Jeremy Swinfen Green, Head of training and consulting at Teiss, is angry at the way we are addressing the cyber security skills shortage in the UK.
A friend of mine – young, bright, digitally savvy – was lucky enough to get a place on one of the 10 week cyber security boot camps that the Government has set up to address the cyber security skills shortage in the UK.
By all accounts it was a great course: interesting, engaging, highly practical, and my friend completed it successfully. His background isn’t IT (it’s cyber security journalism as it happens) but he has some pretty strong online skills around website building that no doubt helped him with the technical parts of the course.
We have an enormous cyber skills shortage in the UK and my friend was pretty confident that he would be snapped up for a junior position soon after he graduated. After all he combines good communication skills, technical skills and now cyber security skills.
What’s not to like?
A lot apparently. It’s a couple of months since my friend graduated. He hasn’t got a job in cyber security. He hasn’t got anywhere close to getting a job in cyber security. In fact he is back being a journalist and building websites.
Because he doesn’t have any experience in cyber security.
Of course he doesn’t. He was offered a chance to retrain (the clue is in the word “retrain”) in cyber security on the basis that as a nation we have a critical skills shortage here.
A skills shortage that my friend, now trained in cyber security, experienced in writing about it, unafraid of technology, young and full of great ideas, could help to fill.
But he doesn’t have any experience.
And so of course he is of no use to anyone.
What a waste.
What a waste of my friend’s time. What a waste of tax payer money. And what a waste of the opportunity to make Great Britain a little more cyber secure.
Why is it that companies who know they need cyber security skills and struggle to find them, are only prepared to employ people with experience? If the rest of industry behaved like that, no one would ever get a job!
But of course the rest of industry is rather more sensible.
When you start out in a new career (and I have had several over the years – teaching, insurance, marketing, cyber security) you transfer the skills and knowledge you gained elsewhere to your new careers and, aided by your new colleagues, you quickly get to grips with the demands of your new area of work.
Not in cyber security though. If you don’t have any experience you are no good to anyone. (By the way, I do wonder whether the experience of many of the current set of cyber security professionals is up to much, given the number of successful cyber security attacks we see.)
What can we do about this? Is it the course that is wrong? I don’t think so: it is delivered by a highly reputable organisation. Is my friend too old? No, he is under 30 so I’d be surprised if age discrimination is playing a part. Is my friend being unrealistic and expecting to be cyber security director from day 1? No, he is looking for a junior role, a starter position.
But how can you start when you have no experience?
It seems to me that we need to grow up in this country. We need to accept that experience isn’t everything. That a lack of experience (and all the prejudices and preconceptions that come with it) has positive as well as negative elements. That taking someone without experience (but with knowledge and skills) means that you can train them in the way you want them to be.
Will this happen? Probably not. So UK plc will remain insecure. And my friend will remain unable to get a job he is eminently well qualified for.
Unless, that is, someone out there is willing to take a punt on a highly qualified cyber security professional who is just waiting to get started. Drop me a line and I’ll make an introduction. You won’t regret it.
Image under licence from thinkstockphotos.co.uk, copyright: Michele Piacquadio