Half of UK businesses have a basic cybersecurity skills gap, and the sector needs to hire 21,600 people a year to meet demand. These are huge numbers that carry a clear warning: we need to diversify the cybersecurity workforce and look for soft skills during the recruitment process.
So it was great to see that the recently published McPartland report highlights the need for diverse cyber skills to protect the UK’s critical IT infrastructure and drive economic growth. It also reflects my view that we need to prioritise skills and training to retain employees.
If significant action is not taken now, the cyber skills gap could narrow further and undermine the country's cyber resilience.
CEO and co-founder of CAPSLOCK.
Discovering what makes a great cyber employee
Having worked in the technology landscape for over 30 years, it’s abundantly clear that the image of what makes a “good” cyber candidate has barely changed. That’s because one of the biggest challenges facing recruiters and hiring managers in the cyber industry is a lack of knowledge about what skills make a great cyber employee for today’s threat landscape.
There are multiple roles in the cyber space. Some are highly technical, others are not. But cyber professionals do not work in isolation, and technical skills, while valuable, must be applied in a team environment and to problems that may look different to different people at different times.
Organisations need to be more inclusive when hiring, recognising “soft” or “impact” skills to encourage those without a traditional cyber background to enter the profession. There are a range of core skills required beyond technical prowess, including communication, problem-solving and creative thinking.
Hiring managers should look to recruit people with potential, enthusiasm and strong transferable skills to open up cyber-related learning or reskilling opportunities. In doing so, they help to broaden the talent pool and, over time, begin to close the skills gap by fostering the diverse talent needed to address increasingly complex threats.
Looking beyond traditional recruitment channels
Another major obstacle to creating a diverse cyber workforce is that people are afraid of change, even if it is for the better. They want to continue doing things the same way: recruiting from the same pool of people who have the same training and qualifications.
Reviewing the CVs of individuals who hold university degrees in cybersecurity or complementary disciplines such as computer science will and should continue to be common practice when recruiting for cyber positions.
However, the recruitment process should also include those with experience over qualifications and, as I mentioned, soft skills. For example, you might consider welcoming career changers as cyber apprentices who can bring valuable transferable skills and experience from other industry backgrounds.
Selection is often done by asking for competencies in a list of known cyber tools or through a similar long list of industry certifications. Sometimes it is not clear what skills are needed and (as we know) this puts women off, especially if they do not have everything on the list. The UK careers framework needs to be simplified and standardised in line with the UK Cyber Security Council framework. This will significantly improve the way companies advertise roles and help employees understand career progression paths. Current job descriptions often contain unrealistic requirements and mix different specialisations. By adopting a recognised common framework, people will be able to navigate their careers more effectively.
Bringing in cybersecurity talent allows organizations to invest in their talent pool and shape the future. By offering on-the-job training and mentoring opportunities, they can build a diverse group of professionals well-prepared to face future threats.
Diversity as a cornerstone of resilience
By looking beyond traditional talent acquisition avenues, hiring managers can help make the cyber workforce more flexible and break away from the “old boys” demographic view of careers. This allows them to hire people from different backgrounds, experiences and characteristics, such as gender, ethnicity, age, sexuality, education and socioeconomic background.
Bringing in more diverse talent, including those from underrepresented demographics, is important for several reasons. First, it ensures that there are more role models to encourage more underrepresented candidates to join the talent pool. Second, diversity encourages more viewpoints to be considered, which is important for building resilience in the function.
Traditional cybersecurity teams, typically comprised of white, middle-class men, present a significant vulnerability for organizations. When everyone on a team approaches problems from the same perspective, blind spots are more likely to emerge.
People from different backgrounds bring unique experiences, thought processes, and problem-solving approaches. These broader perspectives allow teams to identify vulnerabilities from different angles, stay one step ahead of attackers, and develop more complex defense strategies.
Furthermore, technologies such as generative AI are giving rise to a new wave of threats for organisations. Hiring managers cannot afford to have the same employees, but need diverse minds with varied experiences to approach new problems in creative, critical and different ways to meet ever-evolving threats.
It is necessary to act now
A big catalyst for the UK’s cyber skills crisis is that we continue to hire people from the same talent pool. Instead, we need to hire people of all ages and from different educational backgrounds and ethnicities to create a cyber workforce that truly reflects the society it protects.
We should also not discount those who lack technical knowledge. Neglecting soft skills is hurting the industry by preventing high-potential candidates from non-traditional cyber backgrounds from getting the opportunities they need to break into the industry.
We hope the industry will take action now to close the skills gap and build a diverse cyber workforce for a secure future.
We list the best resume builders.
This article was produced as part of TechRadarPro's Expert Insights channel, where we showcase the brightest and brightest minds in the tech industry today. The views expressed here are those of the author, and not necessarily those of TechRadarPro or Future plc. If you're interested in contributing, find out more here:
