In January 2022, the government officially announced its first ever Government Cyber Security Strategy which aimed to step up Britain’s defence and resilience to the growing number of hostile cyber threats. A £37.8 million investment backs the strategy, which aims to help local authorities to boost their cyber resilience - protecting the essential services and data which people rely on the most, including housing benefit, voter registration, electoral management, school grants and the provision of social care.
Cyber Security has been a primary focus for many businesses, as scrutiny over privacy and data protection increases. Now that this scrutiny is moving from private sector into the public sector, the demand for more cyber professionals further increases. Yet the problem remains the same… the demand for cyber talent seems to massively outweigh the supply.
With the introduction of this new government strategy, what will this means for the demand and supply of talent?
Info-Security Magazine recently reported that the UK cyber skill shortage has surged by more than 30% in the past 12 months, finding that 43% of 823 UK digital leaders surveyed admitted they had a shortage in this area. A government study found that the UK cyber security talent pool has a shortfall of approximately 10,000 people a year!
And it’s not only recruitment that is challenging businesses, but also staff retention. 25% of surveyed UK digital leaders admitted they can’t retain key cyber security employees for as long as they would like.
But the new Government Strategy is impossible without the appropriate cyber talent across technical, policy and strategy, risk management, and leadership roles. So how will the government cross this skill gap to foster the cyber security focused culture they are driving for?
The UK needs to develop and nurture its cyber security workforce if it is ever hoping to catch up with demand.
A key area for the government is going to be diversity within cyber to open up the talent pool and recruit a workforce that is better representative of different genders, ages, social, cultural, and ethnic backgrounds, as well as looking at neurodiverse candidates. They are hoping this will make it easier to recruit into cyber security due to a broader talent pool whilst also building a spectrum of perspectives and the creativity required for problem solving and tackling the increasing diversity of cyber threats faced.
To develop talent, the Government are looking to establish a learning academy aimed at upskilling government security professionals and the wider civil service. Among other disciplines, it will develop both technical and non-technical skills, provide masterclasses and qualifications, and partner with professional bodies to help build skills through assessment and accreditation. For entry level roles the Government is considering a bigger focus on graduate and apprenticeship schemes, as well as outreach programmes designed to target underrepresented groups.
To attract and retain talent, the government has to compete against salaries and benefits packages provided by private sector companies, who can often afford to offer higher packages. Whilst public sector might struggle to offer competitive salaries, they can often gain the upper hand by sharing transparent pay scales which are directly linked to meritocracy and skill level. In addition to this, the Government are looking to foster a cyber security culture that empowers professionals to learn, enabling continuous improvements and sustainable growth in the sector.
Whilst the government strategy is firmly rooted in the public sector, there are some key points we can take away from this for private sector Cyber Security recruitment too. Businesses are fighting hard to find and attract cyber talent, often going head-to-head for top candidates. So, what can these businesses do to help them stand out from other hiring companies?
There’s lots more to a job than the salary, and often people who are more experienced and seasoned within cyber will choose opportunities based on projects and how challenging the role will be. But salary is an important benchmark to set.
It’s important to be realistic and transparent about compensation and be willing to pay people at or above the market average if you want to stay competitive. For support benchmarking and budgeting for salaries, download the Maxwell Bond Cyber Salary Survey here.
Question the requirements in your job advert. Are credentials such as bachelor or master’s degrees really necessary for the role? It’s important to cut out anything that is not 100% required, and instead focus on proficiencies and skills that your business is currently lacking. For cyber security, credentials such as event speaking, hackathons, or bootcamps may be better at identifying ability.
The market is saturated with lots of job adverts that are pretty much the same. IN order to stand out, you need to know how to really sell your business and highlight its unique selling points (USPs). For security professionals this might include talking about projects, tools, and technologies within the business. Businesses should get marketing heavily involved in the employee branding aspect, as they can help with positioning and branding, and the best way to present this information.
When sourcing exceptional cyber security talent, you should be present in the right spaces. This means going to talks, meetups, hackathons, and relevant conferences where those cyber-security professionals are. This isn’t the place to give heavy sales pitches, but rather a space to build relationships and brand awareness so you can therefore create trust.
Ensure you aren’t unnecessarily neglecting candidates from your recruitment process. Don’t narrow down your options by only looking for specific traits and characteristics. Make sure you are engaging young and entry level talent, as well as ensuring you’re using gender-neutral language in your job adverts, offering remote work and flexibility where possible, and creating a considerate and inclusive interview and onboarding process.
Whether your part of a public or private sector business, the ferocity of the war for cyber talent is increasing. For support hiring top talent in the market, reach out to me directly.
Maxwell Bond are the award winning specialist recruitment partner of choice for all tech and digital hiring across the UK and Germany, known for identifying, attracting, and hiring top cyber security professionals. With proven results in reducing time to hire, hiring candidates who are not on the active market, cutting recruitment costs, and improving employee branding, Maxwell Bond are on hand to help you scale and mature your cyber function.
For confidential hiring advice, get in touch directly.
Are you thinking about a new job in cyber security? Browse current opportunities on our website.