Jonathan Stock, Information Security Recruitment Consultant, IntaPeople gives his insight on why there is such a significant cybersecurity skills shortage in the UK.
According to a recent global study of employer demand for cybersecurity expertise, the UK was identified as the second worst in the world. Employer demand outweighed candidate interest by more than a third, with only 31% of the cybersecurity jobs posted being searched for by candidates. There were more jobs posted than other countries but the research shows there simply are not the candidates to fill them. So what are the issues creating this skills shortage?
Diamonds in the rough
Clients are looking for the finished article instead of looking for the diamond in the rough. Job specifications are a shopping list of everything they want a candidate to be; from hard to soft skills, it’s a comprehensive list of everything they could possibly have/need for the role. Just looking through this can be daunting, no wonder there are less applications. If the candidate does have everything the job specification mentions why would they move to a similar job, they want to develop in their career? Companies need to reassess what they actually need and make sure they are looking for a diamond in the rough.
Would you prefer a candidate to be an expert, get bored within a few months and look to move on, or would you want someone slightly more junior with a passion to develop further, who you can mould? Junior candidates might not be able to hit the ground running, fixing everything possible, but what they will do is show a loyalty to the company for giving them a chance to develop. I saw a recent Tweet which stated “I think it’s interesting that UK is expecting cybersecurity experts hold some form of PHD successfully eliminating 90% of its hacking talents”. This highlights how companies are looking for that unicorn but also how candidates are becoming disillusioned with the current recruitment processes within the cybersecurity sector in the UK.
Talent conveyor belts
The top roles in the sector have less potential candidates available. The best way to solve a skills shortage is to promote from within, creating a conveyor belt of talent. If you are looking for a Senior Malware Analyst is there someone internally who could make the step up; maybe a SOC analyst who has a background in development, or maybe a software engineer with a passion for security? By promoting you can then look to replace these with people at the start of their career who are looking to develop within a company. This creates a culture where employees are rewarded for dedication and loyalty rather than having them seeking new roles every couple of years.
Graduates, graduates everywhere
Within the UK there are more graduates looking to get into the cybersecurity industry. A recent event at the University of South Wales gave the current students an insight into the industry and what employers look for in their graduates. There was approximately 100 students, all eager to get into cybersecurity companies either as their first job, on graduate schemes or on apprenticeships. This is one university, so across the country there is an abundance of talent looking to get into their first role. These graduates won’t have used all the technology and they won’t have all the commercial experience required for the role, however they will have a passion to learn, to develop and then you have a talent you can mould to fit your company.
Think outside the box
Candidates may have become disengaged with traditional recruitment methods, and after applying for 10 roles and not having feedback they have become disillusioned. Therefore it is essential for companies to go out and become Inspector Gadget, seeking out talent in different areas; whether that is social media, networking events or hacking challenges. Candidates who might not work in cybersecurity, might like hacking as a hobby. Do you think they would be offered a role as an Ethical Hacker within a corporate environment or would they be left out of the process because they have not got the right ‘key skills’ listed within their CV on the job boards? Recently there have been companies like the Cyber Security Challenge UK creating competitions for candidates, maybe the skill set you are looking for can be found here rather than in the traditional methods of recruitment.
It is clear from the research that there is a skills shortage within the UK cybersecurity sector, there are less ‘star’ candidates applying for roles but the best way to combat this is to reassess your recruitment strategy. There are more and more avenues for sourcing candidates, and companies have to engage with non-traditional recruitment methods, or use someone who knows about them, to help them bridge the gap. Ultimately, the talent is available, it is just about knowing where to look.
About the author
Jonathan Stock is an Information Security Recruitment Consultant for IntaPeople. Jonathan Stock contributes to several cybersecurity online magazines, is a member of the UK Cyber Security Cluster and an event co-ordinator.
Find Jonathan Stock on Twitter @JonathanStock86.
Want to meet Jonathan?
IntaPeople will be exhibiting at Infosecurity Europe, stand L62, located within the Discovery Zone upstairs. Jonathan will be running an interactive social engineering challenge on the stand asking delegates to review a mock workstation, identify the clues and use them to login to a locked computer.