A global study has highlighted the UK’s crippling skills shortage, with businesses “put at risk” as employer demand for expertise is treble the supply. The number of cyber security job searches in Britain reached just 31.6% of the number of cyber security jobs posted, giving the UK a skills gap second only to that of Israel. ISACA, a non-profit information security advocacy group, predicts there will be a global shortage of two million cyber security professionals by 2019. The 2017 Global Information Security Workforce Study by ISC2 highlights Europe is facing a cyber security skills workforce gap of 1.8 million by 2022. Whilst focus on the national cyber security skills shortage is nothing new, what is concerning is that efforts to reduce this issue have not been sufficiently effective, leaving organisations at greater risk as the threat from cyber-attacks continues to grow in scale and sophistication.
Although the skills gap has many disadvantages, it also provides many opportunities for those working, or aspiring to work, in the cyber security arena. If businesses are to prosper, candidates with appropriate potential or relevant skills, must be attracted and motivated to train and develop in cyber security careers. This is easier said than done; Cyber Security as a profession is still inventing itself with a diversity of roles and competencies that are not reflected in clear career pathways. Gaining relevant experience is also a major challenge with many professionals transitioning into security roles as a result of their specialist knowledge from another discipline, which increasingly, is likely to be non-technical. In addition, whilst there are many organisations who can offer education, advice and support, there is no one overarching body that represents this ‘meta profession’.
The UK also needs to better develop a pipeline of talent for the future if the skills gap is going to be minimised and the cyber security market is to hit required recruitment targets. In order to do this, government and industry need to continue working together to find ways of attracting young professionals without a solid background in information security, whether they are school leavers, joining apprenticeship schemes or graduates, looking at future career options. To achieve this requires listening to the needs of the younger generations.
The 2017 Global Information Security Workforce Study found that that 65% of Millennials believe organisational training programmes to be ‘very important’, compared to just 60% and 58% of Generation X and Baby Boomers respectively, with far more Millennials (36%) paying for their own training compared to previous generations. The reduction of training investment from their organisations has resulted in nearly a quarter of Millennials (24%) having no security qualifications, compared to 10% or less for previous generations (Generation X – 10%, Baby Boomers – 7%). Similarly, a survey of Chief Information Security Officers (CISOs) found that 85% of organisations experience recruitment problems as a result of not having enough candidates with the right cyber-security skills. Looking at the long term, the ambition must also be to incentivise those at junior level, whilst doing GCSE’s, in cyber security skills, awareness and competencies as part of the school’s curriculum.
The gender gap in cyber security is also causing an issue. The notable lack of women involved in cyber is reducing the overall pool of talented individuals that organisations can recruit from. Once again, if this skills gap is to be plugged, women must be incentivised and engaged to pursue a career in cyber security. A recent study found that only 53% of respondents were confident that they would have adequate security capability to control their business cyber risks in the next year highlighting a clear educational and skills challenge within the workplace.
There is also a common perception that a career in cyber security is not attractive and requires deep technical skills. This is clearly not the case; cyber security covers a wide range of soft and technical skills depending on the job role. Moreover, a career in cyber security offers excellent prospects, for example, the average salary for a CISO in the UK is £48,433 – £111,000 and for a Pen Tester it is £36,465 per year. As the profession evolves, business and technical roles such as the Chief Information Security Officer (CISOs), Senior Information Risk Owners (SIRO)s, Cyber Security Analysts, Forensic Analysts, Penetration Testers and Cyber Security Engineers are more important than ever. Suitable individuals are, and will continue to be, in high demand to provide expert leadership and direction for organisations looking to protect their business and prosper in the modern world.
Templar Executive’s have been supporting industry, government and academia to build capability and confidence in this area. Our unique range of GCHQ Certified Cyber Security and Information Assurance courses are targeted at all levels – from the Board to the front line. In addition, we provide a trusted forum to explore real issues, supported through our mentoring programmes. Our approach is holistic, encompassing both the human and technical issues. Delivered by our expert and experienced trainers, these learning interventions contribute to bridging the Cyber skills gap and encouraging a positive approach that values information and builds capability to meet the challenges of an increasingly complex and dynamic digital world.
For more information on the courses Templar Executives offers please click