07 May 2021

Event round-up: Cyber Security Skills & Diversity

On 27 April techUK brought together representatives from across Government, the cyber security industry and experienced skills professionals to explore the progress made to date and highlight those persistent challenges that still need to tackle when it comes to cyber security skills and diversity in the profession.

The event was expertly chaired by techUK’s cyber skills working group lead, Richard Beck – Director of Cyber at QA, who provided his insight throughout the event, where attendees learned more about the CyberFirst programme, as well as how to build awareness about the cyber security profession and how to improve diversity within it. Our panellists included representatives from across industry and Government, with varying experiences and backgrounds, and we intentionally kept the agenda broad in order to identify key next steps.

You can watch the recording of the event and/or read the summary of the keynote and each panel discussion below.

Cyber Security Skills & Diversity April 2021

Watch the recording of our Cyber Skills & Diversity event

Keynote – The cyber skills landscape in the UK today

Chris Ensor, Deputy Director for Cyber Skills & Growth, at the National Cyber Security Council kicked things off with an overview of where things are just now, highlighting that skills underpin everything and we talk about this a lot, but action is often more difficult. Chris’s keynote covered the following critical points: the need to be clearer on what we mean by ‘cyber security skills’; the need to have an agreed language for the various specialisms; the part the newly launched UK Cyber Security Council will play; the role of industry in developing the specialists we need; and the success of the CyberFirst Programme which is something everyone can get involved in to help find the cyber security talent for tomorrow.

Chris and Richard Beck then went on to discuss the role of the education system in creating a sufficient cyber skills pipeline, and the need to aim for more than digital skills in schools and colleges just being about using technology – young people should be encouraged to think about how to build and invent new technologies. The importance of looking to the UK’s regions to help build self-sustaining cyber security ecosystems was also reflected on, and getting the right leadership within each region to take this forward.

Exploring the CyberFirst Programme (Panel 1)

Next up, techUK’s Policy Manager for Skills, Talent and Diversity, Nimmi Patel, chaired a fantastic discussion with three recent CyberFirst graduates. During this popular session, Shamaila Hussain (BT), James Duncan (Microsoft) and Liam Shillinglaw (Abertay University/BT) shared their individual journeys into the cyber profession. We heard how they found out about CyberFirst; why they wanted to take part in the programme; what they did; and why it was useful to each of them.

The panellists also had some useful observations on how to make the industry more accessible (offer more exposure across the curriculum); and on perceptions of a career in cyber security (that ever-enduring hacker-in-a-hoody image) versus the reality – a rich variety of options which include not just the technical, but also, for example, sales or strategy. All this underpinning the need to showcase what roles are actually available in the sector.

Attendees also heard about the best parts of the programme, which include the opportunity to gain work experience in various cyber subject areas, from operations to risk management; the chance to develop crucial ‘non-technical’ skills while in your industry placement; and the ability to meet and work with like-minded people. James, Shamaila and Liam also shared some of the challenges within the programme, which included the need to find a balance between the necessary ‘secret’ nature of cyber security and facilitating better communication opportunities between those on the programme.

To find out more, including what advice our panellists would offer to anyone thinking about applying for CyberFirst, and the type of companies they want to work for, watch the event recording here. (A must-watch for anyone considering entering the CyberFirst programme; or for those who’d like to understand more about it from the candidates' perspective!)

Building awareness about the cyber profession (Panel 2)

For a wider look at work going on to build awareness of the cyber profession, and to reflect on lessons learned, Richard Beck was then joined by Don MacIntyre, Interim CEO of UK Cyber Security Council, Darren Dillon, CTO – Secure Infrastructure at Microsoft and Bipin Kulkarni, CISO at Gemraj Tech. There was a consensus that the pathways into a career in cyber security aren’t always clear, and neither are the different opportunities within the sector; which led the panellists to explore the possibility of the new Council becoming a ‘one-stop shop’ for all of the initiatives that are out there. There’s also an opportunity for it to bring different companies together to share knowledge and lessons learned; and to step out of their regional or company silos to build the UK’s cyber skills base in partnership – and then boost the economy by exporting those skills. And if the Council is to be the window to the options, it must cover all of the UK, and all sectors to ensure maximum participation.

