From college to business, Microsoft France’s plan to train in cybersecurity

Microsoft France seems determined to become a French technical training center. After artificial intelligence, cloud and application development, the company is eyeing a new area this May 31: cybersecurity. The company is launching a “Skills Plan”, which aims to train 10,000 new cybersecurity professionals in 3 years. To achieve this, Microsoft has its certification training courses aimed at working professionals, but also at university level.

Like the AI ​​and cloud plans, the cybersecurity plan will be incorporated by a school aimed at training job seekers looking for career reorientation. Microsoft France is thus replicating the model it has been developing since 2018 with the startup Simplon, which led to the emergence of 43 Microsoft schools, for more than 900 people trained in various technological professions.

15,000 vacancies in cyber

In France alone, there are already 15,000 vacancies in
the cybersecurity industry“, calculates the company. This finding is one of the main concerns of the players in the ecosystem, as it poses both operational problems and additional costs in recruitment.

This lack of skills is a central issue in the sector, and is accompanied by a second, more global problem, the lack of public awareness of cyber issues.“, diagnosis with La Tribune Corine de Bilbao, president of Microsoft France. According to a study commissioned by Microsoft in partnership with IDC, 60% of companies plan to make their teams more cyber-aware, and more than two-thirds of them say they are ready to invest in the matter.

Faced with these challenges, Microsoft’s stance is twofold: on the one hand, the company is one of the biggest players in the sector and faces recruitment difficulties. On the other hand, its software is among the most targeted by attackers: among them, Active Directory (AD), used by more than 90% of companies in the world. Basically, this software serves as a network directory and manages access to computer systems. If a malicious actor manages to reach the AD and manipulate it, he can therefore meddle in the company’s business at will. By making members of organizations aware of the fundamentals of digital hygiene and the specific protections of its software, the American giant indirectly strengthens the security of its products and its customers.

A cyber school to train operators

There is a bias that cybersecurity professionals are all bac+5 and doctoral students. But when we look at reality, bac +2 and bac +3 find their place in companies, for the implementation of cybersecurity elements”, recalls La Tribune Bernard Ourghanlian, Technical and Security Director at Microsoft France. As with the other topics he addressed, the company seeks to have a “pragmatic approach“and train people to be immediately operational. As a result, it focuses training on defense and excludes offensive cybersecurity.”When we train people in cybersecurity, we can’t have an insight into every subject.“, argues Bernard Ourghanlian.”We’re not trying to train 5-legged sheep.“, abounds Corine from Bilbao.

In concrete terms, training at the Microsoft School will take place in two phases. First, a “bootcamp” [une formation accélérée, ndlr] extended by 7 weeks will serve as a prequalification stage for training, while leading to a Microsoft security certification. Then the selected students will receive another intensive training of 3 months, followed by 15 months of work-study. By the end of this course, they will be fully trained in the profession of a cloud and hybrid security operator.

The idea is to train operators capable of handling cybersecurity tools. For example, they will be required to classify incidents detected by the software, with support from colleagues who have received more advanced training in case of non-standard incidents.

Awareness in high school

Microsoft France does not want to limit itself to training professionals and intends to invest from the first links in the chain. The company has put together an agnostic prevention kit – without any mention of its products – called “Cybersecurity, my future job”. The latter will be presented by professors, advisors or cybersecurity professionals who work with elementary and high school students and students. To legitimize this approach, Microsoft relies on a partner of choice: Cybermalveillance, the national digital risk prevention and awareness system.

The kit has the ambitious objective of making young people aware of the challenges of cybersecurity and stripping the sector’s image to create vocations. As Bernard Ourghanlian points out, the image of the pimply “geek” persists, and the sector struggles to awaken vocations in certain populations and, in general, among young women. Microsoft France has appointed 40 ambassadors to present this kit, which will be used in particular in various establishments on the occasion of the national NSI day on June 7, in favor of the promotion of digital technology and computer science.

In higher education, Microsoft France has partnered with most cybersecurity training courses to offer its MOOC [un cours en ligne, ndlr] more than 3 weeks, which leads to a certification. And the company offers all kinds of certification training for professionals already in office.