by Budgie Dhanda, CEO of Qufaro & Adrian Davis, Visiting Professor at University of Sunderland
The lack of trained professionals in the cybersecurity industry is a problem that official statistics predict will only get worse with time. In fact, the 2017 ISC2 Global Information Security Workforce Study predicted a global 1.8M shortfall by 2022. The threats that organisations need to brace for are in continuous evolution, and more than ever is there a need for a diverse, highly skilled and highly resilient workforce to help fight cybercrime.
We’ve concentrated on degrees, professional certifications and years of hands-on experience as the benchmarks to evaluate individuals and decide whether to offer them a role within our IT security functions. These criteria, however, may be too reductive, as they inevitably force people who wish to work in cybersecurity to follow a traditional path through higher education, professional training and work experience. The security industry needs to provide more routes for interested students to learn, gain experience and start their cybersecurity professional journey.
The past few years have seen a rise in university-led cybersecurity degrees, but we believe that cybersecurity education should both start earlier and have a more vocational perspective. Qufaro, set up in 2015, is aiming to grow the UK’s cyber security talent pool by providing the development and support required to equip individuals and organisations with the necessary tools and knowledge.
Working with world-recognized qualification organizations, we’ve developed two new routes for individuals at school or further education: the cybersecurity extended project qualification (EPQ) and the Level 3 cyber apprenticeship standard, which will be released in the new year.
The EPQ is a way to conduct university-style study and research whilst still in school, and requires students to independently produce a piece of work – an essay, an artefact or a science project. The EPQ takes about a year part-time. Successful completion of an EPQ counts towards UCAS points and, more importantly, it stimulates and highlights the skills we need in the security industry: planning, problem solving, and the ability to work and think independently.
The EPQ uniquely combines web-based teaching modules and the EPQ project. The modules are aligned with the National Occupational Standards, as well as the Chartered Institute of Information Security Skills Framework. The modules range from Cryptography, Info-Sec Management and Risk Management, to Digital Forensics, Business Resilience and Secure Testing. The course is project-based, with an essay and a presentation based on the student’s learnings contributing to their final mark.
The apprenticeship is a new route to bring people into our profession. Apprenticeships combine the rigour of classroom-based learning with gaining hands-on work experience. Qufaro has been developing a new standard for apprenticeships, with a pan-industry group, including major corporations, SMEs, public sector and professional bodies, and is designed to provide the practical foundational skills to meet the needs of the widest set of employers.
However, one of the biggest failings with apprenticeships is a fundamental misunderstanding of the funding process and the incentives to take on apprentices. Large companies pay an apprenticeship levy into a “pot”, which the company then draws down as it employs apprentices. Smaller companies pay either 5% or nothing towards the cost of training for an apprentice. Put another way, the most a small company would have to pay to train an apprentice is £900 a year.
Let us finish with a call for action: visit Qufaro’s website, read about how to get funding for apprenticeships, tell your kids, tell your local school and tell your boss about these routes to join our exciting, well-paid and rewarding profession.