New blood needed to solve the cyber security skills crisis
Senior figures in IT security see enticing staff from non-IT backgrounds and encouraging young people into the industry as vital to addressing the cyber security skills shortage.
A new study commissioned by MWR InfoSecurity and carried out by security discussion and networking group RANT shows respondents feel the core skills needed in cyber security are curiosity (46 percent) or on-the-job experience (34 percent), with no respondents saying a university IT degree is crucial.
Experienced security professionals are in high demand which makes attracting such staff notoriously difficult and businesses need to look at ways to attract them. Company culture is ranked similarly to salary as a key criterion respondents assess when choosing an employer (50 percent of respondents saying salary and culture as very important or important). Flexible working and opportunities for progression are generally of middle importance to those surveyed whilst a network of peers and the opportunity to do their own research was generally less important -- only five percent rated it very important or important. However, 46 percent report that keeping up to date with research in the field is how they keep their skills honed in an ever changing landscape.
"We need to get rid of some of the stereotypes and make IT security and attractive career option for young people," Dave Chismon, senior researcher and consultant at MWR InfoSecurity says. "The job needs to be challenging and interesting in order to attract people who are highly curious regardless of the background they come from."
An academic route into the industry may not be the best option says Chismon. "We're getting to the point where a lot of very smart applicants who might have gone to university are now balking at the fees and so they're looking down the apprenticeship route. The UK government is ahead of the curve and is offering some apprenticeships already."
The results also show that attitudes on Britain’s position in the global hierarchy of cyber security skills vary dramatically, with 49 percent putting the UK among the top 5 countries worldwide but 46 percent rating it as merely 'average'.
"It's definitely a seller's market right now and security positions can stay vacant for months, sometimes years, if the employer fails to attract the right candidate," says Chris Batten, managing director of ACUMIN, the specialist cyber security recruitment company and an industry advisor to universities on cyber security degree content. "Much of the historical failings of the cyber security profession lies in its inability to communicate the substantial risks posed by emerging threats and subsequently achieve consensus from stakeholders to deal with them. Those employers that are able to attract a wide-range of competences when building their cyber security teams are not only able to recruit and retain more easily but also, in marketing the profession and their business more broadly, they attract candidates from a diverse segment of the workforce to deal with this communication lag."
You can find out more about cyber security trends on the MWR website.