27 October 2017
Blogs by author: Rob Partridge, Head of Commercial Development, Penetration testing
Marking week four of National Cyber Security Awareness Month — which looks at the need for more skilled workers in the security industry — Rob Partridge gives his thoughts on training the next generation of cyber security experts and the importance of hiring people who are neurologically diverse.
“I just fell into it”
Most people fall into a cyber-security career. I certainly did. I started out as a telephone engineer 28 years ago, dabbled in sales, then became involved with the Olympic Games Project. It was taking part in social engineering tests there, that I became fascinated with elements of cyber security. When the games came to a close, a move into full-time cyber security was a natural progression.
Here’s the thing though. As the industry stands, this kind of career progression — currently the norm — isn’t creating the level of skilled workers that’s desperately needed. According to an IDC Custom Survey from July 2017, a massive 97 per cent of organisations have concerns about security skills, and two-thirds have trouble retaining the security staff they do have.
Securing the skills we need
To overcome this shortage, what security needs, is a steady influx of skilled, educated and specifically-trained people. Otherwise, there’s no hope in fighting the ongoing battle against cyber crime.
Thankfully, there are organisations making an effort to overcome this problem. And we at BT are leading the way.
BT is the biggest employer of security apprentices in the UK private sector, taking on up to 75 people a year — when the average in tech companies is around 12. These apprenticeships last up to three years and result in candidates receiving either a foundation or a full degree. Whatever qualification they receive though, what’s certain is that they’ll complete their apprenticeship with the skills they need to be a competent security employee.
Neurodiversity in cyber security
But there’s another angle to these schemes that I’d like to share, one that I have a personal stake in — neurodiversity. Having an autistic son, I’m well aware of how neurodiverse people — those with autism, Asperger’s, ADHD etc. — have a different set of skills to neurologically typical people. For example, people with Asperger's or autism tend to treat problem-solving in a completely different way. They often think much more literally, and the way they approach a problem is unique. One common advantage in this is in the area of numbers — and that’s where we get back to cyber security. The maths side of cyber security can be complex. But, in my experience, neurodiverse people can grasp processes very quickly. That’s why I think it’s extremely important that these people get every possible opportunity to work in the field.
Unfortunately, the traditional interview process often acts as an insurmountable barrier to achieving this.
Often neurodiverse candidates are rejected because of a lack of communication skills. So I made the decision to ensure that anyone who interviews candidates for our apprenticeship scheme has a firm understanding of autism and Asperger's. It's up to the candidate themselves whether they actually disclose that they have either of these conditions.
Here’s an example of my approach; I recently interviewed a young autistic man for a place in our apprenticeship programme. He was struggling with the interview and had to be calmed down at one point. He was finding answering the questions difficult, up until I asked him about his interest in cyber security. He then gave a really passionate speech about how he’d left school and couldn't find a job. Eventually, he ended up working nights and, during the quiet times, set himself hacking challenges. Completely of his own initiative, he’d gained a very good understanding of cyber security. Needless to say, we appointed him as an apprentice. He later told me that BT were the only people ever to really believe in him.
The future of security
By focusing on apprenticeships, and making sure that any schemes are open to neurodiverse candidates, I can see a bright future for cyber security. It’s a great way to create a steady stream of skilled, eager and expert cyber security practitioners. And, what’s more, it gives you an opportunity to invest in people who are easily left behind when it comes to work, in a way that’s good for both them and your business.