How can the cyber security industry sustain growth and attract talent?
The cyber security industry has faced well-documented challenges in recruitment and employment, a problem that has only been exacerbated by continued discussion of the skills gap. But despite these issues, Louise Barker, head of talent at NCC Group, thinks it’s important to celebrate the successes that the industry has achieved in employment and understand what we can do to continue attracting talent to the sector.
The cyber security employment landscape
A report published by the government last year revealed that there are over 30,000 – and as many as 40,000 – staff employed in the UK’s cyber security sector, with over 800 firms providing cyber security products based in the country.
These numbers are encouraging, but even more impressive is the fact that the number of active firms has grown by more than 50% over the last five years, with over a hundred new businesses entering the sector within the last two years. This surge in new entrants to the market can help to make the industry more attractive for prospective employees, particularly as there are no signs that this growth will decelerate in the near future.
These employment figures aren’t just constrained to the capital, either, with the report also revealing that the North West is responsible for 29% of cyber security employment in the UK, with 22% in the South East. This is promising for businesses that are concerned about prospective employees and opportunities being poached by London-based organisations.
Sustaining this growth is going to necessitate careful strategies from businesses within the sector to ensure that talent is being channelled into it and that every possible step to narrowing the skills gap is taken.
What is the government doing to help?
Previously, the cyber security market’s relative infancy may have hindered recruitment of talent into the industry, with no widely accepted definition of a cyber security professional and no gold standard qualification to work towards.
However, the government is addressing this by making up to £2.5m of funds available to establish a new Cyber Security Council in the UK, which is due to start work in April this year. Combined with the ongoing work of the Cyber Security Body of Knowledge (CyBOK), these initiatives will help to establish professional standards further, deliver certifications and provide access to defined career pathways,
Such initiatives should be welcomed, but cyber businesses also have a responsibility to attract and capture talent by informing potential security professionals about the variety of roles available, and the diverse career pathways they can take to achieve success in the industry.
How can cyber security businesses play their part?
The skills gap can’t be forgotten, and Cybersecurity Ventures has predicted that there will be 3.5 million unfilled cyber security job openings by 2021, meaning that the industry needs to tap into new and existing talent pools now.
Many businesses within the industry already understand the importance of graduate schemes and internships in attracting talented young people, and a lot of work is being done to ensure that they understand the value of studying computer sciences and related disciplines.
What isn’t stressed quite so much is the value of the skilled workers from other sectors, who might not think that a career in cyber security is attainable for them and that many can utilise the transferable skillsthey already have to make an impact in the industry.
The perception outside of the sector is that many of the roles are too technical, with many unsure how their skills can be put to use. But by advertising in the correct channels, and showcasing the talent already working within the industry, we can help to change this perception. This will subsequently help to attract technical writers, sales, risk managers, recruiters and more – again helping to change this perception even further.
Additionally, developers, network engineers and Active Directory specialists can all apply their expertise into more technical roles in the industry in an assessing and testing capacity. With a supportive and scalable framework in place, there is no reason that individuals from a diverse range of backgrounds can’t achieve a solid career in cyber security.
This is also true for internal talent, and we have seen success in this area first hand: after developing a deeper interest in developing his technical skills, one of our technical recruiters recently qualified as a Security Consultant.
The recently published UK Government Cyber Security Skills Strategy also acknowledges the importance of attracting individuals from other areas, and has moved from discussing the concept of cyber security skills to the concept of cyber security capabilities to reflect that what is required is “the right blend and level of skills in a truly secure digital economy”.
In practice, this means that cyber security should both be embedded across the workforce and become a facet of a wider range of roles like basic financial or commercial literacy, but also that greater efforts are required to unlock untapped talent in less technical areas of cyber security.
Again, the Government has also pledged to support this path by demystifying cyber security careers, with plans to introduce Cyber Security Skills Ambassadors to promote cyber careers for a wide range of individuals. Other recommendations suggest increasing the provision of non-technical modules in higher and further education cyber security courses and increasing the involvement of the industry in the development of such courses.
Demand for talent – both technical and otherwise – within the cyber security industry is only set to increase in the coming years, and businesses need to lay the foundations to facilitate this growth as soon as possible to ensure that the skills gap doesn’t come to widen any further. By thinking laterally and helping to change perceptions about the industry at large, we can continue to ensure that talented individuals can make the leap to a new career, bolstering employment for a thriving industry in the process.
