Cyber is revolutionising the way that we live our lives and indeed our whole approach to national security. It is for this reason that the UK government recently launched the National Cyber Strategy, with the stated goal of "strengthening the UK cyber ecosystem, investing in our people and skills, and deepening the partnership between government, academia and industry".

An essential part in achieving this overall objective is the pledge to invest in people and skills. It's something that resonates deeply with David Ferbrache, chief technology officer in KPMG's cyber security practice, who welcomes, as part of this process, the Government's 'Cyber Runway' scheme - in particular, its focus on boosting the number of skilled workers from diverse backgrounds in the cyber security sector. "The lack of cyber talent has become a critical issue as threat actors have ramped up their efforts to hack British businesses - a situation that is only going to worsen. A more diverse and inclusive team equates to a more innovative team - one that is better equipped to stand up against threat actors attacking organisations across the country."

Recent research from KPMG and the NCSC found that just one in 20 workers in the cyber security industry is aged 18-24, he adds. "Increasing this should be a priority for the future, not least in recognition of the cyber industry's persistent skills shortage. While the announcement will help this endeavour, as cyber criminals have taken hold during the pandemic the question is whether this is too little, too late?" The research also showed that just 3% of the cyber workforce entered via a school leaver or apprenticeship scheme and 12% via a graduate scheme. Raising these levels - in particular of school leavers and apprentices - could have a positive impact on the diversity of the sector and, in turn, boost the cyber resilience of the entire country," he states.

Ferbrache also points to how the National Cyber Strategy recognises the importance of securing the broader tech ecosystem - and the vital role which the private sector must play in ensuring the UK's future cyber security. "The establishment of the National Cyber Advisory Board is a necessary step forward in bringing senior leaders together across all sectors as we move towards professionalising cyber security through the UK Cyber Security Council, as well as driving improvements in the standards of security across the service and product providers at the heart of our digital economy."

THRIVING ECO-SYSTEM
The research that he refers to - 'Decrypting Diversity: Diversity and Inclusion in Cyber Security' - also raises many points of concern around failures to embrace diversity root and branch, something that Lindy Cameron, CEO of the NCSC, addresses in that report itself. "At the National Cyber Security Centre, we say that cyber security is a 'team sport'. We all have a part to play in making the profession a thriving eco-system of diverse minds, that fully reflects our country and society, and a workforce in which everyone feels valued, included and equal. That's why the research that the NCSC has conducted with KPMG is so important, giving us an insight into who makes up the cyber security profession and their experiences being part of it."

The survey shows a mixed picture, she confirms in her introductory remarks. "There are some areas to be proud of: in terms of who we are, more than a quarter of respondents identify as having a disability. But we are still evidently a very male profession, with disproportionately male senior leadership. At the NCSC, we are committed to bringing more women into the profession, for example with our CyberFirst Girls Competition.

CRITICAL RISK FACTORS
"But there's clearly more to do. We are a growing profession - so this isn't a structural problem we have to live with. If we face this head on, we can ensure we are a profession that fully reflects our nation's rich diversity and full range of talent. We will need to, both to get the skills we need today and make the most of them, and to avoid a skills gap tomorrow."

Lindy Cameron, NCSC: we all have a part to play in making the profession a thriving eco-system of diverse minds.

More worryingly. though, Cameron adds, one in five cyber security professionals still feel as if they cannot be themselves at work, with the figure rising for disabled and neurodivergent colleagues. "None of us should be comfortable with that and each of us has a leadership role to play. The creation of the UK Cyber Security Council is a really positive step to achieving this goal.

"It will take a leading role in pushing diversity and inclusion to the top of the industry's agenda. Driving change within the profession is a collective effort. As cyber security leaders, we must also play our role in delivering positive change. We must work together continue to challenge the status quo, and, she points out, "reflect on our behaviours, practices and assumptions in the workplace."

According to Alexandra Willsher, senior sales engineer at Forcepoint: "Differences in gender, health, location, age, race, sexuality and social economic factors directly impact how people engage with technology - and therefore directly influence critical risk factors. A company's products can't truly work for all, unless that same audience has been involved in its creation.

