From education to employment

Cyber security needs a makeover if we are to meet skills demand

James Lane

With a new report showing the skills gap growing, James Lane, Sector Manager for Digital, Creative and Design at the educational charity NCFE, marks the end of National Cyber Security Awareness Month by explaining why the role needs a perception shift if we are to attract a more diverse workforce into the industry.

Uninspiring digital padlocks, symbols floating futuristically in mid-air, and shadowy hands skimming across darkened keyboards. A quick google image search on cyber security highlights the perception problem the industry faces.

Despite this, a workforce study released this last month by (ISC)² shows that the number of cyber security professionals around the globe has increased by more than 11% in the last year. Some countries, such as Japan, saw an increase of over 40% in that time.

Yet the skills gap is still growing, with an estimated shortage of 3.43 million cyber security professionals globally, up 25% this year alone, and demand continuing to outpace the supply of talent. The same report in 2021 highlighted that the global workforce needs to grow by 65% in order to effectively defend organisations from threats.

We can see that cyber security represents an industry in which people will not only find jobs (future proofed ones at that!) but will also have the opportunity to progress and develop their career. So, what’s the problem?

As a leader in technical and vocational learning, we not only have a deep understanding of skills demand and career prospects, but also of the barriers learners face when making decisions about their future and taking their formative steps in a new industry.

This is why I think perception can’t be ignored when it comes to cyber security.

Let’s start with the obvious one – gender. If you asked the general public what proportion of cyber security professionals are male, the answer would range around 90%, if not higher. As of last year, the actual proportion of women working in cyber security is almost a quarter (24%). This has increased from 11% back in 2017. 

In fact, according to the (ISC)² report in 2021, career prospects for females in this industry are excellent as a higher percentage of women are reaching leadership positions within cyber security than men. Even more proof, if it’s ever needed, that attracting a more diverse workforce is beneficial to the industry as whole.

A secondary stereotype, but not one that should be ignored, is what the on-the-job experience actually entails. If popular culture is to be believed, it’s either fending off real-time threats from Russian hackers or sitting in a dark room surrounded by energy drinks and takeaway containers.

In actual fact, a huge part of the role is proactive rather than reactive.

It’s finding new and more effective ways to protect an organisation. Cyber security is actually what I would class as a creative industry – not in the traditional sense of artists and authors, but there’s a poetry to cyber security that’s far from the binary thinking most people assume.

While it’s true the profession is suited to logical thinkers, often with a strength in maths, this is by no means the cliché that is so often represented.

Perception is incredibly important. Young people making decisions on their future are influenced by so many factors. From more traditional sources such as teachers, careers advisors and family, through to how they perceive a job role or industry from the media they consume.

While there has been heavy-handed attempts to subvert stereotypes – just think about the somewhat notorious government-backed advert depicting a ballet dancer who could retrain to work in cyber security – I do believe the overall sentiment was correct.

Next year will see the launch of the cyber security occupational specialism that will form part of the Digital T Level. The qualification is aimed at 16 to 19 year olds and is equivalent to three A Levels, with a focus on developing technical and vocational skills through a mix of classroom based learning and an industry placement.

I believe this represents an outstanding opportunity to attract a younger and more diverse workforce into the industry and create a talent pipeline.

With a significant part of the qualification a work placement, it will give students the chance to experience the cyber security workplace first hand. Importantly, as well as learning the job itself, this provides a window into what a career actually entails – far away from the tropes that surround cybersecurity and IT in general.

By James Lane, the Sector Manager for Digital, Creative and Design at the educational charity NCFE

James Lane is the Sector Manager for Digital, Creative and Design at the educational charity NCFE. He leads on sector representation and subject specialism support to ensure the voice of the sector is included in all areas of NCFE’s work. Having worked in the sector for many years before joining NCFE, James is passionate about inclusion, availability, and accessibility of these areas as well as the importance they lend to the employability and success of learners.

Related Articles