The impact of cyber incidents leave deep traces in affected organisations, their suppliers, customers and society. As a result, the demand for qualified cybersecurity professionals is growing continuously. The new Advanced Programme in Cybersecurity and Governance at TIAS school for Business and Society is set up to help narrow the cybersecurity skills gap. It is a concrete result of the joined ambitions and interventions defined in the recently lauched Human Capital Agenda Security (HCA). The agenda is developed by HSD in collaboration with CVD and with contributions of about 70 parties.
The programme is uniquely designed to up-skill professionals in management positions and enable organisations to integrate cybersecurity capabilities in the fibers of their organisation. The course kicks off on 12 October with an interdisciplinary group of participants from organisations such as NCSC, de Nationale Politie, ENISA, the Dutch Ministry of Defense, RDI, DNB, Heineken and ASML.
“This course is a response to ongoing requests from the business community to provide new cybersecurity training. The programme is built to tackle talent shortages in the most effective way possible,” says Lokke Moerel, professor of global ICT law at Tilburg University and senior of counsel with Morrison & Foerster.
Lokke: “What is unique about the programme is the comprehensive, interdisciplinary content, provided by leading experts in the respective fields. We realised early on that no one individual or institution has all required knowledge to cover all subjects for the course. The cyber security discipline is young and in constant development. We therefore need the expertise from industry to make the course relevant to current practice. In other words, we needed to collaborate with other academic institutions, public organisations and companies.”
That made the establishment of this course a challenge, but the result is a comprehensive programme covering a wide range of cybersecurity subjects, which is aligned with industry practice. The programme spans subjects ranging from threat analysis, risk assessment and mitigation to legal responsibilities, cyber incident response and reporting to boards. “By training managers through this compact 5-day course, we help organisations upgrade the cyber capabilities of their organisations as efficiently as possible”.
Each course day in the programme consists of two training sessions and a case study or best practice delivered by a CISO. One of the contributors to the programme is ASML, which both provides a case study and has employees participate in the programme. “As a pioneering company owning crucial technology that the economy has come to rely on, cybersecurity is an absolute top priority for us, says Aernout Reijmer, CISO at ASML. “And that extends beyond our own organisation and includes our many suppliers and academic partners, who we inform and audit on a regular basis. It’s therefore safe to say that having access to skilled cybersecurity professionals is crucial for our licence to operate,” he continues. ASML also feels the competition for scarce cybersecurity talent, which is most pressing for senior management positions.
Aernout: “The focus of this programme on training managers for senior roles in cybersecurity is unique and addresses an important bottleneck in our cybersecurity workforce. Talent development is also a cornerstone of our organisation, and we expect to benefit greatly from the new knowledge, skills and networks of our employees after taking this course”.
After this first edition, the aim is to optimise and scale the programme and make it available at multiple institutes across the Netherlands. “Companies find it hard to prioritise courses like this because their employees already carry a heavy workload. We therefore aim to make the course as accessible as possible. We also want to demonstrate that organisations benefit as a whole after employees have taken this course,” says Lokke.
Ideally, more than one person from an organisation participates, so that they have the possibility to develop what Lokke calls ‘a common language’ once back at their jobs. “The reason why we target managers is so they can set guidelines and standards within their organisations, and their knowledge trickles down into the rest of the organisation. That is much more likely to happen if they have accountability or sparring partners and can share experiences and best practices from their respective teams. Cybersecurity is relevant to the entire organisation, so it’s important that the knowledge and practices cover all disciplines and departments”.
Among the contributors to the cybersecurity programme is the Netherlands Cyber Security Center (NCSC).The National Cyber Security Center (NCSC) is the central information hub and expertise center for cybersecurity in the Netherlands. NCSC is renowned internationally for its excellent knowledge, approach and standards and has a stake in advancing cybersecurity within Dutch industries. NCSC faces talent shortages itself and expects to benefit from letting employees participate in the programme.
Hans de Vries, director of NCSC: “We not only experience shortages in cybersecurity talent ourselves, we also hear it from organisations across all Dutch industries. As a result, companies are struggling to keep the security of their digital systems up to date. We need to explore ways to cover the workforce gap because the economic security of our country is at stake."
Hans de Vries: "This programme is an excellent example of government, businesses and knowledge institutions collaborating to create the required trainings programmes. We are happy to have contributed to this programme”.
Plans for additional editions of the Advanced Programme in Cybersecurity and Governance are in the making. The second edition will take place from 27 - 31 May 2024. Click here for more info.
The programme was initiated by Tilburg University in collaboration with the National Cyber Security Centre (NCSC), the Rijksinspectie Digitale Infrastructuur (RDI), De Nederlandse Bank (DNB), and co-hosted by CISOs from ASML, Philips, and Signify. Other contributions will come from TU Delft, Fox-IT and Microsoft. HSD gave an initial investment to trigger other organisations (like the once mentioned above) to follow and therefor create a first businesscase for this pilot and get a positive decision from Tilburg University/TIAS board.