"If product development is always done by the same small pool of individuals, with similar experiences and ways of living in the world, they will reflect their biases. Products created by those working in information technology are used the world over, and we need full representation of people from all characteristics and backgrounds during the development process to make sure that what's being created is appropriate for all."

Simon Hepburn, UK Cyber Security Council: "Getting more people to consider entering the cyber security industry is crucial.

Initiatives like the Cyber Runway are exactly what are needed to start to redress the balance and reliance on a handful of areas of the country and groups within society when it comes to investment and innovation, she adds. "We already have as many as 10% of all current UK job vacancies being within the technology industry, according to Tech Nation. Filling those vacancies will mean looking beyond the usual places. The combination of our digital economy, and the changes brought on by the pandemic, has highlighted how physical location might not be as critical to accessing opportunities as it once was.

"Cyber hubs like Cheltenham, where there are close links to large cyber organisations like GCHQ, will remain important - but bringing down the barriers for other innovation and entrepreneurs to get started means making sure that physical location isn't a barrier to getting funding and support." Willsher is pleased to see that the Cyber Runway aims to provide this. "The 'levelling up' agenda is all about bringing the economic and business opportunities to the country as a whole, not just London, the Southeast or major cities. Often for those new to the sector, the first barrier is seeking funding and knowing where to start with getting an idea off the ground, so the Cyber Runway's role as an incubator is much needed.

"What comes next is putting processes in place to make sure this talent is nurtured and stays within the sector, as opposed to moving elsewhere. Existing cybersecurity companies would do well to take note of these innovators and the new ways of thinking and looking at issues that greater diversity can bring."

NEW PARTNERSHIP
Meanwhile, as a further step towards greater focus on skills, cyber security and enhancing and developing careers, the UK Cyber Security Council and the Security Awareness Special Interest Group (SASIG) have formed a new partnership.

Alexandra Willsher, Forcepoint: a company's products can't truly work for all, unless that same audience has been involved in its creation.

The council and SASIG will work together on key webinars and events designed to improve trust in the online environment and to harbour that trust to which they are committed when it comes to education and knowledge-sharing throughout the community. One of the forthcoming events on which the council will partner with SASIG is its third Cybersecurity Skills Festival, which takes place virtually on Tuesday, 22 February.

SASIG's Cybersecurity Skills Festival is a biannual series where skills in cyber are discussed and those looking for work are connected directly with those looking to hire. The conference agenda is packed with helpful content and the jobs fair will be "on a scale never seen in our industry, with backing from public and private sector alike", it is stated.

The key benefits that are highlighted by the organisers are as follows:

• Showcase your organisation and job openings to hundreds of potential new team members
• Have your job openings recommended to the right candidates
• Candidates apply directly to you, so no agency fees
• Customise your stall with key information, documents, job openings and videos
• Review applications within our platform and set up video interviews the same day
• Your stall will stay open for 30 days after the event
• Stalls are saved and can be imported for future events.

For those looking to re-skill into a new career sector, cyber security is an attractive option. With a new reliance on technology in all aspects of life, this means that a huge number of new technology-focused jobs are constantly emerging. Cyber security is a growing market and it is estimated that the cyber industry will need an additional 3.5 million qualified professionals by next year. With skills, education and training in cyber security being firmly on the agenda for the work that the UK Cyber Security Council is doing, partnering with SASIG in this key area to help individuals transition into a career in cyber security was a natural choice, it states.

Martin Smith, SASIG: the vital task of bridging the cybersecurity skills gap is, in SASIG's view, the single most important strategic challenge the profession faces.

Speaking of the partnership, Simon Hepburn, CEO of the UK Cyber Security Council, comments: "Getting more people to consider entering the cyber security industry is crucial and we look forward to working with SASIG on this.

"We will be launching a programme of joint activities in the coming months, such as webinars and events, and with skills, training and education in cyber security very high on the agenda for the UK Cyber Security Council, this was a very natural partnership that aligns with the core values of the UK Cyber Security Council perfectly."

