We hear the words skills gap and skills shortage a lot within the cybersecurity industry. It is almost everyday that I get press releases lamenting the lack of skilled personnel and how much the industry is doing to lure recent graduates from all fields into the fold. Headlines scream about the zero percent unemployment in cybersecurity as well as the £39,000pa starting salaries, when average salaries in the UK are 21,000pa.
So why don’t we have more people coming into the fold?
Why is it that there is such a skills gap still? Why do we not have graduates beating a path to a career in cybersecurity?
Harvey Stocks has just participated in the European Cyber Security Challenge, his third competition this year. Currently studying Computer Science at The University of Edinburgh, he is particularly good at reverse malware engineering and binary exploitation. And yet, in his 4-year-long course at the University, it wasn’t until the 3rd year, that they started doing modules on security.
Just two of his 8 compulsory modules this year, are to do with cybersecurity and even in his words, they are the ‘absolute basics’.
READ MORE: Fixing the UK cyber skills gap
And according to Stocks, it is all down to awareness cybersecurity as a viable career option: “The lack of awareness is a big thing. If you told people there was a guaranteed job in cybersecurity, am sure more would be interested. People still think that hackers are criminals; there are 300 people in my year [at University] and just 5 of us are interested in security as a branch of computer science.
“We have a security society at University and most of us are in the 4th year and our group includes a biochemist. Back when I was about 13, I used to build computers as a hobby and it wasn’t until university that I thought a career in cybersecurity could be a good thing. It really captured my interest and I realised the different streams within it, I could be a pen tester or even an [ethical] hacker! Infosec is the front line, you get to go after the bad guys. Your job is to try and get to the malware- you cannot be more involved than that while also nd trying to stop it in its tracks.
Chatelle Lynch, SVP and chief human resources officer at McAfee tells me that they are trying to plug this gap in awareness, but a lot still needs to be done. “Our CEO is a big proponent of the diversity and skills gap messages that we need around cybersecurity. Diversity is a concern and when you have ajob opening and the 15 people applying for it are all male. In the US diversity is not just about gender but it is also to do with ethnic background. We understand that if we are not getting diverse talent into our organisation, we won’t be the company we want to be by 2020.
“We need to have a platform where we can talk about the skills gap more. We are partnering with universities, schools, colleges. We have programs in place where we are investing, getting into schools earlier. We are trying to teach people how to be cyber secure themselves. We are getting the message out that the exposure for younger children to STEM needs to start earlier.
While it may seem that the cybersecurity skills gap issue is spiralling out of control, Lynch thinks that the mindset seems to be changing: “I think that things have changed in the last 1-2 years and schools and universities are understanding now, more than ever, how important it is. Three years ago, that one module [that Harvey is studying now] wouldn’t have been there. Saying that, we always need more modules!
“There is a lot more appetite for cybersecurity even in the past year because of the exposure it has been getting in the press. We could all be doing more and need to get governments to understand by showing them data on why cybersecurity education is important.”
While efforts are being made to plug the gap, to us at TEISS, it looks more like a lobbying problem. Outdated education and also not enough of it are just some of the issues that need to be addressed by not just universities but starting at primary school level.
Stocks definitely thinks so when he laments the lack of cybersecurity education in schools. Even now, when he is off participating in security competitions, the most painful hurdle for him is that he needs to practice for these in his spare time. And even when he does, it is the lack of a mentor or someone he and his motley crew of cyber sleuths can turn to, that irks. It is no wonder then that he turns to competitions to meet likeminded people interested in cyber security.
‘The competitions are great because they step in for lack of education and provide the infrastructure to get involved in”, he says, “so many times, we have had a problem and it has been so hard to find someone who will help us out!
And while Stocks has had several job offers from participating in competitions, unless the Government gets proactive, the cybersecurity industry will keep getting bypassed when it comes to career decisions.