Cyber Quarter Joins ISC2 Official Training Partner Programme to Advance Cyber Security Training

Cyber Quarter Midlands Centre for Cyber Security, a leading institution dedicated to advancing cyber security professionals’ education and services, is thrilled to announce it has become an Official Training Partner (OTP) of ISC2, the world’s leading non-profit member organisation for cyber security professionals. This partnership aims to bolster cyber security training initiatives and equip UK professionals with the skills and expertise needed to combat evolving cyber threats effectively.

As the digital landscape continues to evolve, the demand for skilled cyber security professionals has never been higher. The UK cyber workforce gap alone has reached a record high, with 73,439 professionals needed to adequately safeguard digital assets. Furthermore, 93% of UK cyber security professionals are experiencing skills gaps at their organisations. This collaboration brings together the expertise and resources of Cyber Quarter and ISC2 to address the demand for skilled professionals by improving cyber security knowledge and capabilities, as well as expanding the pool of certified individuals.

Cyber Quarter will offer dedicated training programmes using ISC2 materials and authorised instructors to prepare individuals at all stages of their cyber security careers to obtain ISC2 certifications, including the Certified Information Systems Security Professional (CISSP) and Certified Cloud Security Professional (CCSP) certifications, among others. Professionals undertaking training for ISC2’s cyber security certifications will benefit from expert-led sessions covering domains aligned with the certification exams.

Prof Prashant Pillai, Managing Director of Cyber Quarter and Pro-Vice Chancellor, expressed his excitement about the partnership, stating, “This collaboration between Cyber Quarter and ISC2 marks a significant milestone in our mission to empower cyber security professionals with the knowledge and skills they need to excel in their careers. Together, we will contribute to a more secure digital landscape by providing high-quality professional training and certifications.”

Marc Barfoot, Manager of Commercial Partnerships at ISC2, said, “We are thrilled to announce Cyber Quarter as an Official Training Partner of ISC2. As global and national cyber threats escalate, the need for education to help collectively defend against tomorrow’s cyber risks has never been more important. Our partnership will enable Cyber Quarter students, from a diverse range of backgrounds in the UK, to develop core skills within all areas of cyber security. Through official training, individuals can access relevant, up-to-date course content for our premier cybersecurity certifications, enabling them to achieve their professional goals and further their careers.’’

This partnership represents another step forward in addressing the global shortage of skilled cyber security professionals and underscores the commitment of both Cyber Quarter and ISC2 to advancing cyber security education to make a lasting impact on the cyber security landscape.

For more information about Cyber Quarter and its cyber security training programmes, please visit   

About Cyber Quarter

The trail-blazing Cyber Quarter Ltd is a joint venture between the University of Wolverhampton and Herefordshire Council. The centre is based on Skylon Park, Hereford’s Enterprise Zone and a key player in the Cyber Valley (home to 15% of the UK’s top 600 cyber companies) that spans Worcestershire, Herefordshire and Gloucestershire.

Cyber Quarter provides a range of cyber security services from bespoke Continuous Professional Development (CPD) training courses, industry recognised vendor certification courses, as well as a range of cyber products, services and consultancy to protect your business.

About ISC2

ISC2 is the world’s leading member organization for cyber security professionals, driven by our vision of a safe and secure cyber world. Our more than 600,000 members, candidates and associates around the globe are a force for good, safeguarding the way we live. Our award-winning certifications – including cyber security’s premier certification, the CISSP® – enable professionals to demonstrate their knowledge, skills and abilities at every stage of their careers. ISC2 strengthens the influence, diversity and vitality of the cyber security profession through advocacy, expertise and workforce empowerment that accelerates cyber safety and security in an interconnected world. Our charitable foundation, The Center for Cyber Safety and Education, helps create more access to cyber careers and educate those most vulnerable. Learn more and get involved at Connect with us on X, Facebook and LinkedIn.

PECB UK and Ireland signs a partnership agreement with the Cyber Quarter Ltd.

(March 23, 2023) – It is with great pleasure that PECB UK and Ireland announces a new partnership agreement with the Cyber Quarter Ltd. This step will enable the distribution of PECB training courses in the UK and Ireland, and will ensure that the respective companies will give expertise-based contribution in offering and organizing PECB training courses.