According to Martin Smith MBE, chairman and founder of SASIG, the vital task of bridging the cybersecurity skills gap is, in SASIG's view, the single most important strategic challenge the profession faces. "Our Skills Festivals have already established themselves as a successful way of bringing together those looking for new talent and those wanting to enter our dynamic and exciting profession, but there is much more to be done. This new partnership between SASIG and the UK Cyber Security Council will be central to these efforts."

CHALLENGE AND NECESSITY
David Howorth, VP of EMEA Sales at Rapid7, says it is both a huge challenge and a necessity for the UK to create a large and diverse skill base to support the burgeoning cybersecurity sector. "In common with most developed economies, the shortage of cybersecurity expertise remains a pressing issue for governments and enterprises alike. Whilst the last ten years has seen a large expansion of UK academia offering cybersecurity courses, there remains a skills imbalance across the country as many graduates of these programs end up working in the south-east attracted by the breadth of opportunities available and the higher salaries.

"Through the creation of the Cyber Runway scheme, the UK government is right to target the regional level to support the levelling up of this key industry, in order to accelerate the development of higher skilled jobs across diverse regions and communities," he states.

"Also, with less access to venture capital as compared to other countries, such as the US, it is important that the government is able to target support to small innovative companies looking to develop and take to market innovative cyber security solutions, that may one day enable them to become the next UK tech unicorn." What benefits might it deliver? What other, similar, schemes should the government be looking at to improve the skills levels needed to fight against an ever more sophisticated cybercrime future?" "There are many potential benefits to the UK economy of growing and diversifying the cyber security talent pool," responds Howorth. "By creating high paid skilled jobs across all regions, the UK will be better positioned to develop vibrant hubs of innovative cyber security companies that are able to closely collaborate with regional academia.

"This, in turn, will also attract inward investment from global organisations looking for opportunities to scale out their Cyber security expertise. Northern Ireland offers many examples of successful cyber security companies, such as Rapid7, which has established large development hubs to develop and foster talent."

While these initiatives do make a difference, there is still a long way to go, he concedes. "We must also create the foundations where many more children from diverse backgrounds have the opportunities to focus their senior years' studies in the area of STEM."

CHALLENGE AND NECESSITY
Sarah-Jane McQueen, general manager of CoursesOnline, sees training courses as a valuable way for organisations to mitigate risks around skill shortages and keep their workforce up to date when it comes to their IT knowledge. "The report reveals a dangerous situation for companies from all sectors. Everyone, from small companies to huge corporations, relies on IT professionals to work behind the scenes to maintain essential parts of their day-to-day business operations," she says.

The key to preventing skills gaps affecting business may be more obvious than most companies realise. Instead of putting in time and resources searching for suitable employees in a shrinking job pool, looking at upskilling opportunities with current staff could be a better long-term solution. "By upskilling your workforce through both short courses and in-depth IT training programmes, you can stay in control and avoid the chance of coming to a standstill, if the current skill shortage persists or gets worse," she notes.

"Searching for new employees with years of experience and training could become more difficult, so growing your IT workforce with eager and talented employees and then setting them up with advanced digital skills training could be the best way forward. Promoting staff from within can be an excellent way to build strong relationships with your current employees while also offering you protection from the unpredictable changes to the wider digital labour market," adds McQueen.

CHALLENGE AND NECESSITY
Today's Government Cyber Security Strategy sets out a truly world-leading approach to strengthening cyber and operational resilience across critical government functions is the view of Ollie Whitehouse, Global CTO at NCC Group.

"This type of comprehensive, measurable approach sets a strong example for the private sector and other governments globally. It will no doubt act as a catalyst for change - organisations that want to partner with the government will have to up their game to meet increasing standards.

"A whole-of-society approach will be essential to delivering the government's aims, which I'm pleased to see strongly reflected in the Strategy. NCC Group is incredibly proud to have played our part over the years, providing technical input into the development of new policies such as this one and as a delivery partner to government. We stand ready to support the public sector as it embarks on delivering this new framework, " he concludes.