////////////////////////////////////////////////////////////////////////// FEATURE: CYBERSKILLS
company views security in general. Is it
seen as a hindrance – is security the ‘no’
department? This is where the delivery of key
messages is important. For example, instead
of just focusing on the work involved in
protecting information, ask them to balance
that effort against the cost, impact and
disruption of dealing with a potential breach.
Much like home or car insurance, investing in
protecting something now can be worth it in
the long term.
An encouraging career
As well as focusing internally, it’s important
the industry looks to the external world. One
thing a company can do is encourage as
many staff as possible to consider a career
in cybersecurity; hiring from within and
training someone up can be really costeffective
and encourages retention. A part
of this encouragement includes considering
what sort of image the industry is
projecting. Bringing in people from diverse
backgrounds not only helps to plug the
skills gap, but brings fresh ideas and new
perspectives to the industry, which can only
be a good thing. But how can we expect to
attract a more diverse pool of talent if the
most common thing they associate with
security is a scruffy young man in a hoodie?
Hiring people that have skills in marketing
or PR can help improve understanding in
the company (and the wider community) of
what sorts of people already have a career
in information security, in turn attracting
more diverse talent.
When looking at candidates, don’t always
focus on finding that one perfect person
who has everything the company needs.
For companies with larger budgets, focus
on hiring a couple of people who can
cover the skills and experience they need
between them; consider flexible working
and job sharing. Those with a smaller
budget, especially, shouldn’t hold out for
the ‘unicorn’ candidate who ticks every
box. Unicorns are expensive (if they even
exist…). Instead, think about what is vital
to the business and work on developing the
rest while they’re in the job. Once a person
is hired, give them the time and autonomy
to work and grow in confidence in the role to
ensure they stick around.
Outside of the work the industry can do,
the public sector should also help from an
educational perspective by introducing
more information security projects and
courses into university courses including IT,
software engineering, economics, finance,
marketing and MBA programmes. The
government should also consider raising the
level of awareness around data privacy in
general in schools from a social perspective,
to make people aware of how to protect
themselves. These can help to drive interest
in the industry from a young age, helping
to plug the gap in future generations
and encouraging students to share their
knowledge with relatives. Investing in early
STEM education (from the beginning of
primary school) can help create a more
diverse sector by engaging with children,
for example, before they are influenced by
popular media and peer pressure to see
some subjects as ‘for boys’ and ‘for girls’.
This happens as early as age six.
In summary
The cybersecurity skills gap is growing
and now is the time to turn it around. An
education is clearly needed on the skills
that are required, but also on the industry
itself as a viable career alternative. What’s
clear though, whether it’s boosting skills
internally or externally, is that there is still
much work to do. •
ON THE SUBJECT OF AWARENESS, AS
WITH ANYTHING, YOU’RE ONLY AS
STRONG AS YOUR WEAKEST LINK.
www.intelligentcio.com
INTELLIGENTCIO
57