The forum seeks answers to the general skills issue; the analysis looks specifically at the security industry – but the issues are interelated. Writing in The Spectator’s Coffee House blog yesterday, Matthew Hancock MP (the UK’s Skills Minister and one of the speakers at the forum) lays the blame on education. “This is because of the high number of courses that have left too many young people with qualifications that get them nowhere.”
The UK’s economic competitors, however, get it right: “The Germans,” he wrote, “make sure technical qualifications are as solid as those for pupils likely to spend more of their time with their heads in books.”
This basic premise, that the UK’s education system does not give youngsters the skills they need for specific engineering careers, is confirmed by the Alderbridge/e-skills analysis into the skills shortage in security: Career Analysis into Cyber Security. One of its main findings is that there is no direct route from university into security. “The most common pathway to non-commercial Cyber Security roles has been via other roles within IT. 46% of all professionals currently in non-commercial Cyber Security entered the profession in this way from their 3rd previous role of their career history.”
In other words, the most common route into the security profession comes after forging a separate career in general IT – and almost by definition, the best IT specialists will have been promoted up the career ladder to a point where specializing in security is no longer an attractive option. This, combined with a lack of security-qualified youngsters coming out of universities, and the explosive growth in the complexity of cyber security threats, means – according to Geoff Harris, CEO at Alderbridge – that “the window for new entrants to this field is narrowing and there are limited opportunities for candidates with generalist IT qualifications. Employers now require dedicated, qualified and highly savvy cyber security specialists to help combat the explosive growth in cyber threats.”
This shortage of skills, incidentally, partly explains the increasing threat to SMEs noted in this year’s BIS/PwC 10 Steps to cyber security publication launched at Infosecurity Europe: the larger companies can afford to cream off the available talent leaving SMEs struggling to fill the gap and more exposed to threats.
Nigel Payne, Project Director at e-skills UK, said, “Attracting new talent, of both sexes, into the sector is critical, and we need to make sure that new entrants can easily identify and follow a worthwhile career path. The easier it is for them to find the training and qualifications they need, the faster they will become successful and productive assets to their employers.”
Matthew Hancock is pinning the government’s hopes on new schools education and qualifications. “The Technical Baccalaureate... will be rigorous and challenging, finally giving vocational education the high status it deserves – putting it on a par with A level study. It will recognize those young people who have excelled at a high-quality, industry-recognized vocational qualification and who have shown strong ability in maths and English.” But whether it will specifically help the security industry remains to be seen.