Apprenticeships are the solution to skills shortages in the cybersecurity sector, a leading event for information and security professionals has said.
InfoSecurity Europe – which hosts an annual three-day conference in London for industry professionals – conducted a social media survey of nearly 3,000 people ahead of its next event in June. According to event organisers, 43% of respondents favoured apprenticeships as the solution to cybersecurity’s “broken skills pipeline”.
The conference, which will welcome representatives from the Department for Digital, Culture, Media and Sport (DCMS), will investigate solutions to the national skills shortage, with a survey suggesting many UK-based firms have enacted recruitment freezes due to the coronavirus pandemic. Survey results suggest more than a third (36%) of respondents said their organisation has a hiring freeze on cybersecurity roles.
Cybersecurity professionals also cited formalised career paths (27%), more role models and mentors (17%) and greater workforce diversity (13%) as other solutions to the lack of young, skilled cybersecurity professionals.
“We can definitely do more to open up apprenticeships or internships that encourage people to see if information security is for them, but as a permanent measure we’ve got to look at what’s going to attract people at the right age” – Steve Wright, Bank of England
Infosecurity Group’s exhibition director, Nicole Mills, said the survey suggested the cybersecurity sector could become more accessible for talented young people from non-traditional academic routes. More than a fifth of respondents (22%) said their firm prioritised internal recruitment to fill job roles, followed by recruitment from non-cyber professions (18%), over expanding apprenticeships.
Commenting on the findings, Mark Nicholls, CISO of Chime Group, said cybersecurity companies had “created the cyber skills crisis ourselves, by not hiring people because they haven’t got a degree, for example.”
“There are so many good people out there, and we need to be more open. There are advantages to having diverse teams that represent the business you’re trying to protect, and having non-security folks bringing different ideas to the table,” he added.
Heidi Shey, Forrester Research principal analyst, said companies should consider a broader range of candidates. “We need to really expand our view, looking at non-traditional backgrounds for different types of roles. What is it you really need in terms of the skills? And what are the things you could train someone up to do? You’re looking for that one candidate who has everything already, and that can really narrow down the field and make it more difficult to recruit.”
Steve Wright, CISO of privacy culture and former interim DPO Bank of England, said: “We can definitely do more to open up apprenticeships or internships that encourage people to see if information security is for them, but as a permanent measure we’ve got to look at what’s going to attract people at the right age. I think more could be done to make it part of the school curriculum.”
Troy Hunt, Microsoft regional director and founder of Have I Been Pwned, said diversity was an issue for cybersecurity professionals to address. “Technology, in general, is very male-dominated and there’s a lot of women, in particular, feel excluded by that. There’s also much more introverted behaviour, and – in my experience at least – obnoxious behaviour! We need to create an environment that people of all backgrounds want to be in; that removes any barriers making them reticent about being part of the industry.”