As an industry, cybersecurity is particularly prone to skills shortages thanks to the rapid pace at which the technology evolves. As new technology is developed and introduced to the workplace, cybersecurity teams the world over must adapt and assess the potential threats of each new device and piece of software.
With new technologies emerging every day, the skills gap currently being experienced in the UK is unlikely to shrink any time soon without major efforts by employers, professionals and education providers. There is a vast range of issues causing these shortages but tackling some of the most prevalent will start to heal the gaps and keep both the industry and its workers competitive in years to come.
Current skills gap & predictions
Globally, there were 3 million unfilled cybersecurity vacancies at the end of 2018 and many predict that there will be as many as 3.5m unfilled in the UK alone by 2022. The government has produced the Initial National Cyber Security Skills Strategy with the intention of tackling the issue, but it’s going to take a concerted effort from everyone involved to bring those numbers down and ensure that computer systems in industries across the board are secure.
Currently, businesses fight for the best candidates and there are some that claim cybersecurity has a 0% unemployment rate due to the high demand for staff. However, the need for staff with specialist skills means that, though cybersecurity has a dramatically low unemployment rate, businesses are still lacking in comprehensive cybersecurity cover.
In-demand skills and new technology
An example of this issue is the need for specialists in new technologies. The proliferation of the Internet of Things and cloud computing in industries from agriculture to education means that countless new forms of cybercrime are appearing all the time. Without the right experience or training in these fields, most cybersecurity staff don’t have the confidence or expertise to tackle the issues, leaving many organisation’s defences wide open.
Education vs industry
While it’s not the responsibility of education providers to only teach students with the objective of getting them a job, having an up-to-date understanding of the industry is vital in the study of cybersecurity. There are currently only 4 cyber security-specific bachelor’s degrees approved by the National Cyber Security Centre.
Growing the number of graduates with a stronger understanding of cybersecurity best practices will mean employers can focus immediately on training new staff in specialist technologies rather than the introductory strategies.
In the UK, an average of 53% of businesses said they weren’t confident carrying out penetration testing, the highest of any technical speciality. Though this has been identified as the most vital skill for businesses right now, only one course listed on the UCAS website makes any reference to penetration testing. To begin closing the skills gap, there needs to be co-operation between education and industry to meet the needs of the economy.
Additionally, employers struggling to fill more advanced roles need to nurture their own staff and support them through professional development in order to progress their teams. With so many businesses struggling to find specialists, up-skilling a team to cover all necessary areas of weakness will be an essential way of tackling shortages for more sophisticated skills.
Professional qualifications are also a useful way to develop staff members’ soft skills and prepare them for career progression. As higher education delves further into cybersecurity practices, existing security professionals should be preparing to take higher-level roles to ensure balance in the industry. Higher education won’t be able to solve the skills gap alone and constantly promoting personal development will be vital for the future of the industry.
Diversity in the industry
17% of the UK tech force and only 16% of cybersecurity students in the year 2016/17 were women. Studies have also found that women are paid 25% less than their male counterparts in cybersecurity. If the industry is to adapt for the future and ensure as many candidates as possible are filling the ever-growing vacancies, organisations will need to diversify their talent pool.
By encouraging people of all backgrounds to study cybersecurity and ensuring that businesses have strong levels of representation, the industry will be open to the people with the best skills available. Many industries, such as engineering, have found that, simply by promoting the inclusion of women, skills shortages are going down and there is a wider range of qualified candidates for specialist roles.