Has Demand For Cyber Security Skills Hit Crisis Point?

Uploaded on 2018-09-21 in NEWS-Cybersecurity News, JOBS-Careers, GOVERNMENT-National, FREE TO VIEW

The Parliament's Joint Committee on the National Security Strategy, a cross-party group that works across both the Commons and Lords, published a report in July that exposed the UK's chronic lack of digital skills, even within some of its own security agencies.

A summary to the report, entitled Cyber Security Skills and the UK's Critical National Infrastructure, reads as follows: "During our ongoing inquiry into the cyber security of the UK's critical national infrastructure (CNI), we heard that although the UK has one of the most vibrant digital economies in the world, there is not currently the cyber security skills base to match, with both the Government and private sector affected by the shortage in skills".

The committee heard from some of those at the forefront of the UK's cyber security industry. Ciaran Martin, CEO of the National Cyber Security Centre (NCSC), who told the committee he found it a "constant and difficult challenge" to recruit the deep technical expertise needed. It also heard from Rob Crook, managing director of Cyber and Intelligence at the defence engineering and cyber security company Raytheon UK, who put the vacancy rate in the company's cyber security unit at 20–30%.

The committee says it was "struck by the Government's apparent lack of urgency in addressing the cyber security skills gap in relation to CNI", and that it believes the government lacks the ability and understanding to address the gap between skills supply and demand.

The need for new blood

Fixing the problem may prove to be quite a challenge. BCS, the Chartered Institute for IT, says it was dismayed by this year's GCSE results which showed a 16.6% fall in the number of students sitting a computing-related topic. When IT Pro spoke to BCS, a spokesperson told us that we "need a critical mass of new blood entering the profession to close that skills gap".

The spokesperson pointed to the UK's National Security Strategy 2016-2021, which had identified that "the lack of young people entering the profession" and "the absence of established career and training pathways into the profession" were two of the main factors contributing to the skills gap.

As we reported in August, analysis of figures released by UCAS in August showed a noticeable decline in the number of students pursuing STEM-related subjects at university, despite a growth in interest at A-level.

BCS proposed fostering more "apprenticeships in cyber security, which as well as providing an extremely worthwhile career, are also well-paid, with salary expectations typically 15% above the industry standard".

However, according to Bryan Betts, principal analyst at Freeform Dynamics, this "arms race" has been a prevailing problem for many years and almost certainly going to get worse.

"There is some good news on the horizon – more students passing A-level computing this year, for instance – but of course they're going to need to learn a lot more to be useful in cybersecurity," he explains.

Making cyber security attractive

Talal Rajab, head of programme for Cyber and National Security at techUK, told us the organisation is working closely with Department for Digital, Culture, Media and Sport (DCMS) on setting up a "professional body for cyber security that would grant royal chartered status to cyber professionals". This would effectively raise the position above other IT industries, where professionals would be required to act in accordance with ethical guidelines, for the good of the public.

BCS appears to be in broad agreement with this strategy. "Cyber events continue to have a growing impact on our society, and we can no longer manage this as a technology issue in isolation," its spokesperson told us. "The demands of the organisations and institutions like the NHS that we protect, mean that the whole issue of cyber risk management needs to be professionalised."

Prestige is certainly one way to attract more people to the profession, but they won't all want to work for a public body.

"People with strong cybersec skills are out there, but there's not nearly enough, and many of them don't want to work for a government," says Betts. "That might change if the UK government could foster a startup-like environment, but the current lot give the impression they'd have trouble fostering a hamster, never mind a startup."

Cyber security skills strategy

As Betts explains, the major problem facing the government is that this issue requires a long-term commitment, as "it's probably a ten-year project to build up the skills base".

And there's the rub. While there's a challenge in recruiting right now, it could get a lot worse if we don't have a plan in place to ensure that people take up the kinds of subjects at school that will encourage them towards a career in cyber security.

The Joint Committee on the National Security Strategy is backing the proposal for such a plan. Its report urges the government to work with industry to help formulate a robust education policy that will deliver the skills needed in the future, as well as support continuing professional development for educators. It also suggests reskilling and using aptitude rather than qualifications as a basis for recruitment.

The committee also believes "the Government's immediate priority should be the publication of a cyber security skills strategy," as until the homegrown workforce is available, the industry needs to be aware of how the government plans to alleviate the strain.

Perhaps when that appears, we will get a better idea of the government's strategies for the months and years ahead.

ITPro:

You Might Also Read:

AI & Machine Learning Are Adding To The Skills Shortage

« Millions Of WiFi Routers Are At Risk Of Hacking
Spyware Proliferates To 45 Countries »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Titus

Titus

Titus is a global leader in enterprise-grade data protection solutions.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

CalCom

CalCom

CalCom Hardening Solution (CHS) for Microsoft OMS is a security baseline-hardening solution designed to address the needs of IT operations and security teams.

InfoGuard

InfoGuard

InfoGuard is a leading Swiss company providing comprehensive cyber security and network solutions.

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Salviol Global Analytics

Salviol Global Analytics

Salviol Global Analytics is a leading provider of Fraud, Risk and Operational Performance Solutions to a number of vertical markets including Insurance, Banking, Utilities, Telco’s and Government.

Deceptive Bytes

Deceptive Bytes

Deceptive Bytes provides an Active Endpoint Deception platform that dynamically responds to attacks as they evolve and changes their outcome.

DreamIt Ventures

DreamIt Ventures

DreamIt Ventures is an early stage venture fund that accelerates startups building transformative tech products in the fields of Healthtech, Securetech, and Urbantech.

Vijilan Security

Vijilan Security

Vijilan provides 24/7 SOC services to MSPs/VARs. Our Security Operations Center is global, and our services are exclusive to the Channel.

DeFY Security

DeFY Security

DeFY Security is a Cyber Security solutions provider with more than 20 years of experience securing financial institutions, healthcare, manufacturing and retail.

CISO Global

CISO Global

CISO Global (formerly Cerberus Sentinel) are on a mission to demystify and accelerate our clients’ journey to cyber resilience, empowering organizations to securely grow, operate, and innovate.

Liminal

Liminal

Liminal is a boutique strategy advisory firm serving digital identity, fintech, and cybersecurity clients, and the private equity / venture capital community.

Zorus

Zorus

Zorus provides best-in-class cybersecurity products to MSP partners to help them grow their business and protect their clients.

Fletch

Fletch

Fletch’s AI tracks the evolving cybersecurity threat landscape by reading and interpreting every threat article every day and matching those threats to a company’s exposure.

Oak9

Oak9

Oak9's Security as Code platform dynamically secures Infrastructure as Code (IaC) and deployed cloud workloads, automatically.

M7 Services

M7 Services

M7 Services are a comprehensive Managed Services Provider (MSP) with a focus on delivering cutting-edge information technology solutions and unparalleled customer service.