IT Security Skills Gap in UK / A self-inflicted crisis?

Earlier this year, the National Audit Office (NAO) warned that the UK’s critical infrastructure is vulnerable to cyber-attacks in part because of a lack of experts able to thwart threats.

“The UK lacks technical skills,” it said, adding that “the current pipeline of graduates and practitioners would not meet demand.” The NAO suggested that it could take up to 20 years to close the IT security skills gap.

The government appears to share the NAO’s concerns, with ministers Michael Gove and David Willetts telling Computing back in September how the coalition plans to promote IT security best practice through the revised national curriculum.

Self-inflicted crisis?

Some experts, however, believe efforts to boost cyber security education ignore a more fundamental problem. One such critic is Vicki Gavin, head of business continuity and information security at The Economist, who argues the shortage is largely down to unrealistic recruitment criteria.

“I think there are a lot of really bad recruiters out there, because I have got a fantastic team and I have never had any problems finding high-quality skilled staff – and I don’t pay more than the rest of the people on the street, in fact I probably pay less,” she said.

Gavin said employers who struggle to find staff always seem to want to find someone “with enough experience to sink a ship”, and that this is unnecessary.

“They completely forget that all these hard skills they are looking for can be learned, and that there are hundreds of thousands of people out there with the right soft skills, ready and willing to learn,” she said.

But Wayne Grundy, managing director of the cyber protection practice at professional services firm Alvarez & Marsal, believes that building strong digital defences requires personnel with years of experience in information security.

“I’ve got people on my team with 10 years’ experience, and the idea that you can learn on the job when you’re working against people who have expert teams of hackers with a potentially unlimited budget from certain countries, is not something I would agree with,” he said.

But The Economist’s Gavin insisted that even technical skills can be learned on the job. “Have you ever met a security person that didn’t learn [technical skills on the job]? This is not a skill that somebody is born with,” she said.

Chosen excerpts by Job Market Monitor. Read the whole story at 

via Cyber skills gap – where does the fault lie? – 06 Dec 2013 – Computing Analysis.