Opinion: Is the UK on the brink of a cyber security skills crisis?

The adoption of the small word “cyber” has awoken the world to issues that many in the information security profession have been wrestling with for decades. And it’s about time too. We have “cyber security strategies”, “cyber security summits”, “offices of cyber security” and a “cyber security skills crisis”. Cyber security is of immense importance to everyone, and will only get increasingly so as the internet entwines our professional and personal lives.

What is increasingly clear from the recent stream of widely-reported incidents is that the provision of cyber security requires a “big picture” vision. Securing computer connections is of limited value if the data ends up on unprotected databases. Locking down hard drives is but a gesture if a copy exists on an unencrypted memory stick. The securest computer system in the world does not protect anyone from printed content being snapped by the long lenses of the media.

Universities such as Royal Holloway are uniquely placed to provide a bird’s-eye view of the cyber security landscape. One of the fundamental differences between a higher education qualification and more targeted training is the focus on issues and appreciation, rather than short-term problem solving. There is longer-term value in understanding, for example, the principles and issues surrounding authentication rather than simply becoming well-versed in the operation of a particular commercial product.

There are some worries about falling numbers of computing students in the light of demand for future cyber security professionals. This has potential to concern. However, from a cyber security perspective, I believe that there are good reasons not to panic and that there are opportunities to be explored.

It is important to appreciate that cyber security involves a wide range of skills. In the 20 years that Royal Holloway has been providing cyber security education programmes, we have educated almost 2,000 professionals, many of whom were already well advanced in their career. We have seen, perhaps better than anyone, the diversity of routes through which people enter the cyber security profession, as well as the range of opportunities that they pursue after completion. This is a very healthy situation since cyber security is not a narrow field of specialism but now represents a state of awareness with which everyone must engage.

And cyber security is cool. With this comes a tremendous opportunity to address any perceived skills gap head on. Initiatives such as the Cyber Security Challenge, which Royal Holloway has keenly supported, provide a vehicle not just to entice newcomers into the cyber security profession, but to reignite an interest in computing itself. There may well be a shortage of cyber security skills, but much of what is necessary to bridge the gap is already well in place.

Keith Martin is director of the information security group at Royal Holloway