The broader the cyber recruitment remit, the richer the cyber talent pool

The demand for cyber security professionals is continually increasing, yet the cyber skills shortage and gap persist. It's time to boost the diversity of cyber skills in the UK by thinking outside the box, says Senior Cyber Security Consultant, Della-Maria Marinova.

The latest cyber security skills in the UK labour market report reveals a 30% increase in demand for 'all cyber roles' – at the same time, UK businesses continue to struggle to fill vacancies. In 2022, there was an estimated cyber security workforce shortfall of around 11,200 people – with some 50% of UK businesses claiming to have a basic cyber security skills gap within their existing workforce.

This is compounded by the lack of diversity in the sector:

• People from minority ethnic backgrounds account for 22%
• Women account for 17%
• Neurodivergent people account for 12%
• People with physical disabilities account for only 7% of the cyber workforce.

These figures highlight a need for change. However, many organisations don't know how to recruit talent from more diverse routes, or even that a broader source of talent is available to them. Wider reach means greater diversity

People are made up of various characteristics that determine who we are, and how we think. So, it stands to reason that the wider the range of these characteristics within the workforce, the greater the diversity of thought and skills embedded within the workforce.

Enhancing diversity of thought and skills is crucial from a legal, social value, social responsibility and moral perspective. It also has the potential to have a positive impact on organisations by leading to the reduction or avoidance of 'groupthink', enabling greater business resilience through improved organisational reactiveness, and adaptability to disruptive critical events.

Organisations that take steps to improve diversity often focus their recruitment efforts on entry-level positions and limit skills diversity through an overreliance on formal technical qualifications. The 'hacking the skills shortage' report found that around 50% of cyber security companies prefer a bachelor's degree in a relevant technical subject as the minimum credential required for entry into the field.

Broadening the talent pool

While such qualifications can help identify applicants who have a certain level of knowledge, over-reliance on them can significantly limit the range of applicants. For example, the gender gap for cyber security courses remains wide, with only 12% women at undergraduate level, and 23% at postgraduate level, creating a gender-biased applicant pool at entry-level stage.

Conversely, non-conventional routes into cyber increase the volume and variety of skills in the sector. At AtkinsRéalis, our eight-week cyber summer placement, aimed at university students and run in partnership with a client organisation, is an example of an early careers 'non-linear' pathway.

The placement has attracted students from a variety of STEM and non-STEM backgrounds, such as ancient history, chemistry, geography, mathematics, and physics. Even better for us, some 35% of these placement students have chosen to work for us when their placement is finished.

Mutual benefit in new opportunities

AtkinsRéalis also expands its talent pool through 'experienced hire', non-linear initiatives such as Partnering With the Armed Forces, offering support and opportunities to ex-military personnel, reservists, cadet instructors and military spouses or partners. We also run a returners' programme, supporting and offering opportunities for people returning to work after extended career breaks, or choosing to change direction in their career.

These non-linear routes into cyber careers demonstrate how different pathways can create new opportunities for professionals at all levels and from a variety of backgrounds – including those not typically associated with a cyber security career.

Overcoming the challenges

To increase the diversity of skills in cyber in this way, organisations must first understand their skills gap. Skills frameworks, competency models, and toolkits such as the cyber security competency model, the cyber career framework, or the proposed Government platform based on the existing digital skills toolkit, can help organisations identify the transferrable and technical skills needed, by providing a framework around which skills can be quantified. This approach can enable organisations to develop an effective recruitment strategy; one that meets organisational requirements and market demand.

Understanding the skills gap will also enable organisations to develop appropriate training routes to upskill and cross-skill staff following a non-linear career pathway into cyber. However, offering training carries the risk that employees may leave because they've become more valuable in the marketplace and some research shows that increasing diversity can cause friction within teams. These risks can be mitigated through flexible business practices, transparent and coherent business processes, and effective people management and leadership that incorporates equality, diversity and inclusion (ED&I)-focused line manager training and cultural and behavioural change.

Diversity cannot flourish without inclusion; therefore, these practices and processes need to be centred around a clear inclusion vision, based on clearly defined organisational objectives, norms, and values, to bolster retention.

Tapping into non-linear pathways doesn't require organisations to scrap linear routes – but it does ask that they think outside the box to increase skills diversity and reduce the cyber skills shortage.

Discover our approach to promoting equality, diversity, and inclusion so everyone can thrive.