I am in the process of revising the interim report of my review of the new Cybersecurity apprenticeship and continuous professional development frameworks from the perspective of financial services employers. [see the P.S. at the end of this blog for more details]
The first message, which came as no great surprise, was that there is no shortage of talent, only of employers willing to help unleash that talent.
The second message is that (outside the security suppliers and consultancies) few of those who control recruitment and training budgets are interested in “information security” and “cyber” is a boadroom turn-off, not a turn on.
Boards are, however, very concerned about the consequences of insecurity: impersonation, fraud, industrial espionage, sabotage, extortion and other forms of abuse and predatory behaviour.
The skills being sought to help reduce the risk of these come under a variety of headings (from compliance through intelligence, investigation and risk to security). Few HR departments have the in-house ability to organise relevant programmes and most are uncertain where to get advice. In consequence inaction is common – other than external recruitment to fill immediate vacancies as competition for experienced staff accelerates – and many organisations are like rabbits faced by lampers.
The third message is that those (mainly suppliers, consultancies and audit practices) seeking to double or quadruple the size of their security operations (in order to help clients handle the tsunami of trouble ahead) know that they have not only to organise in-house apprenticeship, cross-training and update programmes but also to diversify their sources of recruitment – as competition for well-motivated graduates increases nearly as fast as that for those with a couple of years of practical experience at some-one else’s expense.
Hence the importance of the first Cyber Security Challenge regional event to bring together potential recruits and employers looking for talent. This is being hosted by the Bucks New University (which has put security into the School of Management) in their sports hall in High Wycombe, near the heart of the Thames Valley, where the competition for talent is at its greatest.
The event is on Friday 4th July 10am – 5pm and is targeted at anyone with an interest in the sector – including school pupils in their final year or those that have just left, as well as students in further education, and those of all ages looking to move into a career in cyber security.
In addition to a careers fair supported by Challenge sponsors and regional businesses, the Challenge event on 4th July will also include:
A Morning Session: Seminar for local SMEs wanting to discover more about the cyber security threats facing them and solutions to help protect their company. Participants to this free event will find information on related government initiatives, including advice and guidance on ways to safeguard their business.
An Afternoon Session: Seminar for girls and women considering a Cyber Security role, from those already in the industry to share knowledge and experience, network and mentor. Any individual or organisation interested in supporting the recruitment and retention of women in cyber security is encouraged to take part.
All Day Drop In Session: Cyber Security Challenge UK – including a guide to what it takes to play and succeed in its yearlong mixtures of virtual competitions and face to face cyber real world scenarios.
P.S. I would still like to hear (by 20th June) from financial services employers interested in helping review the new skills frameworks and in commenting on any changes and extensions they would like to see in order to better meet their needs. You will find detail of what is currently being, including how one qualifications provider is putting flesh on the frameworks, in the City & Guilds handbooks for Level 3 and Level 4 and the technical content for Level 4, which maps the material against relevant industry materials and examinations, including for CISCO. Comptia, Linux, Microsoft, Oracle and VMware qualifications.
Some of the gaps identified in my interim report are already being addressed in the new definitions for Cyber Intrusion Analyst and Operator and for Software Tester . Some of the others, such as mobile security and small firms support, were covered (at least at the lower levels) at a recent meeting with on the City & Guilds Tech Bac.