The quest to close the security skills gap continues, with senior security figures prioritizing enticing staff from non-IT backgrounds and young people into the industry.
A survey of more than 200 high-ranking UK IT security professionals, commissioned by MWR InfoSecurity, revealed that those polled felt the core skills needed in cybersecurity were curiosity (46%) or on-the-job experience (34%), with none saying a university IT degree was crucial.
The research, carried out by RANT amongst its community of 2,500 cybersecurity professionals, was designed to quiz CISOs and similar security professionals of mid- to large-sized businesses about their views on their roles. It also uncovered that the perception amongst security professionals is that young people would be more attracted to a career in cybersecurity if the industry’s image were improved.
“It’s definitely a seller’s market right now, and security positions can stay vacant for months, sometimes years, if the employer fails to attract the right candidate,” said Chris Batten, managing director of ACUMIN, a specialist cybersecurity recruitment company. “Much of the historical failings of the cybersecurity profession lies in its inability to communicate the substantial risks posed by emerging threats and subsequently achieve consensus from stakeholders to deal with them. Those employers that are able to attract a wide-range of competences when building their cybersecurity teams are not only able to recruit and retain more easily, but also, in marketing the profession and their business more broadly, they attract candidates from a diverse segment of the workforce to deal with this communication lag.”
Interestingly, respondents did not see salary as a main barrier to entry to the industry. In fact, company culture was ranked similarly to salary as the key criteria respondents would assess when choosing an employer (50% of respondents reporting salary and culture as very important or important). Flexible working and opportunities for progression were generally of middle importance to those surveyed, whilst a network of peers and the opportunity to do their own research was generally less important (just 5% rated very important or important). However, about half (46%) reported that keeping up to date with research in the field was how they kept their skills honed in an ever-changing landscape.
Attitudes on Britain’s position in the global hierarchy of cyber security skills varied dramatically, with 49% putting the UK amongst the top five countries worldwide; but another half (46%) rated it as just ‘average’.
“With cybersecurity threat levels at an all-time high and a huge focus amongst both businesses and the government on protecting Britain’s industry from cyberattack, this survey offers insight into what those in charge of security at organizations believe will address the skills gap,” said Dave Chismon, senior researcher and consultant at MWR InfoSecurity. As well as widening their applicant pools, companies looking to recruit top cybersecurity talent would do well to consider the importance of company culture in attracting new security recruits. As a consulting organization that needs to attract and retain the best people, we understand only too well the importance of providing a stimulating, challenging and supportive environment for our staff as well as being a place that looks for candidates from all backgrounds and not just those with IT degrees.”