I attended the Cyber Pathways event in London on behalf of The Cyber Scheme recently – Emily Kinsella and I spent the day talking to recent graduates, career transitioners, recruitment specialists and of course aspiring pen testers. I did a talk about how we need to increase the number of junior pen testers coming through into entry level jobs because our industry is struggling to find and retain practitioner testers – we all know there is a chronic recruitment gap across the sector.
What I was surprised – and a little disheartened – by, was the level of frustration demonstrated by almost everyone I talked to. Yes they have applied for multiple jobs, no a Masters degree in cyber security isn’t opening any doors, yes they have tried to apply to graduate programmes, no they haven’t heard anything back. How is our industry failing our new intakes on such a widespread level? And how can we help these keen but inexperienced newbies gain a foothold?
My take on the day was:
1. Universities and further education colleges need to be prioritising basic soft skills – interview techniques, conversation skills, CV prep (most of the CVs I saw were terrible and frankly it’s no wonder they didn’t get any responses)
2. LinkedIn training should be part of any cyber syllabus/training course. It’s not all about displaying badges.
3. We really need to help these guys understand the difference between good and bad training, academic vs practical experience, free vs paid self learning and ‘what good looks like’.
4. We need to collaborate – yes that means The Cyber Scheme talking to Crest, yes that means the UK Cyber Security Council and Ciisec working on combined goals, yes that means standardising pathways and working together instead of inside well meaning silos. It’s what everyone wants, and it is happening behind the scenes, but the people I spoke to yesterday aren’t benefiting yet.
5. There were a large cohort of neuro-diverse people I spoke to who are simply unable to sit in group interviews or even talk comfortably to strangers – what are we actually doing to help them get through the HR gatekeepers?
We need to expand this industry. Making it hard for those trying to gain access is plain silly. How can we help?
#cybersecurity #education #training