“PECB UK and Ireland has built a strong reputation in the international market for its expertise and ability to develop and deliver many ISO standards trainings,” says Graeme Parker, Managing Director of PECB UK and Ireland. “We believe our training courses perfectly complement the Cyber Quarter Ltd. and this partnership will enable us to provide people in the UK and Ireland a cost-effective way to invest in their professional careers,” he added. Cyber threats are becoming more and more prevalent in today’s world. As technology continues to advance, so do the techniques used by cybercriminals to breach organizations’ systems and steal sensitive information. This is why cyber training has become a crucial need for individuals and organizations alike.

About PECB 

PECB is a certification body that provides education, certification, and certificate programs for individuals on a wide range of disciplines.

We help professionals and organizations show commitment and competence by providing them with valuable education, evaluation, certification, and certificate programs against rigorous internationally recognized standards. Our mission is to provide our clients with comprehensive services that inspire trust, continual improvement, demonstrate recognition, and benefit the society as a whole. For further information about PECB, and for the complete list of standards, please visit

About the Cyber Quarter Ltd.

The trail blazing Cyber Quarter Ltd is a joint venture between the University of Wolverhampton and Herefordshire Council. The center is based on Skylon Park, Hereford’s Enterprise Zone and a key player in the Cyber Valley (home to 15% of the UK’s top 600 cyber companies) that spans across Worcestershire, Herefordshire and Gloucestershire. 

Cyber Quarter provide a range of cyber security services from bespoke Continuous Professional Development (CPD) training courses, industry recognized vendor certification courses, as well as a range of cyber products, services and consultancy to protect your business.

Cyber Quarter – Strengthening business resilience, one person at a time!

Although it can be quite daunting, one of the best ways to realise the importance of sound cyber security is through knowing the facts. 

According to Hiscox, one small business in the UK is successfully hacked every 19 seconds. Every day, it is estimated that there are around 65,000 attempts to hack small-to-medium sized businesses (SMBs), with around 4,500 being successful. That’s a massive 1.6 million SMBs in the UK every year. 

Furthermore, research demonstrates that one of the leading causes of cybersecurity breaches is due to human error. In 2021, it was found to be responsible for 95% of breaches, which has understandably led to the call for attention to be drawn to Human Factors. 

In cybersecurity, human factors refer to the situations when the human error results in a successful data or security breach; it can be said that humans are the weakest component in terms of security and imply the greatest risks and threats for any business or organisation. Unfortunately, a growing factor that is influencing human error is increased levels of stress. 

According to CIISec’s 2020/2021 State of Profession report, 557 security professionals have said that stress has become a major issue in recent years, with 80% also saying that they have seen the first-hand effects of stress on their staff. This is concerning as research has shown that, when people are stressed, they are more vulnerable to the attempts of cyber criminals. 

To raise awareness of this, the Cyber Quarter recently held a workshop at the Cyber Quarter building in Hereford entitled ‘People – The Hidden Human Cost of Cyber’ as part of a Business Resilience Programme. The aim of this workshop was to share insights with local businesses on how, by de-risking your people’s behaviours, de-risking your contracts and optimising your insurance, you can actually thrive after a cyber-attack and not just survive.  

Along with Clare Murphy & Rebecca Kirk from Harrison Clark Rickerbys Ltd, the Cyber Quarter were joined by Human Factors Specialist Ellen Kay.   

“Our people are not only our greatest asset but our greatest liability. You don’t hire your greatest insider threat you create them OR you give them your password! We can de-risk our organisations if we de-risk the thinking and behaviours of our employees. There is also a significant benefit by taking professional advice in advance of an attack and not afterwards. The most significant one is cost savings. Creating a culture of resilency will enhance not only performance but reduce risk. And at a time of huge economic change it is never more important to take care of your costs, your contracts, your supply chain, your customers, your employees and your market position. If you take action you can take control.” Ellen Kay. 

