Lack of skills is the number one issue in the cybersecurity industry, according to Andrew Elliot, deputy director, cyber security innovation and skills at the Department for Digital, Culture, Media and Sport (DCMS), speaking during the Secure Connected Intelligence Summit 2022 at Queen’s University Belfast, Northern Ireland, UK.
Elliot provided an update on several initiatives the UK government is taking to boost the talent pipeline.
He believes that the most significant program is the establishment of the UK Cyber Security Council, which began operating as an independent body last year. Elliot said the Council will provide a much-needed “definition” for the sector, as currently, “businesses often don’t know who to hire, they don’t know what skills they require in their organization.” In addition, “individuals themselves often really struggle to navigate this profession.” He added that you often need to know people in the sector to help you through the door.
The UK Cyber Security Council seeks to address these issues by providing a clearer definition of security roles and the skills needed for those positions. Therefore, it will map out 16 specialisms in cybersecurity with standards – all the way from entry through to chartered status. This allows prospective candidates “to identify what courses, qualifications and experiences you need to put yourself on that pathway.” Elliot argued this transparency could also help tackle the sector’s diversity problem.
The Council has pledged to map out the first four specialisms by the end of this year, with all 16 due for completion by the end of 2024.
However, creating these definitions and pathways only solves half of the problem, according to Elliot. “We still need to make sure that we’ve got the right interventions in the education system to bring people through,” he noted. To this end, the government is working on transforming the way computing is taught in schools across the UK, moving from cybersecurity just being extracurricular activities.
While there are many volunteer initiatives from within the cybersecurity sector in schools, “often these interventions only meet enthusiastic students who are already potentially on the pathway.” To help make cybersecurity more embedded in the school curriculum, Elliot cited initiatives like the Cyber Explorers program, which now has 1500 teachers involved in it.
Further education pathways are another important area of focus. Elliot said an increasing number of cyber bootcamps are being offered by the government and industry. It is essential these bootcamps are putting students on the right pathway, “not just giving them a few weeks of taster course but actually developing them through and putting them on the pathway to becoming a cyber professional.”
Elliot concluded his talk by highlighting that tackling the skills shortfall is a key component of the government’s national cyber strategy. This is a “whole of society effort” requiring everyone’s input, ultimately to “create a more resilient nation.”