The ‘skills gap’ within information security is a subject that has been around for a long time, and has been picking up increased exposure again over the recent weeks after the Institute of Engineering and Technology (IET) named cybersecurity as a high growth industry, provided there are enough specialists to help make it happen.
Many have pointed the finger at people lacking a certain technical knowledge or qualifications as the reason we have such a gap, but I am inclined to add another point which should get more attention. I’m of the opinion (which I’m sure many share) that, to a certain level, technology and technical skills can be taught and honed over a period of time. What cannot be taught quite as easily are the softer skills that businesses of all sizes demand, such as communication and stakeholder management expertise.
Currently budget and spend is a huge limiter in our industry, so I believe that businesses should look both internally and externally at talented individuals that shine on the more commercial aspects to help train and develop them on the technology side of the role. This will ensure employees are commercially aware, able to communicate with peers of all levels in the immediate future, as well as progressing technically en route.
I also believe that certain types of behavioral characteristics will inevitably lead certain people into the security field, especially those that are inquisitive, as security is essentially a problem-led sector. Those that are interested in delving into problems or helping to find solutions from other areas of business should be actively targeted or at least considered for cybersecurity roles in which they can learn, as they possess some of the traits of a successful security professional.
In the long term, we also want to see more security professionals in the boardroom, to not only help protect companies but also drive the image and to entice more graduates and junior talent into our exciting field. The communication skills needed to enter the boardroom are obvious, and the more these skills are emphasized at an early stage in fledgling careers the more likely we are to see more experts progress.
So how does the ‘talent’ demonstrate these skills to even get the chance in the first place? Many interviews are now competency-led so it is important to know how you will best show your strengths. These questions are set out to test your ability to demonstrate certain traits or behaviors from your recent, relevant past as it will act as the best indicator to how you will perform in the future (obviously it’s not completely fool-proof).
Before entering an interview it is important that candidates for cybersecurity jobs know the main aspects of the role, and have a few pointers to help them through the process, such as how they have worked with internal business partners on security projects, or issues with overcoming a difficult client.
Firms will also be keen for their talent to be able to adapt to the ever-changing technology and security landscapes, and to demonstrate they will be able to go from BAU work to a high-scale breach at the drop of a hat. Adaptation and change management are now seen as critical skills in the security field because you are fighting a constant battle against not only external attacks, but internal awareness and basic knowledge of the field.
Fortunately there is now a full career path from entry level to senior executive, so for those that have a keen interest and the right skills there is a long-term route to take, and possessing strong communication skills and the ability to adapt will be crucial to protecting your company and your career in the future.
About the Author
Jason Waterman leads the information security practice at Badenoch & Clark as well as being an active board member for cybersecurity not-for-profit Give01Day. Jason specifically recruits for GRC professionals in the London area across the commerce and industry verticals