There is growing acceptance that a concerted effort is needed to overcome the skills gap in the information security industry – and graduate schemes are the answer.

The profession must invest in the next generation to deal with an ever-increasing number of cyber security challenges, comments Ionut Ionescu, head of threat management, group security, at Betfair (pictured). Offering graduate schemes is one way to alleviate the skills shortage, but not enough organisations are doing so.

“One of the reasons for this is enterprises' obsession with wanting the ‘fully finished article' right from the start,” explains Ionescu. “This fixation with requiring their information security staff to have the perfect skills is counterproductive. The threat landscape is diverse and evolving, and so to must be the skills and the approach to security. Further, cost and time investment is often cited as a reason for not offering graduate schemes. This is, at best, a myopic view. The profession is maturing, and while senior or seasoned security specialists understand the business aspects well, new entrants are bound to have a more native appreciation of emerging technologies. The industry must actively harness this aptitude in order to seed the skills pool for the future.”

Ionescu adds: “Graduate schemes should be devised in a manner that stretches newcomers' abilities to the full without dampening their enthusiasm. Frequently, graduates have the technical or the numerical and data analysis skills, but tend to lack the ability to correlate the business and technology aspects of security risk to build a larger picture of the threat landscape. Hence they must work in collaboration with their more experienced peers. Unfortunately, this is sometimes seen as a ‘tax' on team resources by managers.”

On the other hand, Ionescu advises young people entering the industry to not be daunted and to maintain a positive attitude to learning. “Because some graduates have not been extensively exposed to the real world of business, ‘they don't know what they don't know',” he says. “A genuine willingness to further train and learn is a key attribute that can open doors for them. This will encourage line managers to identify gaps in their knowledge, devise training/shadowing programmes and assign tasks that play to their knowledge and strengths.”

He concludes: “The threat landscape and technology are changing so rapidly that the tools used today may not be relevant five years from now. Continuously developing fresh talent is imperative to the future health of the industry. As a profession, we must make the investment.”