(01/10/23) Blog 274 – We want you!

The message is clear – The CyberSecurity workforce is in desperate need of fresh skills – The industry needs thousands of skilled people to help protect the networks and systems we rely upon for everyday, modern life.

A recent report by (ISC)² has estimated that in 2022, the global cybersecurity workforce stood at around 4.7 million people, and whilst the figure was an 11% increase over the previous year, the gap between what we have and what we need had more than doubled in the same time – A figure of 26% has been placed on the workforce gap.

2022 cybersecurity workforce gap figures – (ISC)²

It isnt just the cyber industry that is saying they need more people – nearly 70% of organisations surveyed say that they feel that their organisation doesn’t have enough cybersecurity staff to properly defend their systems.

Across the board – nearly every business vertical is crying out for skilled workers, but the ones which seem to be the most in need are the aerospace, government, education, insurance and transportation sectors.

More than half of employees at organisations with workforce shortages feel that staff deficits put their organization at a “moderate” or “extreme” risk of cyberattack.

Unfortunately, the full picture isn’t just that the industry is struggling to attract new blood, its also the case that the industry has a proportionally higher rate of churn of existing talent.

In the (ISC)² survey, 33% of organisations surveys said that the organisation is struggling to keep up with turnover / attrition, 31% claiming that the company doesn’t pay a competitive salary, and 16% of companies with no plans for back-filling security roles.

It’s not just the findings of the ISC that show the industry as a whole is in a bad way. A recent report by the Information Systems Audit and Control Association (ISACA) tells a similar story.

The State of cybersecurity 2022: Global update on Workforce Efforts, Resources and Cyberoperations shows that 60% of those surveyed reported difficulties retaining qualified cybersecurity professionals – An increase of 8% over the previous year.

62% of companies reported having understaffed cybersecurity teams, and one in five companies said that it takes more than six months to find suitable, qualified candidates to fill vacancies.

The top factors hiring managers use to determine whether a candidate is qualified are:

• Prior hands-on cybersecurity experience (73%)
• Appropriate cyber security credentials (36%)
• Hands-on training (25%)

The top reasons that cybersecurity professionals are leaving their jobs include:

• Recruited by other companies (59%)
• Poor financial incentives in terms of salary or bonus (48%)
• Limited promotion and development opportunities (47%)
• High work stress levels (45%)
• Lack of management support (34%)

When looking for good cybersecurity professionals, approximately 54% of survey respondents said that when they find a suitably qualified technical person, they lack in other areas such as soft skills, with the important skills being communication (57%), Critical thinking (56%), and Problem solving (49%).

Military skills are a good fit

A large number of organisations are looking to ex-military members to fill their cybersecurity roles, the reason being that former military staff have very transferable skills, are typically excellent in their soft-skills capabilities, and are very quick to pick-up new skills.

But not always the best

Diversity is paramount with cybersecurity – If everyone approaches a problem with the same mind-set, you only ever get the same solutions, and in the world of cybersecurity – adversaries are very good at thinking out of the box, and coming up with new approaches to attacking a system.

To counter these novel attacks, we need a wide range of skills from all backgrounds.

NCSC CyberFirst

In the UK, for the last seven years, The NCSC has funded and supported the CyberFirst program of training.

The program showcases the diverse world of cyber to a vast age range of students, with the aim of inspiring and educating young people in the hope that they might choose a career in cyber as the get older.

The program has a number of carefully selected age-appropriate activities, presentations, and key-note speeches and so far has reached thousands of bright, young minds – many of which have returned to the different events as they progress through their schooling.

CyberFirst Trailblazers

CyberFirst Trailblazers is a free half day event created for Year 8 (England and Wales), Year 9 (NI) and S2 (Scotland) students.

This is the first in a series of CyberFirst events which will start each student on the exciting path of considering which GCSE’s they will take and how Computer Science can play a key role in future career prospects.

 An accompanying parent or guardian is welcome to attend for a specifically designed talk and some light refreshments. The event comprises of:

• Go Create – Learn the basics of how to customise a website and generate enthusiasm to contribute to the World Wide Web.
• Digital Detective – Use digital forensics to identify the first person who has contracted a disease and learn how open source intelligence can lead to finding out more information about this person.
• Creative Computing – Look into how creative design, arts and technology work together. Take a closer view on how the media industry and advertising combine these elements while having the chance in teams to create your own advert sequence using stop motion.

CyberFirst Adventurers

CyberFirst Adventurers is a free half day event created for Year 9 (England and Wales), Year 10 (NI) and S3 (Scotland) students.

This is the second in a series of events which has been created, to highlight the varied roles and jobs that both exist and involve technology in the workplace. The course is aimed at students who have not yet made their GCSE choices, so that they get the opportunity to see how studying computer science could potentially augment and enhance their future career paths.

