Cyber Security Skills and Employment Opportunities in the North East

Purpose

A lack of skilled cyber security professionals is often given as a reason for holding businesses back from growth. 

There is a disconnect within the North East region between the high number of students leaving university with cyber security qualifications (the region has two NCSC/EPRSC

recognised Academic Centres of Excellence in Cyber Security Research) and the lack of employable people in the region. Businesses are saying it is hard to find the right people; others are saying it’s hard to find a job. Whilst there is a huge global demand for skilled cyber security professionals there is a need to motivate more young people to think of cyber security as a career.

There are a lot of assumptions made about the reasons behind these issues but little evidence of what is really going on in the sector specific to the North East region.

A series of five events were held during February and March 2021 to look at the possible causes. The following section details the recommendations from this work:

Findings and Recommended Actions

No. Recommendation Action Who by
1 Continue to work to raise awareness of cyber security across the public and business community

 

1a Move the narrative away from fear and lack of understanding to an opportunity for good life and business management, along the lines of good security and risk management.
  1. A concerted effort to raise awareness of cyber security as a business and social risk issue rather than just a technical issue. This needs to reflect the position of relevant groups including:
  • National media
  • Local media
  • UKC3
  • Cyber Council
  • NCSC
  1. Business language or common usage language should be used, avoiding technical language wherever possible.
National & Local
1b Avoid cliches, such as teenage boys in hoodies in their bedroom, that portray the problem simplistically and encourage a narrow section of society to want to engage with the issues. National efforts need to portray a wider and more inclusive image of the sector.
  1. Encourage images and a narrative of a more inclusive and diverse industry
  • National media
  • Local media
  • UKC3
  • Cyber Council
  • NCSC
  1. Develop a loyalty free image archive
National & Local
1c Recognise the different players that go to support cyber security activities including the technical (avoidance, response, recovery), planning, communication, governance, risk compliance and learning/training spaces.
  1. Encourage a narrative of wider industry requirements 
  • National media
  • Local media
  • UKC3
  • Cyber Council
  • NCSC
National & Local
2 Raise awareness of the sector within prospective employees. 

 

2a The industry has many roles to offer and these need to be made attractive to prospective students and employees. Different hooks need to be identified and promoted. 
  1. Set up a working group of representatives from universities, colleges, schools and cyber security providers to improve understanding of the wider roles on offer and how to make them more attractive to students and employees.
  1. Encourage more work experience of differing roles for students 
  1. Provide group work experience, providing an opportunity for more students to understand the different roles.
  1. Online videos of different roles such as CyberNorth’s ‘In Conversation’.
  1. A day in the life of ‘live’ camera footage of the day’s work.
  1. Diary of a cyber security professional
Local
2b A focus is needed to downplay the difference between exciting (red) roles and dull (blue) roles. A holistic approach is required where all roles are of value and which encourages people with different skills and styles to want to work in the sector. 
  1. As 2a but include a balance view of how each role is necessary 
Local
2c There needs to be more opportunity for student placements in business, to give an insight into real working environments.
  1. Provide group work experience, providing an opportunity for more students to understand the different roles
  1. Work experience fairs where professionals come into a location and demonstrate their experience
  1. Create online work experience opportunities
Local
2d The role of cyber security in the business needs highlighting better to help students understand the differing risk appetites within business.
  1. Encourage more work experience of differing roles for students

 

  1. Provide group work experience to give students the opportunity to understand the different roles
  1. Online videos of different roles such as CyberNorth’s ‘In Conversation’
  1. A day in the life of ‘live’ camera footage of the day’s work.
  1. Diary of a cyber security professional
Local
2e Events should be held that demonstrate the wide range of skills required and opportunities available. For example, using projects that students can take under the supervision of a business partner, or practical experience in immersive labs.
  1. Provide group work experience to give students the opportunity to  understand the different roles.
  2. Work experience fairs where professionals come into a location and demonstrate their experience
  3. Online work experience
Local
2f There needs to be a recognition that not all technology is happening in technology companies and that most cyber security requirements are in consuming businesses. 
  1. Provide work experience of IT and cyber security in non-IT businesses.
  2. Demonstrate the role of technology, and therefore security, in general business situations
Local
3 Support the sector to help itself:

 

3a A better understanding of what cyber security is and the different roles in the sector should be developed and promoted, allowing people to understand the kinds of roles that would be attractive to them and to define their own career aspirations.
  1. Set up a working group of representatives from universities, colleges, schools and cyber security providers to improve understanding of the wider roles on offer and how to make them more attractive to students and employees.
  1. Encourage more work experience of differing roles for students

 

  1. Provide group work experience to give students the opportunity to understand the different roles
  1. Online videos of different roles such as CyberNorth’s ‘In Conversation’
  1. A day in the life of ‘live’ camera footage of the day’s work
  1. Diary of a cyber security professional
Local
3b Career roadmaps of existing cyber security specialists should be documented showing how they have arrived at the role they are doing, with skills and experience. The differing technical groups active in the region should help to develop this approach.
  1. Survey existing cyber security professionals to identify existing routes into the profession
  1. Compare these routes with other regions to identify any local issues
  1. Compare these routes with other professions and learn from their approaches
  1. Analyse this information by the different roles in cyber security
National & Local
3c A register of key people within the sector needs to be developed and maintained, such as subject matter experts in schools and colleges, recruitment and careers experts, relevant companies and trade bodies. This will allow individuals to know who to turn to when required and help the market to function better.
  1. Maintain a publicly accessible register of key individuals in the cyber security profession in the region, adhering to GDPR
Local
3d A culture of support should be engendered across all players in the sector, with all stakeholders committing some time and resource to help address skills and employee shortages. This needs to reflect how busy most companies are at present and the subsequent low bandwidth for training, especially in smaller businesses.
  1. Promote the work that is going on in this area more widely through social media, print media, local and national events
  1. Arrange specific events at schools fairs, cyber security events, career fairs, to highlight the opportunities
National & Local
3e The sector should work with central and regional government to support initiatives such as CyberFirst.
  1. Continue to develop the CyberNorth skills group and the range of tools at its disposal
  1. Involve the local technical groups, such as ISC2, ISACA and OWASP, in the work of this group
Local
3f The sector should review the language used to describe its work to avoid alienating potential students and employees. The use of red and blue teams may be a part of the problem.
  1. As 2a but include a balanced view of how each role is necessary 
Local
4 Promote recruitment pathways