Here is some feedback from the session: 

“Invaluable advise”, “Thank you, thank you, thank you”, “Informative case studies”, “A great format” 

All the businesses who attended the workshop were able to apply the insights from the session into their own business. New employment contracts are being drafted, bespoke workshops are being discussed for a clients’ client-base and another company has signed up for our complete Human Factors programme. If you’re a business looking for support to improve your cyber resilience, feel free to send us an enquiry via the Cyber Quarter website, or send us an email via the address below. 


Follow our LinkedIn here

Family Cyber Discovery Day at Cyber Quarter Draws Enthusiastic Crowd for a Day of Cyber Security Fun and Learning

In a bid to promote cyber security awareness and digital safety among families, Cyber Quarter hosted the highly anticipated Family Cyber Discovery Day at the Midlands Centre for Cyber Security on Tuesday 25th October, attracting families from across Herefordshire.

The Family Cyber Discovery Day consisted of interactive activities and engaging workshops, making it a memorable experience for participants. Families gathered to explore the fascinating world of cyber security through online games catered to different age groups, educational talks, and an engaging Cyber Maze challenge designed for families to navigate together.

One of the highlights of the event was the presence of Boston Dynamics’ agile mobile robot dog, Spot. Attendees were treated to engaging demonstrations showcasing Spot’s incredible capabilities, allowing families to witness first hand how robots like Spot can assist in various scenarios and tasks.

The primary goal of the event was to promote digital resilience and empower families to stay safe online. With the increasing prevalence of cyber threats and online dangers, the need for such awareness initiatives has become paramount and the event provided families with valuable skills and knowledge to navigate the digital world securely.

Due to the overwhelmingly positive response and impact on the community, Cyber Quarter are now putting plans in place for the next Family Cyber Discovery Day.

To access additional details about the upcoming 2023 Family Cyber Discovery Day, please complete our enquiry form using the link provided below.

Enquiry Form – Cyber Quarter

Wolverhampton clinches ‘Cyber University of the Year’ award

The University of Wolverhampton has clinched a top award for ‘Cyber University of the Year’ at this year’s The National Cyber Awards 2022 held in London recently. 

The awards have been set up to reward those who are committed to cyber innovation, cyber crime reduction and protecting citizens online. 

The university offers a range of undergraduate, postgraduate and doctoral programmes in cyber security and computer science at its Wolverhampton City Campus and it officially opened the new Cyber Quarter – The Midlands Centre for Cyber Security in Herefordshire last year.  

The centre is a joint venture between the University of Wolverhampton and Herefordshire Council and is part-funded by the Government’s Local Growth Fund, via the Marches Local Enterprise Partnership (LEP) and the European Regional Development Fund (ERDF).  

The cyber team has engaged with over 100 businesses, assisted nearly 60 SMEs to improve their cyber defences, started 30 cyber related Research and Development projects and supported over 19 new to firm or new to market products. The academic team has also helped set up 5 new cyber related spin-out companies and are leading several regional and national Cyber networks.  

Professor Prashant Pillai, Centre Director Cyber Quarter – Midlands Centre for Cyber Security and Professor of Cyber Security at the University, said: “We were delighted to have been named finalist for the second year running in these prestigious awards and it was amazing to have clinched the top prize as ‘Cyber University of the Year’ at the recent awards ceremony. 

“The expertise and specialist focus of our new centre is part of a wider, growing ecosystem of cyber sector companies based within the Cyber Quarter on Skylon Park in Herefordshire. The area is already home to a highly regarded cyber economy, and the knowledge, expertise and opportunities that the centre brings along with the strong academic expertise at the University is helping to establish Herefordshire as one of the capitals of the cyber security sector. 

“It’s a magnificent new Centre that brings to Hereford a brand- new research and innovation, training and incubation hub that focuses on how we can develop the cyber skills of the future with the research and innovation that many of our companies need. This is a major innovation in the area and one that will firmly put Hereford and Wolverhampton on the map in terms of cyber security.” 

The winners were announced on Monday 26 September 2022 at the awards evening at Novotel West in London. You can see the full list of finalists on the website at www.thenational cyber 

Cyber Quarter – Midlands Centre for Cyber Security offers a package of tailored security testing, training, Research & Development and sector expertise to businesses and investors.  

Supported by the university’s cyber academic team of the Faculty of Science and Engineering, the centre offers product testing and certification, CPD and short courses and cyber conferences such as the recent Cyber Fringe Festival which attracted experts from across the globe.   

The 2,000 square metre building provides significant resources for research and development across three cyber laboratories, advanced training facilities and additional business space for up to 16 cyber companies.  

The centre, which secured £2.82m of funding via the Marches LEP’s Growth Deal with Government in 2017, is part of the new Cyber Quarter at Skylon Park, already home to numerous defence and security sector businesses.  

The new centre incorporates a full height glass atrium to provide a dual break-out space and function hall, alongside the main three storey building which houses business suites, innovation rooms, IT workshops and a ‘Cyber Range’ – a cutting edge facility that will defend against the global rise of hacking.  

Anyone interested in courses offered or businesses looking for incubation space can find out more about the Cyber Quarter – Midlands Centre for Cyber Security on the website. 

InfoSec 2022 – Representing the Midlands Cyber Ecosystem

On the 21st through to the 23rd June, the Cyber Quarter attended Infosecurity Europe 2022 at the Excel in London.

Infosecurity Europe is considered the biggest gathering of the information security community in Europe, which nurtures the growth of the cyber security community through innovation and knowledge sharing, testing and benchmarking solutions, building relationships and driving new businesses. During this 3-day event, Infosec Europe brought together under one roof expertise and knowledge from the world’s finest cybersecurity experts, with the aim of connecting practitioners with suppliers to find true solutions and bringing together industry peers to network, share and to grow stronger and more resilient together.

The Cyber Quarter joined forces with other businesses in the region to represent the Midlands Cyber Ecosystem. We showed not only what the Midlands has to offer in terms of cyber security, but also the strength of the cyber community and the bonds that local businesses share.

Our Knowledge Transfer Manager/Cyber Security Consultant, Oluwafemi Falobi, represented the Cyber Quarter at the event and successfully showcased the Cyber Quarter’s services and offerings, whilst making meaningful connections with other like-minded people.

We caught up with Femi to find out more about his time at Infosec 2022:

Oluwafemi Falobi, Knowledge Transfer Manager/Cyber Security Consultant

“Infosec brought together some of the finest minds within the cyber security community, alongside innovative solutions to new and existing cyber security issues.

Being a part of Infosec Europe 2022 was an amazing experience, which gave me the opportunity to meet knowledgeable and experienced local and international cyber professionals across various information security subdomains.

The atmosphere at Infosec provided opportunities to find new solutions that could be integrated into business processes to increase business resilience thereby ensuring business continuity as well as created great networking opportunities that fosters collaboration and birth of new solutions to problems that plague our cyber space.

I really enjoyed the experience as it has opened doors for partnerships, innovation, and collaboration, which in turn helps maintain a healthier and safer cyber space for all.

Being granted the opportunity to represent the Cyber Quarter and exhibit its service offerings alongside other amazing companies jointly forming the Midlands Cyber Cluster was a major highlight. Engaging students, practitioners, and businesses seeking to know more about the Cyber Quarter’s offerings and how they can benefit and/or collaborate started off a lot of interesting conversations, which are still ongoing, and promises to positively impact all parties involved as well as the cyber community at large. If you want to know more about the Cyber Quarter’s service offerings and how you and/or your business could benefit, feel free to contact me through my email below.”

Contact Femi via his email:

For general enquiries about the Cyber Quarter’s services and offerings, please fill in an enquiry form on our website.

To keep up to date with the latest happening at the Cyber Quarter, follow our LinkedIn page:

“It’s okay to not be okay” – Supporting each other as a community through stress

To wrap up the topics surrounding stress awareness month, we wanted to look into stress in a little more detail, – it’s causes to how we can help manage it better. For this, we asked Ellen Kay, our Human Factors Specialist, and Jake Moore, Global Cybersecurity Advisor for ESET for a few words. They both identified several causes for stress and the impact it has on the cyber community.

Ellen Kay – The main cause of absenteeism in companies is ‘stress’ and anxiety related problems which then cause other health problems. And the biggest triggers are emotional and psychological stress. These then ultimately lead to other conditions and health problems, which cause people to be even more sick.

