Filling the cyber security skills gap
The cyber security sector continues to face a significant gap between the number of people it needs and the availability of those with the right skills. As well as the skills gap, the sector is not attracting proportionate numbers of women to its ranks.
Gender and skills gap
The WSS, together with the government Department of Business, Innovation and Skills, initially tackled the gender and skills gap through a round-table event in 2013. Thirty professionals came together and produced a report with recorded outcomes and recommended actions: www.womenssecuritysociety.co.uk/wp content/uploads/2013/07/Women-in-Cyber-Security-Final.pdf
The report provides two points that stand out over and above the other findings:
- The lack of standardisation of, or formalisation in, career paths and qualifications.
- The need for women working in cyber to become role models.
Three years on, has anything changed around the issues of skills and gender gaps?
Single career framework
Reflecting on the first point from the report, I still don’t believe we have a single career framework, approved and advocated by various professional bodies. This causes a number of issues. On the qualifications piece, whilst I’m an advocate of professional training companies, they do, on occasion, publish lists of often unpronounceable certifications and align these against a range of cyber roles. This can be helpful but, conversely, can sometimes confuse and coerce individuals into paying for professional qualifications that may not be relevant.
Perhaps the dominance of certifications is causing recruiters to be overly cautious and restrict their search to solely those with qualifications which may not actually be required for the role in question? Although there are some highly technical aspects of cyber security, it encompasses a broad range of areas requiring a wide set of varying skills. The right aptitudes and a willingness to learn can take you far.
I’d love to see more organisations investing in apprenticeship-style, on-the-job training which actively looks for difference. BAE Systems are doing just this and I applaud them. They have embarked upon an innovative approach to hiring cyber talent. Partnering with recruiters Via Resource and trainers QA Consulting, they’re hiring 150 diverse graduates (or similar calibre) with the right mindset, to join a bespoke academy programme. Interestingly, women are finding this alternative route to cyber particularly appealing. Just six months later, this bright, adaptable and eager talent will have re-qualified and been security cleared, to help defend us all from cyber threat and terrorism: www.baesystems.com/en/cybersecurity/careers/our-people/ns-academy
Embracing difference
So, is the time right for the profession to really embrace difference? I believe so. There is an increasing demand for cyber professionals to be more business facing, to translate ‘Cyblah’ into business relatable issues easily understood by the board.
Does the traditional computer science graduate route provide the type of candidate who can meet increased business-facing expectations? Can it potentially exclude those bright individuals, often from diverse backgrounds, who have not been to university or further education?
I firmly believe we can look at the current skills (and gender) gap as an opportunity to introduce a more diverse and dynamic angle to the profession – a healthy mix of difference surely means we can enhance and expand cyber roles and capabilities.
An article written by the Financial Times in late 2015, ‘Cyber Security Sector Struggles to Fill the Skills Gap’, nicely summarises the situation, referring to it as “the largest human capital situation in the world”. The article states that cyber jobs take 14% longer to recruit than the average, making cyber more difficult to recruit for than data science, advanced manufacturing and petroleum engineering.
Women as role models
On the second point from the report in 2013 on encouraging women in cyber to put themselves forward as role models, there is some great momentum building, including a book published later this year about women in cyber security by Jane Frankland. There are numerous forums and networking groups emerging and, more importantly, collaborating.
We have some fantastic cyber role models visible and available via social media – Dr Neira Jones, Sarah Clarke, Karolina Oseckyte, Eliza May Austin and Marilise de Villiers being ones that immediately spring to mind. There are also a number of male counterparts who actively support and speak on the gender issue. But we do need more women in cyber to become visible and to actively support and advocate those who are starting their careers, those who are looking to move into cyber or who are developing a social media presence.
So a few ideas from me, as to how people can provide low effort, but high return support – support can be one of the strongest enablers out there for change!
- Be available – comment, like, share and support all individuals in cyber. A few minutes on your mobile device on Twitter or LinkedIn on the train, or while cooking dinner, isn’t a huge outlay. The return from this demonstration of active support for others can be incredibly rewarding and will consolidate strength of movement and facilitate change.
- Search and locate talent – connect with talent at events, via social media, within your organisations. Often informal support is far more impactful than formal programs. This shows you care as a person and as a leader.
- Build bonds and establish your own informal network. Arguably one thing I do well is catch up with other professionals for a cup of coffee or glass of wine. This is a great opportunity to share details of roles, discuss and introduce talent – to knowledge share, to collaborate on a one- to-one level.
I recently reached out and actively supported an individual who wrote a great post about his challenges finding a cyber role. His message to me after we connected speaks volumes, “I would like to think that in the months/years to come I will also be able to offer advice and a helping hand to someone who is going through a situation similar to mine, just as you have.”
Supporting extends a ladder to others and those individuals will recognise the value and apply the same behaviours. That’s change.
www.womenssecuritysociety.co.uk
