There are no shortages of digital skills, only of employers who train their staff

This time last year the House of Lords Select Committee on Digital Skills had collected over a thousand pages of evidence. Over Christmas the members ploughed through the evidence and in February they published a report to which the new majority Government responded by moving “digital” skills from BIS to DCMS, alongside “digital” infrastructure and “information security”.  The House of Commons Science and Technology Committee has now announced an inquiry into the Digital Skills Gap to see whether the Government response to the House of Lord Enquiry is adequate.

The traditional career ladders/drainpipes have broken down.

The Commons committee has asked some interesting questions but the answers are not likely to help employers address the skills shortages they face. The shortages are not of “digital” skills but of the specific mixes of skills (not all of them digital) that meet their current (and evolving) needs. Underlying disciplines may change slowly but the content of the skills modules in current demand (see appendix below for some examples in one area) change faster than most academic or professional planning and budgeting processes can handle. More-over the mix of modules, some digital, some application specific, increasingly cross professional and academic boundaries:

What is the mix of skills needed to plan, specify and develop, or test the integrity, performance, resilience and security of, “smart” engine control systems (as supplied by Bosch to VW), “smart” medical devices like the pacemaker implanted in the Vice President of the United States, let alone the smartphones that most of now use to check our bank balances, the “smart” toys with which our children play and the “smart” marketing systems that track our transactions movements.

“Digital” should not be seen as a new opportunity ladder/drainpipe manufacturers

Information Security, Internet of Things and Big Data Analytics are among the “digital” skills in currently shortest supply, but within those broad definitions the skillsets sought by employers tend to be sector and application specific. Thus the Internet of Things can be broken into “smart weapons systems, smart medical and healthcare systems and equipment, smart transport (road, rail, marine etc.), smart buildings and cities, fintech, “smart” marketing and so on. Each needs to mix mix “digital” with more “traditional” disciplines. 90% of the roles do not require degrees, let alone PhD’s in computer science or electrical or mechanical engineering. They require “technician” level skills. But these have to be picked and mixed across a variety of trades and disciplines.

The value of graduates is that they have learned how to learn (hopefully) and can therefore pick up new subjects more quickly – but they nearly always need 18 months to two years of training and supervised work experience to fulfill their potential. Those who offer such training have, until recently, tended to compete in a narrow pool (Oxbridge and/or Russell Group) for the very best (Firsts and 2:1’s plus demonstrable leadership and organisation qualities) and then complain about lack of choice, diversity or imagination. Hence the reason that many leading edge employers are now going direct to schools careers advisers to get access to top talent three to five years earlier. The reactions they get are varied, with leading schools welcoming the choice it provides to their brightest and best and lesser schools still fearing their parents will regard apprenticeships (even those which include global study programmes and modular degrees and/or post graduate qualifications) as second best.    

It can be quicker and cheaper to train than compete for skillsets in short supply 

The reality is that most of the skills in shortest supply can now be given to existing staff or raw talent in the eight to ten weeks it used to take to turn a cross section of society into squaddies capable of servicing the boredom and bullshit of National Service)  or to turn the 10% of Virgin Soldiers with military aptitude into competent Commandos . The “secret”, known to most large organisations with well established in-house apprenticeship and graduate training operations, is to mix blended and experiential earning. A recent example regarding one of the skills sets in shortest supply is the SANS Academy Boot Camp – for which most of the most of whose participants in the Cybersecurity Challenge linked pilot (from teenagers to over 50s)  came in the top 10% for the three GIAC security qualifications offered – thus fast tracking them for jobs with US Defence Contractors and Banks. They had been selected on aptitude. They acquired the attitude during the eight weeks of intensive group exercises and mentoring.  Over half are now working with the employers who supported the exercise.

But we lack the local support services for employers who wish to do so

This example also , however, illustrates why the the majority of UK employers still prefer to recruit rather than train – even when the latter is demonstrably quicker and cheaper for the skills in shortest supply. They are too small and/or lack the in-house skills, to properly organise such training and do not know who can help them locally. More-over, most of them do not not need the level of narrow skills provided by such courses. They want a mix of modules (not just digital modules) that are relevant to their business – where the secretary/receptionist/CEO’s personal assistant is in charge of IT, including information security, and the mechanics try to work out what the IoT devices in the equipment are up to. If you have watched a modern plumber trying to correct faults in a computer heating system you will understand the mix of skills required by the latter.

Such problems are not, however, confined to small firms. They are common to most employers whose core business in not “digital”.  Last year I was asked by e-Skills, now the Tech Partnership, to get the views of Financial Services employers on the new cyber security skills frameworks. I blogged at the time asking for comments on my first draft and reproduce the summary of my final report at the end of this blog.    

The points, where “digital” can be substituted for cyber or security and which apply to most commercial and industrial “user” sectors included:

“The … industry is internationally focused not UK-Centric”  [in other words UK training modules and qualifications are of little interest except where the UK regulatory regime is different or where the UK genuinely does lead the world and others are happy to follow]

A focus on … results in contact being delegated to those with operational rather than budget responsibility”.  [in other words those who do have neither training budgets nor influence over mainstream corporate training programmes]

“Roles which do not require understanding of the business are increasingly “co-sourced”, to joint operations … Those roles which are not outsourced commonly require skills mixes which cut across professional boundaries.” [in other words they do not fit inside “digital” skills, apprenticeship or professional development frameworks]

It is therefore easier to get support for adding … components to employers’ existing training and continuous professional development and update programmes but the degree of “outsourcing” and “co-sourcing” means that the in-house skills to organise such additions are often lacking. [In other words the problem is to find personnel consultants and training providers who can manage the process as well as deliver the components]

LOCAL partnerships are needed to turn national aspirations into practical reality

The good news is a growing number of traditional Further Education colleges are now seeking to turn themselves into “virtual colleges” to support local employers with the cross-cutting mixes of skills they need – including to organise their in-house training and supervision. Several recruitment and employment consultancies are also exploring the commercial viability of helping clients organise apprenticeship programmes. So too are commercial training providers. [One is said to be about to announce a programme for several hundred information security apprentices for a couple of well known defence contractors].   