As a result of that, people become less creative. They’re less innovative. They’re less productive. They produce less outcomes. They communicate less. And they’re less engaged in the workplace. All of this is demonstrated by what they do more so than what they say. They are quiet, more reserved, and can become agitated and angry.

These negative behavioural traits then have a direct effect on profits and growth. These people also tend to be sick more frequently, they tend to be more competitive in a way that does not add real value to the business, they tend to resist change more, they’re more hostile, they’re more resentful, they’re more anxious, and ultimately more depressed. These behaviours are easy to see once we become more aware of our own body language and that of our colleagues.

Stressed employees add to the toxic environment that they’re reacting to, which then causes the environment to become more stressed, which causes people to become more reactionary. And the cycle continues. It’s a big problem all over the world.

Continuing, Jake said:

Jake Moore – There are factors that can contribute to stress in cyber security that you might not see in other areas. And one of these is that there is a cyber skills shortage, and with this you get more responsibility per job. With more people that are trained, you can distribute jobs more evenly, though because of the gap people aren’t entering the industry as much as we would’ve hoped. There’s also a lot of immense pressure on the industry because it’s linked to a business going down completely because livelihoods are attached to attacks. With this pressure and increased stress comes burnout because of constant mounting pressure. An issue is blame culture, though I think that we should move away from that and instead learn from every mistake

Ellen and Jake both have amazing insights into the topic of stress in cyber and it was really thought provoking to have conversations with them both. Interestingly, when I asked them about how we can help combat stress, they both highlighted the importance of human conversation to discuss stress in order to raise awareness to stress and to show our colleagues that they’re not alone in how they feel:

Ellen – The overarching support we can offer colleagues is 1) self-awareness i.e. be more aware of our own stress levels and what triggers cause us to have stressful reactions and behaviours and 2) behavioural changes in colleagues / changes in their body language indicating they are stressed. When we become more aware of ourselves then we can become more aware of others and help them. But awareness is not easy when we live in a state of survival (stress) most of the time and that stops us being supportive of ourselves and others.”

Jake – “I always think that cyber training isn’t just down to training but is also down to conversations and to discuss it with your colleagues. Discuss the funny things, as it all raises awareness in a very fun way. With phishing being the number one attack on businesses, why not discuss it? It just makes people that little bit more conscious about what they’re clicking on.

Talking about the human element makes people listen, they can relate to it. Put yourself into another person’s shoes and think about how can I not become another victim? That’s really powerful. Once discussions happen, people can be relieved and that stress can be taken away. I love telling people about what a fun industry the cyber security industry is. I think we can prove how fun it can be, and I think one of the best parts is the fast-moving element of it. It changes every day and it comes with its challenges that can be difficult, but that challenge is a fun challenge instead of us seeing it as something that can burn us out completely. To make it easy and open to talk about, emails from someone respected in the company just saying “it’s okay to not be okay” is really powerful. It’s good to reiterate it with a business mind. It’s okay to feel stress, or imposter syndrome. Stress has an amazing reaction that can spiral out of control and the end result can be burnout. There’s that assumption that people at the top have got it all covered, that they’re not stressed, but it’s simply not true. So, it’s good to have these conversations, and to show that everyone can have imposter syndrome to a certain extent. And working from home has made it even more difficult.”

As summarised by both Ellen & Jake, it’s important to recognise that stress affects us all, and by initiating and taking part in more of these conversations, together as a community we can break down barriers and combat stress as a collective to really drive home the message “it’s okay to not be okay”.

As part of the Human Factors programme at the Cyber Quarter in Hereford, we show people the formula to teach people how to make significant changes in their brain and body to help combat stress. To learn more, please complete an enquiry or send a direct email to our Human Factors Specialist, Ellen Kay:

Stress Awareness Month – The impact of stress & tips for dealing with it

Cybersecurity stress has been described as an industrywide epidemic amongst many cyber and security professionals. Talking about stress can be a difficult conversation for many, however, it is important to address workplace stress before its consequences affect both people and the business.

