By Dr Nikki Williams – Course Lead, Cyber Security and Digital Technology at MK:U and Professor Lynette Ryals OBE – CEO, MK:U
07/12/2022
How do we widen the appeal of cyber as a career and widen the scope of cyber education? This is where MK:U’s distinctive approach comes into its own.
Between April 2021 and April 2022 there were reportedly 427,000 cyber attacks in the UK, costing £3.1b1. Lockdown, and the associated boom in online shopping, created new opportunities for cybercrime as small online retailers – whose cyber defences and procedures are often not as robust as their larger counterparts – became large enough to interest cyber criminals. In late 2021 a report by Hays Technology, based on interviews with 110 senior cyber leaders and professionals, found that 65% had experienced an increase in attacks during the pandemic with only 19% expecting this to reduce as Covid-19 subsides2. Ransomware and phishing were the biggest concerns, with 34% of businesses attacked suffering disruption as a result.
The demand for people with cyber skills is growing so rapidly that it far outstrips supply. Most IT directors prefer to keep cyber security in-house rather than outsourcing it to third party specialists. Typically, these in-house cyber security teams are very small, comprising just one or two people, often with a wider IT role. In May 2022, DCMS reported on cyber security skills in the labour market3, finding that 51% of businesses have a gap in basic cyber skills, 33% in advanced skills, and 37% in incident response, with the latter category growing noticeably. Job postings increased by 58% year on year with a steady rise in vacancies reported as ‘hard to fill’. This creates a real need for firms both to upskill their own people and to widen their recruitment talent pool.
Unfortunately, it can be difficult to attract people to work in cyber although, in fact, cyber careers cover a far wider range than people recognise. You don’t have to be a programmer to specialise in cyber security; a huge range of skills – particularly around human interaction with cyber – are in demand. The UKCSC has identified no fewer than 16 career pathways in cyber4, ranging from testing and monitoring through to incident response and cyber management. Similarly, the DCMS report notes that the fastest-growing skills gap is in ‘complementary skills’, particularly in communications, leadership or marketing. In other words, the ability to communicate and manage is increasingly in demand in the cyber sphere.
Simon Hepburn, CEO of the UK Cyber Security Council, says “Doing more of the same is not going to solve the problem. We need to tackle the skills gap by making people aware of the range of opportunities in cyber and encouraging people from different backgrounds to study and work in cyber.”
To tackle the skills gap, we need to widen the appeal of cyber as a career and widen the scope of cyber education accordingly.
The reason exemplary practice coaching can be so effective is because it builds confidence and develops self-efficacy. Self-efficacy, particularly within a higher education context, is key to academic success. Research into self-efficacy has indicated that autonomy and independence of students impacts not only on academic success but in careers beyond education (Crozier, 1997, Sander and Sanders, 2009).
This is where MK:U’s distinctive approach comes into its own. We have designed our cyber security courses to include management, professional skills and human factors training for cyber security professionals, complementing technical skills and opening up career opportunities in different cyber fields for our graduates.
Understanding both the human and the technical aspects of cyber security, and then applying that learning to real-world events, is a powerful way to develop cyber professionals who can build robust defences to a growing threat. At MK:U, we encourage a wider understanding of the cyber context by posing security challenges set by the apprentices’ own company or local small businesses. Our learners tackle a range of these challenges using problem-based learning methods, building curiosity and problem-solving, as well as technical skills. Challenges might include creating a social media post to warn customers about a current threat such as ransomware (communication and information skills); building a business case for investment in a new cyber security tool (business and commercial skills); and conducting a risk assessment and proposing remediation options (technical skills).
This range of learning activities appeals to a wider range of learners and builds well-rounded and adaptable professionals, needed to close the UK skills gap.
1 https://www.comparitech.com/blog/information-security/uk-cyber-security-statistics/#:~:text=2021-2022 losses to fraud,April 2021 to April 2022.
2 Cyber Security and Covid-19: the True Impact Revealed. Hays Technology in association with CyberQ. Haystechnology.co.uk.
3 https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/1072767/Cyber_security_skills_in_the_UK_labour_market_2022_-_findings_report.pdf
4 https://www.ukcybersecuritycouncil.org.uk/careers-learning/careers-route-map/