When the Cybersecurity S**t Hits the Fan

I have spent much of the past year trying to stimulate the supply of training for when the cybersecurity skills crisis breaks. But the new courses organised by those who listened have not sold. Various reasons have been given – mainly to do with headcounts and training budgets being cut, particularly in the public sector.

Today we have a global summit on cybersecurity issues.

One of the topics not being addressed is the skills to address those issues.

In front of me I have the current list of jobs for which one of the main security headhunters is seeking candidates. It is three times a long as the last such list I looked at from the same firm. It is not that demand from their traditional clients in the Financial  Services sector has grown. It is that government and law enforcement have suddenly started recruiting after nearly a year of cut-backs, lay-offs and redundancies.  At the same time the Utiltities appear to be building teams to address the threats being belatedly discussed today.      

Where are the candidates going to come from?

Will they have the skills needed?

Why do we never learn? I have written on this topics many times, usually in the context of public sector delivery but it is well to remind readers of the economic analysis on pages 13 – 18 of “The End is Nigh” . This, published in 1996, showed the “skills cycle” and the other factors which underlay my all-too-accurate prediction of not only the skills crisis that would occur during the run up to Y2K but also the bust that would follow – before the world of “broadband, networked and multi-media skills” (alias the mass-market Internet)  took off.  

A similar analysis today shows that the only way out of the cybersecurity skills crisis is for a massive short-order skills programme, akin to that for the Millenium Bugbusters , the only one of the previous governments skills programme to deliver results – mainly because it was also the only one subjected to rigorous quality control on the trianing providers – by a team drawn drawn from the main ICT professional bodies, organised by ITNTO the fore-runner of e-Skills.    

We almost certainly need a similar programme today, building on the work for the security stream for the National Skills Academy for IT Skills .

But central to success will be the active participation of the public sector, particularly the tribes of central government who need to retain those they have rather than compete in the market place for those they cannot afford. They also need to remember that this is an area where those who come cheap and have not been previously worked in the public sector or otherwise been security vetted, may well have an ulterior motive.