Fixing the security skills gap is 'in every organisation's best interest'

News by Dan Raywood

The skills gap will not be solved in the near future while security is not a national topic.

The skills gap will not be solved in the near future while security is not a national topic.

Asked if employees come in with the right information skills, Amar Singh, News International CISO and chair of the London Chapter security group of ISACA, told SC Magazine that there is a gap that needs to be filled.

Recently, a number of computer science students at the University of Surrey claimed that there was more value in real world experience than qualifications. Singh said that there was a general IT gap, as his children can only use Microsoft Word and no one was talking about programming now.

“I cannot find a solution for this and I want to see 11-14-year-olds learn about information security, I am not sure where the barriers are,” he said.

“I want to use the ISACA initiative to try and bring information security and technology to as many people as possible. It is in every organisation's best interest.”

However he said that people are so fixated on being technical that they lose sight of social and business skills, especially in being able to talk to management – so there was a need for ‘hybrid' people.

Research released last week by the National IT Skills Academy found that only seven per cent of information security professionals are aged between 20 and 29, and there was a need to attract more young talent into the industry by creating additional entry routes such as apprenticeships and signposting to relevant training more clearly.

Its research, carried out by e-skills UK in partnership with Alderbridge Consulting, showed a need for better entry routes into security-specific careers, with nearly a third of professionals progressing to their current positions from general IT or non-IT roles.

Asked if he felt that skills as a CISO were interchangeable, Singh said that while he was not "married to one particular sector", he could apply them other businesses and a security professional should be able to do that.

He said that employees should have a "bit of understanding of how the business works" and all skills can be applied across any sector, but it was not dependant on technology.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews