While Maslow’s hierarchy of needs doesn’t completely explain the complexities of motivation and achievement, it does offer valuable insights into these processes.
Generally, people aim for social achievement and self-fulfillment after satisfying their basic needs (the first and second stages). It’s unreasonable to expect people to strive for growth without the premise of an appropriate level of reward. The government’s recent plan to cultivate 100,000 security talents to counter cyberterrorism also falls short in considering the relationship between motivation and achievement.
The security paradigm is changing with the advent of artificial intelligence (AI), quantum computers, and the spread of cloud infrastructure. The threats from cyber criminals exploiting these advancements are also intensifying.
There is an inevitable increase in security demand, but there is a lack of skilled personnel to meet it. The South Korean government plans to invest 1.1 trillion won (approx. 795 million USD) in infrastructure support, expanding educational opportunities, and opening overseas markets to train 100,000 cybersecurity specialists. However, the most crucial element, an appropriate compensation, is missing. According to the Survey for Information Security in Korea, 72% of data security companies responded that securing and retaining technical development personnel is difficult. As the years of service accumulate, the attrition of information security personnel deepens. As of December 2022, only 11.5% of the total 20,000 practitioners had 11 to 15 years of experience, and a mere 9% had over 15 years of experience.
The proportion of experienced personnel handling the most research and development work is very low. This implies that talent is leaving the security industry for places where they can expect a reasonable level of compensation.
While there is a saying that even the country cannot help people experiencing poverty, this is separate from industry promotion. If the vast majority of security companies, many small and medium-sized enterprises, struggle to improve salaries and treatment realistically, industrial promotion measures should come first. The lack of a long-term vision based on this weakens the plan to train 100,000 cybersecurity specialists.
If there is a shortage of cybersecurity specialists, IT assets will leak, and the country will also be vulnerable to external threats. This is why meticulous policy planning is needed to harmonize compensation and to develop various specialists. We should learn from past failures, such as training 100,000 people and suffering from outcry.