Last week in parliament, MPs and peers accused the government of lacking urgency in its work to tackle the shortage of skilled cyber security workers. And, separately, accountancy giant Deloitte has expanded a scheme to encourage more women to enter the sector.
Parliament’s Joint Committee on the National Security Strategy said ministers had “no real sense of the scale of the problem” and lacked ideas on how it could be addressed.
Gender and cyber security
The committee’s report concluded that the shortage of specialist skills and “deep technical expertise” was one of the “greatest challenges faced by the UK’s critical national infrastructure operators and regulators in relation to cyber security.”
But committee chair Dame Margaret Beckett went further, telling parliament that not only was there a shortfall in the availability of people with cyber security skills but there was also a “worrying lack of focus” being displayed by the government in dealing with the situation.
“We’re not just talking about the acute scarcity of technical experts that was reported to us; but also the much larger number of posts which require moderately specialist skills,” she said.
“We found little to reassure us that government has fully grasped the problem and is planning appropriately. We acknowledge that the cyber security profession is relatively new and still evolving and that the pace of change in technology may well outstrip the development of academic qualifications.
“However, we are calling on government to work closely with industry and education to consider short-term demand as well as long-term planning.”
The committee said last year’s WannaCry attack, which severely hindered NHS administration despite not being targeted at the health organisation, had shown the need for increased vigilance and was prime evidence of the risks that critical national infrastructure was exposed to.
Read the committee’s report on cyber security
Deloitte’s cyber security gender balance scheme
Meanwhile, accountancy giant Deloitte has expanded its initiative to increase the number of women working in cyber security, as recent figures revealed that 89% of the global workforce in the sector was male.
Deloitte’s Women in Cyber scheme is part of an attempt close the gender gap across the cyber security and wider tech sector and increase the number of skilled professionals working in the field.
The project began in 2015 in the UK and has now expanded into Europe, the Middle East and Africa. It seeks to increase awareness around the gender gap in cyber security, and develop a community which encourages women to pursue a career in the field.
The programme seeks to include clients, experts, and colleagues from across Deloitte, who it is hoped will work together to develop ideas for how to reach gender parity in the sector.
Klaus Julisch, lead cyber partner and sponsor of the Women in Cyber programme in Switzerland, said: “We aim to narrow the gender gap by spreading awareness of the diverse career opportunities available to women in cyber security, by addressing gender biases, and by initiating a dialogue that helps women navigate the profession and its opportunities.”
The UK’s information security industry has among the highest gender gaps and widest gender pay gaps in the UK. Last year, Computer Weekly reported that the head of GCHQ has called for more women to enter the sector. “If we are not tapping into women, we are depriving ourselves of a massive talent pool,” he told an industry conference.
Read about women working in cyber at the Women’s Security Society website.
Encouraging and enabling people to retrain or improve their skills to secure jobs in cyber security will be one of the keys to successfully filling this growing skills gap. In a similar initiative to Deloitte’s Women in Cyber initiative, our social enterprise, SaluteMyJob, in partnership with IBM and the Corsham Institute, trains ex-military people on IBM’s security products to help fill the posts that Margaret Beckett refers to as requiring ‘moderately specialist skills’.
A 100% pass rate achieved by veterans on these courses proves that is feasible to help non-technical people, in this case with security knowledge and experience, into employment in key roles in Security Operations Centres, risk and crisis management and consultancy, in this case at no cost to the individual. However in order to scale up the model, we need to encourage employers to take more risk in their hiring decisions (especially in relation to technical experience) and offer more training and work placement opportunities for those seeking to transition from military employment and other fields into cyber security.