The cost-effective way to address cyber security skills and diversity gaps
Dr Meredith Patton and Karis Bouher
The global cyber security workforce gap is estimated to be 4.07 million with 35% of organisations unable to fill open cyber security jobs to protect their assets.
Despite this gap and genuine need for both technical and non-technical people, the cyber security industry has a diversity problem. Which means, we’re missing out on the skills and knowledge from a large segment of the population.
A report commissioned by the UK Government in 2020 estimates that:
- 15% of the cyber security workforce is female.
- 16% of the cyber security workforce is from an ethnic minority background.
- 9% of the cyber security workforce is neurodiverse.
In general, the fact that diversity makes sense from a business perspective is no longer contestable. Not only have plenty of studies shown that diverse teams are more productive and innovative but, diversity also impacts the bottom line. For example, the 2015 McKinsey study on workplace diversity, Why Diversity Matters, showed workforce diversity results in distinct benefits on company performance; including, in the UK, a 3.5% increase in earnings before taxes and interest for every 10% increase in gender diversity. This hard evidence backs up the intuitive sense that diversity is ‘the right thing to do’.
Why diversity matters for cyber security
Cyber security is focussed on identifying threats and devising mitigations for them. Bringing diverse experiences and ways of thinking/working to these challenges will greatly increase the success and delivery
rate of solutions.
Importantly, cyber security isn’t just about ‘technical’ roles. It needs a wide range of analytical, communication, engagement and problem-solving skills. Coding, hacking and engineering are—and will continue to be—critical skills for cyber. However, the well-known diversity challenges for these career streams—together with the perception that cyber only needs technical people—are two barriers that must be overcome for organisations to succeed in building a workforce that is representative of the problems it is trying to solve.
Why re-training/upskilling is the right answer
With the UK cyber skills pipeline still highly problematic in terms of both numbers and diversity, the quickest and most cost effective—indeed, possibly the only—way to narrow the cyber skills gap and increase
diversity, is to upskill existing staff, or applicants seeking to change careers, into both technical and non-technical cyber security roles.
With traditional recruitment, it’s easy to find candidates from the same ‘pool’ or those who fit a certain ‘culture’, but this doesn’t tap into the full potential of the workforce; many individuals from other sectors and careers have already developed key skills required in security, such as attention to detail, identifying unusual patterns of behaviour and the communication skills needed to drive awareness and behavioural change. Plus, a genuine interest/passion for security and data protection makes a big difference–you can teach cyber and information security skills, but you can’t necessarily teach someone how to care about cyber security.
Career conversion programmes enable organisations to recruit from this much wider pool and focus on the areas within the organisation that need key skills. This higher level of engagement during the process also keeps people within organisations longer once they’re in.
PGI Cyber Academy’s Career Conversion Programmes
We have helped organisations of all sizes and types narrow their diversity and skills gap. We work closely with you to understand your operational requirements and design a training programme that reflects these. This is built around either specific job roles or a range of similar skill requirements.
The success of these programmes has already been demonstrated, including:
- A pilot of mixed-gender veterans from a variety of backgrounds wanting to transition into careers in the cyber security industry.
- Our Women in Cyber Initiative which focused on increasing the number of women entering the industry–successfully placing all participants into new cyber security roles.
- An industry-boosting training series for the banking sector in the Middle East, creating the next generation of cyber security leaders.
In each of these programmes, delegates from different—often nontechnical—backgrounds undertake dedicated skills development and learning for a defined period—often between 6 weeks to 6 months. Our expert training and mentoring provide the key skills and knowledge required to take on frontline cyber security roles.
100% of participants who completed PGI’s programmes are now in
operational cyber security jobs.
Why work with the PGI Cyber Academy?
We work regularly with UK Government, international governments, partners and corporate clients to transition existing staff with aptitude, or to identify and recruit new talent into newly qualified cyber security practitioners, to begin working in the various domains the industry requires.
We have designed and delivered various skills development programmes that provide organisations with achievable life-long learning pathways through clearly defined education, enabling them to protect their own assets or provide their own clients with their expertise in defending against the cyber threat.