidences is rising.  What is not rising to a required extent is the number of cyber professionals protecting our infrastructures.  So according to the future of jobs report published by the world economic for there is a shortage of 3.4 million globally and the number is on the rising.

     Secondly, organizations are competing for talent by paying more and more to the same pool of people.  One could argue that it exacerbates the staff shortage and also the public sector cannot compete here because of a lack of funding.  And thirdly the whole topic is important with an eye an developing cyber capacity guiling initiatives.  We are commissioned as GIZ to implement cyber capacity building initiatives with partner countries from different con techs.  Since we have implemented, since we started implementation, all partners voice the same issue that they fear that reskilled upskilled people will just leave the public sector.

     So our panel aims today to find answers to this challenge.  And how to close this gap in cybersecurity professionals.  Especially for the public sector.  I'm happy to introduce to our first speaker for the session now which is Yasmine Idrissi Azzouzi.  Yasmine is a cyber programme officer at ITU.  And works in the bureau of development.  She has been leading cyber capacity building projects mainly for women, but also in the field of child online protection.  Involved in national cyber policy making, strategy development, and capacity building.  So Yasmine, over to you.

     >> YASMINE IDRISSI AZZOUZI: Thank you very much and for the timely and very important topic as well.  Thank you for the invite to share.  What I think is that it really boils down to making the field attractive and the way to could that is it two-fold.  Quantitative measures are important to attract people.  Many communities of underrepresented in the cyber workforce, including women and including youth and people often don't in vision -- envision themselves in cybersecurity jobs and aren't aware of the many opportunities present in the field in this important growing work force.  There needs to be a need to raise awareness on the types of roles that are needed.  Cybersecurity is just not technical.  It is highly multidisciplinary and we often forget that the public sector is also schools, securing schools, securing hospitals.  Securing minister alt departments and other key critical infrastructure for some countries.

     The need is there to focus on attacking marginalized communities as we will when we are doing that the public sector can do that as well.  Offering benefits like against sensitive work arrangements.  Child care parental leave so there is a better inclusion of woman.  It is important that once they are there and they need to stay.  The idea is to be able to retain them.  The best way is through some qualitative measures.

     One of them is to offer opportunities for career progression that and leadership roles reason for people that have technical profiles.  Be able to offer them that capacity to jump frommal fully technical role to one more of leadership and maybe policy.  There needs to be the accommodation in a way for multidisciplinary roles.  What is often observed is that there is a shortage among upper level positions as well.  We need to just acknowledge there is a resolving door between the public and private sector and really invest.  The investment should be two-fold.  Investment in people obviously is we but also investing in technology.  Cybersecurity professionals in the public sector are often overworked, doing the job of several people.  Sometimes investing in software that can automate some can help.  But the most important is really to invest in people.  Have people in your institutions be encouraged to take part from capacity building programmes.  And at the ITU we do offer them forked public sector and I would take a moment to explain a couple of them.  So, one is the cyber drills.  And these are these comprehensive holistic exercises across country, across regions.

     They are for people in the public sector taking care of national policies and national response as well.  These are usually four hours of expert change between countries and trying to understand lessons learned anded common challenges.  Another common programme we have for people in the public sector are specifically for women.

     Psycher tracks in we we are collaborating with the foreign federal office of Germany with Re go gine here around the GIZ as well.  Allow for women to not only participate in national cyber policy making but also to do it meaningfully.  Through obviously training and understanding better the diplomacy and policy for the techfy cal profiles but also providing mentorship, role models and networking which is something that is definitely key in if field trying to understand that the challenges that you are going through, other people V. gone through and that you are not sort of alone on this.

     So as introduced by Laura at the beginning, there are, of course -- LARA at the beginning there are the salary that often is an issue between the private sector and public sector.  What they can do it long-term motive visiters.  Row moat this is an opportunity for working for something that is challenging.  Try to appeal to people's sense of sort of purpose.  Which, of course, is not only the case in cybersecurity, but in the public sector in central -- from general if you believe in a mission that is for the benefit of our overall country and society.  And one thing that we can do and that is often overlooked and in the cybersecurity community, we always sort of have this Eco chamber.  But did is important to look at other fields.  There are a lot of studies turnover rates and maintaining in the public sector..  The public sector has strength.  Job security.  Stability of income.  Nonfinancial benefits parental leave.  Paid leave.  Pensions.  Also, of course, the prestige for working for one's government.  Meaningfulness definitely accomplishing something of real value satisfaction of the work and it's built to progression as well.  And last, but not least, Iful conclude oen that.

