How can we solve the cyber talent famine? (Guest blog from Learning People)
How big is the Cyber Security skills gap right now?
The GOV.UK Cyber security skills in the UK labour market 2022 report tells us that a high proportion of UK businesses continue to lack staff with the technical, incident response and governance skills needed to manage their cyber security:
- Approximately 697,000 businesses (51%) have a basic skills gap
- Approximately 451,000 businesses (33%) have more advanced skills gaps (most commonly in areas such as penetration testing, forensic analysis and security architecture)
- Almost 4 in 10 businesses (37%) have an internal skills gap when it comes to incident response and recovery, and do not have this aspect of cyber security resourced externally
With the great resignation, a shortfall of apprenticeships and an increase of experienced tech pros retiring, it’s no surprise that 85 percent of the individuals fulfilling cyber roles in the private sector have transitioned into this position from a previous non-cyber role.
Even more concerning is that half of all cyber firms have faced problems with technical cyber security skills gaps.
The answer - educate and empower
A little knowledge is a dangerous thing…
The recent boom in online training has seen the market become saturated with cyber education - which on paper is reassuring, but in reality is light years away from meeting the increasingly technical demands of business.
But what are the recognised cyber standards that we all need to meet and who sets them?
Since 1982, CompTIA has been front and centre in helping people get the skills they want that employers need. For example, the CompTIA Security+ certification is now widely accepted as not only the must have for cyber, but is key for anyone serious about IT and Networking. It’s also ISO/ANSI accredited and approved by the US DoD.
However, alongside certifications, soft skills are becoming increasingly recognised by employers as being the beating heart of a productive workforce. This is something Learning People have long understood by producing candidates with a business fit blend of both.
First hand experience of servicing industry with cyber talent tells us that removing the two years experience prerequisite from job postings enables a more effective recruitment model with employees that can be trained and retained.
Cloud based Information Security Management System experts ISMS.online told us their top three skills/behaviours for successful candidates were:
- Self-drive, hard working and an ambition to be part of something better
- Communication skills – verbal, written, single, team, especially in remote working situations for customers and colleagues relationship management
- Technical or business skills (depending on role) to help ease integration into the complex world of cyber, privacy and information security management
Read full employer testimonial
What’s next?
Solving the cyber talent famine will take time and open mindedness from both potential employees and employers alike. Expecting ready-made recruits with a minimum of two years experience is not only unrealistic - but is truly a recipe for hiring disappointment.
The tools and the talent are readily available to us all - we simply need to remove the cliches and barriers of what has been - and embrace what’s next to come. A dynamic and cyber smart workforce that will make both businesses and the world a safer place.
Help to shape and govern the work of techUK’s Cyber Security Programme
Did you know that nominations are now open* for techUK’s Cyber Management Committee? We’re looking for senior representatives from cyber security companies across the UK to help lead the work of our Cyber Security Programme over the next two years. Find out more and how to nominate yourself/a colleagues here.
*Deadline to submit nomination forms is 17:00 on Tuesday 18 October.
Upcoming events
Get involved
All techUK's work is led by our members - keep in touch or get involved by joining one of the groups below.