Half of UK businesses have a core cyber skills shortage, with the sector needing 21,600 new hires a year to meet demand. These are huge numbers, and they provide a stark warning: we need to diversify the cyber workforce and look at soft skills in the recruitment process.
That’s why it was great to see the recently published McPartland Review highlight the need for diverse cyber skills to protect the UK’s critical IT infrastructure and drive economic growth. It also reinforces my view that we need to prioritise skills and training to retain workers.
If drastic measures are not taken now, the cyber skills shortage could worsen further and undermine the country’s cyber resilience.
CEO and Co-Founder, CAPSLOCK.
Unpacking What Makes a Great Cyber Employee
After more than 30 years in the tech landscape, it’s clear that the perception of what makes a “good” cyber candidate has barely changed. That’s because one of the biggest challenges for recruiters and hiring managers in the cyber industry is a lack of knowledge about what skills make a great cyber employee for today’s threat landscape.
There are multiple roles in cyber. Some are highly technical, some are not. But cyber professionals don’t work in isolation, and technical skills, while valuable, must be applied in a team environment and to problems that can look different to different people every time.
Organizations need to become more inclusive when hiring, recognizing “soft” or “impact” skills to encourage people without a traditional cyber background to enter the profession. There are a number of top skills needed beyond technical ones, including communication, problem-solving and creative thinking.
Hiring managers should look to hire people with potential, enthusiasm and strong transferable skills to create opportunities for learning or retraining in cyber. In doing so, they will help to grow the talent pool and, over time, begin to close the skills gap by nurturing the diverse talent needed to tackle increasingly complex threats.
Looking beyond traditional recruitment routes
Another big barrier to building a diverse cyber workforce is that people are afraid of change. Even if it’s for the better. They want to keep doing things the same way: recruiting from the same pool of people with the same backgrounds and qualifications.
Reviewing resumes of people with college degrees in cybersecurity or complementary disciplines such as computer science will and should remain a common practice when recruiting for cyber roles.
However, the recruitment process also needs to be inclusive of those who have experience over qualifications, and as I said, those softer skills. For example, they might consider welcoming career changers as cyber learners who can bring valuable transferable skills and experiences from other industry backgrounds.
Often, selection is made by asking for competency in a list of well-known cyber tools or via a similarly long list of industry certifications. Sometimes it is unclear what skills are needed and (as we know) this can be a deterrent for women, especially if they don’t have everything on the list. The UK career framework needs to be simplified and standardised in line with the UK Cyber Security Council framework. This will significantly improve the way companies advertise roles and help employees understand career paths. Current job descriptions often contain unrealistic requirements and mix different specialisations. By using a widely recognised framework, people can navigate their careers more effectively.
By bringing cyber security talent on board, organizations can invest in and shape the future of their talent pool. By providing mentorship and on-the-job training opportunities, they can cultivate a diverse group of professionals who are well-equipped to tackle future threats.
Diversity as a cornerstone for resilience
By looking beyond traditional talent acquisition routes, hiring managers can help create a more accommodating cyber workforce and break the ‘old boys’ club’ demographic view of the career. It opens them up to hire people from diverse backgrounds, experiences and characteristics such as gender, ethnicity, age, sexuality, education and socio-economic background.
Introducing more diverse talent, including those from underrepresented demographics, is important for several reasons. First, it provides more role models to encourage more underrepresented candidates to join the talent pool. Second, diversity encourages more points of view to be presented, which is important for building resilience in the role.
Traditional cybersecurity teams – generally a heavily male, white, and middle-class environment – pose significant vulnerabilities to organizations. When everyone on a team approaches problems from the same perspective, blind spots are more likely to develop.
People from different backgrounds bring unique experiences, thought processes, and problem-solving approaches. These broader perspectives enable teams to identify vulnerabilities from different angles, stay one step ahead of attackers, and develop more complex defense strategies.
Furthermore, technologies such as generative AI are ushering in a new wave of threats to organizations. Hiring managers cannot afford to keep hiring the same employees, but need diverse minds with diverse experiences to approach new problems creatively, critically and differently to address ever-changing threats.
Action is needed now
A huge catalyst for the UK’s cyber skills crisis is that we continue to recruit from the same talent pool. Instead, we need to recruit people of all ages, educational backgrounds and ethnicities to build a cyber workforce that truly reflects the society it protects.
We also shouldn’t ignore those who don’t have technical expertise. Neglecting soft skills hurts the industry by preventing high-potential candidates from non-traditional cyber backgrounds from getting the opportunities they need to break into the industry.
We hope the industry takes action now to close the skills gap and build a diverse cyber workforce for a secure future.
We provide an overview of the best CV builders.
This article was produced as part of Ny BreakingPro’s Expert Insights channel, where we showcase the best and brightest minds in the technology sector today. The views expressed here are those of the author and do not necessarily represent those of Ny BreakingPro or Future plc. If you’re interested in contributing, you can read more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro