The feedback to my blog last week , on the review of the new cyberskills frameworks, revealed some interesting divisions of opinion with regard to training programmes in general. One of the most interesting was that between those with existing in-house programmes for mainstream skills and those without: with the former looking at how to extend these to include security skills (see section 4. in my previous blog) and the latter recounting problems with unmotivated trainees.
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
What comes through is the importance of learning from the experience of those who have been successful in using well-planned internship programmes, “try before you buy”, to reduce the risk- as well as from those whose attempts were less successful.
I am an enthusiast for such programmes. I used work experience trainees to turn round the NCC Microsystems Centre: the flagship awareness programme of the early 1980s. It had been created in the middle of a growing skills crisis with no attention to a sustainable business model. It was haemorrhaging staff because it paid according to national wage scales in the middle of London. The trainees enabled us to turn crass awareness programmes into cash flows that, in turn, enabled us to hire them. But I was only to do so with the committed support of the remaining consultants and operations staff – who enjoyed both the feel good factor of teaching and the ability to bring fresh minds to bear on the problems that were emerging in the “real” world before the academics had theorised them out of context.
The e-Skills cyber security internship program builds on the experience gained during last year’s IAAC pilot , involving 100 applicants, 50 Universities and 50 companies. If you are serious about growing your own skills base before you are overwhelmed by the growing tsunami of threats then you should get in touch before the programme is over-subscribed and while the boundaries are still flexible.
But you should also take a look at the past experience with cyber security internship programmes on which it builds.
The conclusions drawn by Mike St John Green in his report on the IAAC pilot are tentative – but it is only 22 pages and I recommend reding them all. You will find also other patterns that tally with the experience of other industries over many decades.
My own experience with studies into IT skills shortages and solutions dates back to the aftermath of decimalisation. My MSc project at the London Business School (MSc06 1971 – 3) was on the link between failed computer systems and the lack of skills to understand the business requirement and what was practical with the resources available: time and people being more important than budget and technology available. For that project I looked not only at the studies that led to the original formation of the National Computing Centres but had free run of the files of the British Institute of Management to do an analysis of the success and failure of training courses and programmes over the 1960s and 70s.
There are a few key messages for employers planning to use internship programmes to take the risk out of recruiting trainees:
1) The staff, who are to work alongside interns and work experience trainees, must not only be supportive but have clear “rules of engagement”, including how to provide confidential positive (as well as negative) feedback to both those supervising the training programme and their own line management.
When I had responsibility for the NCC Microsystems Centre in the early 1980s, (using work experience trainees to run the reception desk and demonstration facilities, act as helpers on hands-on training courses and provide practical help to SMEs), the attitudes of my line staff were central to giving the trainees the early responsibility that enabled them to blossom. [alumni of the centre can comment, including on the “in-house pun” that I only spotted after drafting, direct to me via Facebook].
I knew I would get rapid feedback on how they were performing – and things never got as far as me having to give a formal warming, as opposed to public praise for the job subsequently well done. One individual, who subsequently ran major programmes in the Middle East, never knew how close he came to “the bums rush” – or perhaps he did and my staff did not tell me. Also we gave everyone basic sales training, beginning with group viewings of the early John Cleese videos. This did wonders for attitude issues.
2) Internships are more likely to be successful when you are recruiting from an organisation (school, college, university, welfare to work programme etc.) with whom you have a relationship and who will try to match the student with the placement.
We took our work placement students from a provider on the equivalent of today’s “welfare to work” programmes. Most came from the “Threshold” programme (two placements as part of a double sandwich course). Apart from a couple who dropped out inside the first week, all repaid the time we spent on them and had got permanent jobs, half of them with us, before the end of the course. Given that we were in the centre of London paying Manchester salaries, I could not have run the operation without them.
3) Within four weeks you should know whether an internship will work (on both sides). Your staff will have worked out not only how to handle any attitude issues (those running the scheme should have given you advance warning and said why they thought the individual worth the effort) but how to turn these to advantage. However it will take at least 6 – 12 weeks before you begin to cover the effort put in by you and your staff.
In the Microsystems Centre the first placement (of the double sandwich we commonly used) was genuinely pro-bono. We used the interview and first couple of days to make it easy for those who did not like what they saw to drop out before we wasted our time and theirs. As Mike St John Green mentions in this report, some of the best do not inteview well so we relied more on the references from the placement agency and their behaviour in the period we had them immediately before and after the “formal” interview. We th en hoped to motivate them for the second half of their course, to keep in touch and to get them back for their second placement. It usually worked and they were earning their keep within a couple of weeks of starting the second placement.
4) If you pay peanuts, you get monkeys. Unless the interns are on a course that pays their expenses you should pay minimum wage (or London living wage) and provide assistance with accommodation if they do not live within easy travel distance. As soon as you have decided you want to keep them you should consider putting them onto a formal apprenticeship agreement.
We were not permitted to pay our work experience trainees (they were on a government funded programme which included a modest payment) but when we assigned them to work for SMEs (who paid us only for the supervising consultant) we made clear that we expected the client to “show their appreciation” for a job well done: (£hundreds of pounds of credit at a book, record or wine shop was not unusual in return for installing a micro-computer based stock control, ordering and invoicing package, including file loading and staff training).
I retained the trainees who was able to subsequently hire, despite being unable to pay them more than provincial wages, by giving them accelerated responsibility. But the financial pressures on youngsters today are such that I doubt I could justify the cost of external training without a contractual agreement akin to that which I agreed with ICL when they sponsored me on the London Business School Masters Programme (1971 – 3). That contract was very similar to that in Strathclyde v. Neal, the test case that is the basis for most current contracts.
5) There is no well-structured market for internships. Most current programmes are built around a summer “season” – befiore and after the exam results, competing for school-leavers who failed to get the University place and graduates not already picked up via the mainstream HR milk round. To get the pick of the crop you need to plan ahead, getting HR to include Information Security in the packages they promote to their chosen schools and Universities and/or to join in one of the tailored programmes, like those run by e-Skills.
You should, however, also look at alternative sources, including those who made poor choices and dropped out or graduated from the wrong course or University or who graduated during the recession and are coming off stop-gap post graduate courses or are seeking better than is being offered by their welfare to work programme.
One of the best of the alternative sources is women returners, taking a particular look for those seeking to return to work after caring for elderly relatives if you want them to be available to work unsocial hours. This market is weven less well sructured. It is worth beginning by looking at those who have left your own organisation, including user managers and supervisors. You should also look at co-operation with others so as to get economies of scale in promoting the opportunities you collectively offers.
6) Many current government supported skills programmes, particularly those for cyber security are built round those who qualify for public sector security clearance. If your aim is to acquire staff to handle global security in a post Snowden you want those who will be equally trusted by clients in Brazil, India, China and Russia and have the necessary languages. That gives you far more flexibility because UK citizenship is not a pre-requisite.
There is therefore a strong incentive to participate in the main cyber security programmes with a view to trawling those who will never qualify for “eyes only” security clearance.
7) I could go on but instead I would urge you to contact those running the e-Skills internship programmes and also consider using linked programmes like the Cyber Security Challenge, the Computer Clubs for Girls and Cyber Champions if you wish to trawl for a wider choice.
For those who would like to get their HR team in on the ground floor of a more ambitious operation, and ensure that it also covers cyber security and not just digital skills, then I also suggest you get them to take a look at the plans for the “Good Careers Guide”