The results are in but how many will go on to study infosec?
The results are in but how many will go on to study infosec?

Amidst a slow growth in students taking computing courses at GCSE level, there is a fear of an eventual shortage of skilled personnel to work in the sector.

Figures from the Office of Qualifications and Examinations Regulation (Ofqual) have warned that entries for the new computing exams have risen to 67,800 this year from 61,220 in 2016.

However, as 58,600 students are still taking the old ICT exam from the previous curriculum, the overall number of students getting a GCSE in computing is about to fall slightly.

Speaking to the BBC, the British Computing Society warned “the number studying for a computing qualification could halve by 2020”, adding should this happen, it would be a “disaster for the economy”.

Debbie Tunstall, head of education programmes at the Cyber Security Challenge UK, emailed SC Media UK: “The latest figures from Ofqual are somewhat disappointing, while perhaps not totally surprising. We are still facing a battle in the wider technology industry around the understanding of potential opportunity in this field. If this isn't addressed then it will only further expand the already critical skills gap.”

Tunstall said, “Computing, cyber security and other ICT subjects are all relatively new areas of study, and pathways through from early education to successful career are still being shaped. Because of this, there is still a severe lack of understanding of careers in the area by parents and teachers, who are the main influencers on young people when they consider careers during education.”

The old ICT course being taught in schools was scrapped in favour of a more programming-led curriculum. The old course was criticised “as teaching little more than how to use Microsoft Office”.

The new computer science GCSE exam is said to be considerably more difficult, both for students and teachers.

The British Computing Society told the BBC, “It is unrealistic to expect teachers of ICT to turn into teachers of computer science without significant training and support – and despite initiatives from organisations like Computing At School there has just not been enough funding to usher in this revolution.”

The other big issue is the lack of women not only taking any computing-based exams, but also in the computing industry as a whole. In 2016 women made up a mere 20 percent of exam entrants for the computer science exam.

Dr Adrian Davis, managing director for EMEA at (ISC)², said, “The lack of uptake in the new computing science GCSE is not just about course content and the percentage of girls studying it. It is a wider issue that students, parents and teachers do not understand the significant opportunities within IT and still believe it to be a tech and male-dominated environment.

“IT – and information security – need to be much more proactive in marketing and selling themselves, the careers on offer and much more clear in describing who and what the industry needs. The computing science GCSE should be seen and sold as the first step in a successful and well-paid career.”

Earlier in the month, (ISC)² released the findings from another of its mega-surveys – 19,000 cyber-security professionals in total – and points out what we already know in cyber-security: two-thirds of organisations state that they currently have too few cyber-security workers “as the region faces a projected skills gap of 350,000 workers by 2022”.

(ISC)² says to combat this problem employers should do more to embrace those new to the industry, as “92 percent of hiring managers admit they prioritise previous cyber-security experience when choosing candidates, and that most recruitment comes from their own professional networks”.

In 2016 ISACA predicted a global shortage of two million cyber-security professionals by 2019, claiming that for every 10 cyber-security job ads that appeared on the careers site, Indeed.com, only seven people even click on one of the ads.

In light of this, Tripwire has conducted a poll to find what the biggest barrier to entry is for people when pursuing a career in information security.

Sixty percent of respondents believed that a lack of experience was the main challenge facing those trying to seek employment within the industry. Only 20 percent felt that no certifications or a lack of industry education is the main issue, with 11 percent answering that low salaries was the main deterrent.

A statement from Tripwire says, “Anecdotal responses from the poll have revealed some hard truths about the struggles candidates face. Many believe the experience demands for entry level positions are unrealistic whereas some feel that additional certifications are becoming increasingly expensive to obtain.”

Tim Erlin, VP at Tripwire said, “Employers need to realise that we are at a critical point within the cyber-security industry. We know that companies are seeking the perfect candidate who has 5-10 years' experience and several certifications for an entry level position. This is an impractical and damaging approach to hiring as we are substantially restricting the pool of potential candidates.

“Companies need to be more inclusive and mindful of the other attributes that make a good security professional. If a candidate does not have the adequate experience but has the necessary training or skillset, then there is an opportunity to educate them through the company. Offer them certifications and training programs within the organisation to develop their skills. This goes a long way to increase employee loyalty, too.

“Being analytical, curious and a good communicator are just some of the attributes that make a good cyber security professional. If you have the right systems in place, there is no reason not to hire someone who has these skills and teach them the technical skills later. There is an abundance of IT talent that wants to break into this sector and there are many diamonds in the rough that can be mentored and nurtured into future stars. Moving forward, we need a change in mindset quickly otherwise this issue will scale out of hand.”