MANKATO, MN. – How does a small country — with about the same population count as Switzerland — position itself to compete in the fast-pace cybersecurity global marketplace? In this article, we’ll explore the factors that have enabled Israel to position itself as a key future player in cybersecurity. In a follow-up article, we’ll look at how Israel has leveraged that potential into action, creating a marketplace for venture capital and innovation, resulting in hundreds of security startups.

Demographics

What is immediately noticeable when arriving in Israel is the number of young people around you. Unlike many of the largest countries and economies, Israel has a young, vibrant population, with over 43% of people aged 24 or under (CIA World Factbook). The median age is 29.7, compared to 37.9 for the US, 42 for Canada, and 42.7 for the entire European Union.

Having a young population not only gives it a current and future stable workforce supply, it also means that a larger percentage of the population is going to be tech-savvy, having grown up in a world in which the Internet always existed, and being very comfortable with using and understanding technology, and the Web of Trust (WoT) that binds us all.

However, by itself, having a young population doesn’t mean that a country is poised to be a global player on the cybersecurity stage. So next, we’ll explore the role the government has played in shaping this nation to be a key player in cybersecurity.

Cyber — A Government Focus & Priority

While a growing number of governments around the world are proclaiming their desire to boost their cybersecurity workforce, nowhere is it more evident than in Israel. Attend any cybersecurity conference in Israel and you’ll inevitably run into dozens of key government leaders, from multiple sectors including the economy, import/export, the military, but also education and academia. Don’t be surprised if the head of the country pops in to make a short speech about the importance of the cyber domain to Israel’s future, as Prime Minister Netanyahu did on June 26th at the start of the CyberWeek conference at Tel Aviv University:

Cyber security is serious business. It’s serious business for two reasons: the first reason is that it’s a serious and growing threat. And it’s a growing threat everywhere because everything, every single thing is being digitized. And the distinction between hi-tech and low-tech is rapidly disappearing. And as that happens in one country after another, in one industry after another, in one critical infrastructure after another, and as we enter the world of the internet of things the need for cyber security is growing exponentially.

Our decision in this case was to create a national cyber defense authority and we are organizing them around the cyber net so that everybody has secure information between the government and the various organizations and the business organizations. We can communicate in a secure way and the parties inside the net can communicate with each other. Not only to respond to attacks but to prevent them, to prevent them by early warning, to prevent them also by guidance, by teaching a systemic doctrine to the extent that you can be systemic in this business.

PM Netanyahu at the CyberWeek conference (June 26, 2017)

A Military Affair

The government’s role in leading the effort to position Israel as a leader in this space is undeniable. However, growing a cybersecurity workforce comes much easier to Israel than to the rest of the world, due to Israel’s need to protect itself from what they call “not so friendly neighbors.”

In many developed countries, the workforce supply in the cybersecurity domain is stretched thin, often with minimal or negative unemployment rates in the field, leading to many companies poaching the best security folks from their competitors, and leaving the government sector with a near-empty pool of applicants as government salaries are much lower, often on the order of 20%, 30%, even 40% lower, and the barriers to entry much higher (i.e. advanced degrees, clean record, drug tests, etc). A 2016 Indeed article compared the salary, adjusted for cost of living differences, of an information security specialist with three years of experience in Minneapolis ($127,757) with that of someone in Arlington VA ($74,254). The numbers speak for themselves.

In Israel the cyber workforce situation is much different; the Israel Defense Forces (IDF) provide the country with a fresh, auto-renewing supply of talented youths that have often signed up for extra tours of duty in some of the elite units of the IDF (e.g. the famous unit 8200, where many of today’s cybersecurity entrepreneurs once served). According to Wikipedia, the number of people reaching military age annually (estimates for 2016) is 60,000 males and another 60,000 females. While that number is by no means large, the experience instills in the conscripts many key values that lasts for decades after they’ve left their defense units and integrated the workplace.

One of the most privileged spots in the IDF is unit 8200 which is often referred to as Israel’s equivalent to the NSA. Unit 8200 is an intelligence unit, responsible for collecting signal intelligence (SIGINT) and code decryption. Unit 8200 is just one of several sought after units in the Israeli Intelligence Corps, which is “responsible for collecting, disseminating, and publishing intelligence information for the General Staff and the political branch” and also to engage “in counter-intelligence and information security work, and presents general assessments.” Several alumni of unit 8200 “have gone on to found leading Israeli IT companies, among them CheckPoint, Imperva, Incapsula, CloudEndure, Cybereason, ICQ, LightCyber, NSO Group, Palo Alto Networks, indeni, NICE, AudioCodes, Gilat, Leadspace, EZchip, Onavo, Singular and CyberArk.”

However, unit 8200 is just one of the many valuable units where young men and women can serve, and in the process gain valuable training and experience that can be of use in the business world.

Other Factors

Of course, there are other factors at play that have helped Israel position itself as a leader in this domain, beyond the young population, beyond the deliberate focus and support of the Israeli government, and beyond the fairly unique military apparatus which provides valuable training and experience.

These other factors include cultural aspects of resilience and innovation, access to academia for subject matter expertise, economic support for investments and growth in this space, and a startup mentality highly tolerant of failures — and more importantly lessons learned — to name a few.

In Israel, all of the factors mentioned above have contributed to creating a capacity for innovation and excellence in the cybersecurity domain. Just as importantly, the political and military leadership of the country are fully cognizant of that capacity and have decided to make it a national priority. As Dr. Eviatar Matania, Head of the Israel National Cyber Directorate, put it, “cyber is like the industrial revolution… We are just at the beginning of the cyber revolution… But we are going to be a cyber nation… as cybersecurity is a necessity to prosper.”

And as they say, the rest is history.

Our second article, “The Land of the Cyber Startups,”  delves into the determined ways that Israel has been encouraging the growth of its cybersecurity sector.

The Dr. InfoSec Blog is curated by Christophe Veltsos, PhD, CISSP, CISA, CIPP.

Chris, aka Dr.InfoSec, is passionate about helping organizations take stock of their cyber risks and manage those risks across the intricate landscape of technology, business, and people.

Whether performing information security risk assessments, working alongside CIOs & CISOs to set and communicate strategic security priorities, or advising board members on effective governance of cyber risks, Chris enjoys working with business leaders to improve their organization’s cyber risk posture.

To Read His Blog, Click on http://blog.drinfosec.com/2017/07/why-your-next-cybersecurity-toolservice.html