News & Views
Apprenticeships are key to IT
Apprenticeships are the solution to attracting more young people into cybersecurity, according to 42.5% of respondents to a new Twitter poll run by Infosecurity Europe (www.infosecurityeurope.com), Europe’s number one information security event.
The poll set out to explore current issues around the skills shortage within the sector, particularly within the context of the pandemic. Responses also highlight the importance of proper support for remote workers – with more than a third (37.2%) believing that sustaining motivation and wellbeing is the greatest skills-related challenge faced by cybersecurity professionals right now.
Maxine Holt, Senior Research Director at Omdia (https://omdia.tech.informa.com) has a first-hand understanding of the benefits apprenticeships bring, by combining knowledge with experience. “After doing my BTEC in computer studies I got an apprenticeship, learning on the job while studying part-time for my degree,” she explains. “I also got to work in other parts of the business, which really helped me understand how they interacted with IT.”
“We can definitely do more to open up apprenticeships or internships that encourage people to see if information security is for them,” suggests Steve Wright, CISO of Privacy Culture and Former Interim DPO Bank of England (www.bankofengland.co.uk), “but as a permanent measure we’ve got to look at what's going to attract people at the right age. I think more could be done to make it part of the school curriculum.”
Amar Singh, CEO/CISO of Cyber Management Alliance (www.cm-alliance.com), agrees that the younger engagement starts, the better. “It helps to build national capability,” he says. “It’s a pipeline – you can't simply pick someone up and say ‘You’re now infosec’! That individual has to be trained and inspired from a young age. If they’re not, by the time they're 16 or 18 this becomes more difficult because they’re already established on another path.”
Behind apprenticeships in the poll was the need for a formal career path (27.1%), more role models/mentors (17.1%) and greater diversity (13.4%). Troy Hunt, Microsoft Regional Director and Founder of Have I Been Pwned (www.microsoft.com), indicates the need for greater inclusiveness: “Technology in general is very male-dominated, and there’s a lot of women in particular feel excluded by that. There's also much more introverted behaviour, and – in my experience at least – obnoxious behaviour! We need to create an environment that people of all backgrounds want to be in; that removes any barriers making them reticent about being part of the industry.”
Keeping motivated and in good mental health during the pandemic could be particularly tough for new joiners. “We have people who’ve never physically stepped foot in their office, or met their colleagues,” says Paul McKay, Senior Analyst - Security and Risk, Forrester Research (https://go.forrester.com). “It’s also challenging for junior professionals not having support structures in terms of the mentorship and oversight of more senior folks, or being with peers of their own age who are all going through the same journey.”
According to (ISC)2’s 2020 Cybersecurity Workforce Study, the information security sector continues to suffer from a shortage of skilled professionals, with more than three million unfilled roles worldwide. Despite this, 35.9% of the respondents to Infosecurity Europe’s poll say their organization currently has a hiring freeze on cybersecurity roles.
For those organizations not subject to a hiring freeze, recruiting internally was the top strategy (21.6%), followed by hiring from non-cyber roles (18%), both of which emphasise the importance of looking beyond the ‘obvious’ candidates and casting the net wider.
“We’ve kind of created the cyber skills crisis ourselves, by not hiring people because they haven't got a degree for example,” says Mark Nicholls, CISO of Chime Group (www.chimegroup.com). “There are so many good people out there, and we need to be more open. There are advantages to having diverse teams that represent the business you're trying to protect, and having non-security folks bringing different ideas to the table.”
Heidi Shey, Principal Analyst serving Security and Risk Professionals with Forrester Research, agrees: “We need to really expand our view, looking at non-traditional backgrounds for different types of roles. What is it you really need in terms of the skills? And what are the things you could train someone up to do? You're looking for that one candidate who has everything already, and that can really narrow down the field and make it more difficult to recruit.”
“What is clear is that no single action has yet proved effective at bridging the cybersecurity skills gap,” says Nicole Mills, Exhibition Director at Infosecurity Group. “ What’s needed is a holistic approach that integrates early engagement and education opportunities, designed to attract and retain the next-generation infosec workforce, with strategies that enable great candidates to transition from other types of role.
“It is more important than ever that our industry must resist the temptation to press ‘pause’ on recruitment, as many organizations have done in the face of budget cuts and uncertainty – if we do, there’s the risk that the skills gap becomes a chasm,” says Mills.
The conference programme for this year’s Infosecurity Europe event (scheduled to be held 8-10 June 2021 at Olympia, Hammersmith, London) will feature a number of sessions dedicated to building cybersecurity skills and careers.
In addition, Infosecurity Magazine’s EMEA Spring Online summit (https://www.infosecurity-magazine.com/online-summits/spring-2021-emea-edition) on 23 March 2021 will cover relevant topics including diversity, mental health for remote workers and next-gen infosec.