In recent years, many young people have felt disenfranchised and robbed of opportunities to pursue career ambitions. This sits in contrast to the fast-developing field of cybersecurity, where hiring managers regularly report staff shortages and lead times of over six months to fill positions.
Cybersecurity is fundamental to the digital economy, but the (ISC)2 Global Information Security Workforce Study forecasts a growing workforce shortage of 1.5 million by 2020. As cybersecurity is a relatively new discipline, most organisations look for a minimum of three to five years’ experience, as well as a good understanding of cybersecurity concepts for the roles they are creating. Newcomers struggle to get these roles as employers find it difficult to judge their instincts. Often only the largest employers can consider entry-level or graduate training, which only goes so far in meeting the needs of a growing digital economy. There are few opportunities for young people or the uninitiated to step into this career opportunity and meet the need.
Directed by our EMEA Advisory Council, we have been working with universities across the United Kingdom to both inspire interest in and improve access to our field. We take, as our model, established professions such as engineering, that support the development of three and four-year university courses. These not only teach fundamentals, but also serve as a filter for people who have the right instincts. Graduates move into a workplace that has a level of confidence in them, whilst the professional community supports their ongoing development. Our aim is to mature cybersecurity in this same manner.
Working with the Council of Professors and Heads of Computing (CPHC), our efforts brought industry, academia, professional bodies and several government departments together to define Principles and Learning Outcomes for undergraduate computing science degrees (published in June 2015). Realising their importance, BCS, the Chartered Institute for IT, a key participant, immediately included the Principles within their degree accreditation guidelines. Cybersecurity is now a mandatory component of most computing science degrees in the U.K., affecting 20,000 new graduates a year.
Publication was followed by a curriculum development roadshow this year supported by the U.K. Office of Cyber Security and Information Assurance (Cabinet Office), where a real will to champion and embed cybersecurity concepts more comprehensively was expressed by 60 of the approximately 100 U.K. universities that teach computing science. Not everyone who pursues a computing science degree will choose a career in cybersecurity. This effort aims to address a breadth of need and motivate the development of a cyber-competent society, including interested and skilled individuals who will be able to secure it. It will also boost employer confidence in graduates with inherent instincts for security as they pursue careers in IT.
The ambition doesn’t stop with computing science: there is now interest in integrating cybersecurity in business degrees. Knowing the fundamentals of our field is becoming critical to nearly every professional vocation.
By Dr. Adrian Davis, CISSP, Managing Director, EMEA, (ISC)²