With studies showing that “Almost half (47%) of cyber firms have faced problems with technical cyber security skills gaps” according to the UK Government 2021 Cyber Security Skills in the UK Labour Market report, it’s to be expected that there is a wider skills shortage within cyber & information security roles across the industry.

In such a fast-moving sector it is always going to be a challenge for businesses to have a complete understanding of the skills and qualifications their staff are going to need in the future.

Skills and experience hold value, and that is going to be a key element of being able to inform potential customers and grow cyber businesses across the region.  The value associated with particular skills doesn’t just relate to length of service in the industry or how many qualifications someone has.  We must be looking at the potential benefit to clients of three key skills areas:

Technical skills – right across the industry there are issues in getting qualified staff (they are in short supply) to ensure client confidence.  This can be a real challenge when growing your business and team as often the most experienced within the team are thinly spread which leaves less time for developing future talent.  Adding to this it is often found that niche technical skills around architecture, engineering and pen-testing are lacking and really only can be developed with experience.  One question many clients will ask is “what’s next?” when it comes to cyber threats and this simple question highlights a third technical skills void in experience of evolving threats and mapping out what this means for businesses.

Response skills – this is the area where lived experience of cyber incidents is central to a skilled professional.  Often no amount of training can prepare people regarding how it really is to respond to a cyber-attack as it happens, so finding those who have worked on a variety of incidents can be challenging.  This issue compounds an already challenging human resources issue in cyber security as it makes hard to fill roles harder to fill.  This also means that these candidates who have desirable hands-on experience will be in high demand and may well be out of reach in terms of remuneration for smaller and evolving cyber businesses.

Governance skills – the landscape around this area of cyber security has changed significantly as the way organisations operate has evolved.  In the last two years as our working styles changed in response to the COVID-19 pandemic and they look set to remain changed.  This presents a greater need for governance around remote working, device usage, cloud access and password controls – the challenges this presents all organisations should not be underestimated, but for larger businesses the risks in not having skilled and experienced input could lead to significant damage now that controls are less centralised.  Environmental, Social and Governance focus within businesses is a further area where we see an impact on what skills are needed – as data and information management become more of a social responsibility topic, experience of how to manage this under the cyber umbrella is much needed.

Working within the cyber sector it is our responsibility to develop these skills areas within our businesses and ensure that we pay this forward to each other and our customers.  The more skill, knowledge and understanding there is in the industry and wider business community, the more protected we all are.

Qualifications go some way towards ensuring that there is a baseline of skills and therefore it’s important to ensure that what is being offered in further and higher education is relevant to the need, and there are many organisations doing great things in this space such as the UK Cyber Security Council, DCMS, NCSC and UKC3.

At a regional level there is much that we can be doing to take advantage of the national initiatives and also foster growth within the East.  Some of the areas for focus and collaboration are:

·       Working with apprenticeships to bring new talent in early in their career

·       Partner with colleges and universities for graduate paths to ensure there are career opportunities within the region upon graduation

·       Coming together as suppliers to work on building awareness of the need, whether this be through events or advocacy within the region

·       Investing in CPD and keeping skills within our regional ecosystem when possible

·       Build a network amongst us to ensure we widen the talent pool aware of our regions opportunities in cyber roles

Cyber skills growth is a challenge we cannot ignore, we can begin by looking at what we do have and ensuring that we leverage that to our best advantage through mentoring and in role training. If you are keen to work with us in building cyber skills across the East then get in touch to discuss how we could be working together.