Upskilling existing staff could be key to narrowing the cyber skills gap, according to the CISO of the Ministry of Defence (MoD). Major Andrew McGrane says his team has been able to set up testing environments to assess staff, giving them “a safe space where they can fail” as they build their knowledge of cybersecurity.
McGrane was speaking at the Infosec Europe conference in London this week on a panel entitled The Achilles Heel of the Cybersecurity Industry – Cyber Talent Management and Focussing on the Human Deal.
MoD CISO on narrowing the cyber skills gap with internal talent
Both public and private sector organisations are battling to secure the services of a limited pool of cybersecurity talent, and demand is increasing all the time. The world needs 3.4 million cybersecurity experts to support today’s global economy, according to a report released last month by the World Economic Forum.
McGrane said the MoD is addressing this problem by trying to identify potential cybersecurity stars within its ranks. It has set up test beds to allow staff to assess their aptitude for cybersecurity. “What we’ve done is to set up a training environment which then gives the opportunity to bring the less experienced workforce into new positions, where they can be tested in a safe environment,” McGrane explained.
Once the staff have been tested in this environment, they can be assessed for key strengths and areas for improvement, mapping out an “upskilling plan” to develop their cybersecurity skills, McGrane said.
How to retrain as a cybersecurity professional
Both the (ISC)2, a non-profit membership association for cybersecurity leaders, and the Chartered Institute for Information Security offer courses and exams to help employees to develop their skills in this regard, to change their role within a company.
What is often not realised is how much potential for cybersecurity talent there is within a qualified workforce, said Amanda Finch, CEO of the Chartered Institute of Information Security. “You’ll have a team that is made up of somebody with a geography degree, an IT degree, or a philosophy degree, and because they haven’t been exposed to security or technology beforehand, they don’t actually realise they’ve got an aptitude for it,” she said.
Providing a chance to requalify can encourage staff to stay in an organisation, argued Jules Gascoigne, CISO at Transport for London. He said it’s important to set up a continuous training and development programme so that a cyber talent pipeline can be established, as staff that have retrained are likely to get other opportunities elsewhere.
“The reality is, [cybersecurity] is a really hot industry,” he added.