A guide to overcoming the skills crisis in the cyber security industry

With cyber attacks occurring almost every day, businesses are starting to wake up to the reality that the threats they pose should be one of their biggest concerns. While this is an issue, it means that cybersecurity professionals are very much in demand.

However, businesses are struggling to find the talent they need, with two of out of three revealing it’s an issue. And it could become a bigger problem: the Centre for Cyber Safety and Education estimates there will be a gap in the cyber security workforce of 1.8 million by 2022.

One reason for this is a lack of young people taking up science, technology, engineering and maths (STEM) skills and careers in the UK. It’s an issue that has resulted in 40% of UK employers struggling to recruit staff with the right STEM skills. And, when companies do find the right talent, they are struggling to hold on to it due to budgets, despite being on the increase, that are not high enough to offer the salaries that will attract and retain people.

>See also: The cyber security skills gap in the UK: a multifaceted problem

STEM subjects themselves are also still proving difficult for kids, with recent students not hitting the A* and A grades in engineering and science that employers are looking for.

In fact, these subjects saw the lowest pass rates overall and, despite a slight rise in 2017, the issue remains clear. With students struggling in STEM and a lack of people entering the cybersecurity industry, businesses need to address the skills gap, fast.

A new direction is needed

In order to solve this problem, businesses need to go in a new direction when hiring talent, particularly at entry level. The net needs to be cast wider to reach a wider spectrum of talent that previously may have been missed.

Businesses also need to analyse the skills these positions require. The cyber security industry requires people with strong mathematical skills to analyse defences, the lateral thinking skills for penetration testing and the mindset to evaluate risk.

>See also: Addressing the cyber security skills gap

It’s important businesses look beyond formal qualifications, though. There are more and more opportunities to learn skills such as ethical hacking, analytics and coding outside of education, and this should be factored in.

Change the recruitment process

If their current recruitment process isn’t yielding results, businesses need to change it or innovate. A great avenue to go down is gamification. GCHQ’s codebreaking masterclass helped to level the playing field by allowing candidates of all ages, ethnicities and genders to take part. There was no degree necessary and GCHQ could choose from a larger pool of talent. This broader talent pool also brings a greater diversity of skills, vital in helping businesses deal with the many threats they face on a daily basis.

Hire an apprentice

A good way to help encourage more young people into the industry is apprenticeships. They give people a chance to experience the industry, learn new skills and the qualifications the industry requires, all while earning.

>See also: Women necessary in closing cyber security skills gap

This can be done through online portals too, avoiding time wasted traveling to university or college. For businesses, gives access to talent that they might not have been able to find before, which can be used to protect themselves against threats at the same time.

The Government’s role

While businesses and the industry need to adapt and do their part, the UK Government is a big player in this, too. Fortunately, it knows this and is addressing this long-term problem with long-term thinking.

This was part of the thinking behind the launch of the National Cyber Security Strategy in 2016, which includes a plan to make sure there is a constant supply of home grown cyber security talent.

The Government also recently launched its £20 million Cyber Schools Programme, which provides up to 6,000 secondary school students with training through extra-curricular clubs, activities, as well as an online game.

>See also: Demand for cyber security skills increasing

There are a number of organisations involved in this, including FutureLearn and The Sans Institute, that will help support the training in the hope of teaching young people the skills they will need for the industry.

With a clear talent gap, business and the Government need to work together to unearth the skills required to keep the UK safely moving forward. To support the Government’s strategy, businesses need to innovate how they recruit, expand their outreach and change how they train young people. If both sides can ensure they are heading in the same direction and support each other, the UK will go a long way to greatly reduce the threat of a cybersecurity skills crisis.


Sourced by Jay Coley, Senior Director – Security Planning and Strategy, EMEA, Akamai Technologies


The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...