Stress can be one of the biggest underrated insider threats to a business. According to CIISec’s 2020/2021 State of Profession report, 557 security professionals have said that stress has become a major issue due the COVID-19 pandemic, with 80% also saying they have seen first-hand the effects of stress on their staff. These figures are a significant concern as it’s been shown that people are more vulnerable to the attempts of cyber criminals whilst feeling stressed. A Cyberchology (2020) report found that when stress levels are heightened, staff members are more likely to panic and potentially click on a malicious link or fail to report any security breaches to their IT team.

Workplace stress is becoming such an issue that, according to VMware’s 2021 Global Incident Response Threat Report, 65% of cyber professionals have said that they have considered leaving their job because of stress and CIISec’s 2020/2021 report states that 51% of cybersecurity professionals are kept up at night due to the stress of their job.

The facts and figures are clear that stress is a serious topic in the cyber community that needs to be more thoroughly addressed. Therefore, we asked our Human Factors Specialist, Ellen Kay, for her top tips for dealing with workplace stress and how we can spot signs of stress in others:

“I want to talk to you about one of the most common things in the workplace that break down teams and organisations around the world.

I’ve worked with MANY different companies, corporations, upper management and human resources, and they’re always talking about the impact of stress in their businesses. Stress is when your brain and body are knocked out of homeostasis. The stress response is what your body innately does to return itself back to order.

All organisms in nature, every creature, can tolerate short-term stress. But when the stressors add up and people keep reacting to threats and conditions in their external environment over and over again, they’ll keep their brain and body out of balance. And as a result, a system is going to break down. That means, individuals are going to break down. Teams are going to break down. Because no organism can live in emergency mode for an extended period of time.

Living in emergency means living in stress. And living in stress is living in survival. And what are the effects of that?

It turns out that the main cause of absenteeism in companies and organisations, has to do with stress and anxiety related problems that add to health problems. Over 75%of people who walk into a healthcare facility in the western world, walks in because of emotional and psychological stress. This emotional and psychological stress ultimately leads to other conditions and health problems, which cause people to be more sick. As a result, people become less creative, less innovative. They’re less productive and produce fewer outcomes. They communicate less and they’re less engaged in the workplace.

This has a direct effect on profits and growth in a business. They also tend to be more sick, and tend to be more competitive in a way that does not add real value to the business, they are more resistant to change, they’re more hostile, more resentful, more anxious and more depressed. They add to the toxic environment that they’re reacting to, which then causes the environment to become more stressed, which causes people to become more reactionary. And the cycle continues. It’s a huge problem all over the world.

It turns out that there’s a way to teach people how to make significant changes in their brain and body, and it’s actually a formula. The Human Factors offering at Cyber Quarter teaches this formula, and I want to share some of that information with you. Are you looking after your organisation, are you looking after your people, are you looking after you?”

To learn more about the impacts of stress and your business, sign up for our three upcoming Human Factors Briefings. Follow the links below to register your interest:

25th April –
26th April –
27th April –

Innovation Alliance for the West Midlands – Cyber Working Group

On the 3rd  March, the Innovation Alliance for the West Midlands hosted the first official meeting for the Cyber Working Group – chaired by the Director of the Cyber Quarter, Professor Prashant Pillai, and co-chaired by the Project Manager of the Cyber Quarter, Hugo Russell.

The hour and a half meeting saw over 40 attendees interested in building the Cyber Ecosystem share ideas and collaborate on the future of the working group and its goals, including talks from DCMS (Daljinder Mattu) & Midlands Cyber and agenda items such as a ‘review of the National Cyber Strategy Pillar 1 objectives’ and ‘resource mapping’ to review the regions strengths and capabilities.

The Cyber Working Group is focused on collaborating and finding new approaches to accelerate the adoption and commercialization of cyber security procedures, policies, platforms, and solutions. The organisation is sharing insights and best practises on relevant and developing cyber technologies that are utilised to give value to consumers through this collaborative development and promotion. The group’s strength stems in part from its knowledge of a variety of industries, including automotive, aerospace, defence, finance, and rail, as well as its wide customer and supply chains.

The group will also collaborate to shape the strategies, regulations, and operational elements required to maximise the region’s strong technology and business services networks, with the goal of developing the West Midlands Cyber Ecosystem.

