This September kids up and down the country returned to school to find that alongside the traditional subjects of Maths, English and Science, three new areas of study in computer science, digital skills and IT had been introduced to the national curriculum. Re-named the Computing Curriculum (as opposed to the ICT curriculum), children as young as five will now begin to learn and understand the fundamental principles of computer science on a mandatory basis, including skills such as coding, programming, and writing algorithms.
Part of a much wider nationwide initiative, the Department for Education is actively seeking to overhaul the approach to cyber skills in the UK. The Cabinet Office has already set up the Cyber Security Challenge to get more people interested in cyber security careers, and more apprenticeships are now available in the sector than ever before. After what feels like years of underinvestment, we are finally turning a corner and recognising the crucial role that the cyber industry has to play in the future of the UK economy.
There does have to be a question however, as to the real ability of teaching staff to be able to support the initiative to the level the students will both need and their evolving skills will demand. This is the very heart of the generational skills gap. None-the-less this is a really welcome change. Perhaps too we can see a return to the teaching of Latin - the parsing skills learned in Latin are a central skill in Code writing and editing.
Preparing for the future workforce
Research released this month from the Higher Education Careers Services Unit (HECSU) found that the number of unemployed IT and computing graduates six months after graduating dropped from 14.8% in 2013 to 13% this year, yet this was still higher than the average at 7.3%. It has become apparent that unemployment levels have little to do with a lack of cyber security jobs - these graduates simply don't have the right skills for the job.
Part of this problem lies in the lack of adequate vocational-based education within schools. Employers and universities should work more closely to combine studies with practical, hands-on experience. Heritage sites such as Bletchley Park have shown they can plan a valuable role in engaging young people. David Emm, a senior security researcher at Kaspersky Lab, also made an important point when he noted that IT and cyber skills should be compulsory up to the age of 16 like Maths and English- particularly in an era when the cyber threat is evolving at a rapid rate.
Jobs within cyber security should also be shown as more appealing and positioned at the cutting edge of IT. The UK has every opportunity to be at the forefront of exporting cyber skills around the world. Our knowledge and expertise make for strong business exports. However, we are behind where we could be. The past failure to properly teach IT and security in schools puts us 6-8 years behind countries like the USA. Getting our house in order means continually investing in training in cyber security awareness and creating more jobs in this area. Good moves have been made and the required cultural change is underway, but these things take time. There is much to praise about business and government actions in the last couple of years in terms of supporting cyber skills and industry, it is just a shame it wasn't done years earlier.
Re-skilling our current cyber experts
Whilst plans to implement cyber security lessons in schools are fantastic for training up the next generation, they do little for the current generation of employees, who, thanks to a lack of foresight, did not benefit from such initiatives. A lack of available cyber expertise and general cyber awareness within organisations remains one of the biggest challenges in dealing with cyber threats.
A cyber-savvy attitude should be embedded in company culture - not bolted on. HR departments could work with IT departments to continually train employees in cyber best practice. HR and procurement professionals in particular need support - because they need to open lots of emails from unknown sources (CVs, product specifications, etc.) they are often the easiest route in for cyber criminals. Many employees are trained in health and safety- why not in cyber?
Whilst it will likely be a decade or more before we begin to see the true value of the current efforts to improve cyber skills, it's clear that putting these steps in place is a great starting point, and gives us a good advantage in surviving against this rapidly evolving threat landscape. Only by addressing this issue can we ensure we are adequately equipped for the future.