Upskilling: Why it's vital in boosting the UK's cyber security talent

It's not news that the UK, like much of the world, is struggling with a significant shortage of trained cyber security professionals. According to government figures, half of firms struggle with even basic cyber security skills, with many businesses not confident in their ability to store or transfer data securely, detect malware or maintain access controls.


What's more, a third of all private sector companies have a more advanced technical skills gap, which could leave them exposed to a range of threats.


Overall, the government's Cyber security skills in the UK labour market 2021 report found around 449,000 businesses have at least one advanced skills gap, with the main areas of weakness including:


  • Penetration testing (25 per cent of companies)
  • Forensic data breach analysis (23 per cent)
  • Security architecture or engineering (23 per cent)
  • Threat intelligence (18 per cent)
  • Interpreting malicious code (14 per cent)
  • User monitoring (11 per cent)


The need to keep developing skills


With professionals with these advanced skill sets in such short supply, this presents an ideal opportunity for existing IT team members to enhance their skills by obtaining professional qualifications that will enable them to fill these gaps and protect their firms.


This may present particular benefits to those who are already working in the IT sector, and may have a working knowledge of skills such as coding, but who may not have experience directly in security or know how to translate these existing talents to this sector. 


However, there are a range of professional qualifications designed to help those looking to make the move into cyber security. The likes of (ISC)2, CompTIA and the EC-Council all provide entry-level courses designed for people with IT knowledge, but who may be coming to cyber security for the first time.


This is something that the cyber security industry is increasingly recognising. For instance, hacker and AppSec advocate Alyssa Miller told TripWire: "We have to start looking internally. We have to start looking at which folks within our organisation have a desire to expand their skills into security. 


"We should start looking at how to develop those people, how to enable them, how to provide training and how to provide them with opportunities that show what they can do in security."


The benefits to businesses of offering upskilling courses


Despite these benefits, less than a quarter of UK businesses (23 per cent) reported having any of their staff in cyber roles undertake training relevant to their jobs in the last year. Therefore, gaining the buy-in of senior management to approve and encourage cyber security training courses is vital. 


Many professionals will need to fit their studies around their other responsibilities, so it's important that employers are onboard and recognise the benefits, and so can offer the support individuals need.


Those that do this stand well-placed not only to upskill their IT staff, but also to retain them for the long-term. Research highlighted by TripWire, for instance, found keeping good staff is often a struggle, with only 39 per cent of firms saying they're able to retain cyber security staff members.


However, TripWire also noted that firms offering upskilling opportunities to employees often find it easier to keep hold of staff, as helping further professional development builds loyalty. Those with the right professional qualifications will also find themselves part of a larger community they can turn to for support and advice to help ensure they are well-protected from the latest generation of threats.


If you're looking to improve your cyber security skills, browse our range of industry-approved courses today.