     That is the recognition.  Request all of the training in the world -- with all of the training in the world I like the metaphor of a plant.  You can give is the water and nutrients it needs in this case, education and training, but it will no grow without sun light and shedding the light on it.  Shedding light on people's accomplishments andgying them value as people -- giving them value as people not justion numbers is definitely something that can be helpful in attractingmore people and retaining them and making them proud to be working inned cybersecurity work force for their government.  Back to you, Lara.

     >> LARA PACE: I think we heard we should pay more attention or in the public sector proper attention on promotion strategies and shifting the awareness of people that are maybe not so attracted to the field cybersecurity as a working field.  So underrepresented groups, marginalized groups.  Women.  So that they -- so that we can give them the possibility with cyber capacity building initiatives to join the workforce.  Also I think the -- the opportunity for tech now cal stuff to switch to leadership roles and managerial roles and vice versa.  I think these are come key points that we should keep in mind for the discussion later.  And I would now give the floor to our -- to one of our speakers online.  Martina Castiglioni.  Working in the ECCC.  The European cybersecurity competence centre and network.  Before that she was the head of training an advisory services at the eye talion centre and was involved in cybersecurity training campaigns at national level.  And worked from advisory services and supported operators of critical infrastructures and her expertise cybersecurity assessments and crisis management.  Thank you and over to you, Martina.

     >> MARTINA CASTIGLIONI: Could you also see me?  LARI we cannot see you at the moment.

     >> MARTINA CASTIGLIONI: Good morning or afternoon.  In the short time I will try to bring here what is going on in Europe regarding this topic and in particular what is going on in on the European cybersecurity come pa sense centre.  ECCC.  As mentioned by Lara I'm working for the new centre.  I'm calling from Budapest where the cybersecurity conference is located.  Let me introduce the role of the centre.

     The centre was established in 2021 but is operation AOLal from this year and the centre together with the Member States together with the industry, and the cyber security technology as any aim to shielded European society from cyber security task and boost the development and demiment.  The ECCC will play a key role in delivering the programmes.  And there -- these are two programmes, of course.  Also to flair rowed cyber security skills shortage of Europe both in public and in private sector.Ed ECCC is operating in a new framework the European cyber security framework working together withed so-called network of NCC.  So National Coordination Centre.  Each Member State will have a contacted point for the cybersecurity competence centre and we receive fundings from the European programme and we will develop cyber security capacity building at regional and national level and promote cyber security programmes at the national and regional level.  In this way, we aim to facilitate the collaboration and sharing of expertise and capacities among Europe in particular among the research, academia, the public authorities, and the so-called cybersecurity competence community that is the third player ofth new European framework.  After the competence centre and after the NCC networks.  So, of course, the in irtives that are going on in Europe to tackle the topic of there agenda based on the fact that the security of the European Union cannot be guaranteed without the most value abasset, our people.  So and as shown by the latest report at European level, mainly published from a larger number.  And public bodies at European and national level.  We need professionals with the skills and competencies to prevent and defend the union against cyber attacks and ensure resilience but also skilled people that are needed to implement the cyber security legislations to deliver the polyrequirements otherwise those pieces of legislation will not achieve the objectives.

     Regardinged initiatives that are goingen in in Europe.

     We have million focusing on glossing the gap also in the public sector.  Of course, the initiatives already existed but the situation showed that the cyber security skill gap still represent a huge issue.  And it might be to the lack of synergies and coordinated action that have been taken so far to close the cyber security skills gap.  Indeed, the European programme, 2030 as set the target of increasing the number of ICT professionals by 20 million -- from -- by 2030.  And also narrowing the cyber security skills gap that we from in the public sector.  I would like to mention the concrete initiatives established in year.  The cyber security skill academy.  With the word academy that would be the single point of energy and synergies and offer also funding opportunities and specific action for the development of cyber skills.

     Of course, the plain focus would be skilling the cyber security professionals from Europe.  And the implementation of these academy would be supported ten million funding from the so-called digital Europe program and European can competent Tise security centre under that programme.  The academy so far as its concrete representation in a dedicated website that is publicly available.

     But, strategicalry refers to four pillars.  Fostering training by workingen a common framework for cyber security profails and necessary skills.  Anded specific come pa tension framework that define rules with (?) and there will be the first basis are for the academy to define and assess the current skills, the skill set that we need and monitor the evolution of the skills gap and provide indication of specific needs also for the public sector.  Another important pillar would be, of course, so design specific cyber security education and Couric la suitable for the specific roles and the project founded which brings together 17 higher education and countries from 167 Member States to co--- 16 Member States to collect the best and become the Best Practice for all cyber security programmes developed under the cabinet.  This is a responsibility of each Member State.

     Indeed, the NCC, so the national coordination centre are invited to explore how to set up the so-called cyber cam fuss in each Member State and would aim at providing excellence at the national level for the cybersecurity community and the academy will have the networking and coordination of the activities of the different cyber in each Member State.

     This was a strategy that each Member State has -- it referred to a specific piece of our legislation.  European cyber security legislation because each Member State in Europe should adopt as part of national cybersecurity strategy specific member of the skills shortage.  I would like to mention the last important pillar of this academy initiative and then I will close.  I know that the time is running out.

     And, of course, we understood that we have to -- we have to Bergin visibility of the different initiatives -- to gain better visibility.  Another important pillar, ensuring better visibility over the availability funding opportunities for skills related activities in Po toward maximize their impact.

     And in --le with this objective, I would like to mention there is going on a specific working group.  Managed by the European cybersecurity competence centre that has the aim to plan all of the initiativetives and cyber security training initiative and all of the cyber security opportunities related to the narrowing the cyber skill gap.

     So, from this way, with -- and better overview and efficient overview of the current cyber security funds related to the specific topic.  This will help to better define the priorities in terms of fundings of these academy and of the digital Europe programme broadly.

     Then, I will close this overview of the academy.  Of course I mentioned that another important pillar of this academy would be fine indicators to monitored evolution of the market and be able to assess the effectiveness of the aacademy.  We allow to measure the progress of this cyber -- the progress to close the cyber security skill gap.  Define specific cyber security indicators to monitor the Indianscation of the cyber security availability market in order to be able to assess and to adjust funding opportunities and the activities that are going on.

     There will be specific KPIs on cyber security skills and we will be able to collect data on indicators and also report on them.  With the first collection by 2025 because because another issue that realized so is that we didn't have a specific report about cyber security skills gap based on common indicators and KPIs and of course has been so far then -- it has been an issue to then better identify the priorities to -- and to take it with these -- with the issue of cyber security skill gap in particular also at public sector.  So with these new advancements in terms of KPIs and eelaborating report this will be an important pillar for the overall achievement of the cyber security academy.  I will come back to you, Lara and sorry if I take more time.  LARI thank you, Martina.

     >> LARA PACE: Thank you, Martina.  Highlighting what you just said.  Thank you, first of all for giving us an overview of what the EU institutions and agencies do.  And the what you said on the lack of synergies between them on ooh level.  In high lites more approaches on cyber pass I building again and also to retain, reskill, attract and upskill people.

     And it is reassuring that the ECCC takes initiative on EU level.  And then also I think what cameer is that we need -- we need to really focus on the concrete roles.  So what kind of professions do we want to have from the jobs market.  These have to be first identified, pointing to the need of conducting studies on that.  What kind of job roles are really needed.  If you Google and research for that always about with the workforce in cyber security but never about concrete roles.

     Coming back to the panel and the speakers.  Happy to give the floor to Komitas Stepanyan.  He is part of the steamworking for national level digital transformation including cyber security in Armenia.  He is a short term consultant for the World Bank for digital transformation activities and works partly for the IMF for cyber security initiatives and programmes.  Please have the floor.

     >> KOMITAS STEPANYAN: Thank you very much.  Much better.  Thank you very much for this opportunity to speak in this very important panel.  Actually, you have already Latinxed a couple of important things like there is a -- mentionle a couple of things like a huge shortage of cyber professionals and how to fill the gap.  People talk about the cyber security skills shortage.  If you Google you can find that ride now almost all companies including public sector need database admins network admins.  It is a little technical but part of cyber security.  Overall, let me explain what -- Lou the central bank of Armenia is a public institution and how my country what we are doing and how we are trying to fill the skill gap from the public sector.  First of all, we need to increase the pipeline.

