Apprenticeships are the answer to cybersecurity’s talent pipeline problem, say respondents to Infosecurity Europe’s latest poll
January 2021 by Infosecurity Europe
Apprenticeships are the solution to attracting more young people into cybersecurity, according to 42.5% of respondents to a new Twitter poll run by Infosecurity Europe, Europe’s number one information security event. The poll set out to explore current issues around the skills shortage within the sector, particularly within the context of the pandemic. Responses also highlight the importance of proper support for remote workers – with more than a third (37.2%) believing that sustaining motivation and wellbeing is the greatest skills-related challenge faced by cybersecurity professionals right now.
The information security sector continues to suffer from a shortage of skilled professionals, with more than three million unfilled roles worldwide, according to (ISC)2’s 2020 Cybersecurity Workforce Study. Despite this, 35.9% of the respondents to Infosecurity Europe’s poll say their organisation currently has a hiring freeze on cybersecurity roles.
Attracting young people into the profession
Maxine Holt, Senior Research Director at Omdia, has a first-hand understanding of the benefits apprenticeships bring, by combining knowledge with experience. “After doing my BTEC in computer studies I got an apprenticeship, learning on the job while studying part-time for my degree,” she explains. “I also got to work in other parts of the business, which really helped me understand how they interacted with IT.”
“We can definitely do more to open up apprenticeships or internships that encourage people to see if information security is for them,” suggests Steve Wright, CISO of Privacy Culture and Former Interim DPO Bank of England, “but as a permanent measure we’ve got to look at what’s going to attract people at the right age. I think more could be done to make it part of the school curriculum.”
Amar Singh, CEO/CISO of Cyber Management Alliance, agrees that the younger engagement starts, the better. “It helps to build national capability,” he says. “It’s a pipeline – you can’t simply pick someone up and say ‘You’re now infosec’! That individual has to be trained and inspired from a young age. If they’re not, by the time they’re 16 or 18 this becomes more difficult because they’re already established on another path.”
Behind apprenticeships in the poll was the need for a formal career path (27.1%), more role models/mentors (17.1%) and greater diversity (13.4%). Troy Hunt, Microsoft Regional Director and Founder of Have I Been Pwned, indicates the need for greater inclusiveness: “Technology in general is very male-dominated, and there’s a lot of women in particular feel excluded by that. There’s also much more introverted behaviour, and – in my experience at least – obnoxious behaviour! We need to create an environment that people of all backgrounds want to be in; that removes any barriers making them reticent about being part of the industry.”
The main skills-related challenges for remote workers
Keeping motivated and in good mental health during the pandemic could be particularly tough for new joiners. “We have people who’ve never physically stepped foot in their office, or met their colleagues,” says Paul McKay, Senior Analyst - Security and Risk, Forrester Research. “It’s also challenging for junior professionals not having support structures in terms of the mentorship and oversight of more senior folks, or being with peers of their own age who are all going through the same journey.”
Effective team-working skills was cited as a major challenge for remote workers by 26% of poll respondents. Steve Wright agrees: “To not engage in a social way is possibly one of the worst things that could happen to our species, because we’re designed to be with people and bounce off each other. We need to think about how we can better support each other and collaborate now we don’t have that camaraderie in the office, to help make sure people still feel associated and included, and that they know you still care about them.”
What sums up your current recruitment strategy for new cybersecurity skills? For those organisations not subject to a hiring freeze, recruiting internally was the top strategy (21.6%), followed by hiring from non-cyber roles (18%), both of which emphasise the importance of looking beyond the ‘obvious’ candidates and casting the net wider. “We’ve kind of created the cyber skills crisis ourselves, by not hiring people because they haven’t got a degree for example,” says Mark Nicholls, CISO of Chime Group. “There are so many good people out there, and we need to be more open. There are advantages to having diverse teams that represent the business you’re trying to protect, and having non-security folks bringing different ideas to the table.”
Heidi Shey, Principal Analyst serving Security and Risk Professionals with Forrester Research, agrees: “We need to really expand our view, looking at non-traditional backgrounds for different types of roles. What is it you really need in terms of the skills? And what are the things you could train someone up to do? You’re looking for that one candidate who has everything already, and that can really narrow down the field and make it more difficult to recruit.”
Nicole Mills, Exhibition Director at Infosecurity Group, comments: “No single action has yet proved effective at bridging the cybersecurity skills gap. What’s needed is a holistic approach that integrates early engagement and education opportunities, designed to attract and retain the next-generation infosec workforce, with strategies that enable great candidates to transition from other types of role. Importantly, our industry must resist the temptation to press ‘pause’ on recruitment, as many organisations have done in the face of budget cuts and uncertainty – if we do, there’s the risk that the skills gap becomes a chasm.”
The conference programme for this year’s Infosecurity Europe event (Olympia, Hammersmith, London, 8-10 June 2021) will feature a number of sessions dedicated to building cybersecurity skills and careers, including, on Day 3 (10 June):
• Case Study: Building a Strong Team Culture to Improve Organisational Security & Help Overcome Skills Shortages. How team culture can help us build, develop, and retain talent. Includes Lightning Talks on Security Leadership in Times of Crisis; Mental Health and Resilience; Neurodiversity; Diversity and Inclusion
• FutureSec Panel: How to Build a Successful Career in Information Security. Our panel of experienced information security experts will help attendees understand how to go from complete novice, to getting their first job, to reaching the top of the industry.