Security leaders are increasingly open to the idea of apprenticeships as a solution to help attract more young people into the cyber sector, according to the results of an informal Twitter poll run by the promoters of the annual Infosecurity Europe fair, currently scheduled to take place in some form in June 2021.
The poll set out to explore issues around the skills shortage in security specifically, prompted by a recent study from security association (ISC)² that revealed there were over three million unfilled roles worldwide, even as over a third of organisations enact hiring freezes thanks to the pandemic.
Almost half (42.5%) of respondents said that increasing cyber apprenticeships was the way to go, in contrast with 27.1% who wanted more formal career paths into the sector. Other suggestions included a greater focus on encouraging young people through highlighting security role models and mentors, and emphasising diversity in security teams.
Omdia senior research director Maxine Holt said: “After doing my BTEC in computer studies, I got an apprenticeship, learning on the job while studying part-time for my degree. I also got to work in other parts of the business, which really helped me understand how they interacted with IT.”
Steve Wright, the Bank of England’s chief information security officer (CISO) of privacy culture, and formally interim data protection officer, said: “We can definitely do more to open up apprenticeships or internships that encourage people to see if information security is for them, but as a permanent measure we’ve got to look at what’s going to attract people at the right age. I think more could be done to make it part of the school curriculum.”
Amar Singh, CEO and CISO of the Cyber Management Alliance, agreed that starting engagement with cyber security at a younger age was needed as this would help to build more national capabilities in the field.
“It’s a pipeline – you can’t simply pick someone up and say, ‘You’re now infosec’! That individual has to be trained and inspired from a young age,” said Singh. “If they’re not, by the time they’re 16 or 18 this becomes more difficult because they’re already established on another path.”
Nicole Mills, exhibition director at Infosecurity Group, said there was no single action that would really prove effective at bridging the skills gap, and urged the industry to consider a holistic approach, integrating early years engagement and education opportunities with strategies that enable people with established careers in other sectors to transition into cyber – although, as memorably proved in 2020 when a badly thought through careers advert went viral, this last action is often easier said than done.
“Importantly, our industry must resist the temptation to press ‘pause’ on recruitment, as many organisations have done in the face of budget cuts and uncertainty – if we do, there’s the risk that the skills gap becomes a chasm,” said Mills.
Heidi Shey, principal analyst serving security and risk professionals with Forrester, agreed. “We need to really expand our view, looking at non-traditional backgrounds for different types of roles,” she said. “What is it you really need in terms of the skills? And what are the things you could train someone up to do? You’re looking for that one candidate who has everything already, and that can really narrow down the field and make it more difficult to recruit.”