Announced in the publication of Cyber Security Skills: Business Perspectives and Government’s Next Steps the government are trying to tackle the severe shortage of cyber security specialists.
Cyber security is the technology, processes and practices designed for the protection of systems, networks and data in cyber space from attack, damage or unauthorised access.
The National Audit Office Landscape Review on the UK Cyber Security Strategy, published in February 2013, identified a shortage of cyber skills as a key challenge. The Review concluded that the current pipeline of graduates and practitioners would not meet growing demand, and this has implications for UK resilience and economic growth. Similar evidence from the Global Information Security Workforce Study by Frost and Sullivan consultants found that the global demand for people with cyber security skills is forecast to grow at about 13.2% each year from 2012 to 2017.
A strategy to increase cyber security skills at all levels of education and among the cyber security workforce has been carried out jointly by the National Cyber Security Programme (NCSP), BIS, GCHQ and the Cabinet Office has been in place for two and a half years. In this way, it has given accreditation to 11 universities as Academic Centres of Excellence in Cyber Security Research, set up 3 Research Institutes and funded 2 Centres for Doctoral Training to develop high-end skills and capability.
Nonetheless, findings of this business engagement exercise have suggested that we desperately need to build on these foundations to create a transformational change. Most notably, they concluded that there was a demand for more professionals with a range of technical skills, but also a demand for new entrants with stronger business skills and greater work experience. The current lack of skills was explained via the immaturity of cyber security as a ‘profession’, the low take-up of STEM subjects, and the limited awareness of cyber security as an interesting and rewarding career at all levels of the education system. The exercise also highlighted the importance of increasing cyber skills amongst those who create, purchase and use technology to reduce business vulnerability to cyber attack, and amongst company decision makers who are responsible for managing business risks.
It was also noted that businesses generally value experience over academic qualifications and, given the increasing demand, it was proposed that businesses should provide more opportunities for individuals to gain that experience.
Further to these findings, new plans have been put in place to rectify these problems. These plans are to be accomplished over 2014-2015 and will revolve around six main delivery methods:
- working with business delivery partners to support activities in schools, such as funding the British Computing Society to provide support for teachers to implement all elements of the new computing curriculum; funding STEMNET to run the STEM Ambassadors progamme; and funding e-skills to develop complementary cyber security teaching and learning materials.
- developing closer working relationships between industry and academia, and link professional and academic qualifications more closely. Make work experience the core part of a student’s degree qualifications, and make sure that businesses are able to provide work experience opportunities for students through internships and work placements.
- promoting apprenticeships as an alternative route into the industry through new employer-led apprenticeships schemes.
- increasing the awareness of cyber security as a profession with an attractive career path through the development of learning pathways for university students and professionals from related disciplines.
- the Institute of Information Security Professionals was established in 2006 as an independent accreditation authority advancing the professionalism of information security practitioners and provides a widely accepted skills framework for the profession. These sorts of accreditations are to be taken further, perhaps along the lines of a ‘chartered status’ as used in professions, such as engineering.
- creating more understanding of the cyber security industry in businesses in general, for example through creating specific guidance for non-executive directors and developing an ‘Introduction to Cyber’ MOOC to make knowledge of cyber security more accessible.
Eluceo will be keeping you informed on all events related to cyber security and can help you in your quest to work in the industry.
If you are interested in the wider issues of cyber security, cyber security and privacy expert Dr. Ian Brown questions, in his 2014 Oxford London Lecture, what values we should hold regarding privacy and whether governments should have the ability to intervene under certain circumstances, and the ways in which we can shape the development of computing and communications technologies for a public good.