One third of cyber security roles in the UK are proving difficult to fill due to a skills gap, useless vendor-accredited qualifications, and high salary demands that are “exacerbated” by wage disparity between London and the rest of the UK.
This is according to research from the department for Digital, Culture, Media & Sport that found roughly 653,000 business in the UK have a basic cyber skills gap, while 408,000 businesses are experiencing issues filling advanced roles.
A key issue creating these gaps is the variations in quality of accredited training.
As one business cited in the report noted: “We have a lot of people who have qualifications but have no clue what they are talking about.”
The fast-changing nature of cybersecurity means that academic institutions need to move and change at pace to keep relevant.
To addresses DCMS suggests that these institutions establish longer work placements that are integrated into technical courses; this would give in-training cyber staff real-world experience, in-line with the skills that businesses demand.
One large business stated that: “If the government could promote or endorse training, with a grading structure or criteria that people have to meet, that would be very good. If they could create a structure where private companies deliver the same quality of training, that would be really good.”
DCMS Cyber Report Shows Gender and Diversity Disparity
The cyber security sector in the UK is still struggling with problems of gender and diversity as only 15 percent of the workforce is female.
The study found that very few firms have made changes in order to foster better retention and recruitment of female staff.
While the respondents to the study within the cyber security industry noted that diversity and in particular female diversity is sought after, many stressed that they can only pick employees from the CVs that are presented to them.
Some were sceptical of the problem and indicated that they thought the issue was been over-emphasised.
One interviewee stated that cyber teams need to be diverse in order to match the diverse nature of those carrying out cyber attacks. They noted that an ethnically diverse workforce would better understand and mitigate attacks as they bring different cultural views to the situation.
One cyber firm responded that: “Gender is the one we struggle with and we would like to get more females in, but they just don’t seem to be there, and I just haven’t had the time to look at specifically targeting them. I wouldn’t know where to start.”
High level of Requirements
The report found that the most common roles in demand are security engineers and analysts, as well as security architects and managers. The sectors with the most demand for trained cyber specialists are financial and insurance.
The skills gap is compounded by the increasingly technical nature of cyber security as one business noted that: “Looking back 10 years, an organisation might have 5 or 6 security products that they needed to run within the business. Now you’re into 20, 30 or even 50 different tools.”
In its concluding remarks the government’s report highlights the level of skill demand and pressure put on staff by organisations as they hunt for employees: “This includes not only technical skills but also soft skills, such as communication skills, consultancy skills, people management and the ability to train others.
“It is this combination that organisations find especially challenging to recruit. There is also a difference between having technical knowledge, and the ability to implement that technical knowledge in a business context. Organisations want people who can not only describe a cyber security audit, for example, but understand the practical challenges they will face when carrying out an audit in a business environment”.
How has your business found recruiting/training cyber security professionals? Are there any accreditations that you have found to be particularly weak? How have you tackled the problem? Get in touch with our editor on ed dot targett at cbronline dot com