More CISOs looking to recruit cyber-security trainers than leaders, analysts, engineers or testers

I have often said our IT skills crises is not of skills, but of employers who train and have been looking at why that is. Evidence is emerging that the shortage of trainers is a prime cause. The headlines from the Harvey Nash/PGI 2016 Cybersecurity are not unexpected: “Half of all boards lack real understanding of cyberthreat” [one might same the same of supposed cyber-security “professional” with their obsessions over technology rather than strategy]. I was not therefore surprised to see that half of all respondents (CISOs) were looking for security architects. I was, however surprised to see that more (42&) are looking for those to run in-house training and awareness programmes than for leaders (39%) or analysts (34%).

Barely 21% were looking for pen testers but 78% had outsourced this, so that finding should not be surprising . Nut only 13% had outsourced training (lower than for anything other than incident management or security strategy). Given than outsourcing decisions were claimed to be based on getting guaranteed access to subject matter expertise or lack of in-house skills, this implies a serious lack of awareness of the shortage of those competent to organise security training and awareness programmes.

It was also interesting to note how few respondents (large or small) have invested in cyber insurance cover and half have no plans to do so in 2016. Mid-sized companies (large enough to be worth attacking but too small to have serious in-house security teams) were the most likely (29%) to have taken out policies. I plan to address this topic when I speak to a joint meeting of BCS Elite and the IoD next week. 

Next Thursday (4th February) will see the next meeting of the Digital Policy Alliance 21st Century Skills Group (click here for the papers to be discussed) and I do recommend that those who are serious about addressing the consequent problems consider joining. While there are some policy issues that need to be addressed, such as the gap between Skills Funding agency approved content and employer needs (on which I will blog separately), the core objective is to bring employers,  trainers and recruitment and employment agencies together in local partnerships to deliver “blended learning” – making best use of those who do possess the necessary organisation and delivery skills. These include, of course, Harvey Nash‘s co-sponsor PGI, but also many under-used teachers and lecturers in FE and HE institutions whose time would be better spent helping industry experts develop and deliver packaged materials and supervise structured work experience – whether as part of tailored in-house apprenticeships or CPD or via virtual colleges.

I am particularly looking to engage  those recruitment and employment agencies who see helping their clients organise in-house skills programmes as a more constructive and profitable business opportunity than helping them compete (all too often in vain) for those with the skills they most need.