An accompanying parent or guardian is welcome to attend for a specifically designed talk and some light refreshments. The event comprises of:

• The Data Games – Understand and use big data to create the perfect team using a set of sports results, compare with others and learn the interpretation of data.
• Crack the Code – Against the clock you will work within teams to unlock various devices, during this you will get a taste of cryptography, language analysis and understand some cyber security terms. But don’t be distracted as the timer won’t stop until you Crack the Code.
• Engineering – 3D printers have started to revolutionise the engineering industry, have a look into how technology and engineering fit together and move into the future in partnership. Have the chance to create your very own model using 3D design software.

CyberFirst Defenders

A free course aimed at 14 to 15 year-olds. The course is a valuable introduction on how to build and protect small networks and personal devices. It helps increase your awareness of cyber security, whilst also equipping you with a set of relevant practical skills you can apply in your own life.

Then we go a step further to help you visualise yourself in a cyber security career, guiding you to the technology-related qualifications you’ll need.

On our CyberFirst Defenders courses, you’ll learn about:

• Identifying the source and impact of common cyber security threats
• Defining and applying first-line cyber defences
• Constructing, configuring and securing a home network
• Taking steps to manage personal digital footprints

CyberFirst Futures

A free course aimed at 15 to 16 year-olds. Here, you’ll explore advanced cyber security threats to devices, apps and software, then discover ways to prevent them.

The course is an insight into not just the method but the motivation for cyber threat. You’ll explore legislation, study typical behaviours of likely cyber attackers, and apply your understanding of how to protect networks. You’ll even learn to secure personal devices too – and how to do it for the businesses you could work for in the future.

Students on the CyberFirst Futures course will cover:

• Exploring the motivations for cyber attacks
• How to protect yourself from cyber attacks
• Developing knowledge and understanding of networks
• How to protect a network from attack
• How to make resources available and secure to others

CyberFirst Advanced

A free five-day residential and online course aimed at 16 to 17 year-olds.

On this course, you’ll hone the skills and behaviours you need to enter the cyber security or computing workplace for real. The course is designed to expand the knowledge of students already studying computer science or who have an interest and aptitude for computers.

You’ll gain Advanced skills in some of the key areas of cyber security, notably:

• Implementing digital forensics
• Understanding encryption technologies
• Using open source intelligence techniques
• Penetration testing

CyberFirst CyberSprinters

CyberSprinters resources make learning about cyber security fun and interactive at a time when children might begin to seek more independence online.

Includes:

1. Digital resource:
   • Online game
2. Practitioner resources:
   • Three lesson plans with associated activities
   • Practitioner guidance, including curriculum mapping for all four UK nations
3. Home resources:
   • Puzzles and activities to solve at home with support from parents or carers 

CyberFirst Navigators

Interactive learning resources highlighting common cyber scams and malicious activity that a pre-teen and teenage internet-user may come across, to make learning about cyber security relevant and engaging.

Resources include:

1. Digital resource:
   • Interactive film
2. Practitioner resources:
   • Three lesson plans with associated activities
   • Practitioner guidance, including curriculum mapping for all four UK nations

CyberFirst Bursary & Academy

A CyberFirst Bursary offers undergraduates £4,000 per year financial assistance and paid cybersecurity training each summer to help kick start their career in cyber.

TO qualify for the bursary scheme, students need to have (or expect to have) 3 ‘A’ levels in any subject at Grade B or above (or equivalent) and have an offer (or be applying) to study an Undergraduate Degree or Integrated Masters in any subject at a UK University from September 2024.

OR:

Already be studying an Undergraduate Degree or Integrated Masters in any subject at a UK University, with a minimum of 2 years of full time study remaining from September 2024 and have (or expect to have) attained a minimum 2:1 equivalent at the end of academic year 2023/24.

The CyberFirst Academy offers students an 8 week intensive experience of the world of cyber – covering topics such as operating systems, cloud technologies, programming, ethical hacking, the world of IoT, networking, big data, as well as those vital soft-skills such as C.V. writing, presentation skills, and interview techniques.

Delivered by world-class instructors, and augmented by industry leading key-note speeches, the Academy is a huge opportunity to kick-start a career in cyber.

CyberFirst Girls competition

The CyberFirst Girls Competition aims to inspire girls interested in technology to pursue a career in cyber security.

The competition is a team event. Each team – consisting of up to four girls in Year 8 (England and Wales), S2 (Scotland) or Year 9 (Northern Ireland) – tackle challenges from cryptography and logic to artificial intelligence and networking for the chance to be crowned cyber security champions.

The content for each category of the competition is consistent with subjects within the Computer Science syllabus from both the National Curriculum and Scotland’s Curriculum for Excellence.

However, the competition will contain some advanced cyber topics that are not covered in traditional education but will seek to stretch the lateral thinking and additional cyber knowledge of the teams.

Every girl from the winning teams will take a brand-new laptop home, and have a chance to win prize money for their school.