The Cybersecurity Workforce Study by ISC2 revealed a staggering shortage of 111,000 professionals in the Middle East and Africa, underlining a significant deficit in the field. This has led to conversations about possible solutions to address this issue.
Chidiebere Ihediwa, an African cybersecurity specialist, has proposed a controversial suggestion. He recently spoke to Nigeria’s Economic and Financial Crimes Commission, proposing that online scammers and fraudsters should be retrained as information technology specialists. According to Ihediwa, redirecting the knowledge and capabilities of these individuals would be beneficial to the nation. However, the Nigerian Economic and Financial Crimes Commission has not yet responded to this proposal.
This idea raises an important question: is retraining and hiring hackers and cybercriminals with a questionable past a practical solution to address the shortage of cybersecurity professionals in the region? Debates surrounding the hiring of individuals with a criminal past are not new. Some argue that hackers with experience in conducting cyberattacks could be valuable assets, as they possess firsthand knowledge of how to breach systems, making them suitable for planning and testing cyber defenses.
However, there are practical considerations to take into account when considering the reintegration of reformed cybercriminals into the legitimate workforce. Owanate Bestman, a UK-based recruitment specialist, acknowledges that there is a certain level of sympathy among hiring managers to give these individuals a second chance. However, company policies and specific industry regulations may prevent such opportunities.
Another critical factor to consider is the level of supervision that would be required for reformed cybercriminals working in legitimate IT security roles. Confidence Staveley, founder and executive director of CyberSafe Foundation, emphasizes the need for a multi-layered monitoring process, as well as the potential need to offer attractive salaries to lure these individuals away from illicit activities.
Staveley points out the stark contrast in potential earnings between legitimate IT security positions and the financial rewards that cybercriminals could potentially achieve. She suggests that if a significant investment were made in retraining and offering competitive salaries to former cybercriminals, it could lead to a reduction in cybercrime activities.
Moreover, Staveley emphasizes the importance of these individuals contributing to society by mentoring young people and guiding them to make better decisions online. While she acknowledges that this approach may not completely eradicate cybercrime, she believes that a combination of interventions could make a difference.
Additionally, Bestman believes that ex-fraudsters could leverage their experience to educate others within an organization about the tactics and strategies used by cybercriminals, offering insights into the psychological and behavioral aspects of security within an organization.
Overall, the proposal to retrain and hire former cybercriminals as legitimate IT security professionals presents a complex and multifaceted issue. While it may offer a potential solution to address the shortage of cybersecurity professionals in the Middle East and Africa, it requires careful consideration of practical, ethical, and societal implications. Furthermore, the effectiveness of this approach would depend on the willingness of these individuals to reform and contribute positively to the cybersecurity landscape.