View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

MoD CISO says upskilling will help his team beat the cybersecurity skills crisis

Cyber talent is in high demand, so retraining existing staff can be an effective way to build out teams.

By Claudia Glover

Upskilling existing staff could be key to narrowing the cyber skills gap, according to the CISO of the Ministry of Defence (MoD). Major Andrew McGrane says his team has been able to set up testing environments to assess staff, giving them “a safe space where they can fail” as they build their knowledge of cybersecurity.

The Ministry of Defence aims to retrain existing staff as cybersecurity experts. (Photo by MoD Crown Copyright via Getty Images)

McGrane was speaking at the Infosec Europe conference in London this week on a panel entitled The Achilles Heel of the Cybersecurity Industry – Cyber Talent Management and Focussing on the Human Deal.

MoD CISO on narrowing the cyber skills gap with internal talent

Both public and private sector organisations are battling to secure the services of a limited pool of cybersecurity talent, and demand is increasing all the time. The world needs 3.4 million cybersecurity experts to support today’s global economy, according to a report released last month by the World Economic Forum.

McGrane said the MoD is addressing this problem by trying to identify potential cybersecurity stars within its ranks. It has set up test beds to allow staff to assess their aptitude for cybersecurity. “What we’ve done is to set up a training environment which then gives the opportunity to bring the less experienced workforce into new positions, where they can be tested in a safe environment,” McGrane explained.

Once the staff have been tested in this environment, they can be assessed for key strengths and areas for improvement, mapping out an “upskilling plan” to develop their cybersecurity skills, McGrane said.

How to retrain as a cybersecurity professional

Both the (ISC)2, a non-profit membership association for cybersecurity leaders, and the Chartered Institute for Information Security offer courses and exams to help employees to develop their skills in this regard, to change their role within a company.

What is often not realised is how much potential for cybersecurity talent there is within a qualified workforce, said Amanda Finch, CEO of the Chartered Institute of Information Security. “You’ll have a team that is made up of somebody with a geography degree, an IT degree, or a philosophy degree, and because they haven’t been exposed to security or technology beforehand, they don’t actually realise they’ve got an aptitude for it,” she said.

Content from our partners
Scan and deliver
GenAI cybersecurity: "A super-human analyst, with a brain the size of a planet."
Cloud, AI, and cyber security – highlights from DTX Manchester

Providing a chance to requalify can encourage staff to stay in an organisation, argued Jules Gascoigne, CISO at Transport for London. He said it’s important to set up a continuous training and development programme so that a cyber talent pipeline can be established, as staff that have retrained are likely to get other opportunities elsewhere.

“The reality is, [cybersecurity] is a really hot industry,” he added.

Read more: The UK badly needs to fix its digital skills gap

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.