Government is acutely aware the need for skilled cyber security professionals is not being met, according to Matt Parsons, head of cyber security skills at the Department for Culture, Media and Sport (DCMS).
“We are looking at a number of ways to retrain people who are interested in moving into the industry at pace and at scale,” he told members of UK technology industry body TechUK.
These “interventions” include a two-year bursary pilot programme for candidates taking a GCHQ-accredited masters degree to retrain to become cyber security professionals.
The government also ran a 10-week training academy to provide the necessary training to suitable candidates looking to switch careers into cyber security from a non-related background, and the critical national infrastructure apprenticeship scheme that gives candidates on-the-job training and real-world work experience.
Parsons said the government plans to apply the insights gained over the past year in terms of what works and the level of knowledge required to make the transition. “Using what we have learned, we are planning to scale up and look at how we can support the cyber security industry – and get more people in at a quicker rate.”
At the same time, he said, the government is pursuing various longer-term initiatives to ensure the development of skills to meet the UK’s needs.
“The National Cyber Security Strategy outlines a number of strategic outcomes, one of which is that the UK has a sustainable supply of home-grown cyber security professionals to meet the growing demands of an increasingly digital economy in both the public and private sectors – and in defence,” said Parsons.
Read more about information security skills
- An anti-millennial recruitment stance will widen cyber security skills gap, experts warn.
- Companies struggling to fill infosec roles should focus on finding people who can do what they need, not qualifications, according to a security industry panel.
- Information security professionals need to grow their skills, engage with the business, increase security awareness and set business goals and tailor their messages, says a panel of experts.
A key measure of success, he said, will be that cyber security is widely acknowledged as an established profession with clear career pathways, and has achieved Royal Charter status.
“The intent is to bring more coherence to the cyber security profession,” said Parsons, noting that cyber security is still “a relatively nascent sector” that has grown organically and quickly to respond to the ever-growing and changing threat and risk landscape.
Government believes the development of a cyber security professional body is “absolutely key” to evolving future responses to cyber threats and to the continued development of the profession.
Parsons said the government is looking into ways of supporting the development of a cyber security professional body.
“And that is not about creating something new to replace what already exists, but rather about looking at the existing landscape and thinking about how all that work can be harnessed to be even more effective and help deliver the desired outcome,” he said.
Collaboration with the sector
Parsons assured the TechUK audience the development of a cyber security professional body would be done in collaboration with the sector.
“The body is intended to represent the sector, so it needs to be built together, and government is currently working to understand the user needs,” he said.
The government believes creating a professional body will bring cyber security in line with more established disciplines, such as engineering.
In September 2017, the DCMS, the National Cyber Security Centre (NCSC) and the Cabinet Office held a series of joint workshops in which representatives of the cyber security industry, government and academia discussed the initial structure, regulatory function, and finance proposition.
“We are working on a revised proposition based on the feedback from all those sessions, and will continue to engage with stakeholders in the coming months,” said Parsons.
“There is a significant range of interested groups, and we want to ensure that all of those are heard to help us to refine the user needs before going out to public consultation in 2018,” he said.
Other longer-term initiatives aimed at creating a cyber skills pipeline include the government’s cyber schools programme, which will identify young people with “cyber talent” and provide them with training, which Parsons said would be launching “soon”.
“This programme is designed to appeal to students from all backgrounds, including those currently under-represented in cyber security jobs.
“It aims to identify students with aptitude and enthusiasm for cyber security, and students will be selected for the programme during an initial assessment phase,” he said.
The programme, said Parsons, is designed to appeal to a range of different learning styles, and therefore the widest range of students, to help find as many talented students as possible.
“And there will be a specific focus on gender to encourage girls into – and to progress within – the programme and into a career in cyber security,” he said.
The development of a professional body and the cyber skills programme, said Parsons, are two examples of longer-term government-led initiatives designed to deliver a “step change” in cyber security skills over the next five to 10 years.
Parsons said these are just some examples of what government is doing to address the cyber security skills shortage.
These programmes are being continually refined and expanded. “We continually assess the effectiveness of what we are doing and looking at how we can scale up to address the problem.”
A key part of the development and refinement process is research, and in the coming months, government is planning to commission further research to help understand current and future cyber security recruitment and retention issues.