Industry: Cyber Security News
- DevSecOpp- Security design / review consultant. SC Clearance. London
CH7838 London £70,000 DevSecOpp- Security design / review consultant. DevSecOpp- Security design / review consultant will ensure that newly created, public facing apps are secure by design and by default by aligning them to current / best practice security policies and standards into the design phases. The individual must have a technical software / application development background with specalist experinece in secure architecture design. (Frameworks, processes, best practice etc) Practical experience translating and ensuring that the OWASP top 10, ISO27001, HMG frameworks requirements are reviewed and embedded into project designs which are implemented is essential. Experience working projects through a full development lifecycle is key. You will work along side the design and project teams to idenitfy and mitigate risks throughout the design phases. This is a permanent role. SC clearance is essential as is the ability to get to the London office. (When appropiate #covid) Security DevSecOps consultant. To arrange a discreet call book via https://calendly.com/chris-holt/devsecopp--security-design-review-consultant
- SPLUNK SOC Analyst level 3, London.
SPLUNK SOC Analyst level 3, Must be able to commute to the City of London. Onsite role. Security clearance needed. The SPLUNK SOC Analyst level 3 must have current experience working within a SOC environment with specific experience using a range of tools and techniques to investigate security incidents. Current experience with Splunk is essential. any additional experience Individuals with Elastic Security SIEM are highly desirable. Any of the following certifications are desirable Splunk Phantom certified admin, Splunk Core Certified Power User / Advanced, Splunk Certified Enterprise Security Admin, etc The role will include, but not be limited to working with sophisticated information security tools, investigating security incidents, incident management, technical escalation, process improvement, research into the latest threats, reporting etc The individual MUST currently be living in the UK and be able to achieve UK security clearance. (SC) This is a permanent role To arrange a call with Chris Holt https://calendly.com/chris-holt/arranged-call-with-chris-holt-elastic-siem-engineer-soc Chris.Holt@dclsearch.com
- ISO 27001 & Business Continuity Security Specialist, End User
- United Kingdom
CH7828 ISO 27001 & Business Continuity Security Specialist, End User, £70,000 United Kingdom ISO 27001 & Business Continuity Security Specialist needed to join a Cyber team within an end user. The ISO 27001 & Business Continuity Security Specialist will have end to end responsibility for the information security and Business Continuity management system. ISMS/BCMS. Both from an information security and technical security perspective working alongside the CISO. Experience must include, but not be limited to; a mix of Information Security standards, frameworks, audit principles, controls / policies and the management and use of the technical tooling to achieve compliance. ISO 22301, ISO 27001, NIST Cybersecurity Framework etc An ideal candidate will be working within an end user environment with a cyber consultancy background. Experience taking a company through accreditation is highly desirable Experience managing internal stakeholders, technical teams and external third parties essential Flexible working, very occasional travel to London office This is an exclusive role to DCL Search & Selection. Looking to interview immediately. https://calendly.com/chris-holt/iso-27001-business-continuity-security-specialis
- PCI- DSS Security Consultant, End User
PCI- DSS Security Consultant needed to join a Cyber team within an end user. The PCI- DSS Security Consultant will have end to end responsibility for PCI - DSS and its continuing certification. Both from an information security and technical security perspective working alongside the CISO. Experience must include, but not be limited to; a mix of Information Security standards, frameworks, audit principles, controls / policies and the management and use of the technical tooling to achieve compliance. PCI objectives / 12 key requirements, OWASP top 10, ISO 27001, NIST Cybersecurity Framework etc An ideal candidate will be working within an end user environment with a cyber consultancy background. PCI Cloud compliance, specifically someone with experience taking PCI-DSS from on premise into the cloud is HIGHLY desired. However, someone with Solid PCI experience with a strong technical background which include Cyber / Secure by design etc would be considered. Experience managing internal stakeholders and external third parties essential. Flexible working, but with the ability to get into London. This is an exclusive role to DCL Search & Selection. 1st stage interviews to happen the week of the 14th September Arrange a call with Chris on https://calendly.com/chris-holt/arrange-a-call-chris-dcl-pci-compliance