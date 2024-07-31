Half of UK businesses have a basic cyber skills gap, with the industry needing 21,600 recruits per year to meet demand. Those are huge numbers and come with a stark warning: that we must make the cyber workforce more diverse and look to soft skills during the hiring process.

That’s why it was great to see the recently published McPartland Review emphasize the need for diverse cyber skills to protect the UK’s critical IT infrastructure and drive economic growth. It also echoes my view that we must prioritize skills and training to retain employees.

Without major action now, the cyber skills gap could languish further and undermine the cyber resiliency of the nation.

Dr. Andrea Cullen Social Links Navigation CEO and Co-Founder, CAPSLOCK.

Unpacking what makes a great cyber employee

Having worked in the tech landscape for over 30 years, it’s very clear that the picture of what makes a “good” cyber candidate has barely changed. That’s because one of the greatest challenges facing recruiters and hiring managers in the cyber industry is a lack of knowledge about what skills make a great cyber employee for today’s threat landscape.

There are multiple roles in cyber. Some are highly technical, others are not. But cyber professionals don’t work in isolation and technical skills, while valuable, need to be applied within a team setting and to problems that could look different, to different people, every time.

Organizations must become more inclusive when making hires, recognizing “soft” or “impact” skills to encourage those without a traditional cyber background to enter the profession. There are a range of top skills needed beyond technical prowess, including communication, problem-solving and creative thinking.

Hiring managers must look towards hiring those with potential, enthusiasm and strong transferable skills to open up opportunities for learning or reskilling in cyber. In doing so, they help to widen the talent pool and in time start to close the skills gap by nurturing the diverse talent needed to tackle increasingly complex threats.

Looking beyond traditional hiring routes

Another major barrier to building a diverse workforce in cyber is that people fear change. Even if it is for the better. They want to keep doing things the same way – recruiting from the same pool of people who have the same background and qualifications.

Rifling through CVs from those holding university degrees in cyber security or complementary disciplines such as computer science will and should continue to be commonplace in recruitment for cyber roles.

However, the recruitment process must also be inclusive of those who have experience over qualifications, and, as I mentioned, those softer skills. For example, they could consider welcoming career changers as cyber learners who can bring valuable transferable skills and experiences from other industry backgrounds.

Quite often selection is made by requesting competence in a list of well known cyber tools or via a similar long list of industry certifications. It is sometimes unclear what skills are needed and (as we know) puts off women especially if they don’t have everything on the list. The UK’s careers framework needs to be simplified and standardized in line with the UK Cyber Security Council framework. This will significantly improve how companies advertise roles and help employees understand career progression paths. Current job descriptions often contain unrealistic requirements and mix different specializations. By adopting a common recognized framework, people will be able to navigate their careers more effectively.

Onboarding cyber security talent enables organizations to invest in and shape the future of their talent pool. By providing on-the-job mentorship and training opportunities, they can cultivate a diverse group of professionals well-equipped to tackle future threats.

Diversity as a keystone for resilience

By looking beyond traditional talent acquisition routes, hiring managers can help make cyber a more accommodating workforce and break apart the ‘old boys’ club demographic view of the career. It opens them up to hiring people from different backgrounds, experiences and characteristics such as gender, ethnicity, age, sexuality, education and socio-economic background.

Introducing more diverse talent including those from underrepresented demographics is important for several reasons. First, it ensures that there are more role models to encourage further underrepresented candidates into the talent pool. Second, diversity encourages more viewpoints to be seen, which is important for building resiliency in the function.

Traditional cyber security teams – generally a very male, white and middle-class environment – present a significant vulnerability to organizations. When every person on a team approaches problems from the same perspective, blind spots are more likely to emerge.

Individuals from different backgrounds bring unique experiences, thought processes, and problem-solving approaches to the table. These wider perspectives allow teams to identify vulnerabilities from different angles, stay one step ahead of attackers, and develop more complex defense strategies.

Further, technologies such as generative AI are ushering in a new wave of threats for organizations. Hiring managers can’t afford to have the same cookie-cutter employees but need diverse minds with varied experience to approach new issues creatively, critically and differently to tackle ever-evolving threats.

Action is needed now

A huge catalyst for the cyber skills crisis in the UK is that we continue to hire from the same talent pool. Instead, we need to recruit people of all ages, and from different educational backgrounds and ethnicities to build a cyber workforce that truly reflects the society it protects.

We must also not discount those who lack technical expertise. Neglecting soft skills is hurting the industry by preventing high-potential candidates from non-traditional cyber backgrounds from securing the opportunities they need to break into the industry.

We hope that the industry now takes action to bridge the skills gap and build a diverse cyber workforce for a secure future.

