Students offer hope for narrowing of skills gap in cyber-security
Students offer hope for narrowing of skills gap in cyber-security

It could be a reflection of austerity and the need for financial stability trumping self-expression – or perhaps greater awareness of the opportunities resulting from STEM (science, technology, engineering and maths) as a result of government initiatives, but the end result is today's A level results report Maths as the most popular A level with maths and further maths having nearly 25 percent more entries than in 2010.

Minister of State for School Standards, Nick Gibb commented that the increased uptake of STEM subjects, “bodes well for the economic prosperity of our country. It will help to grow our workforce in these sectors, allowing young people to secure well-paid jobs and compete in the global jobs market of post Brexit Britain.”

Gibb adds, “...it is particularly pleasing to see that more young women are taking STEM subjects and that for the first time since 2004 there are more young women than young men studying chemistry.”  Although Zahra Bahrololoumi, managing director for Accenture Technology in the UK & Ireland, points out that,  “… 90 percent of A-level Computer Science students and 79 percent of physics students are boys chimes with Accenture's research, which found that girls' engagement with STEM subjects wanes as they reach the age when they begin to consider their subject choices and future careers. Almost a third of young people we spoke to think that more boys choose STEM subjects than girls because they match ‘male' careers or jobs."

Nonetheless, cyber-security certainly has its attractions: Mark Heholt, head of apprenticeships at The Tech Partnership says: “The number of cyber-security jobs in the UK is increasing at nearly 20 percent a year and the average salary of a cyber-professional is just over £57,000, so there couldn't be a better time to enter this exciting career."

Bharat Mistry, principal security strategist at Trend Micro commented “While today's results are a promising trend, the UK still needs to do more to close the skills gap. Globally, there's expected to be a shortage of two million cyber-security professionals by 2019 and it's becoming apparent that there are just not enough people entering our industry with the skills to become effective cyber-security experts. This isn't just a concern for our industry, it should be one for all public and private organisations and businesses across the country.

"Armed with STEM A-Levels, students are well equipped to solve fast evolving security threats as they arise. Being an effective cyber-security specialist is not just about technical skills, but being able to solve problems in a dynamic environment. It's also important for students looking to enter the cyber-security arena to be business savvy and have the skills to communicate risks at a board, and C-suite, level.  This way, education plays a central role in how tomorrow's cyber-security industry will continue to grow and develop.”

But its not just the technologists that should consider a career in cyber-security emphasises Greg Day, VP and regional chief security officer EMEA, Palo Alto Networks. He emailed SC to say, “Cyber-security is one of the most dynamic industries out there, and the range of job roles and career opportunities within the field is truly fantastic. The industry needs to think outside the box when it comes to finding talent, which means not looking at just those with traditional computer science degrees to be leading the industry in the coming decades.

“When you look at the skills shortage within the industry, coupled with the way in which cyber-security threats continue to evolve, bringing the right people into this field is more important than ever. Popular culture, like the TV show Mr Robot, might be inspiring young people to think of a career in cyber-security as exciting and enthralling, but many may feel a non-techie A-Level or degree choice means a career in helping to protect and secure data, which is vital to our society and economy, could be closed to them.

“But, that's absolutely not the case, and I would urge all students to keep an open mind to opportunities in our fast-paced and growing industry, because we need people with more than just very specific technology skills. The economy faces a cyber-security skills shortage, at a time when cyber-security is increasingly relevant to every aspect of a business.

“The future cyber-security leaders could be those who are about to embark on degrees ranging from philosophy to chemistry. Degrees which are about solving problems using creativity thinking, team management and communication reflect what cyber-security is all about. It's not just about training more people, but also training people to approach problems differently and use creativity and logic to prioritise prevention of attacks rather than reactive damage limitation. Graduates with the ability to think differently will be more efficient in the industry, and that's how we will be able to plug the skills gap.

“While it's always encouraging to see more people apply for traditional routes into our industry, it's never too late for those with potential to develop the skills they need to move over. Cyber-security is more than just a job. It's an exciting, rewarding and varied career with many options to get into it.”

Mistry agrees, adding, “Training and awareness initiatives are important across the sector, not only to help foster security specialists, but also generalists that can help the business evolve with the threat landscape. Security budgets have been growing faster than general IT budgets, so it's a good place to start. This comes as developments in data analytics, machine learning and cloud computing fuel the development of highly capable security software, to help bridge this gap temporarily. However, human insight is still vital to understand these threats and think like hackers.”