     To do that, theres an interesting initiative and campaign run by the central bank of Armenia.  Governor of the central bank was leading the team and we met most recognised universities, top five universities in Armenia to talk with the management, first of all, and to see what kind of programmes and what kind ofselfic subjects or syllabuses can be developed for different universities.  And we met stunts to promote the activity.  I was dreaming that when I was student, somebody could come to my university to talk about this initiative that for example, being a young student in second or third grade, I can have chance to join to the public sector and work for this Central Bank of Armenia Or Department of Finance.

     It Had a Huge Impact and We Had Great Response from Different Universities.  We Continued the Campaign and Collected More Than 300 Cities and Did an Interview to identify 30 talents to tutor them for six months to have a team work for cyber security.  Currently it is very important have incident response team for any public institution.  This is our -- one of the plane strategic objectives.  Two years ago, we established an information system agency responsible for three main pillars for the digital eye dentification.  National level and the intra onability of the public institution and third pillar is cyber security.  There institution is response Inma for working with academiaia and universities to create specific subjects bassed on your needs to fill it this gap.  We work with the international recognised organizations to provide specific training for 25 people which lass been carefully selected from different ministries and agencies including central bank and a couple of commercial banks as well.  A special training for incident response for research and for compliance on the audit of cyber security incidents.  If there is not enough capacity to recognize there is an incident it will be end of day.  And according to the statistics, like cyber identification average time for cyber breech identification is over 200 days according to the statistics.  Imagine cyber criminals are Hacking your environment and after 200 years outcome are able and some institutions unfortunately are not able to identify that their systems are breaked.  This was the second initiative.

     And right now the process is going on and I'm waiting to see the results.  The exam will be at the end of October.  It is an ongoing process and I hope a couple of my colleagues will get certified which is very important and we would like to continue that training programme and couple of them who already certified can become like trainers or they can share their experience with others.  We are also closely corroborating with the private sector.  We all know that lots of good professionals works for private secretary.  We already heard that public sector cannot be attractive if you are looking only salary.  Private sector pays more but public sector has its own beauty because we are working for a mission.  Mission and challenge is more important for many, many ones.

     So during your career, mainly at the middle of your career you think you made everything that you know, money is very short motive eighter as already mentioned and I agree with in.  The objective what you are doing if you empower the young colleagues what you do will have an impact on thousands or maybe millions of people it can be motivating for them.  We are continuing this programme and helpfully after another year will have more certified professionals and work four setting up national cert and it is an ongoing process and after that we would like to have recognised national cert and international certs.  From this moment, I hope this helps the concrete examples.  Stank you.

     >> LARA PACE: Thank you very much for your points.  I think the most of what became clear is mission and purpose, right, that you mentioned that can account for maybe the lack of funding or just so private companies are paying more is it is the top one argument for the lack of cyber security skills in the public sector.  Happy to take this discussion later.  Just to speed up a little bit because we are running a little bit short on time.  I will give the floor now to the second virtual speaker today, mar Marie.  A digital specialist in the field of information systems and in digital transformation and in August last year joined the commission where we works as a programme officer for EU -- and the driving of the gettingal transformation of fors on the behalf of the commission in ECOWAS.  The floor is yours, Marie.

     >> LAREE: Thank you on be a half of the (break in audio) African states.  And not the main resources in science security but I will try to share with you the perspective on cyber security.

     >> LARA PACE: Marie.

     >> Chis.

     >> LARA PACE: Can you try to switch off your individual sew so that we also V. the chance to see you -- switch on your video so we have the chance to see you in the room.  Thank you.

     >> MARRIE: Can you see me?

     >> LARA PACE: Yes.

     >> Region in Africa face growing cyber security challenges.  I'm sure that you are aware of that.  And this is a result of the digital transformation that has given rise to new opportunities for malicious cyber activities.  Many studies have pointed out the urgent need for growing work force and (?).  Globally, in digital state E. skills it was announced 2023 at the first (?) for African digital transformation from Madagascar the need for digital skills in -- while just 5-10% of the need are covered depending on the country.  Specifically, if we talk about cyber security, the MG to 230 cyber security outlook mentioned that the fact that the percentage of government and public sector organization was where with appropriate reforces meet the need it only 29%.  Given the persistence of the critical needs for cyber security professional, the card Nateed regional approach for us -- ECOWAS cyber security agenda to increase cyber resilience in the region and to support Member State in strengthening their capacity building which certainly requires the availability of a skilled cyber security workforce.  The supply of cyber security specialists from the ECOWAS region I can say is under capacity in the face of the exploding demand.  The ECOWAS commission and west African government are force in cyber security education and training initiatives, identification of cyber security tal end, capacity building cooperation, partnership and awareness.  In the regional level the west African response an cyber security and fight against cyber crime.  As a mean of building a sustainable cyber workforce in the region in the -- the ECOWAS region had a cyber security hack-a-thon that helped to build a field of receive security to address the level of the region in terms of skills from cyber security and fight against cyber crime and also to increase the interest the youth in digital.  To upskill, the ECOWAS commission are supportinged judicial authorities of the region to tackle the need through global capacity building initiatives.  I can say that the advanced training was provided in 2023 to Member States with the security incidents response team in order to enhance the capabilities for handling cyber incidents.

