Taking findings from Ipsos MORI’s latest cyber security labour market study for DCMS, published in March 2020, we explore three areas in this webinar:
1. The demand for cyber skills in the UK
2. The training and qualifications landscape
3. Recruitment and diversity
Job-Oriеntеd Courses That Will Boost Your Career in 2024
Solving the Cyber Security Skills Gap with DCMS
1. Bridging the
cyber skills gap
June 2020
Erika Lewis, Department for Digital, Culture, Media and Sport
Jayesh Navin Shah, Ipsos MORI
Sam Donaldson, Perspective Economics
David Crozier, CSIT
Professor Steven Furnell, University of Plymouth
2. CIISec masterclass: bridging the skills gap | June 2020 | Version 1 | PUBLIC2
Content analysis of cyber
security job postings
393,257 UK job postings on the
Burning Glass database
Covers 3 years from
Sep 2016 to Aug 2019
Both core cyber roles
and cyber-enabled roles
Representative surveys of
cyber sector firms
c.1,200 UK firms in sector
Data collected across 2
telephone surveys
262 firms surveyed
from May to Jun 2019
205 firms from Aug to Oct 2019
Qualitative interviews with
cyber firms and team heads
From Jun to Sep 2019
7 cyber training providers
15 cyber team heads in
very large organisations
8 skills and recruitment
leads in cyber sector firms
4. CIISec masterclass: bridging the skills gap | June 2020 | Version 1 | PUBLIC4
Job titles often don’t define cyber roles well, and they
mask a range of wider jobs that also need cyber skills
Source: Burning Glass Technologies
Base for chart: 105,194 core cyber job postings from Sep 2016 to Aug 2019
105,194
core cyber jobs
(most common job titles in chart)
288,063
cyber-enabled jobs that need
technical cyber skills
Job postings over 3 years
Security Engineer
Security Architect
Security Consultant
Security Manager
Security Analyst
Information Security Manager
Information Security Analyst
Network Engineer
IT Security Analyst
Information Security Consultant
Network Security Engineer
Cyber Security Engineer
Security Specialist
Trainee Cyber Security
Network Architect
10%
7%
6%
5%
5%
4%
4%
3%
2%
2%
2%
2%
2%
2%
2%
5. CIISec masterclass: bridging the skills gap | June 2020 | Version 1 | PUBLIC5
A relative reluctance to go for entry level staff or those
entering core cyber roles from other professions
Source: Burning Glass Technologies
Bases (job postings that request specific experience): 16,044/ 55,915 core/cyber-enabled job postings from Sep 2016 to Aug 2019
30%
52%
8% 9%
41%
46%
5% 7%
0 to 2 years 3 to 5 years 6 to 8 years 9+ years
Core Cyber-enabled
Years of experience demanded
6. CIISec masterclass: bridging the skills gap | June 2020 | Version 1 | PUBLIC6
Growing clusters of cyber jobs
across regions
Source: Burning Glass Technologies
Base: 24,167 core cyber job postings from Sep 2018 to Aug 2019
Top 15 in terms of absolute
job postings
i. London (8,474)
ii. Birmingham (1,360)
iii. Manchester (1,164)
iv. Edinburgh (684)
v. Bristol (682)
vi. Reading (624)
vii. Leeds (534)
viii. Belfast (529)
ix. Slough and Heathrow (398)
x. Glasgow (394)
xi. Cambridge (381)
xii. Coventry (371)
xiii. Luton (349)
xiv. Basingstoke (332)
xv. Southampton (302)
Top 15 in terms of
Location Quotient
1. Basingstoke (2.5)
2. Reading (2.2)
3. Edinburgh (2.0)
4. London (1.9)
5. Birmingham (1.8)
6. Bristol (1.5)
7. Cheltenham (1.5)
8. Leamington Spa (1.4)
9. Leeds (1.3)
10. Coventry (1.3)
11. Milton Keynes (1.3)
12. Gloucester (1.3)
13. Belfast (1.2)
14. Worcester and Kidderminster (1.1)
15. Salisbury (1.1)
Location
Quotient key:
High (2.5)
Low (0)
8. CIISec masterclass: bridging the skills gap | June 2020 | Version 1 | PUBLIC8
There is a skills gap, and it affects several specialist
cyber security roles
Bases: 262 cyber sector businesses; 169 identifying any skills gap
% of cyber firms saying the following
prevent them meeting business goals
64%
job applicants/existing employees
lacking necessary technical skills
28%
employees lacking communication,
leadership or management skills
44%
43%
43%
42%
40%
36%
34%
25%
Business resilience
Assurance, audits, compliance or testing
Threat assessment or information risk management
Cyber security research
Implementing secure systems
Cyber security governance and management
Incident management, investigation or digital forensics
Operational security management
9. CIISec masterclass: bridging the skills gap | June 2020 | Version 1 | PUBLIC9
Employers found it challenging to get people with the
holistic skillset they were after
• Talk credibly across multiple
technical areas
• Work with multiple tools and
learn new tools quickly
• Mix of Governance, Regulation
and Compliance (GRC)
knowledge and technical skills
• Ability to implement technical
skills in a business context
• Communication and client
handling skills
Finding people who have
the broad brush
approach and a holistic
understanding of cyber
security is challenging.
