teissTalk Host Geoff White was joined by Danny Dresner, Professor of Cyber Security, University of Manchester; Jay Jay Davey, Cyber Security | Ethical Hacker & Blue Team expert, Nox Cyber and Amanda Finch, CEO, Chartered Institute of Information Security
The role of universities
As, thanks to Covid, universities had no choice but to launch online courses, the number of IT students studying cybersecurity has increased. In all likelihood, online learning is here to stay for the next academic year in a blended learning format, which may give universities further opportunities to find ways of admitting more IT undergraduates than in previous years. The upside for students is that the necessity to find their feet in a mixed physical and online environment will prepare them for what they will encounter in their future jobs.
The statistic indicating that about two-thirds of students on cybersecurity courses progress to an entry-level job in IT may sound underwhelming, but it, more or less, mirrors the make-up of a cohort on any university course, with top students giving it all right from the beginning of the course visiting conferences and keeping up with the latest trends of the industry, while the majority’s main focus is to meet course requirements.
Universities need to ensure that apart from pure academic performance, they also recognise and nurture students with the right attitude and keenness for the subject.
How standardisation can help the job mature
The Chartered Institute of Information Security (CIISec) founded in 2006 to address “the problem of how to recognise a competent information security practitioner,” is also a witness to how the importance of cyber security increased in the past 15 years.
CIISec has always gone out of its way to accredit people not just for their certified knowledge but their skills too, as well as to assist people with the right aptitude and approach to build a career in cyber security. It is agnostic in terms of members background, recognising training courses and university degrees alike and offering associate status to those joining straight away.
Another organisation set up to boost career opportunities and professional standards is the new UK Cyber Security Council. The independent organisation has been set up to bring the cyber security industry into line with other professions such as law, medicine and engineering. Its chair is Doctor Claudia Natanson, a reputed cyber security transformation specialist, whose previous roles both with major companies and government, as well as her track record of inspiring people to start a career in cyber security are guarantees for CSC’s efficiency in supporting the sector.
It seems that the cyber security skills gap isn’t helped by current hiring practices either. Job adverts are often overwritten and sound more daunting than they should. To find the most suitable applicant for the job, cyber security roles, being very diverse, should be seen as a mix of the full spectrum of IT and non-technical skills tailored to a particular position. For designing well-defined job titles and descriptions, the framework of the National Institute of Standards and Technology (NIST) listing 52 roles divided into 7 main categories (securely provision, operate & maintain, oversee & govern, protect & defend, analyse, operate & collect, investigate) can serve as a great tool.
What IT talents can do to ensure getting hired
Job seekers also need to be proactive to secure a job for themselves in the cybersecurity sector, especially if they don’t possess the necessary degrees and certificates that will automatically open career doors for them. For those having the passion and the oft-self-taught skills that a job requires, it is essential that they find the right hiring manager during the recruitment process who, rather than just ticking boxes, can have a full understanding of their skills.
Although thanks to organisations such as the CIISec and the Cyber Security Council, cyber security practitioners have increasingly better resources available to manage their personal professional development, it is important for them to be aware of the qualifications most frequently required in job adverts for the type of roles they are after (CNNA, Network+. ATS Academy).
Good communication skills and empathy are often regarded as additional, nice-to-have abilities for cybersecurity experts. However, they should be seen as core capabilities, especially in customer-facing positions. As the development of these skills don’t get too much focus in training programmes, they often need to be acquired on the job, sometimes the hard way. However, this may soon change as business and cybersecurity education experts increasingly realise the impact these non-technical skills have on efficiency.