Security professionals have long decried the lack of computing graduates with information security skills and our recent Global Workforce Survey confirms that a primary cause of the talent shortage is a lack of qualified people.
The study highlighted some of the subtle ways this skills shortage is impacting business, from a sharp rise in security outsourcing, to the increasing ‘churn rate’ of cyber professionals (one in five changed jobs last year) and lengthening remediation times following security breaches. Another area of concern is the rise in the average age of cyber security professionals rising. This greying of the workforce is partly due to the lack of new candidates hired over the last 20 years.
Britain’s universities and academic accreditation bodies have been proactively working with the cyber security industry to address these concerns. In June this year, it was announced that cyber security is to become a core component of UK computing degrees. This announcement followed the inclusion of the first cyber security teaching guidelines in the accreditation criteria of the British Computer Society (BCS), the Chartered Institute for IT, which accredits computing degrees at 98 universities.
These new academic offerings were the outcome of a long-term collaboration between industry professionals, academics and government departments to produce a set of teaching guidelines that place the most in-demand cyber security skills - and the latest industry expertise - at the heart of UK computing courses.
If the guidelines are implemented across all BCS-accredited universities, 20,000 computing graduates could leave our universities every year with cyber security skills and awareness.
This exciting development now offers information security employers a new opportunity to proactively work with universities to build relationships with undergraduates from an early stage and grow their talent pipelines.
Employers could offer to mentor computing students who show early promise, or deliver guest lectures on the latest cyber security topics. Cyber security companies could also help put together ‘summer cyber camps’ such as those developed by Cyber Security Challenge UK to help students network with employers and beef up their CVs over the holidays through competitions. Employers could offer undergraduate work placements to give students a taste of the industry and practical work experience to accompany their CVs. Another idea is to set up cybersecurity advice clinics on university campuses similar to the law clinics run by law schools.
The University of Sunderland, an early pioneer of this approach, invites cyber security employers on to campus to deliver lectures featuring case studies of famous cyber-attacks and their real-world business impact. impacts. And the University is now set to establish a revolutionary ‘cyber clinic’ where information security employers will be invited to offer professional advice to students. The University of Sunderland’s approach has successfully enthused its students in cyber security. In fact, many of its computing graduates now work for leading information security companies and government agencies. By 2016, 85 Final final year students will take the University’s new final year cyber security module.
These kinds of mentoring, advice and work experience partnerships enables cyber-security employers to form relationships with students early in their education. means Ultimately, short-staffed companies with information security staff shortages could work with universities to identify and incubate their own future workforce at the undergraduate level.
With a predicted global shortfall of 1.5 million information security workers by 2020, there is now a real incentive for this to happen.
Dr Adrian Davis, European MD (ISC)²