The problem they all face is of trying to work with national programmes, including those of the professional bodies and trade associations, as well as those funded by government, that are sector and/or silo specific. Hence the proposal on which I will be reporting progress on 21st December to the DPA 21st Century Skills Group. This was to pilot “Local Skills Partnerships” approach to join up national programmes at the local level, involving local politicians (MPs and Councillors) who wish to be able to demonstrate results before they stand for-election. The aim is to put the MPs alongside employers (both national and local) who have immediate needs to meet, as well as longer term ambition for their own children and those of their employees. The result should be to add focus and “bite” to a debate that has been looping for 50 years since the study that led to the creation of the National Computing Centre (for which I worked in the 1980s until it “lost its way”)  

I have been agreeably surprised by the response from all sides, particularly from those running national programmes who are looking to see local joining up and success. The problem is how to harness that response and turn it into local leadership teams because most of  the effort in recent years has been on big projects to meet “national” needs and we currently has the “distraction” of a return to levies and grants. My fear is that the focus of the Science Technology Select Committee could once again be on “national needs”. The need to remember that the “average” UK digital worker is a 30 something-year-old hermaphrodyte (73:27 male/female) living just south of Coventry.  Their digital skills needs are likely to be equally untypical.

Tell the Select Committee on Science and Technology what you are doing to help fill the gaps

Employers (and professional bodies and trade associations) submitting evidence to the select committee should therefore unpack what “digital” means to them (and their employer members) and why it is so hard to organise cost effective training and career development programmes to meet their needs, whether in house or locally. Those who are telling me what they are doing to help address skills needs in their own areas, with a view to finding local partners with whom to work, should also tell the Science and Technology Select Committee.

Meanwhile, I hope that on the 21st we will also be able to organise publicity for local attempts to join up schools support programmes, careers advice, apprenticeships and modular degrees, cross-training, continuous professional development and returner programmes – all working together, to help secure the jobs of the future for their communities (based on realistic travel to work/school/college maps) and their resident (or would be) employers.     

Meanwhile, I hope that the appendix below will help you understand what happens when you try to unpack what “digital” means in practice for just discipline, in just one sector, with the aim of  identifying which “gaps” most concern them and who they would trust to help fill them.


Report on engaging financial services employers with the

Cyber Security Apprenticeship and CPD frameworks and programmes

being developed by e-Skills and its partners


Key Constraints and opportunities

·         The UK Financial Services Industry is internationally focussed not UK-Centric.

·         The drivers are a mix of fraud prevention, resilience, customer confidence and compliance.

·         A focus on cyber and information security results in contact being delegated to those with operational rather than budget responsibility.

·         Roles which do not require understanding of the business are increasingly “co-sourced”, to joint operations serving a peer group and/or to trusted partners providing securities services. Those roles which are not outsourced commonly require skills mixes which cut across professional boundaries.

·         It is therefore easier to get support for adding security components to employers’ existing training and continuous professional development and update programmes but the degree of “outsourcing” and “co-sourcing” means that the in-house skills to organise such additions are often lacking.

·         It appears (needs to be confirmed) that it is more effective to promote action on the part of those with budget and strategy responsibility via sector-based peer groups.

The Skills Gaps identified to date

·         There was favourable comment on the e-Skills “Learning Outcomes Draft”  as a check list to aid the assessment of recruits

·         The Generic Gaps, common to all sectors, found to date were:

o    Mobile: including identity, authorisation, data access, transactions and privacy

o    Big Data: both for detection and for protection

o    Cloud: including secure access and regulatory and liability issues

o    Website Security, including and the handling of abuse and impersonation

o    App Security, including the application of security by design disciplines

o    Collaboration across cultural and professional boundaries  

o    Process Control: alias SCADA, Internet of Things, Ubiquitous computing


·         The Sector Specific Gaps, albeit often with common underlying disciplines and technologies, were:


o    Putting risks into business context and justifying spend

o    Intelligence led Security: direction, collection, analysis, reporting

o    Access Control: who has access to what, under what circumstances

o    End User Skills and Processes: including for access control and authorisation

o    Vetting and personal behaviour

o    Identity Management: including individuals, organisations and devices

o    Authorisation Processes: including PCI-DSS, HMG, major suppliers/customers

o    Governance/compliance: inc. AML, KYC, SARS, Data Retention and Protection

o    Support for Small Firms, generic and those in the supply chains of large firms

o    Incident Response: damage limitation, notification, consequent liability, public relations etc.

o    Reporting: what to report to who and how, what response to expect.

o    Investigation: forensics, evidence collection/preservation, co-operation with law enforcement

o    Asset Recovery: local (not just in the UK) and cross border


Action Plan


Organise follow up activities to identify priorities, those willing to comment on their needs in sufficient detail to enable suppliers to address them, plus those willing to work together to achieve common objectives in identifying, recruiting and harnessing talents.

e-mail me if you would like a copy of the full report


Start the conversation

Send me notifications when other members comment.

Please create a username to comment.