This session highlighted some exemplar initiatives already in place, such as the DWP Kickstart Scheme and Microsoft’s work with the Assured Skills programme in Northern Ireland – the latter showcasing how strong partnerships (in this case between Microsoft, NI’s Department of Economy, Belfast Met and Invest NI depart of economy Belfast Met and Invest NI) can make it possible to go out and create cyber security skills. (Listen to this fascinating podcast to hear more about Microsoft’s Cyber Academy!)  

The availability of employers to take on trainees was highlighted as one of the key issues affecting progress, with panellists touching upon ways to address this; and discussion also took place around candidate profiles, and how focusing on transferable skills – and a person’s ability to quickly adapt to change and absorb new information – is (right now) more beneficial than looking at academic history. Indeed, companies should look to invest in potential, as opposed to career-ready candidates.

This session rounded off with panellists’ thoughts on what good looks like – points included ensuring clarity on what cyber career options are available; and (ultimately) being in a place where we no longer have to have this discussion – that is, the UK is the leader in this space.  

Diversity in the cyber security profession (Panel 3)

Our final panel of the day delved deeper into the ongoing issue of a lack of diversity of the people within the cyber profession. It was chaired by Katharina Sommer, Head of Public Affairs at NCC Group and included the excellent line-up of Nicola Whiting MBE, Chief Strategy Officer of Titania Group & NeuroCyber Board Member; Ashleigh Ainsley, Co-founder, Colorintech.org; Keith Lippert, Vice President, NACD & Deputy CISO, Allstate Technology and Strategic Ventures; and Cian Galvin, Cyber Security Skills and Professionalisation – Policy Lead, Department for Digital, Culture, Media & Sport.

This insightful discussion started with the point that ‘from the outside looking in, cyber security is a scary thing’. How do we make this complex area of work look less complex, and ensure that everyone with an interest in it can access training? There’s no silver bullet to ‘solve’ diversity: a number of solutions will be needed to drive systemic change. But change is critical – the metrics already show us that diversity breeds successful businesses.  

Our panellists explored potential tools or routes to increase diversity, including:

  • Understanding WHAT we need to tackle to create an ecosystem whereby people can overcome barriers to, for example, gain knowledge in an equitable manner.
  • How companies setting up networks to represent particular groups (for example, neurodivergent groups) must ensure these groups are actual agents for change.
  • Reporting on the data we need to measure in order to create accountability and encourage policies to address disparities.
  • The introduction of mandatory targets; and how these could help at the very least by setting the minimum standards.
  • Documenting the change needed to ensure it gets done.
  • Viewing the pandemic as an opportunity (as well as threat) in that this industry can now access and assist talent from industries that have suffered as a result of COVID.

The trends towards diversity are positive, but we’re certainly not yet at the point where we’ve ‘solved’ the issue. This session ended with each panellist giving their key piece of advice to those listening in:

  1. Government should support teachers to deliver the context of what cyber security roles are much earlier in a pupil’s education journey.
  2. We all have a responsbility to contribute to the solution rather than the problem – for example, if you’re hiring a neurodiversity company, make sure they actually have neurodivergent representation in their leadership.
  3. Hold your organisation to account – let’s hold conversations that provoke action that actually moves the dial.
  4. Support specific collaboration points with Government so that when it designs an intervention for specific groups, it has properly engaged with those groups.

In Conclusion

This event demonstrated that there are lots of organisations doing different things in different ways to develop and improve cyber skills and diversity in the profession. And as our Event Chair, Richard, pointed out the collective empowerment of our industry to come together to make a difference for the future is incredibly uplifting and encouraging.

techUK will continue to work to foster this collaboration between industry, Government and academia together to shine a light on successful initiatives, and to support the development of specialists – from truly diverse backgrounds.

If you’ve got any thoughts on what else techUK should be doing in this area, please do get in touch at any time.  

Catch up on Chris Ensor’s keynote and all of the panel discussions here.

Read our members’ contributions on cyber skills for techUK’s recent Cyber Week 2021

Dan Patefield

Dan Patefield

Head of Cyber and National Security, techUK

Jill Broom

Jill Broom

Programme Manager, Cyber Security, techUK