Cyber security is vital to the West Midlands’ operational well-being, with the region having a strong history of technological innovation and adoption. Here, the Cyber Working Group come together for the chance to make the West Midlands more resilient, while strengthening its cyber innovation capability by bringing together cyber related organisations and influencers, including; SMEs, academics, the public sector, and support organisations.

The group is open to anyone that is interested in cyber and the cyber community, so for your chance to be a part of the West Midlands Cyber Ecosystem, save the dates in your diary of the upcoming Cyber Working Group meetings and follow the Innovation Alliance for registration details:

Upcoming dates:

  • 12th May, 10-11:30am
  • 7th July, 10-11:30am
  • 8th September, 10-11:30am
  • 10th November, 10-11:30am             

Source: Innovation Alliance

“Addressing the Mythical Cybersecurity Skills Gap and Improving Diversity” by Mollie Chard

For those who don’t know me, firstly hello! I’m one of the Board Members at Women In Cybersecurity UK (WiCyS UK). WiCyS UK seeks to encourage, attract and promote women in the cybersecurity industry.

Back in December 2021 I presented my talk, titled: “Addressing the Mythical Cybersecurity Skills Gap and Improving Diversity” at the Cyber Fringe Festival. During the talk I discussed the cybersecurity skills gap and offered advice to organisations looking to improve their inclusion and diversity.

First things first, what is this “skills gap” all about? Well, according to multiple studies, there is a continuing shortage of skilled cybersecurity professionals worldwide. One study by ISC2 estimates that there are around 3.12 million cybersecurity jobs that need to be filled. This number appears to be steadily decreasing.

Yes, there are clearly a lot of roles that need to be filled – I’m not disputing this fact. However, I believe that the focus of the “cybersecurity skills gap” is wrong; the world does not lack skilled people. Speaking from my experience interacting with people every day, there are an abundance of talented, skilled people out there who cannot join the industry due to outdated and inflexible hiring practices and entry routes.

So, what are the top reasons for this supposed “gap” in skills?

Hiring practices need re-thinking and updating

Entry routes into the industry are inflexible

Inclusion and diversity are often not a priority

The industry faces an image problem

So, how can we tackle all of this?

  1. Tackle the industry’s image problems – contrary to popular belief, cybersecurity is not just all hacking and coding (although there are many roles out there that fall into these categories). Raise awareness about the breadth of opportunity available – start in schools/education and reinforce the message throughout your organisation and networks.
  2. Re-think your hiring practices and broaden your entry routes – e.g., consider taking on juniors, apprentices, grads, allow employees to cross-skill or perhaps help people return to work after a career break. Be realistic about what you are looking for in a cybersecurity professional and be clear about what skills are needed for them to be able to do a particular role.
  3. Replace and update traditional models for what cybersecurity practitioners look like, and what their CV/resume looks like – soft skills such as empathy and communication skills are absolutely essential for cybersecurity professionals (if you can’t communicate complex info to a variety of audiences, it will fall on deaf ears and your cybersecurity strategy will fail). You can also re-write your job descriptions to encourage a broader range of applicants and widen the talent pipeline – my tips: remove essential criteria as it can cause some to self-select out of applying, consider your use of inclusive language and avoid stipulating unrealistic entry criteria such as CISSP/CISM/particular degrees (as not all skilled cybersecurity professionals have or require these). I’ve seen many junior cybersecurity job descriptions asking for 3-5 years’ experience, which is quite frankly absurd. These people are junior, which means they likely have NO EXPERIENCE – don’t set ridiculous and unrealistic expectations on people, barring their entry to the industry. Consider growing your own talent – remember it’s a long-term return on investment.
  4. Prioritise diversity and inclusion – many organisations adopt a “tick box” approach – e.g., each year hiring a % of people from minority groups. This is NOT true diversity. Instead, embed inclusion in your culture (which takes time) by encouraging an open, psychologically safe communicative environment (e.g., consider making inclusion a standing agenda item in team meetings and at corporate events to encourage open discussion, and encourage your staff to “bring their whole selves to work”. Don’t just talk the talk, ensure you walk the walk as well).

If the above points get addressed, then I expect we would see that this “skills gap” magically disappears. We can all work together to address it.