Education, inspiration, communication: Solving the cyber security skills crisis
31 August 2016 |
The UK is facing a cyber security skills crisis, and a lack of industry professionals is putting businesses and consumers at risk.
Dr Robert Nowill, chairman of the Cyber Security Challenge UK, says that although many businesses are beginning to realise they need information security staff, this shortage is making it difficult for them to properly protect themselves against cyber threats.
"Generally speaking, I think the penny is starting to drop in industry - certainly big corporates, public and private - that this is serious," he explains of attitudes to cyber security. "The penny's been dropping very slowly for some time, but it seems to be getting more and more generally accepted that there's a big deal around this.
"I think for smaller companies the penny is slowly dropping, but if you look at the take-up of things like Cyber Essentials, and just doing the basics and all of that, we still have a long way to go in the UK. And for individual citizens, I think the same applies."
But who will drive more sensible cyber security behaviour from individuals and small businesses? Professionals are the obvious place to look for advice, but the current skills shortage means many small firms cannot afford them.
According to Nowill, many small businesses are faced with a choice between paying "top dollar" for cyber security experts or hiring less skilled, less expensive workers - but an increasing number are simply training their own security staff.
“Nowadays, I think there’s an increasing trend towards growing your own,” he says. “Just because there aren’t many people out there – affordable people – to expand the business.
“So although it might take anything from nine months to two years to grow a really good cyber security professional who’s presentable in front of customers and is competent, that hit is worth taking, and we see the take-up of that through the Cyber Security Challenge.
“We see new people who come through looking for new careers, as well as the other side of the story in a small business that some of the people we have recruited and grown are doing exceptionally well and are very good value for money.”
Schemes like this help, but there is not a single solution to the problem, and one issue is still that many young people are unaware of the security careers open to them. However, Nowill explains that even those who do not study technical subjects may have other skills that could be used to help keep the UK’s businesses more secure.
“If you think about some cyber security subjects you need deep technical people,” he says.
“But there’s an awful lot in cyber security that doesn’t need that at all. If I think about fraud or social engineering or tailgating, then somebody with skills in behavioural science or psychology or something that’s away from technology is going to be just as valuable, if not more valuable, than someone who studied physics, engineering, computing and so on.
“And that plays to the diversity agenda, because when you look at the stats, yet again by and large the women are doing less in terms of stuff like physics and more in terms of stuff like psychology and behavioural science and so on, and there are career outlets for people in cyber security with such talents.”
And on the more technical side there have also been some encouraging signs – entries for GCSE Computing were up by about three quarters this year, for example – but for Nowill it is crucial that those advising young people on their future careers themselves have information about cyber security pathways on hand, ready to pass on.
“Obviously the people who give the kids advice themselves need to know that there are good jobs out there… so the teachers and the careers advisors are very important,” he says. “So I think one of the things we [have to do] is to make sure that careers advisors and teachers are well-equipped with information with which to inform their students.
“We can’t be naive and think that everyone wants a career in cyber security or STEM, because of course they don’t, but at least we can put the options in front of kids and parents.”
This is also an area where the Cyber Security Challenge hopes to inspire young people. According to Nowill, around half of Cyber Security Challenge finalists get jobs in an industry they may never have even thought of entering before.
“The numbers are good, and so the sort of things we’re doing are opening some eyes and giving people some choices they didn’t have before,” he explains.
“We still have far more boys than girls, men than women, but it’s improving and there’s a long way to go. But I think showing people their career choices and what various role model people or people they respect have done to get where they are does help make a difference.”