Addressing the cyber-skills gap requires a variety of career pathways and greater collaboration between governments, academia and industry, according to experts speaking during a webinar entitled Closing The Cyber Skills Gap: Can We Make a Difference? This session involved security vendor Palo Alto Networks and academics, government members and security experts from Scotland, and took place during CyberScotland week.
First and foremost, a strong cybersecurity awareness and culture throughout society needs to be built. This includes making cybersecurity exciting and interesting to children even at primary school age, teaching them basic behaviors to stay safe using digital technology, and later on, engraining it into non-technical subjects at college. Anna Chung, threat intelligence analyst, Palo Alto Networks, who came into cybersecurity from a non-technical background herself, explained: “The best way is to teach the younger generations how to protect themselves, because cybersecurity is not just a profession or a career, it is a basic fundamental element of our current digital way of life.”
Callum Campbell, lecturer, Organization Glasgow Clyde College, said: “We have to start influencing children into the ideas and concepts of security,” adding that “it’s something that society as a whole has to make a paradigm shift on.”
Teaching children the importance of problem solving is particularly critical for developing the soft skills that are needed to pursue a later career in the area of cybersecurity, according to the speakers.
Denise Doyle, lecturer, City of Glasgow College, observed that one positive of the current COVID-19 crisis is that is has forced people to be more self-reliant. She noted that often “the basic problem solving skills are missing” among students, and actually “one good thing about COVID-19 and lockdown is they get forced to do more problem solving” in regard to independent research.
The panel went on to discuss the available higher educational route into a cybersecurity career, and agreed it is important to emphasize that there are multiple pathways available. In particular, Campbell outlined that for this type of industry, universities don’t always necessarily provide the hands-on practical experience that employers are looking for, and college courses such as HNDs can be better at offering this to students. “I think the practical application is paramount,” he stated.
To make the picture clearer for students and parents, Daniel Sellers, cyber-resilience learning and skills coordinator, Scottish Government, said that “we need to present very clear evidence of successful career outcomes for individuals who have gone through diverse pathways.”
Supporting this assessment, Laura McEwan, cyber-skills project manager, Skills Development Scotland, revealed that her organization had found that 70% of the industry are not overly concerned with the qualifications job applicants have. Instead, “what really matters is that the candidates can demonstrate good competencies and that they have the passion and dedication to do the role.”
It should also be remembered that cybersecurity is a rapidly-moving sector, and continuous learning is needed for people to keep up with developments. McEwan commented: “Many of these people will come in with a degree or HND but will still need to learn on the job as there will be software that organizations use that haven’t been presented to them while they were doing formal qualifications.”
In a relatively young industry, where the educational pathways are still in their early stages, it is therefore vital that government, academia and industry work more closely together to ensure courses are providing real-world knowledge for students. Sellers expressed a wish to see “academia and industry working together to ensure that the curricula are right, and are feeding specialists into the jobs market.”
Chair of the discussion, Greg Day, chief security officer EMEA, Palo Alto Networks, added that this kind of collaboration is something his company is keen on developing, for example, by sharing training content. He explained: “We develop training for two purposes; for our own employees and for all our customers, but we readily share both of those training curricula with academic institutions.”