Last month, we received some increasingly rare good news from the world of cybersecurity. The UK government revealed that the second run of its free cyber security training had attracted record interest with more than 3,600 people applying to take part.
The news, while heartening, ultimately brings into focus the sheer scale of the cyber skills gap in the UK—and a stark reminder that we cannot afford to rest on our laurels.
Launched in 2022, the Upskill in Cyber programme is the result of a partnership between the Department for Science, Innovation and Technology and The SANS Institute, the world’s largest cyber security training provider.
The first iteration of this free training programme saw a total of 217 accepted into the programme to receive cybersecurity education. The 14-week course covers foundational cybersecurity skills and gives students an understanding of current cyber threats facing organisations, offering learners the chance to earn two certifications upon completion. It also promises to outline the responsibilities involved in various cybersecurity job roles and deliver soft skills development sessions.
With an eye on employment, the programme also states that it provides all candidates with multiple opportunities to interact with hiring organisations, plus contact with a dedicated recruitment specialist to provide guidance and support in transitioning from student to professional.
According to the government, many learners from the first cohort secured job interviews for cyber roles upon completing the programme. Though exact numbers outlining how many participants have now entered the cybersecurity industry have not been released, the government states that previous participants in the scheme have gone on to land positions including Security Operations Centre Analyst, Cyber Security Analyst, Junior Security Operations Analyst, IT Security Analyst, and Head of Security.
The enthusiasm for cybersecurity training demonstrated by these record latest application numbers is incredibly promising. Given that almost half of applications were from women, it’s clear that progress is being made in the battle to present cybersecurity as a viable, accessible, and rewarding career path for all.
However, we don’t know yet how many applicants will ultimately be accepted and trained. Any new cybersecurity professional we can welcome into the industry is a massive win, but one thing is for certain: the Upskill in Cyber programme is nowhere near capable of creating the quantity of talent we desperately need in the sector.
Demand for cybersecurity skills in the UK is growing rapidly, and the current rate of supply isn’t nearly sufficient to keep pace with this booming and vital requirement. Independent reporting suggests that the UK has a shortfall of almost 57,000 cybersecurity professionals; a deficit that’s risen 73 per cent since last year.
According to the government’s own research, around 21,600 new cybersecurity professionals will be needed every single year to meet market demand. It’s estimated that overall demand is growing at between 15 and 20 per cent per annum, while supply is lagging behind at around 10 per cent.
Despite ongoing investment, the numbers just don’t add up.
Published in 2016, the government’s Cyber Security Skills and the UK’s Critical National Infrastructure report identified five systemic problems at the core of the nation’s skills gap problem: the lack of young people entering the profession; the shortage of current cyber security specialists; insufficient exposure to cyber and information security concepts in computing courses; a shortage of suitably qualified teachers; and the absence of established career and training pathways into the profession.
The government’s £2.6bn National Cyber Strategy is taking an admirably varied approach to the talent shortage problem. While schemes like Cyber Explorers and Cyber First are aiming to build cyber skills in young people, Upskill in Cyber focuses on working people; those looking to make a career change and upskill in a new area.
The Upskill in Cyber programme itself addresses more than one of those key issues, attempting to shore up the numbers of cybersecurity specialists in the industry by creating a new, structured route into cyber careers. Being free, flexible, and designed for students from non-cyber backgrounds, the programme is well-positioned to help tackle both the sector’s skills gap and its lack of diversity by making training accessible to all.
However, with the first iteration accepting and training around 200 people, it’s far from a silver bullet. Education, social factors and perceptions of cyber all need to be tackled to make long-term, sustainable progress in building our workforce, but the fact remains there’s an immediate need we need to fulfil; an urgent requirement for professionals who can get to work in cyber roles quickly and effectively to protect our nation’s digital infrastructure and economy.
The current scale of the government’s cross-training solutions is akin to sticking a finger in a burst pipe. We must be more ambitious and put more muscle into these programmes if we’re going to get anywhere close to putting a cybersecurity professional in every organisation that needs them.
And failing to do so will have serious consequences. With an ever-increasing attack vector and the rise of ransomware putting both businesses and critical national infrastructure at risk, we need a much more substantial and far-reaching nationwide cyber skills plan to boost our expertise in this area.
Fostering great diversity in our industry should be a key focus of any expanded strategy that’s to be developed. The high number of women applicants to the latest run of the Upskill in Cyber scheme is great news, and extending that accomplishment to other underrepresented groups will be key to any talent creation programme’s success.
We’re going to need talent from every demographic and from every background to plug the enormous skills gap in cybersecurity. And even more importantly, we need to make sure we keep people and fix the leaky talent pipeline that is more prevalent in underrepresented groups.
Which leads us to the question: how is the government planning to achieve this kind of equality? How is the Upskill in Cyber programme being promoted? Where is it being marketed? In which communities is it being outreached?
The general lack of understanding of cybersecurity roles among both young people and the current workforce presents a huge missed opportunity for our talent pipeline. More needs to be done to showcase cybersecurity as a viable option for new and existing generations of workers.
We need more community outreach, more awareness, and more in-house cross-training opportunities for those seeking to make a career change and move into cybersecurity.
As the founder and CEO of a cybersecurity company, and as a Black tech professional, I would wholeheartedly welcome more public-private partnerships like the one that produced Upskill in Cyber. That means that private businesses also need to do more to overcome innate biases, make their internal culture more inclusive, and remove barriers to entry for diverse professionals.
While the latest upskilling news from the government is encouraging, it won’t do much to move the needle. What we must see is a concerted effort from businesses, industry groups, schools, and universities to transform the learning process, create clear and accessible career paths into (and throughout) the industry, and inspire more people to get into cyber.
The threat posed by cybercrime affects everyone, even if the thought of it never crosses their minds. And so to tackle this growing threat to our ability to grow, thrive, and protect the services that allow us to go about our daily lives, we need everyone to be at the table.
