The UK government has recognized the growing need for a new generation of cybersecurity talent to address the growing cybersecurity skills shortage.
The State of the Cybersecurity Workforce
- 44% of UK businesses have skills gaps in basic technical cybersecurity areas
- 27% have gaps in advanced skills, such as penetration testing
The 2024 ISC2 Cybersecurity Workforce Study found that there is an estimated 4.8 million shortfall of cyber professionals required to adequately secure organizations.
Retaining Experienced Workers
Job satisfaction levels plummet due to stress and lack of progression opportunities.
Several UK government initiatives are now starting to take effect, providing organizations with the opportunity to revolutionize their cybersecurity recruitment and retention strategies.
The Need to Embrace Entry-Level Candidates
Cybersecurity recruitment strategies have typically suffered from unreasonable expectations, creating significant barriers on new entrants.
Formal cybersecurity certifications, often expensive to obtain, are a common requirement for entry-level cybersecurity roles. These certifications require years of experience to obtain.
Some junior and entry-level roles require a CISSP certification, which demands a minimum of five years cumulative paid security experience.
Such barriers have a significant impact on the cybersecurity skills shortage, with 31% of teams having no entry-level professionals.
Experts agree that recruitment in cybersecurity should prioritize soft skills above technical experience and qualifications.
Key Traits for Cybersecurity Professionals
- Curiosity, collaboration, and the willingness to learn
- Resilience and the ability to respond calmly during cyber incidents
Developing leadership skills from early on, such as communication and presenting, is also crucial.
UK Government Programs Aim to Support Cyber Jobs
The UK government has embarked on a number of initiatives to provide clearer career opportunities and pathways in cybersecurity.
The NCSC’s CyberFirst program is designed to encourage children and young adults to consider a career in cybersecurity.
CyberFirst graduates have demonstrated significant commitment to pursuing a cybersecurity career and gained real-world experience in the industry.
Partnering with the CyberFirst scheme is a way organizations can identify talent early.
Additionally, CyberFirst graduates have landed a cybersecurity role, with 87% of graduates finding employment.
UK Cybersecurity Council Professional Standards
The government-funded UK Cyber Security Council has been charged with boosting professional standards and career prospects for those working in cybersecurity.
The Council has created professional standards across different cybersecurity specialisms, similar to other professions such as accountancy and law.
The standards are designed to demonstrate individuals’ competency in the sector as they progress through their careers.
The chartership program was rolled out to four specialisms in 2024 – architecture and design, governance and risk management, audit and assurance, and cybersecurity testing.
Professional titles will be extended to cybersecurity management, incident response, operations and system development in 2025.
Conclusion
It is clear that organizations need a change of approach to make sure they are adequately staffed to tackle rising cyber-threats.
The focus should be on identifying the traits needed to pursue a successful career in cybersecurity, rather than lowering standards.
There must also be a pathway to harness those traits for the benefit of the organization and the employee.
“I want to see people who haven’t been in this industry and don’t do things exactly the same way,” – Simon Whittaker, CEO at security training firm Vertical Structure Ltd.
Experience workers from unrelated fields who are looking to transition to cybersecurity can bring a wealth of fresh perspectives.
Curiosity, collaboration and the willingness to learn are highlighted as core traits for prospective cybersecurity professionals.
Investing in and encouraging such development will ultimately help boost retention and make the organization more appealing to prospective candidates.
Organizations should encourage and support employee membership of the schemes which can help hone the cyber skills of new recruits to support business needs.
Similarly, organizations can identify young people who have the passion and soft skills they should look for by looking at those who have the Associate title.
The government-funded UK Cyber Security Council has recently introduced an ‘Associate’ professional title.
