Apprenticeships are the answer to cybersecurity’s talent pipeline problem, say respondents to Infosecurity Europe’s latest poll

Mental health flagged as the priority issue for employers of remote workers 

Richmond, Surrey, UK, 09:00 hours, 28 January 2021 – Apprenticeships are the solution to attracting more young people into cybersecurity, according to 42.5% of respondents to a new Twitter poll run by Infosecurity Europe, Europe’s number one information security event. The poll set out to explore current issues around the skills shortage within the sector, particularly within the context of the pandemic. Responses also highlight the importance of proper support for remote workers – with more than a third (37.2%) believing that sustaining motivation and wellbeing is the greatest skills-related challenge faced by cybersecurity professionals right now.

The information security sector continues to suffer from a shortage of skilled professionals, with more than four million unfilled roles worldwide, according to the Enterprise Strategy Group (ESG) and the Information Systems Security Association (ISSA). Despite this, 35.9% of the respondents to Infosecurity Europe’s poll say their organisation currently has a hiring freeze on cybersecurity roles.

Attracting young people into the profession

Maxine Holt, Senior Research Director at Omdia, has a first-hand understanding of the benefits apprenticeships bring, by combining knowledge with experience. “After doing my BTEC in computer studies I got an apprenticeship, learning on the job while studying part-time for my degree,” she explains. “I also got to work in other parts of the business, which really helped me understand how they interacted with IT.”

“We can definitely do more to open up apprenticeships or internships that encourage people to see if information security is for them,” suggests Steve Wright, CISO of Privacy Culture and Former Interim DPO Bank of England, “but as a permanent measure we’ve got to look at what's going to attract people at the right age. I think more could be done to make it part of the school curriculum.”

Amar Singh, CEO/CISO of Cyber Management Alliance, agrees that the younger engagement starts, the better. “It helps to build national capability,” he says. “It’s a pipeline – you can't simply pick someone up and say ‘You’re now infosec’! That individual has to be trained and inspired from a young age. If they’re not, by the time they're 16 or 18 this becomes more difficult because they’re already established on another path.”

Behind apprenticeships in the poll was the need for a formal career path (27.1%), more role models/mentors (17.1%) and greater diversity (13.4%). Troy Hunt, Microsoft Regional Director and Founder of Have I Been Pwned, indicates the need for greater inclusiveness: “Technology in general is very male-dominated, and there’s a lot of women in particular feel excluded by that. There's also much more introverted behaviour, and – in my experience at least – obnoxious behaviour! We need to create an environment that people of all backgrounds want to be in; that removes the barriers making them reticent about joining the industry.”

The main skills-related challenges for remote workers

Keeping motivated and in good mental health during the pandemic could be particularly tough for new joiners. “We have people who’ve never physically stepped foot in their office, or met their colleagues,” says Paul McKay, Senior Analyst - Security and Risk, Forrester Research. “It’s also challenging for junior professionals not having support structures in terms of the mentorship and oversight of more senior folks, or being with peers of their own age who are all going through the same journey.”

Effective team-working skills was cited as a major challenge for remote workers by 26% of poll respondents. Steve Wright agrees: “To not engage in a social way is possibly one of the worst things that could happen to our species, because we’re designed to be with people and bounce off each other. We need to think about how we can better support each other and collaborate now we don't have that camaraderie in the office, to help make sure people still feel associated and included, and that they know you still care about them.”

What sums up your current recruitment strategy for new cybersecurity skills?

For those organisations not subject to a hiring freeze, recruiting internally was the top strategy (21.6%), followed by hiring from non-cyber roles (18%), both of which emphasise the importance of looking beyond the ‘obvious’ candidates and casting the net wider. “We’ve created the cyber skills crisis ourselves by not hiring people because they haven't got a degree, for example,” says Mark Nicholls, CISO of Chime Group. “There are so many good people out there, and we need to be more open. There are advantages to having diverse teams that represent the business you're trying to protect, and having non-security folks bringing different ideas to the table.”

Heidi Shey, Principal Analyst serving Security and Risk Professionals with Forrester Research, agrees: “We need to really expand our view, looking at non-traditional backgrounds for different types of roles. What is it you really need in terms of the skills? And what are the things you could train someone up to do? You're looking for that one candidate who has everything already, and that can really narrow down the field and make it more difficult to recruit.”

Nicole Mills, Exhibition Director at Infosecurity Group, comments: “No single action has yet proved effective at bridging the cybersecurity skills gap. What’s needed is a holistic approach that integrates early engagement and education opportunities, designed to attract and retain the next-generation infosec workforce, with strategies that enable great candidates to transition from other types of role. Importantly, our industry must resist the temptation to press ‘pause’ on recruitment, as many organisations have done in the face of budget cuts and uncertainty – if we do, there’s the risk that the skills gap becomes a chasm.”

The conference programme for this year’s Infosecurity Europe event (Olympia, Hammersmith, London, 8-10 June 2021) will feature a number of sessions dedicated to building cybersecurity skills and careers, including, on Day 3 (10 June):

  • Case Study: Building a Strong Team Culture to Improve Organisational Security & Help Overcome Skills Shortages. How team culture can help us build, develop, and retain talent. Includes Lightning Talks on Security Leadership in Times of Crisis; Mental Health and Resilience; Neurodiversity; Diversity and Inclusion
  • FutureSec Panel: How to Build a Successful Career in Information Security. Our panel of experienced information security experts will help attendees understand how to go from complete novice, to getting their first job, to reaching the top of the industry.

In addition, Infosecurity Magazine’s EMEA Spring Online summit (23 March 2021) will cover relevant topics including diversity, mental health for remote workers and next-gen infosec.

Infosecurity Europe has also interviewed its community of leaders about their own personal cybersecurity career journeys, and the strategies they believe will help build a strong talent pipeline for the future, for a series of videos and podcasts. We start with Troy Hunt, Microsoft Regional Director and Founder of Have I Been Pwned: you can check out his podcast here and his video here.

Drawing 2,934 responses, the Infosecurity Europe Twitter poll was conducted during the week of 18 January 2021.

Infosecurity Europe, now in its 25th year, takes place at Olympia, Hammersmith, London, from 8-10 June 2021. It brings together information security professionals attending from every segment of the industry, as well the leading industry suppliers showcasing their products and services, industry analysts, worldwide press and policy experts. Expert practitioners are lined up to take part in the free-to-attend conference, seminar and workshop programme. Find out more at https://www.infosecurityeurope.com

Read more press releases

Find out about exhibitors taking part in the event, business deals signed, sessions and speakers from the comprehensive events programme.