Kaspersky Lab noted how the growing trend away from traditional qualifications should be no different in IT and cyber-security, noting how Kaspersky Lab research revealed that while one in four (27 percent) have considered a career in cyber-security, with many (47 percent) regarding it as a good use of their talent, many others admit an inclination to engage in more questionable activity. Only half (50 percent) of under-25s would actually join the fight against cyber-crime; a significant number would use their skills for fun (17 percent), secretive activities (16 percent), and financial gain (11 percent) instead.”

The statement continues: “The technology industry and education institutions need to do more to encourage young people into this profession. One of the big reasons this gap exists is that security businesses have recruited people with traditional technology credentials.”

And Kaspersky also calls for a holistic approach, saying, “Cyber-security truly concerns everyone; every aspect of personal and professional life is at risk, and as such more young people have an interest in computers generally and possess the right transferrable skills. IT businesses should consider applicants whose non-traditional backgrounds mean they could bring new ideas to the position and the challenge of improving cyber-security. While there are relevant certifications, there is also a big opportunity for anyone with critical thinking abilities and an interest in code.”

Also looking at alternatives to traditional routes, Ian Glover, the president of CREST urges students to also look at Cyber Security Higher Apprenticeships rather than compromising their aspirations if their grades were below expectations.

In an email to SC he notes, “We have a severe shortage of people working in cyber security, despite it offering an extremely exciting, challenging and financially rewarding career. Initiatives like the Government's Apprenticeships schemes open up a future in cyber security to a far wider and more diverse group of young people, combining real-world paid work experience with structured training to attract fresh talent.”

He notes that there is also a drive to encourage more diversity by addressing the gender balance and helping people with neuro-diversity to secure employment and harness their skills in cyber security.

The new Cyber Apprenticeships give opportunities for trainees to earn while they learn, to become highly skilled professionals without incurring a student debt.

Initiatives: http://www.crest-approved.org/wp-content/uploads/DigitalDefenders.pdf

Cyber Security Technologist: https://www.gov.uk/government/publications/apprenticeship-standard-cyber-security-technologist-approved-for-delivery

Cyber Intrusion Analyst: https://www.gov.uk/government/publications/apprenticeship-standard-cyber-intrusion-analyst

Another option at degree level (Level 6) is expected to be ready for delivery early in 2018:  https://www.gov.uk/government/publications/apprenticeship-standard-cyber-security-technical-professional

To apply for an Apprenticeship: https://www.gov.uk/apply-apprenticeship

Another report also showed promising interest in the industry, viewing the glass half full rather than half empty, with research by training platform, Course Library pointing out that nearly half [43 percent] of UK workers in its survey would consider changing their profession to work in cyber security and 50 percent of respondents would be interested in learning more about the industry.

In an email to SC, Jazz Gandhum, founder of Course Library, said that, “... the research confirms a real demand for workers to learn about cyber security risks, whether in a professional capacity for career development or to form a basic understanding for self-protection. Ultimately, education is key here and will help to ensure businesses across the UK have the right skills in-house to combat this growing threat.”

Just nine percent of respondents believe UK businesses do enough to combat cyber threats, where lack of understanding [46 percent] and education [24 percent] are primarily to blame. Almost half [49 percent] of respondents cited that there should be more education on the subject, while one quarter [23 percent] believe that there should be more opportunities to train up online.

Lee Biggins, Co-Founder of Course Library added:  “... a lack of skilled talent within this industry could present more problems for already vulnerable companies. That said, it's positive to see that workers are open to pursuing a career within this field and it's important that the government and organisations offer opportunities for people to learn more about this field and gain the core skills necessary.”

As if to emphasise the need for today's students and tomorrow's workforce to be cyber-savvy, it is reported that cyber-criminals have been sending out 'A-Level results' phishing emails to spread malware. 

Kyle Wilhoit, senior cyber-security threat researcher at DomainTools commented: “These kinds of phishing attacks, whereby cybercriminals will prey on people's desperation or will use large events as a cover for their attacks are becoming ever-more prevalent. In this instance, students waiting to receive their A-Level results should take extra care when clicking on links, and should cross reference any old email correspondence with a higher education institution they may have to make sure that the email that they received is from a legitimate source.”