Ensuring the UK Cybersecurity Profession Retains a Hotbed of Talent

Debates around cybersecurity are rarely out of the headlines at the moment. From the introduction of GDPR across the EU to international concerns about the hacking of sensitive information held by Governments and multinational corporations, there is an overwhelming sense of anxiety about how secure our data is.
 
Responding to these trends, the UK Government’s National Cybersecurity Strategy sets out ambitious plans to ensure that we have a full talent pipeline of homegrown cybersecurity professionals, and achieve its aim to make the UK the safest place to be online.

In many respects the UK is already a world leader in this area, however increasingly employers that I speak with are concerned about how they will continue to access a diverse workforce.
 
There are currently several challenges around awareness of routes into the cybersecurity profession. For many people, entering into and progressing in the cybersecurity sector involves some significant hurdles. People working in the sector usually require years of industry experience before they can attain the professional qualifications required to specialize from general computing into cybersecurity. Additionally, it will likely come as no surprise that the sector is disproportionately male.
 
It is important for the sector that we ensure that the UK cybersecurity profession develops in these areas. There are currently several programs that are aimed at diversifying the workforce, but they are not moving quickly enough.

Currently, very few cybersecurity professionals are female or come from minority backgrounds. Women comprise 43 percent of the global workforce but only 11 percent of cybersecurity positions, according to a 2017 Women in Cybersecurity Report. There is a clear role for both the public and private sectors here to develop high-profile campaigns to encourage more women and BAME entrants into the profession.

Recruiting cybersecurity champions would provide people from minority groups with role models within the sector and make clear to them that this is a career path open to them.
 
More fundamentally, we need to look at how cybersecurity qualifications are designed. Currently, access to them is largely dependent on existing industry experience, pushing the average age of a cybersecurity professional up.

Recognizing the importance of challenging this has been a key factor in Pearson’s design of the BTEC Higher National qualifications. To allow for a broader range of people entering the sector we designed cybersecurity Higher National qualifications in two parts, a certificate and a diploma. This approach supports flexible lifelong learning as cybersecurity students can achieve the first part and then either progress into the workforce, pause their studies or progress onto the second part of the qualification (the BTEC Higher National Diploma).

Repeating this more flexible approach across the sector would allow for a more diverse set of ages to enter the cybersecurity profession.

Finally, a rigorous review of CPD for teachers is vital if we are to ensure that they have the knowledge and tools needed to grow the UK’s next generation of cybersecurity professionals. We should be looking for ways to help teachers understand where their CPD requirements lie, to access relevant training, and to track their CPD achievements. 

Ultimately the UK is well placed to become one of the world’s safest nations to surf and do business online. However, if we are to ensure that we have an army of cybersecurity professionals that reflect the diversity of the population then we need to sit up and think more critically about how we will achieve this balance.

Positive role models are a start but, ultimately, a more flexible approach to training and an increased focus on CPD for teachers to ensure they stay at the cutting edge of the industry will be vital is we are to truly become a world leader in this space.