Who will protect the UK’s critical infrastructure? Finding the cyber security experts of the future
Blog from Mike Spain and Millie Coombes of Atkins as part of our #Cyber2021 week
Organisations are finding it’s difficult, and expensive, to attract and retain the right people and they’re under increasing pressure to develop their capability and expertise from a talent pool that’s being tapped by a growing sector.
Providing national resilience and protecting our critical national infrastructure (CNI) are the areas of most concern. It’s a problem described by the Joint Committee on National Security Strategy as a top-tier national security threat because we’re facing a growing number of cyber-attacks on industrial control systems and operational technology (OT). The adoption of new technology that links IT and OT, and the convergence of digital and physical (sometimes referred to as the Fourth Industrial Revolution) presents many benefits but also carries significant risks and exposes our networks, systems and devices to new threats.
The shortfall in the number of people with the skills we need to address these concerns is measured in unfilled cyber job positions, anecdotal surveys, and industry reporting. Is the figure we arrive at precise? Perhaps not. But a wide range of industry partners, including cyber and tech organisations, acknowledge there’s an issue – demand continues to exceed supply.
So why is the sector struggling to keep up? And could we solve the problem if we changed the way we attract and develop people with cyber skills?
It will always be easier and cheaper to follow a well-trodden path than explore the unfamiliar. But this approach is neither effective nor efficient. The status-quo revolves around repeating earlier approaches and an almost sole focus on recruitment through traditional channels. Current or potential cyber skills exist far more broadly than many recruitment strategies care to venture.
The ‘must-have’ skills highlighted in advertisements, are in many cases, an unnecessarily exhaustive and prescriptive list of role requirements, qualifications and experience, rather than a true representation of what is needed.
The UK Government is working with industry and academia to change this through groups such as the Cyber Growth Partnership, which provides strategic oversight to government with the aim of growing a vibrant cyber sector. Importantly, attempts are being made to look at new routes to attract talent including mid-career transition and the creation of a Cyber Council to help professionalise the sector.
Organisations must be more creative in their attempts to attract and develop talented people and explore non-linear channels. For example, there may be myriad opportunities for cross-skilling and upskilling existing employees.
In addition to cross skilling, there is a captive market which can be targeted through the existing and growing framework of apprenticeships. Suitable, not just for those at the start of their career, apprenticeships (including those at degree level and beyond) offer holistic upskilling across cyber and surrounding digital technologies. This delivers a unique development opportunity to consistently upskill in a technical and academic manner whilst consolidating this learning with experience in the workplace.
Diversity & Inclusion (D&I) will form an essential part of the future of the sector. But this should be led by cultural ethos, not corporate social responsibility objectives. There is clear business benefit: diverse teams are more productive, creative and effective, and offer different approaches and solutions. Groups such as NeuroCyberUK7 are playing an important role in evolving the sector through their work to achieve neurodiverse inclusion and there are positive steps being taken to encourage more women, mid-career transfers, ex-service personnel and other underrepresented groups into cyber.
Of course, it is difficult to discuss cyber security without considering the impact that the COVID-19 pandemic has had on the workforce and demand for skills. A drastic increase in remote working has led to an increased requirement for different approach to cyber security considering systems are no longer being accessed primarily from corporate offices. Alongside this comes a unique chance to utilise this new workplace dynamic to reach out to a previously untapped skills resource from those in geographically diverse areas, or those who require a more flexible working pattern.
If we remain on our current path, we won’t be able to fill the skills gap. Instead, we have an opportunity to re-evaluate our culture and ambitions and be clear on what defines cyber and the characteristics we need from people to benefit the sector. We must think differently to ensure we enrich the sector with the skills for the future and give people the chance to further, as well as establish, their career as part of a healthy and sustainable ecosystem.
Latest News from
ACT - Action Counters Terrorism: Awareness E-Learning course03/08/2021 16:25:00
The security experts at Counter Terrorism Policing have launched a new vigilance campaign to encourage everyone to help the police tackle terrorism and save lives by reporting any concerns.
Unique Cyber Security Centre shortlisted for national award03/08/2021 11:25:00
The National Management Centre (NMC), which is the only nationally co-ordinated capability to protect UK Policing against cyber-attacks, has been shortlisted for a national Cloud Excellence Award.
Project Gigabit summer update: significant progress made by industry02/08/2021 16:25:00
A summer update to Project Gigabit was announced today, with DCMS outlining future investment and rollout plans for 26 counties including Yorkshire, Staffordshire and Kent.
UK Space Command officially launched02/08/2021 11:25:00
Space Command will protect UK interests and capabilities in Space.
Bryden Wood: A data-powered collaboration to encourage the adoption of active travel - by making cycling even better30/07/2021 16:25:00
A cyclist swerves. Why? A city planner starts to plot a new cycle route. Where? The majority of cyclists choose to turn left rather than go straight on. What for? A local authority wants to encourage the adoption of active travel and get more people to ride bikes. How?
The future of ethical data sharing: the role of data intermediaries30/07/2021 11:25:00
New report from the Centre for Data Ethics and Innovation explores the role of data intermediaries in the future of data sharing.
Leading experts urge applying the power of quantum technology to sustainability in new documentary29/07/2021 16:25:00
Quantum Computing Can Serve as a Multifaceted Tool to Help Scientists and Engineers Take on the Challenge of Ensuring a Sustainable Future, Say Industry Figures.
Seven questions to ask when selecting directors for an early-stage growth company29/07/2021 11:25:00
Founder & Managing Partner at Better Boards, Dr Sabine Dembkowski, shares insights into setting up a board and selecting directors in an early-stage growth company.