Barry Searle, Managing Director at Intelligencia Training discusses an alternative approach to closing the Cyber Security Skills Gap.
With the Global cost of Cyber Crime estimated at over £6 Trillion in 2024 and the UK reporting business losses of over £27 Billion, both public and private sector organisations are acutely aware of the need to develop capable and effective cyber security teams. As well as the Billions of pounds we spend each year on defensive technologies, the skills of people charged with implementing and managing those tools to protect us is something that is arguably even more critical in the defence against growing criminal and Nation State cyber capabilities.
With the need very clear, a UK Government study published in July 2024 reported that over 50% of UK organisations had a Cyber Security Skills gap. Therefore, is it the case that there are simply not enough individuals out there seeking employment in these roles? This seems unlikely. We meet hundreds of people each year, many of which are recent graduates or have completed recommended and recognised cyber security certifications, that are actively seeking cyber security roles, yet struggling to gain employment. Therefore, if we have a pool of talent that is actively seeking employment and a range of organisations with critical cyber security roles that are available, how do we have such a large skills gap? The reality is, we are searching for unicorns.
It is a term increasingly used by graduates in the field, frustrated that they have undertaken the relevant courses and gained recognised certifications, yet even entry level roles often require 5 years plus of experience. It is rare for a cyber security practitioner, particularly at more entry level roles, to come into an organisation with the specific skills needed for their role. Traditionally, academic courses will focus on specific software, applications and cyber security tools that are commonly used within the industry, they are generic to the course as they are a best fit for all delegates. Whilst that is logical, it does not always reflect a real-life environment. Training companies are more likely to use more common tools, often due to cost and familiarity, when in the real world, a company is more likely to use the best tool for the job, which in many cases is something more complex and costly.
This creates a scenario in which we have a misalignment of the knowledge developed within education and the actual role requirements, as the training undertaken does not leave the individual with the specific knowledge and skills required for that role. A company then often needs to spend considerable time re-training or upskilling individuals to work the way that they need them to, which is both financially and operationally disruptive. As a result, we have a stalemate, job roles that require specific experience on tools and applications that are not often available within a learning environment, or low salaries that organisations believe will account for the additional training, coaching and mentoring required until an individual is actively competent within their role.
Having worked within the industry for over a decade, we can see this is a problem that isn’t being effectively resolved. The cyber security skills gap is not closing and each year there are an increasing number of people with qualifications and certifications that are looking for roles without success. We must therefore consider what we are getting wrong and how do we better align training and skills development to employer needs.
The first consideration is around how we perceive cyber security roles. Many of them are office based, sat in front of a computer screen and so they are often labelled as “white collar” roles from an administrative perspective. This shows that we lack understanding of the role requirements. Cyber security practitioners are required to be able to operate a range of tools, often within very specific legislative parameters and bound by regulatory and safety requirements. By definition, a cyber security practitioners’ role is far more “blue collar” and akin to that of an engineer, mechanic or nurse. In these roles, continuous professional development (CPD) is critical to understand latest technologies, threats and techniques to fix/resolve issues. Much of the training we put our cyber security practitioners through is static, they are assessed utilising specific tools and applications within an academic environment over a shorter duration. Much of the knowledge is irrelevant to a specific role and the rest can be lost if not actively practising.
Apprenticeships are a tailor-made solution to the cyber skills gap and help us to develop the unicorns that we are so desperately looking for. The Cyber Security Technologist apprenticeship was developed by UK employers to meet their needs and focuses on a three specific roles, Cyber Threat Analyst, Cyber Security Defender/Responder and Cyber Security Engineer. Apprenticeship may well be the solution as they are delivered specific to your organisational requirements, to include the nature of role, tools and applications used and as such an apprentice is developed to meet your organisational needs. Each apprenticeship programme is developed in coordination with an employer to meet the role needs, and as such an effective apprenticeship will provide complete relevance in its curriculum. Many well-known cyber security certifications focus heavily on the teaching of knowledge, but apprenticeships are centred around the training and coaching of skills. They provide an opportunity for skills to be developed and most importantly, honed within the real-world environment that they need to be applied in.
Apprenticeships mean that training is current and relevant, the ability to apply the teaching in a real-world environment increases retention within the student and builds a genuine capability. Salary expectations for an apprentice are far lower than a graduate or “qualified” candidate, yet there is a strong argument that an apprentice is often more capable in role only a few months into their apprenticeship as they are learning on the job. A culture of carrying out CPD is part of an apprenticeship programme that helps to build a genuine passion for learning.
Ultimately, an apprenticeship helps to mould a cyber security professional to the needs of your organisation whilst also developing a working knowledge of the organisations culture, ethos and working practices. When an employer seeks prior experience for cyber security roles, what they really mean is that they need somebody with the skills to perform their role effectively, apprenticeships have existed in various forms for thousands of years to develop the skills in the next generation, yet they are something that we are not harnessing effectively to help us close the cyber skills gap.
You can read more about Intelligencia Training and its specialist apprenticeship training programmes at www.intelligenciatraining.com.
The post Closing the Cyber Security Skills Gap: Are we Looking for Unicorns? appeared first on Intelligencia Training.