When a young person considers a career in technology, what do they think of first? Is it DNS? Firewalls? Probably not. The perception around the cybersecurity arm of technology is certainly contributing to its lack of access to the wider technology talent pool – but it’s definitely not the only reason.
We sat down with a few cybersecurity experts to discuss this perception and explore why a career in cybersecurity, despite the growth in opportunity in the sector, seems to never be considered.
There exists a culture around Cybersecurity that is dark, mysterious and, above all else, somewhat impenetrable.
For Darren Desmond, Director of Security AA, this cybersecurity identity crisis is causing problems at both ends of the scale and simple consideration of the steps you might take when reporting a cyber-attack reveals a lot about the perception of the sector.
“There exists an expectation that if you had a cyber attack, you pick up the phone to the police, and the police would come with blue lights flashing and sort your problem out for you. That seems to be the perception in younger people coming through, and even some of the management teams I’ve dealt with. No one seems to know what the options are for getting a public body to investigate a cybercrime offence.”
No one is born cyber secure. No one is born knowing how to stay safe online and what to do in the event of a breach. It’s the responsibility of those at the top and those in education to change the understanding around cybersecurity in a similar fashion to the work done around the development and engineering careers.
Technology and education are now firmly intertwined. While this is expected from universities who use the latest tech to teach their students and conduct research, now even the smallest primary schools have tech firmly rooted in their daily lives. There has never been a better time to engrain healthy cyber habits at an early age.
And the responsibility shouldn’t solely fall to schools either. The products that children use every day, like Facebook, Tik Tok and Google Products also have a responsibility to reinforce positive security habits. Once that’s done you move cybersecurity out of the basement and right into focus.
“I think by the time my daughters go out into the work environment, the security arena will have changed drastically. Security will be the foundation of every major platform and that will force market consolidation. The opportunity will follow from there.”
But even in a future where security is talked about openly by schools and corporations alike, hiring managers and those looking to invest in security still need to know what skills to look out for in good cybersecurity candidates.
Because cybersecurity, unlike other technical roles, requires a true balance of skills that, in some cases, can make them incredibly tricky hires to make. Soft skills are as critical as technical skills.
Teaching and selling cybersecurity can sometimes feel like an uphill struggle. Helping someone build a game that uses scratch to develop loops and variables is a lot more inspiring and engaging than telling someone how DNS works. Is that something cybersecurity will ever be able to escape?
Surinder Lall is the VP of Information Security at global media and entertainment company ViacomCBS. With well over 10 years in technology security and, with his latest role at ViacomCBS having him manage a team across four different continents, he is well placed to discuss the security skills gap on a global scale.
For him, one of the reasons careers in security aren’t considered as widely as their software or development cousins is because of the lack of evangelisation of these roles.
“I speak at schools quite regularly and they've got no idea about security. There isn't a definitive body for security. You know, you've got ISC square, you've got a couple of other big names that do like certifications. But there isn't really a body like there's an engineering body for civil engineers, you know, there isn't a body for us. So there isn't really anyone with the mission to go out and evangelize security as a career.”
A cursory glance over the UK Government's Careers Service website will reveal just one security role within the Computing and Technology sector; Cyber Intelligence Officer. And without campaigns similar to the governments Get Into Teaching campaign, CyberSecurity careers seem to be damned to remain at the back of people’s minds when they consider a technology career.
Howard Pritchard is Cyber and Information Security Consultant. With over 30 years of experience in cybersecurity, Howard believes the lack of consideration for security roles stems from single-minded focus on technology as a hands-on entity and not as a strategic consideration.
“Technology is all about IT and cybersecurity. It's about how you're getting your hands dirty, rolling your sleeves up, configuring, and physically moving stuff from A to B. Now, what is missing is the management side of it: how to understand policies, implementation and people.”
Bringing in this side of the technology offering at the educational level would make significant strides, but until these teachers or educational institutions are properly equipped, they won’t be able to give a fair representation of the full range of technology careers.
“Teachers are doing their job 100% but if they’re not given the tools to understand IT security, Incident Management, risk management then students will come out without an understanding of the options.”
Until organisations, large and small, bring security to the forefront of the tech offering, will the perception around cybersecurity change. Once they do, however, budding technologists will find a career filled with promise, potential and much much more.
