Upskilling, the forgotten solution to the cyber security gap

Theories and suggestions are constantly being thrown around the cyber security industry as to what should be done to rectify the cyber workforce disparity as organisations scavenge left, right and centre for info-security professionals to save them from a damaging cyber attack. Matters are made increasingly more difficult with 51% of organisations being less prepared for such an attack than 12 months ago.

What is the answer then? Could it be AI? Or is a change in the recruitment process needed? How about introducing cyber studies at a younger age through our education systems? These are just some of the valid answers to the million-dollar saving question. Yet, one solution that is sometimes forgotten is upskilling. The question is why?

The challenge for organisations

It can be tough to locate and hire staff with appropriate technical skills for many reasons. Primarily, the challenge comes from a disconnect between formal education (i.e. university) and the nature of the current environment.

>See also: The cyber security skills gap in the UK: a multifaceted problem

By the time a curriculum is established, the world changes. This leaves institutions with the only option to give a basic foundation to their students, and leave deeper skills development to the student.

Second, organisations who need more developed skills are all competing with one another in a labor market. Not only must they compete with one another, but organisations must compete with government agencies, consultancies and vendors all pursuing the skills for their own benefits. So, we have a demand spike and a supply shortage.

Last, skills development is generally assumed to be the responsibility of the individual rather than the organisation – and for good reason. If a company invested to build more skills into current staff, those people would have greater marketability in this high-demand environment. This is a dilemma; a prisoner’s dilemma.

Everyone is looking at the problem from the same vantage point. What is best for the individual organisation may have a negative outcome on the market as a whole. Of course, organisations want highly skilled, highly trained staff – they just want someone else to train them.

Training options

Several educational avenues are available for organisations – both on-campus and online. Online education modules such as are commonly used to enhance the skills in various disciplines.

Second, learning management systems have advanced in the past decade and many organisations are codifying their ways of doing things into a learning management console and guiding staff toward further development.

>See also: UK education system exacerbating cyber skills gap

Human behaviour is goal-directed. If organisations provide incentives for development and a pathway toward that development, individual staff will likely pursue the goal. Give incentives for the behaviour you want and remove any obstacles you can to achieve it – that’s the best way for leadership to get the outcomes they need.

Future digital skills to focus on

We live in world that is awash with data. Data science is the most likely skill set for organisations over the next 5-10 years. This will come in many forms. Data science skill will become a requirement rather than a bonus for software developers.

Security engineers with knowledge of how data can be manipulated to determine policies and security protocols will be in high demand. IoT specialists who can quickly integrate data to model the outcome of a new product or support an existing one will be recruited just as fervently as a world-class CEO.

Aside from data science, virtual reality will play a large role. Virtual reality and its principles can be applied to all manner of commercial benefits. Imagine a construction company who can do an inspection virtually with the owner and architect prior to the grand opening. Imagine a physician in a virtual operating room assisting another physician who is 4,500 miles away. Technical staff who can convert science fiction into science fact will be the rock stars of an emerging discipline.

>See also: Cybersecurity brain drain: the silent killer 

Last, security skills for the advances in computing options (e.g. quantum computing) and changing infrastructure (e.g. SDN, virtualisation, cloud), will become the norm. We simply do not know what security concerns we will face with all that is evolving. Those with the skills to secure this new world will be the heroes of many organisations.

Viability of upskilling

The difficulty with upskilling current staff is that companies risk sinking investment into a resource that will soon leave or be lured away to a more lucrative opportunity. So, organisations are hopeful that individual team members will cultivate their skills without having to make investments directly to their development.

Some organisations have practiced golden handcuff methods to secure a staff member. A law firm may pay tuition for a clerk to get a law degree with the stipulation that the clerk remains with the law firm for several years after graduation. This is a potential option to use to with technical staff to close the skills gap we see in digital and security disciplines.

However, information is highly portable. Organisations who train their own staff to improve their technical skills may find themselves losing newly minted minds to competitors or other market participants all clamouring for the same technical skill. This is a risk-return evaluation. Then when this is coupled with inherent status quo bias, you get organisations sitting idle while the skills gap continues to grow.

Upskilling is a viable option, but an option that has to be weighed against the potential loss of the best, most developed staff members.

>See also: Barclays delivers skills boost with Cyber Security Challenge UK

The greatest benefit of upskilling is that it can be calibrated to the most relevant skills an organisation needs or prefers. Along with that, there is a sense of gratitude or loyalty that generally comes over the trained individual as the company would be seen to be taking their career progression seriously and where they see themselves as a true asset to the organisation.

This could help overrule thoughts of taking those new skills to greener pastures; however, in a free society where individuals are competing with one another in a labor market, it is only natural to shop those skills for better individual opportunities.

It is a tricky balance, because an individual could end up being grateful for the skills their employer has helped develop, but still evaluate themselves as being more desirable in the broader market. Leading to the conclusion that they are more content, but less likely to stay. Would you take the gamble?


Sourced by Josh Mayfield, platform specialist, Immediate Insight at FireMon


The Women in IT Awards is the technology world’s most prominent and influential diversity program. On 22 March 2018, the event will come to the US for the first time, taking place in one of the world’s most prominent business cities: New York. Nominations are now open for the Women in IT USA Awards 2018. Click here to nominate

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...