Who will protect the UK’s critical infrastructure? Finding the cyber security experts of the future
Blog from Mike Spain and Millie Coombes of Atkins as part of our #Cyber2021 week
Organisations are finding it’s difficult, and expensive, to attract and retain the right people and they’re under increasing pressure to develop their capability and expertise from a talent pool that’s being tapped by a growing sector.
Providing national resilience and protecting our critical national infrastructure (CNI) are the areas of most concern. It’s a problem described by the Joint Committee on National Security Strategy as a top-tier national security threat because we’re facing a growing number of cyber-attacks on industrial control systems and operational technology (OT). The adoption of new technology that links IT and OT, and the convergence of digital and physical (sometimes referred to as the Fourth Industrial Revolution) presents many benefits but also carries significant risks and exposes our networks, systems and devices to new threats.
The shortfall in the number of people with the skills we need to address these concerns is measured in unfilled cyber job positions, anecdotal surveys, and industry reporting. Is the figure we arrive at precise? Perhaps not. But a wide range of industry partners, including cyber and tech organisations, acknowledge there’s an issue – demand continues to exceed supply.
So why is the sector struggling to keep up? And could we solve the problem if we changed the way we attract and develop people with cyber skills?
It will always be easier and cheaper to follow a well-trodden path than explore the unfamiliar. But this approach is neither effective nor efficient. The status-quo revolves around repeating earlier approaches and an almost sole focus on recruitment through traditional channels. Current or potential cyber skills exist far more broadly than many recruitment strategies care to venture.
The ‘must-have’ skills highlighted in advertisements, are in many cases, an unnecessarily exhaustive and prescriptive list of role requirements, qualifications and experience, rather than a true representation of what is needed.
The UK Government is working with industry and academia to change this through groups such as the Cyber Growth Partnership, which provides strategic oversight to government with the aim of growing a vibrant cyber sector. Importantly, attempts are being made to look at new routes to attract talent including mid-career transition and the creation of a Cyber Council to help professionalise the sector.
Organisations must be more creative in their attempts to attract and develop talented people and explore non-linear channels. For example, there may be myriad opportunities for cross-skilling and upskilling existing employees.
In addition to cross skilling, there is a captive market which can be targeted through the existing and growing framework of apprenticeships. Suitable, not just for those at the start of their career, apprenticeships (including those at degree level and beyond) offer holistic upskilling across cyber and surrounding digital technologies. This delivers a unique development opportunity to consistently upskill in a technical and academic manner whilst consolidating this learning with experience in the workplace.
Diversity & Inclusion (D&I) will form an essential part of the future of the sector. But this should be led by cultural ethos, not corporate social responsibility objectives. There is clear business benefit: diverse teams are more productive, creative and effective, and offer different approaches and solutions. Groups such as NeuroCyberUK7 are playing an important role in evolving the sector through their work to achieve neurodiverse inclusion and there are positive steps being taken to encourage more women, mid-career transfers, ex-service personnel and other underrepresented groups into cyber.
Of course, it is difficult to discuss cyber security without considering the impact that the COVID-19 pandemic has had on the workforce and demand for skills. A drastic increase in remote working has led to an increased requirement for different approach to cyber security considering systems are no longer being accessed primarily from corporate offices. Alongside this comes a unique chance to utilise this new workplace dynamic to reach out to a previously untapped skills resource from those in geographically diverse areas, or those who require a more flexible working pattern.
If we remain on our current path, we won’t be able to fill the skills gap. Instead, we have an opportunity to re-evaluate our culture and ambitions and be clear on what defines cyber and the characteristics we need from people to benefit the sector. We must think differently to ensure we enrich the sector with the skills for the future and give people the chance to further, as well as establish, their career as part of a healthy and sustainable ecosystem.
Latest News from
The AI adoption paradox: can cautious adoption reap maximal benefits?14/05/2021 16:25:00
Joanna Crown, Product Strategist at Mind Foundry, describes how human-AI collaboration is the transformation needed for organisational success with AI. #AIWeek2021.
Foreign Secretary Dominic Raab at CyberUK 202114/05/2021 11:25:00
techUK has summarised the key points from Rt Hon Dominic Raab's speech at CyberUK 2021.
Delivering AI to Support Parkinson’s UK During the Coronavirus Pandemic14/05/2021 08:05:00
Parkinson’s UK is Europe’s leading Parkinson’s support and research charity. The organisation raises around £35m p.a. to drive better care, treatments and quality of life for those with Parkinson’s, their friends, family and their carers.
How AI is cleaning up our Oceans13/05/2021 16:25:00
AI has been at the heart of change for many industries. Right now, it is the responsibility of every industry to become more sustainable and AI technologies can help to do this.
Home Secretary announces Computer Misuse Act Review13/05/2021 13:33:00
Review into 31 year old legislation to start this year.
AI as co-creator: building better software and better businesses13/05/2021 12:33:00
Learn how computer vision and wider access to cloud-based AI capabilities is driving adoption at the most innovative companies. Guest Blog: Jaspar Casey, Product Marketing Manager at Eggplant.
Ofcom’s strategic review of its approach to markets that deliver mobile services12/05/2021 15:25:00
The UK’s telecoms regulator Ofcom has published a Terms of Reference document, setting out how it will approach its strategic review of the UK’s mobile market.
Home Secretary announces Computer Misuse Act Review12/05/2021 14:25:00
Review into 31 year old legislation to start this year.
‘Cyber Security is a Team Sport’ - CYBERUK 2021 begins11/05/2021 16:25:00
This morning, the National Centre for Cyber Security’s CEO, Lindy Cameron, kicked off the first ever virtual CYBERUK event, which is currently streaming across the world, enabling the conference to reach more people than ever before.