Article

How to make cybersecurity a more attractive career

Offering more opportunities to gain the relevant expertise and a greater understanding of what a career in cybersecurity entails could go a long way to closing the skills gap

By Tim Ferguson

Thu 25 Oct 2018 @ 16:00

The cybersecurity profession is suffering from a skills crisis. But this is hardly news. Security teams are being overstretched by a lack of qualified people to recruit and a shortage of expertise in key areas.

The non-profit group ISACA predicts that by 2019, there will be a global shortage of two million cybersecurity experts. And (ISC)2 recently reported that the global cybersecurity skills gap already stands at close to three million, with 63 per cent of businesses lacking the cybersecurity skills needed to adequately protect themselves from threats.

As cybercriminals get more tenacious and the methods they use become increasingly sophisticated, this situation will become untenable. If businesses are going to successfully defend themselves against the growing number of cybersecurity threats they need analysts to protect them.

Careers in cybersecurity need to be made more attractive for both future talent and for people currently operating in the industry. So how can this be done?

A good start is by making a career in security something that people can aspire to rather than fall into after qualifying and working in a more general field of IT. One way to do this is to encourage the development of comprehensive academic qualifications in cybersecurity. This is already taking place, with a number of universities now offering degrees that focus on cybersecurity.

In the UK, Warwick University now offers a BSc in cybersecurity, while Royal Holloway, University of London has a BSc in Computer Science (Information Security). Both degrees are certified by the National Cyber Security Centre (NCSC). There are also numerous Masters-level courses certified by NCSC at a range of universities that provide the skills and expertise that are so badly needed.

In the US, the University of West Florida added a bachelor’s degree in in cybersecurity three years after launching its BSc in computing and information sciences, with a specialisation in cybersecurity. Only 21 students took the computer science degree In the first year it was offered. Today around 180 students major in cybersecurity at the university, which has been designated as a National Centre of Academic Excellence in Cyber Defence by the National Security Agency (NSA) and Department of Homeland Security.

According to Brian Goeker, division chief for the NSA College of Cyber, academic institutions with the centre of academic excellence designation are “uniquely positioned to equip students with the knowledge and skills required to defend against current and future cyberthreats".

As the introduction (and certification) of these degrees shows, cybersecurity has grown beyond computer science to become a subject in its own right, with significant uptake from students.

This presents an opportunity for the cybersecurity industry to play a role in boosting the number of qualified professionals. Security companies can support degrees by sharing expertise and training material to help provide students with knowledge and insights from the cutting edge.

The industry can also offers more apprenticeships to encourage people into the industry. This would help junior staff members to understand the importance of cybersecurity and how they can forge successful careers in this area - whether it’s developing new technology or implementing cybersecurity defences in organisations.

Making the cybersecurity team more visible in organisations should also help make the career more attractive. If other employees know who their cybersecurity team is and understand the important role they play, they are more likely to engage with them, rather than just see them as people who send emails when a security issue emerges. Making cybersecurity a more valued part of the organisation can help make it a career that more people consider.

Another major factor is pay. According to salary data provider PayScale, the average salary of a cybersecurity engineer in the UK is £27,580, while a cybersecurity analyst averages £30,806, the same as software developers but less than the £38,751 achieved by IT managers.

Given the value of what cybersecurity professionals do in protecting organisations, better financial packages would be a fairer reflection of the importance of their role, and would clearly attract more people to the industry.

The industry also needs to be more effective in promoting what a career in cybersecurity can offer. With the volume, type and sophistication of threats growing all the time, a career in cybersecurity offers huge growth potential and opportunity to continually learn and specialise. The industry also offers variety and a chance to work on emerging technologies such as artificial intelligence, robotics, machine learning and the Internet of Things.

Finally, cybersecurity is a career that has real impact, defending and protecting everything from corporate networks and shops to critical national infrastructure and life-saving medical devices.

If there are more opportunities to learn the skills needed, a greater understanding of what a career in cybersecurity entails, and a wider appreciation of how crucial cybersecurity is in the modern world, the appeal of career in cybersecurity will grow.