How the government can close the cybersecurity skills gap

How the government can close the cybersecurity skills gap

Closing the cyber skills gap has long been a challenge within the cybersecurity sector, with professionals attempting innovative ways to appeal to potential employees. Sascha Giese, Head Geek at SolarWinds, discusses how the government can recruit effectively to close its cybersecurity skills gap, especially as the pandemic has put government cybersecurity professionals under immense pressure to secure work-from-home environments.

During the COVID-19 pandemic, many government agencies rapidly shifted their personnel to remote working. Speaking at the techUK annual Building the Smarter State event, Craig Eblett, Digital Delivery Director at the Department for Work and Pensions (DWP), discussed the need to distribute computer devices and equipment to approximately 40,000 staff at the Home Office to enable remote working (previously, only up to 6,000 employees were able to work remotely) and a continued supply of services to citizens.

This placed government cybersecurity professionals under immense pressure to secure work-from-home environments from opportunistic hackers. In the meantime, a rise in online traffic to vital government services (such as education and healthcare) has created a pressing need for cybersecurity and IT professionals to alleviate the risk associated with this unprecedented increase in demand.

The pandemic has presented new challenges for central government organisations, many of which were already dealing with a shortfall in cybersecurity skills. According to research published earlier in March by the Department for Digital, Culture, Media & Sport (DCMS), approximately 48% of businesses have a basic skills gap — with 30% acknowledging more advanced skills gaps — in areas such as penetration testing, forensic analysis and security architecture.

Prior to the pandemic, organisations were struggling to compete for talent. This owed to a combination of inability to compete with private sector salaries and limited funds to contract external providers. In a SolarWinds cybersecurity survey in the US, 91% of state and local respondents indicated IT security operations are currently provided by in-house staff. The pandemic has stretched existing IT security the world over to its limits, resulting in state and local government coalitions asking Congress for increased cybersecurity funding and resources. In the UK, £10 million was made available by the government in June to be invested over a four-year period to advance cybersecurity technology solutions.

From a skills perspective, though there are many challenges for government organisations to overcome in attracting quality talent, they’re not unbeatable. Here are a few ways to build additional cybersecurity talent.

1. Increase current cybersecurity skills

Severe revenue shortages are already impacting budgets and they’re evident in hiring as well. Without the funds to attract new talent, public sector CIOs and CISOs should look to upskill existing talent. Organisations can offer training options like cybersecurity bootcamps to provide IT personnel with cybersecurity skills or help existing security staff learn new ones.

If budget is a bigger issue, there are alternatives to formal training. Hands-on, low-cost activities like cyberwarfare gaming, ethical hacking and simulations allow security professionals to ask questions, experiment, hone their skills and form valuable bonds with their peers.

Industry training is another useful tool. In the absence of in-person events and seminars, many cybersecurity vendors are offering free webinars and other forms of educational content. However, for any of these forms of self-study to be effective, managers must give their teams the opportunity and time to focus.

2. Highlight the advantages

When we emerge from the Coronavirus pandemic and hiring gains momentum again, recruitment managers must prepare to compete for cyber talent. But going head-to-head with private companies on salary may not be a winning strategy unless exceptions can be made for people with exceptional skills. A better approach is to emphasise employee benefits. Government benefits, including health insurance, retirement and holiday, can be greater than those in the private sector. Work-life balance is another positive. Employees in municipal work tend to work structured hours, have the opportunity to telework and can usually receive all bank holidays off.

Similarly, the public service aspect of government work is another strong selling point. Government cybersecurity professionals work behind the scenes to protect vital services, including public safety, schools and healthcare systems. It’s an environment driven by quality of service and not by profit. This can be a huge motivator for today’s purpose-driven generations.

3. Exposure to a broad scope of cybersecurity challenges

Government cybersecurity professionals work at the cutting-edge of a wide-range of issues, giving them an often-overlooked advantage over their private sector counterparts.

In education, for example, security professionals are working to secure networks and systems to prevent black hats from exploiting the enhanced threat landscape created by virtual schooling. In terms of healthcare, over the past few years, the NHS has undertaken an extremely ambitious cybersecurity programme at the local and national level, working with security professionals to improve — among other things — cyber monitoring, threat intelligence, incident responses and cyber training.

Of course, not everyone in cybersecurity is excited by the same thing. Some may be looking for a new challenge — such as helping to shape and define security policies and strategy or modernising technology infrastructure — while others prefer to support already well-defined security programmes with the goal of refining their skills within that particular environment. There’s a place for all these interests in the government environment.

Focusing on prior experience isn’t enough to secure talent. Government officials should think more about the potential of the position and the associated skills needed to identify the right candidate. Organisations need to think hard about the position’s purpose and ask, ‘What problems are we trying to solve? What would attract someone to this job? Why would they want to work here?’

4. Be inspired

Though demand for cybersecurity skills is pitting government organisations against the private sector, it’s also a unique opportunity for teams to get creative in their retention and recruitment practices.

Enhancing and developing cybersecurity expertise can help organisations make the most of existing internal talent, bolster the existing workforce and encourage retention. As employers compete for new hires, government hiring managers should lean into their strengths and entice people with what they have to offer: great benefits, job security and a unique environment that challenges people to grow while impacting the communities they serve.

Browse our latest issue

Intelligent CISO

View Magazine Archive