When most people think of cybersecurity and cybercrime, the first thing they might think of is antivirus software or even antimalware software. However, how many students who have collected their GCSE or A levels this summer will know what a CISO is? A cryptographer? A threat hunter? A malware analyst? A penetration tester?
This may be humorous, but the vast majority of students who begin to think about their future career are likely to find all the empty faces.
Although the UK cybersecurity sector accounts for over € 5 billion and is widely regarded as the largest in Europe, it suffers from a real (and growing) talent shortage. More than half of businesses and charities face a gap in basic cybersecurity technical skills, down to 18 percent in the public sector.
We hear a lot about how the young generation is inseparable from their devices and can master new technologies and applications much faster than their older counterparts. At the same time, we also intend to talk about (or experience) the damage caused by data breaches and hackers to personal accounts, companies and national infrastructures.
In today's digital climate, why don't we see more young people pursuing careers in cybersecurity? This is even more puzzling when you consider the rising cost of a college education and the growing scrutiny of the value of diplomas. To put it in perspective, the average annual salary for cybersecurity jobs is € 72,500, well above the average salary of € 23,000 for graduates. Not only are our young people at risk of not participating, but so is the British economy.
About the AuthorJames Lyne is the technical director of the SANS Institute.
A threat to national security?
I cannot think of a company in the UK that is not dependent on technology and is not participating in our digital economy in one way or another. This means that every organization also runs the risk of something going wrong somewhere; Data breach and piracy (internal and external) can affect us all.
The lack of specialist skills in the IT service management sector will negatively impact the UK's ability to defend itself against increasingly sophisticated threats. This fact did not go unnoticed by the British government. At the end of last year, Margot James, Minister of Digital and Creative Industries, pointed out that cybersecurity was "a priority for the government." It is essential not only for our national security, but also to become the best digital economy in the world. & # 39;
Recognizing the skills gap, the government launched an initial cyber security skills strategy, committing to fund € 2.5 million for the creation of a UK Cyber Security Council to train a skilled workforce for the future. This is a positive initiative, but the government's goal is not just to address the skilled labor shortage. In August, the government appointed the Institute of Engineering and Technology (IET) as the lead organization for the design and implementation of the new UK Cybersecurity Council. . So we are waiting to see what changes it will bring.
Take collective responsibility
The responsibility for closing the skills gap and promoting cybersecurity as a rewarding, beneficial and highly valued career option does not lie with one party. Instead, it has to be a multi-stakeholder job: government and private investors, the cybersecurity sector, education, business organizations, non-profit organizations, IT department leaders, and human resources.
It is important to note that these parties do not have to wait until the problem worsens before solving it or relying too much on encryption software. This is bad enough and with the ramifications of Brexit still poorly understood, a brain drain from the UK to Europe is a real possibility. The time to act is like this now.
First, companies of all sizes and in all industries need to be more aware of the importance of investing in security talent. According to a DCMS study published earlier this year, the average UK cybersecurity team includes just two employees. It goes without saying that more than half of organizations, according to the same report, do not trust them to deal with a cybersecurity attack.
The UK National Cybersecurity Center is a good first point of contact for answering this question. Offers free resources to companies looking to strengthen their security capabilities. Creating more jobs and raising the status of cybersecurity in a company is a good thing, but the talent has to come from somewhere. The answer is found in schools and colleges across the country.
Back to school
To return to one of the questions asked at the beginning (why don't we see more young people seeking careers in cybersecurity?): Young people cannot pursue careers that they do not know or do not know. to call. Children grow up learning about traditional professional roles, such as doctors, dentists, and nurses, and (by osmosis of social media) less traditional, such as influencers and vloggers. We must also improve gender diversity in information technology.
Therefore, the benefits of cybersecurity must be defended at an early age and integrated into the curriculum in the same way as subjects such as English, math, and theater. These are widely accepted academic topics and in-depth studies, so why couldn't we make cybersecurity just as viable?
We have already seen some success with this approach, with the government-supported Cyber Discovery program now in its third year. About 50,000 students between the ages of 13 and 18 participated in the first two years, following the launch of the free cybersecurity training program.
Cyber Discovery uses gamification to teach and demonstrate the fundamentals of cybersecurity (including areas like forensics, coding, and cryptography) in a safe, engaging, and fun way. It is important to note that this is enough of a challenge for teens who want to test their skills in real life scenarios to avoid having trouble testing them without permission.
Close the gap
By 2021, 3.5 million unfilled cybersecurity stations are expected worldwide. Naturally, we must ensure that the proportion of job vacancies in the UK is as low as possible. However, we also have a broader responsibility to ensure that the global cybersecurity industry is dynamic, diverse and sustainable.
Technology and the Internet are universal, and it is essential that cyber talent is not similarly limited by borders. Education about the importance of the sector should start at a very young age (with the union of the public and private sectors) and continue with continuous investments in internal and external computer talent in all sectors. .
James Lyne is the technical director of the SANS Institute.