 

4a The routes that people currently use to get into cyber security need to be better understood through more effective research and analysis
  1. Survey existing cyber security professionals to identify the academic and professional route used
  1. Identify ‘successful’ routes to employment
  1. Promote this information throughout stakeholders.
Local
4b Existing known pathways should be promoted better to gain a wider understanding, especially in businesses as well as with parents and carers, such as degrees, apprenticeships, T-levels. International promotion should be included. 
  1. Work to promote successful initiatives through social media, events and CyberNorth’s ‘ In Conversation’
  1. Compare these routes with other regions to identify any local issues
  1. Compare these routes with other professions to show students that they are not over specialising
  1. Analyse this information by the different roles in cyber security
Local
4c Encourage collaboration and joint initiatives, such as shared apprenticeships, project rotation, broader experience. Rotate apprentices through different projects to ensure a broader experience.
  1. Develop a shared apprenticeship programme around one apprenticeship provider
  1. Develop this to include other apprenticeship programme providers
  1. Include national apprenticeship bodies in the programme
National & Local
4d The level of skills on leaving college or university is not good enough, with unrealistic expectations.  Employers must realise that employees still need to grow. Higher education cannot deliver a fully rounded employee. Discussion of softer skills and wider business understanding needs to be included in engagement with potential employees
  1. Set up a working group of representatives from universities, colleges, schools and cyber security providers to improve understanding of the wider roles on offer and the softer and wider business skills required of the students.
Local
4e A culture of wanting to embrace new starters needs to be engendered, promoting that the cyber security sector is open for business. Courses have changed and people have different skills sets. Levels of experience and disclosure need to reflect risk.
  1. Set up a working group of representatives from universities, colleges, schools and cyber security providers to improve understanding of the requirements of each sector and how each sector works
  1. Encourage collaboration through initiatives such as a shared apprenticeship model
  1. Consider the development of a shared employee model, where an individual is shared with more than one company to manage the new starter overhead.
4f A generalist IT route needs to be promoted, retraining and re-skilling people who can demonstrate the necessary aptitude, interest and self-determination
  1. Survey existing cyber security professionals to identify the academic and professional route used
  1. Identify ‘successful’ routes to employment
  1. Promote this information throughout stakeholders.
National & Local
4g It is proving to be hard to recruit cyber security teachers. Teaching needs to be promoted as an option to both students and employees.
  1. Promote the opportunities in teaching better to cyber security professionals
  1. Encourage cyber security professionals to take sabbaticals or other time out to teach.
Local
5 Greater understanding and coordination

 

5a Continue to promote things that work well, such as placement years or sandwich courses, digital advisory boards, cyber clinics and the work of the North East Business Resilience Centre partnership.
  1. Work to promote successful initiatives through social media, events and CyberNorth’s ‘In Conversation’
  1. Arrange specific events at schools fairs, cyber security events, career fairs, to highlight the opportunities
  1. Involve the local technical groups in the work of this group.
Local
5b We need to recognise that  universities operate in a marketplace and need to attract students from a wide catchment area, both national and international. FE colleges, to a certain extent, are the same. They can only do this by providing relevant and interesting courses. 
  1. Set up a working group of representatives from universities, colleges and cyber security providers to improve understanding of the requirements of each sector and how each sector works.
Local
5c Local cyber security companies need to understand the different cultures of the universities and FE colleges and that they cannot address all issues in individual students. 

Regular dialogue needs to be had with the universities, FE colleges and students to ensure a balance between theoretical knowledge and practical application in the sector

  1. Set up a working group of representatives from universities, colleges and cyber security providers to improve understanding of each other’s objectives and requirements
  1. Identify areas of accord and discord along with a plan to address them
  1. Publish the outcomes of the working group meetings
Local
5d Thought should be given to a progressive qualification in cyber security, including practical experience, similar to that provided in other professions, such as accountancy. 

This will allow employers to understand the level that an employee is at in their knowledge and experience.

  1. This needs to be discussed at a national level with DFE and the Cyber Council, perhaps along the lines of DDaT.
National
5e Greater use needs to be made of the resources of the large vendors such as Cisco, Microsoft and AWS. These vendors are willing to help develop their markets via their local suppliers and coordination is required between them, the cyber security businesses and the learning sector.
  1. Engage with key vendors to check their appetite for supporting skills development initiatives and their expected level of involvement
  1. Hold a round table with relevant stakeholders to flush out ideas.
National & Local
5f A series of cyber security labs should be set up, using shared and rentable resources, where students and trainees can learn about different networks, hardware and operating software in an easily configurable environment without putting a businesses’ own systems at risk.
  1. Work with universities and colleges to identify possible physical resources
  1. Work with technical groups to identify training resources
  1. Develop a proposal as to how this would work.
Local

 

New post: Five new appointments for North East Tech Firm Excelpoint dynamonortheast.co.uk/five-ne…

Join our
mailing list