The cyberskills gap has been an ongoing issue in the cybersecurity realm for some time, but education could be the silver bullet to closing the gap. We hear from a number of security professionals who explain why a holistic approach integrating early engagement and education opportunities is pivotal.
Apprenticeships are the solution to attracting more young people into cybersecurity, according to 42.5% of respondents to a new Twitter poll run by Infosecurity Europe, Europe’s number one information security event. The poll set out to explore current issues around the skills shortage within the sector, particularly within the context of the pandemic. Responses also highlight the importance of proper support for remote workers – with more than a third (37.2%) believing that sustaining motivation and well-being is the greatest skills-related challenge faced by cybersecurity professionals right now.
The Information Security sector continues to suffer from a shortage of skilled professionals, with more than three million unfilled roles worldwide, according to (ISC)2’s 2020 Cybersecurity Workforce Study. Despite this, 35.9% of the respondents to Infosecurity Europe’s poll say their organisation currently has a hiring freeze on cybersecurity roles.
Attracting young people into the profession
Maxine Holt, Senior Research Director at Omdia, has a first-hand understanding of the benefits apprenticeships bring, by combining knowledge with experience. “After doing my BTEC in computer studies I got an apprenticeship, learning on the job while studying part-time for my degree,” Holt said. “I also got to work in other parts of the business, which really helped me understand how they interacted with IT.”
“We can definitely do more to open up apprenticeships or internships that encourage people to see if Information Security is for them,” said Steve Wright, CISO of Privacy Culture and Former Interim DPO Bank of England. “But as a permanent measure we’ve got to look at what’s going to attract people at the right age. I think more could be done to make it part of the school curriculum.”
Amar Singh, CEO/CISO of Cyber Management Alliance, agreed that the younger engagement starts, the better. “It helps to build national capability,” said Singh. “It’s a pipeline – you can’t simply pick someone up and say ‘You’re now InfoSec!’ That individual has to be trained and inspired from a young age. If they’re not, by the time they’re 16 or 18 this becomes more difficult because they’re already established on another path.”
Behind apprenticeships in the poll was the need for a formal career path (27.1%), more role models/mentors (17.1%) and greater diversity (13.4%). Troy Hunt, Microsoft Regional Director and Founder of Have I Been Pwned, indicates the need for greater inclusiveness: “Technology in general is very male-dominated and there’s a lot of women in particular that feel excluded by that. There’s also much more introverted behaviour and – in my experience at least – obnoxious behaviour! We need to create an environment that people of all backgrounds want to be in; that removes any barriers making them reticent about being part of the industry.”
The main skills-related challenges for remote workers
Keeping motivated and in good mental health during the pandemic could be particularly tough for new joiners. “We have people who’ve never physically stepped foot in their office, or met their colleagues,” said Paul McKay, Senior Analyst – Security and Risk, Forrester Research. “It’s also challenging for junior professionals not having support structures in terms of the mentorship and oversight of more senior folks, or being with peers of their own age who are all going through the same journey.”
Effective team-working skills was cited as a major challenge for remote workers by 26% of poll respondents. Steve Wright agreed: “To not engage in a social way is possibly one of the worst things that could happen to our species, because we’re designed to be with people and bounce off each other. We need to think about how we can better support each other and collaborate now we don’t have that camaraderie in the office, to help make sure people still feel associated and included, and that they know you still care about them.”
What sums up your current recruitment strategy for new cybersecurity skills?
For those organisations not subject to a hiring freeze, recruiting internally was the top strategy (21.6%), followed by hiring from non-cyber roles (18%), both of which emphasise the importance of looking beyond the ‘obvious’ candidates and casting the net wider. “We’ve kind of created the cyberskills crisis ourselves by not hiring people because they haven’t got a degree, for example,” said Mark Nicholls, CISO of Chime Group. “There are so many good people out there and we need to be more open. There are advantages to having diverse teams that represent the business you’re trying to protect, and having non-security folks bringing different ideas to the table.”
Heidi Shey, Principal Analyst serving Security and Risk Professionals with Forrester Research, agreed: “We need to really expand our view, looking at non-traditional backgrounds for different types of roles. What is it you really need in terms of the skills? And what are the things you could train someone up to do? You’re looking for that one candidate who has everything already, and that can really narrow down the field and make it more difficult to recruit.”
Nicole Mills, Exhibition Director at Infosecurity Group, said: “No single action has yet proved effective at bridging the cybersecurity skills gap. What’s needed is a holistic approach that integrates early engagement and education opportunities, designed to attract and retain the next-generation InfoSec workforce, with strategies that enable great candidates to transition from other types of role. Importantly, our industry must resist the temptation to press ‘pause’ on recruitment, as many organisations have done in the face of budget cuts and uncertainty – if we do, there’s the risk that the skills gap becomes a chasm.”Click below to share this article