Infosec isn’t all people “watching green letters drop down a black screen”

The cybersecurity skills gap can only be bridged if infosec companies do more to promote a career in IT security beyond the ‘hacker in a hoodie’ stereotype.

Dr Daniel Dresner, academic lead for cybersecurity at The University of Manchester, told delegates at the IPExpo conference in Manchester today that companies need to “big up” roles in infosec management and other careers.

“There’s actually loads of different roles in cyber,” Dr. Dresner explained. “They’re not all sitting there while wearing a hoodie, watching the green letters drop down a black screen.

“There’s [jobs in] governance, management, [and] risk assessment.”

Jennie Williams, a cyber protect officer at North West Regional Organised Crime Unit, said that police can help in diverting youngsters whose curiosity with technology has caused them to dabble on the fringes of cybercrime.

Williams explained: “Our cyber prevent team work with young people to make sure they don’t go down the wrong routes towards cybercrime, so that they can become our cyber security experts of the future. This is happening nationally.”

“There’s a lot of positive divergence going on,” she added.

Panelists during a session entitled ‘The Future of Cyber Security’ agreed that getting young women and older people to consider a career change was vital if there was to be any hope of satisfying future demand for cybersecurity workers. Education – at all levels – has an important role to play.

Dr Dresner said: “One of the things we’ve done at the University of Manchester is in breaking the mould. We have a 30% female contingent on our cyber program. It’s still not good enough but it’s still about three times [better] than the national average.

The program’s inclusion of wider issues in infosec explains its broader appeal, according to Dr Dresner.

The panel session also tackled audience questions about user education, cybersecurity policy development, and the impact of artificial intelligence during a wide-ranging 30 minute session.

Anant Shrivastava of ISP Claranet argued that the growing importance of technology in delivering services to both businesses and consumers meant that “security can no longer be treated as an afterthought”.

“I’d like to see more collaboration between defenders,” he added.

Jennie Williams argued that enterprise cybersecurity education programs needed to avoid alienating workers in order to be successful.

It’s important to avoid a “blame culture” and to focus instead on making “little changes" or incremental improvements in corporate cybersecurity policies.

“There’s a balance between user education and giving out warnings,” Williams explained.

RELATED How should you structure your cybersecurity team?