7Safe asks: Is the lack of trained cyber professionals impacting on UK security?
Robert Hannigan, the Director of the signals intelligence and cryptography agency the Government Communications Headquarters (GCHQ), said in his keynote speech at IA15 on 10 Nov 2015:
“It is clear to me that one of the biggest challenges for the UK in cyberspace in the years to come will be developing enough skilled people.”
Earlier in the month (4 Nov), a special Parliamentary Select Committee told peers in the United Kingdom’s House of Lords that there will be a global shortage of ” no less than two million cybersecurity professionals” by the year 2017 [Source: IT Pro Portal]. And in the same article, National Audit statistics were quoted as stating that the cybersecurity skills gap “could take 20 years to rectify,” [Source: SC Magazine].
The experts contributing advice to the Select Committee generally agreed that a greater emphasis on security issues within school and university courses is needed, whilst some highlighted retraining as a possible short term solution to the growing crisis. What is evident is that careers in cyber security are not attracting a sufficient number of talented people and there is an acute shortage of qualified candidates.
Could vocational training – rather than university degree courses lasting 3 years - be one answer to fill the gap? Training that is highly-affordable for individuals as well as smaller companies, which make up the majority of the UK’s private sector industry?
Gender imbalance in IT must be addressed as a National priority
There are 1.1 Million IT specialists in the UK – only 16% of whom are women. As cyber security guru, Neira Jones, noted in her blog recently, female IT specialists are paid 16% less than their male peers. Clearly, the IT sector is not putting its money where its mouth is when it comes to encouraging women to enter the whole sector.
The (ISC)2 Global Information Security Workforce Subreport ‘The Agents of Change: Women in the Information Security Profession’ states that “the profession [cyber] as a whole has been slow in tapping into the pool of talent represented by women.”
At 7Safe, we have been working UK Cyber Security Challenge and STEMCyber to provide support and training to women who want to become ethical hackers and digital forensics – areas where there are significant numbers of unfilled vacancies.
Recently, two young women who trained on our CSTA Ethical Hacking – Hands On course appeared on BBC Panorama’s TV programme How Hackers Steal Your ID. Their story is told in their own videos published on You-Tube – see the links below.
CSTA takes delegates on a journey through the various stages of a hacking attack, or equally a penetration test, from initial information discover y and target scanning through to exploitation, privilege escalation and retaining access. What makes a course like this different from a university education is that these vocational skills are taught ‘hands-on’ in a few days (in this case, four) to delegates who will use them in the workplace as soon as they return from training. The difference that this type of ‘hard-core’ training can make to the confidence of an individual in testing systems and responding to a cyber-attack can be judged by viewing Jennifer Arcuri and Luciana Carvalho Se’s videos; and also by the number of successful past delegates who lead in the cyber security field because of their knowledge and understanding.
7Safe’s Steve Bailey is concerned that organisations are not moving quickly enough to start addressing their cyber needs: “Even good quality people like Jennifer and Luciana need time to develop the skills they learn on our training courses, meaning that sending people on the courses is just the start of the journey.”
There’s nothing wrong with university education, but have we got time to wait around for the system to fix itself? Wouldn’t this hands-on training be the answer – right now!
The same is true for the Cyber Essentials Scheme. Only 1,200 companies are Cyber Essentials registered. According to the latest statistics, based on data collected at the start of 2014, there are around 5.2m businesses currently operating in the UK. These businesses employ over 25.2 million people, and turn over an estimated £3.5 trillion [Department of BIS Business Population Estimates 2014]. 1200 is, therefore, hardly strong evidence of much success when you look at the scale of the problem!
Vocational Training has its part to play here too: there would be many thousands more Cyber Essentials compliant organisations in the UK if their IT staff were trained in aspects of cyber security. A qualified Ethical Hacker in every medium to large-size organisations would be the capable of ensuring that the organisation met the Cyber Essentials and Cyber Essentials Plus requirements whilst saving those organisations a fortune in fraud write-offs and reputation damage every time a breach takes place.
Is it unreasonable from a simple ROI standpoint to suggest that more UK companies in the private sector should send IT staff on ethical hacking courses to prepare for the task of making their organisations Cyber Essentials compliant and data secure?
Tell us what you think!
For all enquiries contact: Michael Shuff, Marketing Executive, 7Safe, on +44 176 326 7639