The IT security sector is overlooking an entire generation of cyber-defenders, by basing key recruitment decisions on experience and expertise rather than enthusiasm, skills and core attributes, further deepening the European-wide security skills shortage crisis. This was a main talking point at yesterday’s one-day event organised by Kaspersky Lab and Royal Holloway University, designed to build interest and familiarity with the cybersecurity sector and encourage more students to consider cybersecurity as a profession. The event, mainly for MSc Business Information Systems and MBA students, was comprised of interactive sessions aimed to develop a deeper understanding of the assets of cybersecurity careers. In the morning session, students took part in Kaspersky Lab’s Cyber Safety Management Game, where they got the chance to test their readiness to develop and keep a company “cybersafe”. In the afternoon session, students were invited to take part in a cyber security quiz, giving them in-depth practical knowledge on the characteristics needed to help in the fight against cybercrime.
Alongside the interactive sessions, David Emm, Principal Security Researcher at Kaspersky Lab, delivered a presentation to students on targeted attacks: your personal survival guide. Throughout the day, students also had the opportunity to network with the industry, discussing the pathways to obtaining a career in the cybersecurity industry with Kaspersky Lab managers. Kaspersky Lab’s recent research into the cybersecurity skills crisis, in which 12,000 consumers and IT professionals from across the US and Europe were surveyed, found that a third (30%) of IT professionals feel that proven experience in the field is the most valuable asset for an IT security candidate to possess, closely followed by knowledge of IT systems (24%). However, our study shows that what graduates and school leavers lack in proven IT security experience, they make up for in personality characteristics that are ideal for cybersecurity careers. The survey found that IT professionals view the most important characteristics for working in IT security as being able to think outside of the box (44%) and work outside of normal environments (39%) and formal structures (38%). A third (35%) also agree that it’s important to be naturally curious about how things work. Large majorities of IT professionals regard young people as having these key attributes. Three-quarters (76%) say they can think outside of the box. 72% say they work outside of normal environments and 80% outside of formal structures. 81% agree that they are naturally curious about how things work.
Although young people may have the characteristics needed to help in the fight against cybercrime, a lack of engagement by the security industry is resulting in a missed opportunity. 71% are not aware of cybersecurity graduate opportunities and 73% have never considered a career in cybersecurity. Almost half (47%) of young people have little or no knowledge of what a cybersecurity expert does. “The IT sector needs a reality check when it comes to the widening skills gap that overshadows recruitment into the security industry,” says David Emm, Principal Security Researcher at Kaspersky Lab. “As a company, this year we’re celebrating our 20th anniversary. In the past two decades, the cybersecurity industry has matured immensely, but in other ways, we’ve made very little progress. By overlooking young people, the industry is failing to make the most of a valuable, rising resource. As our survey shows, this is paradoxical because young people are widely seen as having the very characteristics that the industry views as important. It’s time to take action in tackling the cultural constraints that exist around cybersecurity recruitment before it’s too late.