Cyber security can mean
a lot of different things
for different clients.
Cyber sector business
11. CIISec masterclass: bridging the skills gap | June 2020 | Version 1 | PUBLIC11
The plethora of technical qualifications makes the
training and qualifications market hard to navigate
Source: Burning Glass Technologies
Base: 20,774 core cyber job postings from Sep 2016 to Aug 2019 that request specific certifications
CISSP
CCNP
CCNA
CISM
CISA
CCIE
MCSE
CompTIA Security+
GCIH
CCDP
GCIA
CEH
37%
27%
22%
18%
9%
9%
5%
4%
4%
4%
3%
3%
% of job postings
asking for these
qualifications,
among those
demanding any
specific
qualification
12. CIISec masterclass: bridging the skills gap | June 2020 | Version 1 | PUBLIC12
We have a lot of people who
have qualifications but have no
clue what they are talking about.
Cyber lead in large organisation
CIISec masterclass: bridging the skills gap | June 2020 | Version 1 | PUBLIC12
13. CIISec masterclass: bridging the skills gap | June 2020 | Version 1 | PUBLIC13
Employers wanted more guidance and signposting for
qualifications and more flexible training options
Further guidance linking
qualifications to career
pathways would be helpful for:
• Employers writing job
descriptions
• New entrants and those
transitioning to cyber roles
(e.g. IT professionals)
• Recruitment agents
Employers faced various
challenges with current
training provision:
• Training not always accessible
for diverse groups
• Courses perceived as overly
theoretical or academic
• Training does not routinely
build soft skills
• Variable quality of vendor-
specific accredited training
Apprenticeship and placement
schemes can be more flexible:
• Perceived lack of flexibility in
current apprenticeship
frameworks/standards
• Lack of time or experienced
staff to train career starters
• Longer term placements as
part of university courses
• Universities and schools could
give better career guidance
15. CIISec masterclass: bridging the skills gap | June 2020 | Version 1 | PUBLIC15
Vacancies for cyber roles have been hard to fill for
various reasons, but mainly a lack of technical skills
Bases: 205 cyber sector businesses; 79 that have had hard-to-fill vacancies
35%
of all vacancies for cyber roles
in the last three years have
been considered “hard-to-fill”
43%
22%
16%
16%
13%
10%
Lack of soft skills
Lack of technical skills or knowledge
Candidates lacking required attitude or motivation
Lack of candidates
Low pay or benefits
Location
16. CIISec masterclass: bridging the skills gap | June 2020 | Version 1 | PUBLIC16
Employers highlighted several barriers and challenges
they faced when it came to recruitment
• Skills are highly priced
• Lack of suitable applicants and some
misrepresenting their abilities
• Mismatches between job roles,
frameworks and qualifications
• Recruitment agents lack an
understanding of roles and qualifications
I got the perception that people
were trying their luck, jumping on
the cyber security bandwagon
with little experience and
demanding a good salary.
Cyber lead in large organisation
17. CIISec masterclass: bridging the skills gap | June 2020 | Version 1 | PUBLIC17
Cyber sector firms are less gender diverse than the
rest of the UK’s wider digital sector
Bases: 198 cyber sector businesses for gender estimate; 183 for ethnicity estimate; 163 for neurodiversity estimate
(excluding those that were not able to answer these questions, or refused)
Gender and ethnicity comparison data taken from DCMS Sectors Economic Estimates 2018.
9%
15%
28%
47%
Female
Neurodivergent
Cyber sector workforce Digital sector workforce All UK workforce
Ethnic minorities
16%
17%
12%
18. CIISec masterclass: bridging the skills gap | June 2020 | Version 1 | PUBLIC18
Diversity was broadly considered important but often
overlooked as a way to increase the recruitment pool
• Generally seen as
beneficial
• Sometimes viewed as
beyond their control
• Perceived mostly in
terms of soft benefits
• Diversity initiatives
were sometimes limited
in scope and focus
I can only pick from the CVs that are put in front of me.
Cyber sector business
I don’t know what we can do really apart from
attracting more and more people to the positions.
Cyber lead in large organisation
19. CIISec masterclass: bridging the skills gap | June 2020 | Version 1 | PUBLIC19
• A complex labour market with strong regional variation in demand
• Skills gaps across multiple technical areas as well as soft skills gaps
• A strong desire for job applicants with an holistic mix of skills
• The quality of courses, and requirements for different roles, often not clear
• More diversity not always acknowledged as a way to widen the recruitment pool
• It is unclear how this labour market will adapt to the coronavirus pandemic
Summing up
20. CIISec masterclass: bridging the skills gap | June 2020 |
Version 1 | PUBLIC
Thank you
jayesh.shah@ipsos.com
sd@perspectiveeconomics.com
d.crozier@qub.ac.uk
s.furnell@plymouth.ac.uk