How can the cyber security industry sustain growth and attract talent?
The cyber security industry has faced well-documented challenges in recruitment and employment, a problem that has only been exacerbated by continued discussion of the skills gap. But despite these issues, Louise Barker, head of talent at NCC Group, thinks it’s important to celebrate the successes that the industry has achieved in employment and understand what we can do to continue attracting talent to the sector.
The cyber security employment landscape
A report published by the government last year revealed that there are over 30,000 – and as many as 40,000 – staff employed in the UK’s cyber security sector, with over 800 firms providing cyber security products based in the country.
These numbers are encouraging, but even more impressive is the fact that the number of active firms has grown by more than 50% over the last five years, with over a hundred new businesses entering the sector within the last two years. This surge in new entrants to the market can help to make the industry more attractive for prospective employees, particularly as there are no signs that this growth will decelerate in the near future.
These employment figures aren’t just constrained to the capital, either, with the report also revealing that the North West is responsible for 29% of cyber security employment in the UK, with 22% in the South East. This is promising for businesses that are concerned about prospective employees and opportunities being poached by London-based organisations.
Sustaining this growth is going to necessitate careful strategies from businesses within the sector to ensure that talent is being channelled into it and that every possible step to narrowing the skills gap is taken.
What is the government doing to help?
Previously, the cyber security market’s relative infancy may have hindered recruitment of talent into the industry, with no widely accepted definition of a cyber security professional and no gold standard qualification to work towards.
However, the government is addressing this by making up to £2.5m of funds available to establish a new Cyber Security Council in the UK, which is due to start work in April this year. Combined with the ongoing work of the Cyber Security Body of Knowledge (CyBOK), these initiatives will help to establish professional standards further, deliver certifications and provide access to defined career pathways,
Such initiatives should be welcomed, but cyber businesses also have a responsibility to attract and capture talent by informing potential security professionals about the variety of roles available, and the diverse career pathways they can take to achieve success in the industry.
How can cyber security businesses play their part?
The skills gap can’t be forgotten, and Cybersecurity Ventures has predicted that there will be 3.5 million unfilled cyber security job openings by 2021, meaning that the industry needs to tap into new and existing talent pools now.
Many businesses within the industry already understand the importance of graduate schemes and internships in attracting talented young people, and a lot of work is being done to ensure that they understand the value of studying computer sciences and related disciplines.
What isn’t stressed quite so much is the value of the skilled workers from other sectors, who might not think that a career in cyber security is attainable for them and that many can utilise the transferable skillsthey already have to make an impact in the industry.
The perception outside of the sector is that many of the roles are too technical, with many unsure how their skills can be put to use. But by advertising in the correct channels, and showcasing the talent already working within the industry, we can help to change this perception. This will subsequently help to attract technical writers, sales, risk managers, recruiters and more – again helping to change this perception even further.
Additionally, developers, network engineers and Active Directory specialists can all apply their expertise into more technical roles in the industry in an assessing and testing capacity. With a supportive and scalable framework in place, there is no reason that individuals from a diverse range of backgrounds can’t achieve a solid career in cyber security.
This is also true for internal talent, and we have seen success in this area first hand: after developing a deeper interest in developing his technical skills, one of our technical recruiters recently qualified as a Security Consultant.
The recently published UK Government Cyber Security Skills Strategy also acknowledges the importance of attracting individuals from other areas, and has moved from discussing the concept of cyber security skills to the concept of cyber security capabilities to reflect that what is required is “the right blend and level of skills in a truly secure digital economy”.
In practice, this means that cyber security should both be embedded across the workforce and become a facet of a wider range of roles like basic financial or commercial literacy, but also that greater efforts are required to unlock untapped talent in less technical areas of cyber security.
Again, the Government has also pledged to support this path by demystifying cyber security careers, with plans to introduce Cyber Security Skills Ambassadors to promote cyber careers for a wide range of individuals. Other recommendations suggest increasing the provision of non-technical modules in higher and further education cyber security courses and increasing the involvement of the industry in the development of such courses.
Demand for talent – both technical and otherwise – within the cyber security industry is only set to increase in the coming years, and businesses need to lay the foundations to facilitate this growth as soon as possible to ensure that the skills gap doesn’t come to widen any further. By thinking laterally and helping to change perceptions about the industry at large, we can continue to ensure that talented individuals can make the leap to a new career, bolstering employment for a thriving industry in the process.
Industry: Cyber Security News
- Outside IR35 Contract- SC / DV - Cloud / VMware Solution Architect
- Outside IR35
Solution Architect Contract - with active Security Clearance needed for Outside IR35 Contract London. SC / DV (must be willing to undergo DV) 6 month rolling Immediate Experience delivering technical Security Architecture design / assurance of security design. Specific experience with Cloud and VMWARE technologies Cross domain experience desirable HLD / LLD Current SC Clearance a must. London 3 days a week Immediately interviewing.
- Contract Night Shift Senior SOC Analyst | Microsoft Defender | Outside IR35
- United Kingdom
- Outside IR35
Contract Night Shift Senior SOC Analyst | Microsoft Defender / Sentinel | Outside IR35 Looking for an experienced SOC analyst to cover a night shift SOC operation. Level 2 technical Analyst. You must have current hands on technical experience with Microsoft defender / Sentinel within a customer facing SOC environment. This is a UK based position.
- DV Cleared CyberArk Consultant- Contract
- City of London
- Upto £700 per day
CyberArk Consultant is needed to be responsible for leading the deployment of CyberArk solutions for this Secure government site You will work with customer, helping to create CyberArk Strategic Roadmaps, on-boarding accounts, product and process integration into the CyberArk Solution and Proviso of Installation and technical Documentation. We are looking for this individual to have experience in: In CyberArk deployment, and ideally leady the deployment both strategically and also technically for this project we need the consultant to hold current DV cleared status For the right individual this could be a long term project.
- CyberSecurity Portfolio manager
- upto €60,000 plus benefits
A cybersecurity rockstar with a strategic mind and a passion for building winning solutions, is required to craft a cutting-edge security portfolio for an expanding IT Services business , with the aim to develop solution & services that will protect their customers business. this role will involve, develop & implement security strategies, manage the portfolio, drive sales, and collaborate with teams across the globe. we are looking for someone with experience in managing and building a cybersecurity portfolio of service a knack for building relationships & leading diverse teams Strategic vision & the ability to translate it into action strong communication & collaboration skills