Blog
(ISC)2 CEO Discusses UK and Global Cyber Challenges at Chatham House
UK cybersecurity leaders recently gathered for a Chatham House members event panel in London to discuss the heightened need for a skilled workforce, the effects the COVID-19 pandemic had on the global cyber workforce and developing skills for the next generation of cyber professionals.
(ISC)2 CEO Clar Rosso was joined by CEO of the UK Cyber Council Simon Hepburn, and Parliamentary Private Secretary, Cabinet Office Ruth Edwards MP, as well as First Attaché to the UK, Cybersecurity and Infrastructure Security Agency (CISA) Julie Johnson as they sat down to address issues and potential solutions to the global workforce gap.
Clar was first to address how the pandemic changed the cyber workforce. and she inferred that the pandemic intensified the workforce gap. As many in the profession transitioned to a remote work environment, the threat landscape exploded and the need for greater cyber defences increased.
In fact, the (ISC)2 2022 Cybersecurity Workforce Study shows that following a dip in demand for cyber professionals in 2020, cyber professionals have grown to 4.7 million in 2022, with a 26.2% year-over-year increase. With that, came an increased need for 3.4 million cyber professionals to bridge the gap.
The (ISC)2 study shows there is a greater awareness of the need for cyber professionals to help support growing organisational cyber demands. Much of the focus is on recruiting experienced professionals. There must also be a simultaneous effort to retain the current workforce and recruit entry-and-junior-level talent.
Simon Hepburn added that within the cyber ecosystem, we must identify the skills and appropriate certifications that are needed as we continue to advance innovative technologies and responses to threat actors. Cybersecurity needs to be agile as a profession when developing training programs.
Julie Johnson reaffirmed that following the COVID-19 pandemic, there is a similar situation in the United States. There has been a drop in higher education which directly affects the pool of available talent. One major area of concern is the talent pool for competitive industries to recruit from is drastically shrinking. One way to mitigate this shrinking talent pool is to reskill the talent already in the workforce.
The panelists agreed that it is crucial to focus on the basics of cyber and “demystify” the profession, as Simon Hepburn put it. Many people, unless they work in or around cyber, are still unsure what exactly cybersecurity is, the skills that are needed for it and what they could do in the profession.
In terms of best practices and emerging threats, Clar noted (ISC)2 research tells us that we are not doing enough threat hunting, risk assessment and management. We are failing to follow processes and procedures, and many organisations admit their cyber teams are understaffed. They lack time to train the staff on the threat landscape and raise the cyber literacy of the entire ecosystem which is necessary with the new norm of remote work that emerged from the pandemic.
It is imperative to hire entry- and junior-level professionals and not focus entirely on hiring senior-level, experienced talent. It is equally important to hire those with non-technical backgrounds with strong communication, critical thinking and problem-solving skills.
Clar continued that the most important thing gleaned from (ISC)2 research beyond the workforce gap is that nearly all businesses with 100 or fewer employees have no cybersecurity professionals on staff. This is something (ISC)2 is going to examine further. The current assumption is that these organisations are turning to third-party services or are using staff from another part of the company who can only dedicate a portion of their time to the cyber hygiene of the organisation.
When discussing diversity in cyber, Simon Hepburn said, “the more diverse the workforce, the more profitable [the organisation] will be. You need people with different perspectives and cultures to be successful.”
People want to work where they are heard, and information is shared freely. “You are only as good as the worst behavior you tolerate,” Clar said.
It is clear from this panel there is a lot of work to be done to not only bridge the skills gap but increase diversity and develop best practices for recruitment and retention. The conversation is ongoing, and there is a desire to make the necessary changes to better the cyber ecosystem.
(ISC)2 was proud to represent our membership and advocate for the cybersecurity workforce at the esteemed Chatham House.