Mike Smit, head of enterprise and cybersecurity at Fujitsu UK, discusses the ongoing cyber skills gap and how it can be rectified.
Cybersecurity is a growing area that’s now critical for almost every industry, but there’s an ongoing shortage of people with the right skills. According to recent research from ISC2, the cybersecurity workforce needs to grow by an estimated 145pc to close the skills gap and help to better defend organisations worldwide.
To explore the issue further, I spoke to Fujitsu’s head of enterprise and cybersecurity for the UK, Mike Smit, about what’s being done there and why it’s important to invest in future talent.
‘Harnessing the careers of younger people will be pivotal in closing the skills gap’
– MIKE SMIT
What is the current state of the cyber skills gap?
The cyber skills gap has become too large for organisations to ignore with a reported 4m unfilled positions, according to a recent cybersecurity workforce study. This is particularly concerning given the risk that cybersecurity incidents and data loss pose to the economy.
The longer there is a skills gap, the more pronounced it will get; several high-profile data breaches show that no organisation is safe from being targeted. And the more pronounced it gets, the more it becomes clear that new approaches to talent creation need to be considered.
There is a shared responsibility for government, academia, law enforcement and business to play a part in talent identification and to work collectively to provide different pathways for students who may not ordinarily be pursuing the traditional education route. Ultimately, through collaboration, organisations can help to reduce the skills gap.
Why is there such a gap in cybersecurity talent?
Technology now moves at such a fast pace that many organisations are struggling to keep up. With this rapid pace of change, a new, diverse and creative wave of cyberattackers have also begun to surface. In the long run, businesses need to invest in the next generation of talent, ensuring they have diverse teams that are able to think differently when it comes to defending the organisation.
Yet short-term investments also need to be made. One of the best ways for organisations to deal with the added pressures that come from the shortage of talent is to look to expert providers and new technologies.
Security orchestration, automation and response (SOAR) is one example of how innovation can help by tackling the smaller issues, while also alerting the security team about the more serious threats.
From there, qualified professionals can address the most important cybersecurity breaches and ensure that the organisation is able to cope with any strains they are facing amid the talent crisis.
Is there anything Fujitsu is doing to help address the issue?
Fujitsu has worked on several initiatives to help address the imbalance in cybersecurity skills, a lot of which are directed towards the next generation of cyber talent.
For example, in 2018 we worked with the University Technical Colleges across England to launch the UTC Cybersecurity Group, with the aim of helping 14 to 19-year-olds prepare for the jobs that they will be required for in future.
More recently, we partnered with two Welsh colleges alongside Admiral and Thales to help forge new routes into technology careers for the next generation.
Our approach is to collaborate with educators and other companies to ensure that the talent of tomorrow is getting as much support as they need. It’s a long-term strategy that should ultimately increase the talent pool for future generations.
Why is it important that we introduce cybersecurity knowledge at a young age?
When looking to address the cybersecurity skills gap, one of the most important investments to consider is in developing future talent. Yet this isn’t something that can be solved overnight. All organisations must work together to look at closing the skills gap by ensuring that children are fully educated on the benefits and rewards of following a career in cybersecurity.
This can be helped by providing different opportunities to students, be that by apprenticeships, graduate schemes or degree apprenticeships. Another way interest could be piqued early on is through helping educators to harness the latest tools and technology to enable teachers to train the future workforce in a relevant way.
Ultimately, this all needs to be done to develop the right skills for the future at a young age.
It is also worth considering that even if young people do not ultimately pursue careers in cybersecurity, they need to have an awareness of the cyber risks they face as every single one of us has a part to play in keeping our organisations safe.
This next generation of digital natives expect to be able to interact with technology and, as technology becomes more a part of our everyday lives, they will need to know how to play their part in keeping their society secure.
What advice do you have for cybersecurity organisations seeking staff members with the right skills?
Hiring for skills is now more expensive than ever. Yet paying salary premiums for rare skills that are only in demand for a short period of time is unlikely to be a winning strategy. Instead, organisations should act boldly in integrating digital dexterity competencies with skill-specific learning programmes.
Continued investment in cybersecurity education is important, not only when taking on new staff but also for ensuring that the business is always protected. The technology landscape is ever-changing, therefore it is important for employees throughout an organisation to be exercising best practice at all times.