The complexity of IT security is increasing, but the number of available specialists is not growing. This is a challenge and an opportunity for Belgian security experts. How do they solve this?

Belgian companies are aware of the dangers lurking in the digital world. But protecting themselves against these threats is another matter. In Belgium, international and local players are keeping their customers safe, despite limited talent available.

In this context, the security company Jarviss is trying to break through not only in its own country, but also in the Netherlands. Jarviss was co-founded four years ago by Jo Vander Scheuren, who had already made a name for himself with SecureLink. Spotit is another local party and has been around for much longer. The company, founded by Steven Vynckier, already has a large international presence. Talent is also a constant challenge for Spotit.

Lack of talent

“It is certainly not easy to find qualified personnel in the world of cybersecurity,” says Vynckier. “This has to do with training: IT professionals graduate with general knowledge but no specific skills.”

Small and large companies alike have difficulty getting the right people on the payroll. “Even very large companies cannot find the necessary expertise,” says Vander Schueren. A security partner can then provide a solution.

More with less

Jarviss solves the problem in part by doing as much as possible with as few people as possible. The company bases its approach on the way the American Palo Alto Networks manages its own security: automation. Vander Schueren: “This company has a security operations center that is staffed by only eight people during office hours.”

The tool behind this SOC uses AI to automate the work of SOC employees to a high degree. “AI can not only distinguish noise from important things,” Vander Schueren explains. “The technology can also immediately and automatically implement solutions for many problems.”

Finished puzzle

Experts are then only allowed to deal with incidents that lie in a grey area. Technology helps here too. Vander Schueren: “An analyst usually looks for other sources of such a problem and puts all the pieces of the puzzle together. We also automate this using APIs. A customer receives a report in clear language within a few minutes, including possible measures. All that is required is a business decision.”

Vander Schueren estimates that eight out of ten problems can be solved automatically. Twenty percent of incidents require human assistance, which is of course available. However, the technology allows Jarviss to offer its customers a SOC at a reasonable price without the need for an army of experts monitoring a wall of screens 24/7. This value proposition is well received in the Belgian and European markets.

Train yourself

Sooner or later, of course, you’ll need an expert. Spotit has a larger scale and therefore a greater appeal to people. To find talent, Vynckier and his team take matters into their own hands. “We have our own academy,” he explains. “We put graduates on the payroll from day one and offer them six months of training. In the first three months, they work on certificates, but also on soft skills such as presentations. In the following months, everyone can choose their own direction through targeted training.”

You can take courses and training, but at the end of the day you need practical experience

Jo Vander Scheuren, co-founder of Jarviss

To offer young talent this experience, Spotit places them with clients at its own expense as a kind of intern. “It’s not easy to find good people,” repeats Vynckier, “but we have many exciting projects to attract talent.” For end customers, this is often even more difficult.”

Practical experience

Vander Schueren understands the need to intervene at the level of training. “The security world is so complex. We recruit specialists who know exactly how to use a firewall of a certain brand until they have to manage that firewall as part of a complex network. To do a good job in the world of cybersecurity, you need a very broad knowledge.”

“There are initiatives in the education sector that focus more on the skills needed,” Vander Schueren notes. “But internal training remains essential. You can take courses and training, but at the end of the day you need real-world experience.”