Art Coviello at RSA often refers to the skills gap in the number of Cyber security professionals in his keynotes. A UK National Audit Office report out today quotes it could take “up to 20 years to address the skills gap”.
The truth is the number of IT and cyber security professionals in the UK has not increased in line with the growth of the internet and the NAO warns that the UK faced a current and future cyber security skills gap, with “the current pipeline of graduates and practitioners” unable to meet demand.
It warned that the cost of cyber crime is estimated to be between £18bn and £27bn a year. In 2011, ministers announced funding of £650m to implement the UK’s Cyber Security Strategy, which set out the risks of the UK’s growing reliance on cyber space.
The strategy identified criminals, terrorists, foreign intelligence services, foreign militaries and politically motivated “hacktivists” as potential enemies who might choose to attack vulnerabilities in British cyber-defences. To date both SOCA (Serious Organised Crime Agency) and Action Fraud, the UK’s national fraud reporting centre have both been very active in thwarting threats.
How can this skills gap be addresses? It needs investment by the government but also by education authorities and indeed the Cyber security profession. Many years ago studying IT at a University was very attractive, but it seems to have lost its appeal. Moreover, how many IT related degree courses actually teach security as part of its curriculum.
I think the industry needs to do its part to ensure that the Cyber security profession is seen as an attractive career choice and start early by evangelizing in schools and colleges.
The TV series CSI did wonders for enrolment into Forensics courses so I wonder if we need an equivalent Cyber security TV series to get individuals signed up. Whatever, we do we are still going to be faced with a huge skills gap in this sector.