     As part of robbation, a joint platform for advancing cyberspace security was launched if September of 2022 to in -- 2023 to increase partnership for the continued implementation of ECOWAS cyber security agenda for resilient cyber security space in West Africa.  At the national level, the country in West Africa have looked at a Reese of cyber security merger including the development of cyber security education.  As an example, I can cite the national digital academy that was launched advanced training in flag at ICT in cyber security.

     This is the outcome of the partnershipper inship good evening the minutetry of digital affair and smart Africa digital academy.  Despite the efforts I just mentioned African countries are facing a real (?) to attract digital professionals, the public sector generally apply a specific salary such as the bonus.  This remain insignificant in a global context of digital talent shortage and major consequence.

     Aware of to compete with the private sector and the attractiveness of the cyber security tal ends and education of now recommended to include international strategies.  The public sector is also exploring a multistakeholder approach involving private sector and international partner.  A good example from Togo is the signing with the Yunnan commission for Africa coordinate (?) and any know that efforts ongoing consider are ongoing to fast path the realization.  Love I wanted to (?) between and company named (?) that their system is imbalance.  This partnership give birth in 2019 to cyber defense Africa.  A company that offers cyber security serviced (?) to ensure security information system in Togo and beyond its border.  The partnership combine the cert with a national SOC.  Given the limits of the public sector it keep its talent and the shortage for cyber security the way out for the region for cyber work force in education strategies and develop cyber security integration plan and introduces by getting girls interested and revamp the public recruitment process and condition.  Expand the talent pool by collaboration and invest in training and develop programme to promoment cyber certification to develop the talents inside the public sector.

     Also, to finish the last is to follow ITU guideline on the capabilit and capacity building.  Thank you, Lara.  This is what I wanted to their with you.

     What is going on from our region.  Thank you very much.

     >> LARA PACE: Thank you very much, Marie.  Your input is very well noted and appreciated.  I think you have just to highlight one-point that was I think expensive specifically important is the -- the note of the brain drain.  Facing challenges well beyond the cyber security workforce gap.  We should be aware when working in partner initiatives with the countries from the Global South that there are -- that this is a multichallenge ally and we should beware of that.  Over the fifth speaker, Regine Grienberger.  The cyber Ambassador at the Germany federal office.  And youth organizations and economic and financial issues and common agricultural policy.  Regine Grienberger, as the FFO has been increasingly involved what about would Yo your lines of thought on the Toshic?

     >> REGINE GRIENBERGER: Thank you.  I appreciate very much what the other speaks on the marchs have said because it is highlighting the complexity of this problem of how to retain the cyber work force in the public sector.  I'm speaking as.  You know a civil servance working inside a public institution that has experienced this shortage of experts.

     But also as somebody who has engaged from cyber is capacity wilding and cyber.  Marie mentioned the ECOWAS action plan and other projects that we think or we hope are helpful to kind of a new or better substrate with our global partners.  One thing I wanted to say before I go at evacuation with Minoltas is a discussion that I often have ooh with my counter parts and that is does the public sector need cyber experts or can everything be outsourced to the private sector.  We have a discussion in Germany and the European union the discussion about what digital sovereignty, this ambition to have digit sovereignty and having control of our networks as governments is one important part of digital sovereignty.  I would answer this question is L. is he h will -- is possible to outsource?  Ukraine is relying heavily on the private sector but you also to V. take care of covering your own needs with your own experts.  Our agency gives the recommendation to set 15% of your digital or digitation budget aside for cyber security measures including personnel and training.  This is is good bench mark if thinking about how much would this cost me.  Is a percent is a good rule of thumb of how much it will cost at least.  Martina described the demands for requests from the new NIS directive.  The updated European cyber security regulation.  From Germany the number for critical struck would be times eight what we have now.  Times eight institutions will appear on the list of entities that have to follow or have to comply with the standards of this new regulation.

     And you can imagine that this means about, you know, 10,000s of cyber experts missing with, you know, from the moment in this regulation enters into force.  This can only be dealt with if we take a seriously as public sector that we have to find and also build these experts.  I have two immediate remedies perhaps to propose.

     One is 3508ing.  We recommend this also for tool school perhaps municipalities.  Perhaps telare too small for their own expert but can join forces with other municipalities in a similar situation and pool for several public institutions.  And the other one and is also a lessons learned from crew Ukraine is moving things to the cloud.  I'm not recommending a specific offer from a specific corporate company but we have seen that this helps because it is then well protected by the most advanced and sophisticated tools.

     Aeneid recommendation that I would like to make -- a third recommendation is make it a little easier for the few cyber experts you have by raising the digital and cyber politic literacy of your workforce in general.  We are conducting cyber security month if October, these days to inform our colleagues about cyber threats and how they are Snellselves high value Targets for cyber criminal organizations around state actors conduct is espionage operations.  So that they know better how to protect themselves with easy means.  That is cliche butted weakest link is always the humans.  My recommendation, make it easier by increasing the cyber literacy of your workforce.

     Now what kind of experts are needed has been mentioned already.  I would say and I see if in contact my colleagues from our IT department.  You need technical experts and people age to speak the language of management and hierarchy so the higher up levels of management of a ministry for example understanded need and requests and also the need to invest and to raise these costs because this is -- it is a costly exercise to improve cyber security.  So, I think buy, you know, buy hiring one person that can actually speak the language of management you might be able to free money to require ten more experts who then do the groundworks.

     And then, from exchange with my colleagues from the IT department I learned that they are basically always hiring people that are not up for the job that they are meant for.  So they are always hiring people who have more generic knowledge than is needed but then are upskilled or reskilled oned job by their colleagues or short-term cybersecurity upskilling or reskilling programmes that we buy from the market.  And then that is the issue of competition with the public sector.  It will not mostly be the case that money and salary offerings are adequate to affect the work force.  Purpose is an important thing and not only the recognition by the higher levels, but also understanding at which part of the machine you are working.  A more holistic view of cybersecurity might help to maintain people in the sector if they understand in the public sector they are allowed to contribute to a bigger picture that they also understand.

     Plus, job security, flexible work arraignments especially for women.  Also the particular protection that civil servants have in the public sector is something interesting Of course this is not -- for all -- not for all workplaces but for some, for example for our minute I have that is an argument for women to join the foreign office and not a private sector company.  Then, from there is also -- there is an idea it is not work training experts inned public sector because they will be stolen by public companies afterwards.  I would recommend don't think in these terms.  Think of it in terms of job rotation.  You train the people as public sector and release them to private companies and gain them back at a later stage of their career.

     I think this is particularly true in the field of IT experts.  And usually are curious people to look at other opportunities and perhaps gain them back.  My last point is see are in an half informative period of time with art to IT digitalization and cyber security so the job profiles and educational profails and somebody mentioned it, was it Marie for Lara, the curricull are perhaps in the up-to-date.  We should work with our for example from our case Ministry of education and minute stray industry of labour to update the job profiles and educational profiles so the institutions are really also able to produce the kind of you know knowledgeable people that we need.  Thank you.  Already.

     >> LARA PACE: Thank you very much for this comprehensive input, Regine.  I will directly give back to the last speaker joining virtually.  She's Laura Schwartz-Henderson.  Just under 15 working building cybersecurity capacity across the world and worked forkingdale that and is now working for PGI from the private sector and head of the capacity building practice.  It is my pleasure to hand it over to you.  It has been fascinating listening to the colleagues and understanding all of the initiativesy R.s that aren the way.  I guess you are quite tight for time?

     >> MODERATOR: That's correct.  Can we do over time by five minutes please?  Yes.

     >> LARA PACE: I have one working nationally for 15 years anded beginning focused on developing structures and cybersecurity strategies and really creating plans at the national level.

     And now having done that for so many years, I'm focused on eceptionly doing the same but in -- helping governments really build the human resource to implement the strategies.  There were a couple of points that I -- I picked UPN.  The Ambassador point about jobs rotation which is fundamental I think.  Might sound a little bit controversial but I think if you have skills and expertise in the public sector, that suddenly moves into the private sector, that could fundamentally be seen as a positive.  I'm not encouraging brain drain here but responding to cyber attacks and cyber incidents requires a whole reco-system approach.  Suddenly you are sat in the civil service and working with private sector individuals that have been trained by the public sector and also understand the challenges of the public sector.

     So we are now sat in the private sector thinking abouted challenges for the national perspective and ask offer interesting solution is.  That is one point I wanted to make.

     I really agreed with Yasmine's contribution in terms of retention of skills from the public sector in terms of really creating an inclusive environment, having very clear career Pathways so people with understand it where they can progress.  As human beings we all want to progress and better ourselves both personally and as an organization or as a national Indiana city institution.  The lat thing is incensive disasterrization and that does not equate with more none any.  The last point I wanted to make was I think and sometimes I'm guilty of this.  As a cybersecurity professional working internationally, I think cyber is the ultimate priority at a national level.  And actually, we we really need to consider if we are going to make interventions in terms of skilling up and training that there is also a similar initiative happening to ensure that the jobs are be created to retain that talent.  Especially in emerging markets.  We get a lot of requests and see a lot of RFPs from governments to have like skilling programmes.

     But sometimes that happens in like is silo and what happens is you have very intense sort of skilling up programme and then the expertise does not remain in the gentlemanning graphy.  Lass to be a two pronged approach.  Capacity building as a 1980s hair comb.  Each tooth has to come all together like in international coordination efforts.

     I wanted to leave you with the key points.  We work from Latin America and the Caribbean all the way to the Pacific helping governments skill up.

     So yeah,gy think somebody mentioned academies which is one of the things that we do.  But I think I would just leave you with those two Clints because I know you are very tight for time.

     >> LAURA HARTMANN: Thank you very much.  Lara.  If we have sophomore minutes can we allow for a question from the -- from the audience?

    

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     

     >> LAURA HARTMANN: Is there a question from the audience?  Please come from.  Yes.

     >> AUDIENCE: I'm from the government of Sri Lan kanada and the development of the second base security strategy and the policy.  Now the comal length is to implement.  I'm a civil servant for the past 23 years so by the time interest were (?) to the -- to the -- to media.  So we -- we just grab it but nobody in the public sector hardly heard of it and we got the tech experts to explain.  Time to time we have the collaboration with the private seconder and also in a separate track the political tear and forces have their own kind of cyber defense.  But we keep it from a very strategical way to bring that knowledge to the civil service work and other work.  Somebody mentioned about the capacity wilding and curriculum change.  I think we give in in most of the inkjet or (?) and related curriculum, schools.  And actor deem ma but we as a country face a challenge of losing the talent from the market going overseas.  Private sector we are a small country of 20 million.  Currently the IT has 30,000 openings for the graduate.  Without a collaboration, the capacity building within the government itself, won't be a sustainable solution that is the way I see it and (?) and yeah, That's.

     >> LAURA HARTMANN: Thank you very much.  Fly of the speakers to like to come in or leave it with the notes?

     >> Agreement.

     >> LAURA HARTMANN: Okay.  So then I would like to thank you all for listening.  Thank you very much to your speakers joining virtualry at the very early morning in Europe and from Africa and thank you very much toed speakers here on the panel and -- you want to make a note?  Yes, please.  Thank you.  Lots of things have discussed.  We know many of the time public and private seconder has Hacking.  And I want to know how fully safe any government or private sector by Hacking.  Can you tell me something?  The question was how to fully secure the government system Hacking attacks.

     >> MODERATOR: I'm started in the technical level and I'm ated leadership level.  There is nothing which is impossible to hack in the world and there will not be because digital world is imperfect.  Always there will be weaknesses which ask be used to lack different types of systems.  Maybe pentagon, I don't know.  White House.  We have seen such type offing tests and see in the future.  There is nothing hundred percent possible to be safe.

     And technology office has weaknesses.

     >> LAURA HARTMANN: Thank you very much.  We need to close the session now to give the floor to the others that are coming for the next session here.  Agree a holistic approach is very, very important.  Beginning from the education and then ecosystem approach that the last speaker voiced, la a.  I think that is fundamental.  So cross industry initiatives really.  So that we go from a nice to have to public to really raise the awareness it is a public safety issue as well.  And ultimately, yes, we need people that can talk to management that understand that there is the need for investment and that translators.  So thank you very much, everyone.  And happy IGF.