Posted on 12/07/2017 by Peter Sanders
In Britain and beyond, we are faced with a significant shortage of cybersecurity professionals and skills. A report by Indeed found over 2000 job postings in the field (from 2014 to 2016) received fewer than 1000 clicks - a drastic difference between employer demand and jobseeker interest.
The pattern repeats globally: Israel, Ireland and the UK are all affected seriously, and even in the US and Canada, jobseeker interest barely supplies 65% of employer demand.
Salaries are unlikely to be the issue - the average wage for security analysts sits at £57,500 per annum. Neither is job stress a likely deterrent - CareerCast found IT security roles the least stressful in the industry. The lack of interest has to come from somewhere else: a lack of qualification to pursue the roles.
Fortunately, steps are being taken.
National College of Cybersecurity at Bletchley Park
Located at the historic ‘home of the codebreakers’ in Buckinghamshire, this training college will train gifted and talented 16-19-year-olds in cybersecurity skills. Trainees will be selected through aptitude tests, or exceptional self-developed coding and development skills.
Backed by Qufaro, a not-for-profit group formed from the cybersecurity industry (including ourselves), the National College will provide a unified, cooperative attempt to close the skills gap. Other funding and development will come from the Cyber Security Challenge UK - a government- and industry-backed not-for-profit which identifies and develops the skills needed to fight cybercrime.
‘New Collar’ initiative by IBM
While acknowledging the skill shortage in cybersecurity, IBM claim recruitment is part of its own problem. In this video, CEO Ginni Rometty describes the need to create and fill ‘new collar jobs’ that operate outside the usual school > university > job career path.
Instead of demanding an undergraduate degree or professional certificate, say Rometty and her colleagues, cybersecurity should base its recruitment on hunting for the relevant capabilities and skills, however they’re developed.
By exposing cybersecurity issues and skills to students at school - where there’s often a lack of teacher capability and resources to teach on them - IBM hopes to create self-starting, self-teaching, and ultimately self-recruiting security professionals.
Cyber Retraining Academy
Recruitment to close the cybersecurity skills gap goes beyond the entry level. This Government-sponsored initiative, supported by the SANS Institute, is designed for adult professionals to retrain and transition into cybersecurity careers.
The Academy, which moves from city to city (it’s currently based in London) offers ten weeks of comprehensive, fully funded retraining for candidates with little to no prior knowledge of cybersecurity. On graduating, trainees are GCIH-certified and able to enter junior roles with the firms they’ve encountered and networked with during their training.
CyberFirst is a broad church, taking in an educational bursary scheme, a girls-only cybersecurity competition, and development courses at UK universities and colleges.
Each CyberFirst package eliminates deterrents to pursuing a career in cybersecurity and was designed with partnership and insight from businesses - including identifi.
The bursary provides financial support during university term time, paid work experience and training for the summer, plus three years of employment after graduation. Free residential courses target cybersecurity concerns among school learners to ensure they learn what their schools can’t cover. The girls’ competition, meanwhile, addresses a known issue in IT and cybersecurity: talented young women ruling themselves out of careers in the field.
Inspired Careers is another attempt to change the dynamic and process of cybersecurity recruitment. Government-funded, this CREST-approved website breaks down career paths through cybersecurity, modelling pathways into the field, providing ‘day in the life’ examples of work and identifying social media sources for would-be digital defenders to fuel their interest.
It’s a different model of recruitment - focused on advice and guidance rather than posting jobs and expecting candidates to self-select. Identifying specific ways to close personal skills gaps may add up to a solution for the industry.
The skills gap is probably the biggest issue in the cybersecurity industry today. As recruiters, we’re aware that demand for cybersecurity professionals almost always outstrips supply.
It is a candidate’s market, which is why we are a candidate-focused consultancy. Check out our candidate charter to find out more.
Image Credit: https://www.flickr.com/photos/mwichary/2506936869