Cyber Skills And Growth In The Industry

Salus Cyber is a community-focused cyber business and provides consultancy to impart expert advice on how a company can maximise strategy, increase profits, add value, and resolve issues. Cyber Security consultancy supports all those key elements and acts as a critical friend to a business dealing with complex issues where they lack internal capacity.

Salus was founded on strong values, integrity, accountability, and trust. These are the core factors that need to be considered when looking to the future and the next generation of talent within the industry.

The explicit needs of other businesses are significantly different to Cyber due to the regulatory requirements of NCSC in the CHECK space. Currently, most graduates entering the industry have specific skillsets based on their courses but not the general skills which are fundamental to understanding the wider cyber security implications of a business. Due to this, one of the biggest challenges being faced is that there is no natural fit from the University/Education pathways to provide Cyber businesses with the skillsets they require.

There is an ever-increasing number of pathways (Cyber degrees) however the critical elements such as penetration testing are not covered to the extent required by the industry, this is due to the ever-changing requirements and technologies which is something Cyber businesses need to consider due to the time and training required.

One of Salus’ graduate consultants, Cameron Doran, entered the industry through a Cyber degree pathway and provided insight into the process:

Brief overview of the University course

I undertook a four-year degree based on building the required skills to be able to perform a security audit of computer networks and systems. The course also built knowledge on how to prevent certain cyber-attacks from happening and included three modules based on ethical hacking.

Why I considered the course?

The reason I decided to do this University course, as opposed to another similar course was because this course covered the fundamentals to be able to progress into any sector of cyber-security. While the course did focus on learning how to perform a penetration test, the course also investigated areas such as, learning how to do coding with C++ (focusing on Data Structures and Algorithms), Digital Forensics (hard-disk drives and mobile phones), and Computer Networking (OSI Model, network traffic analysing, mapping a network). The course opened a lot of doors for exploring and discovering what areas of cyber-security I enjoyed and then in my final year allowed me to focus my honours project on that area. Another benefit of going through a University course is that there are plenty of opportunities to do work placements through the University. Being able to do these types of work placements will enhance your chances of getting a foot in the door.

I decided to do this course because during high school, the subject I enjoyed doing the most was computer science. This led to me wanting to pursue a career in computing. The reason for going into the cyber-security industry (specifically penetration testing) was because it seemed like the area that would open the most doors and a sector that was growing in demand. I also personally enjoy the challenge of a field that is constantly changing with new skills and concepts to learn.

Salus have continuously enabled new starters in cyber security to get high-quality work-related experience and a professional career pathway. Additionally, we hope to take on 1 – 2 apprentices through the University of Gloucestershire and CyberFirst whilst advising school children on how to get into the industry by sending books to them to help assist their journey.

Salus understands that to retain a healthy consulting team, a combination of graduates, senior consultants and experiences from other industry sectors which have links to Cyber are required to ensure we can continuously adapt to the specific needs of our clients. This includes having technical assessors appointed by the National Cyber Security Centre (NCSC) to ensure that the skills within the UK market remain at the cutting edge and contributing to the work of an industry assessment body (The Cyber Scheme and the Cyber Trust) to give back and support the development of standards in the sector

Another challenge being faced within the Cyber industry is retention. The average length of an employee’s time with a company in the UK is just under 3 years and for Cyber it is even shorter. When factoring in development and continuous training, a Cyber business will usually have approximately 2 years of output from a consultant which brings into consideration the return on investment (ROI) cost issues associated. Salus has invested heavily in new talent and developing the next generation of specialists, seeing a 54% growth in its workforce over the past year, being able to pair this with a healthy work culture is vital to retaining this talent and limiting the challenges faced.

When looking out towards the next 5 years and how the industry will shape its approach towards recruitment, the main factor to consider is the technologies that will be in play. With the rise in automation, digital twins and artificial intelligence, the risk is that there will be a delta between humans learning to do a trade craft when during significant parts of their career it is machines that will do most of the work. The question which needs answering is, how do you become a specialist in a field when people don’t want to use you as a practitioner? The ability to keep humans in the lifecycle moving forward is going to the be the biggest challenge faced by the Cyber industry.

Does the future look bright? The answer is yes but;

The advance of technology across all facets of society and life provides significant benefits to all of us and needs to be embraced by all businesses. Alongside that comes the responsibility for effective assurance and security to be provided to protect the users of that technology.  The NCSC highlighted its views on the future of technology assurance in the UK and it promotes the concept of continual assurance through the life of the product or service.  

This means we must all think differently when embracing new technology but also be clear about how we maintain an effective understanding of risk within our current and legacy technologies which still prop up significant parts of society. An annual MOT type approach to cyber assurance testing will not be adequate to mitigate the growing business risks we face and have seen in real terms with the growth of Ransomware and data theft over the past few years.

Those that see criminal or political opportunity in the vulnerabilities in technology are growing their capabilities.  This has always been the case, but the digital world allows much more flexibility in how, when, and where from to ply that tradecraft. Cyber Security needs to grow and keep one step ahead of these challenges for the rest of society to have confidence in the services and systems they use. 

Salus lives the continual assurance life in how it functions, operates, and seeks to promote that with its clients and partners. We also seek to attract diverse talent that can define and develop new concepts and methodologies around technology assurance and embrace the different skills and experience they bring to enrich the team.  Cyber Security is a great industry to work in and provides significant professional development opportunities across a diverse range of technologies and services and a huge sense of reward in helping businesses manage risk better.