The way we’ve seen technology evolve is interesting. The more we make technology easier to use, the less people need to understand how it works. This presents an interesting skills challenge for the UK. Is our vision to be able to have people who can use the latest technology? Or, is our vision to have the people who can design and invent the latest technology? We want people to be inquisitive. To build innovative solutions and products, people need to understand how technology works. It’s also important that these products are built with security at its heart. This will ensure the solutions, and their organisations, have cyber resilience.
At the National Cyber Security Centre (NCSC) and Microsoft, our cybersecurity teams are made up of people with a huge variety of skills. It’s about more than just technical knowledge. Our teams are made up of communication experts, legal teams, project managers, and more. That’s why the security skills gap pulls through to a larger conversation about the digital skills gap as a whole.
Start building tech passion early
To fully address these skills gaps, the challenge starts with the education system. At the NCSC, we developed CyberFirst, a programme designed for 11-17 year olds with extracurricular learning paths, university and college courses, bursary schemes, and competitions to explore their passion for tech and introduce them to cybersecurity.
When we started these courses, the gender gap saw that for every three boys applying to these courses, only one girl applied. To ensure our workplaces reflect our diverse society, the NCSC worked to make sure the courses were 50-50. This led to the creation of the girl’s competition. At Microsoft, we run a similar programme called DigiGirlz, which gives girls a chance to see what a career in tech looks like, as well as building a passion for technology.
“You see passion and drive everywhere at these events. As a woman, you’re quite often the only woman in the room and it’s quite nice not to be. For that age, to be in a room and realise there are lots of people that have an interest in technology, that’s where the real passion is.”
Working together to build cyber resilience
But this is all about partnership. We can’t each do it alone. The education system, the government and industry need to work together to build effective programmes. These will build passion for technology while providing the path to building cybersecurity skills and resilience.
So what steps can organisations take to drive cyber resilience and address the skills gap?
1. Keep your data secure
Take a look at the NCSC’s Cyber Essentials. This government backed scheme is designed to help you to protect your organisation, whatever its size, against a whole range of the most common cyberattacks.
At Microsoft, we’ve shared our security journey. Take a look at our learnings and best practices of keeping our remote workforce secure. We’ve built a CISO on-demand workshop based on our and our customer’s learnings on meeting the challenge of a sophisticated security landscape while protecting your assets.
2. Practise how you respond
Practise ‘live’ simulations that mimic an attack in real time. This is not only a more engaging way for employees to learn what happens during the detection, response and remediation of an attack, but you can also apply best practices before a real event occurs. Don’t just do this technically, think about the response for your whole business. What does the internal and external communications plan look like? What is the role of the data protection officer, the CEO, or the frontline employee?
3. Be prepared to scale and have extra resources
You need to think creatively about your cybersecurity team and their resilience. They may respond well to threats for the first week, but after three or four weeks burnout becomes a real issue. While you’re looking to fill your cybersecurity skills gap, consider using intelligent technology to take on the common, fatigue-inducing alert and response tasks. Think of using AI and automation to do noise monitoring and low-level event handling, so that your employees have more time and less stress to investigate and remediate complex issues.
4. Identify what skills you need
There are around 9/10 common specialisms for security. If you’re building them internally or looking at ways to optimise your cybersecurity recruitment, be clear about what skills you need. Start by looking at the skills you currently have and where you have specific gaps that you need to fill. Bear in mind that not all of these skills are needed internally. Consider how you might be able to leverage security skills from external sources too.
5. Create the next generation of technical and cybersecurity talent
Finally, as we mentioned earlier, as business leaders we all have a responsibility to help create the next generation of cybersecurity talent. Consider starting local community outreach events to help build the skills and passion of our youth. You can even take advantage of industry placements and apprenticeships, opening your organisation up to new talent while nurturing their skills.
An opportunity to make the UK the safest place to live and work online
Microsoft is partnering with the Government’s National Cyber Security Centre’s Cyber Accelerator programme, to find and develop start-ups that can make the UK the safest place to live and work online. The 10-week programme is open now for applications. Participating start-ups are chosen through open competition using technical challenges provided by the NCSC. These challenges identify areas of cybersecurity weakness where new products are needed.
During the programme, start-ups receive commercial growth opportunities and unique access to NCSC’s and GCHQ’s world-class expertise to help develop their products. The programme is a collaboration between the Department for Digital, Culture, Media and Sport (DCMS), the NCSC and Wayra (part of Telefonica).
Find out more
About the authors
Chris has worked in cybersecurity for nearly 30 years in a variety of roles, all of which have involved building new capabilities to help organisations protect themselves. As Deputy Director for Cyber Skills and Growth, he is charged with developing the National Cyber Security Centre’s research, skills, and innovation expertise, to nurture the UK’s cyber security capability.