February 22, 2019
Governments are worried about public and private organizations’ ability to find and recruit cyber security professionals. For example, the UK government recognized in its cyber security strategy that “this skills gap represents a national vulnerability that must be resolved.” However, we do not know much about how to deal with skills shortages. In the words of the CEDEFOP, “most skills mismatch research focus on methodological issues, the incidence of mismatch and its impact, and not on actual policies and practices addressing it.”
So, if governments think they are facing a cyber security skills shortage, what polices have they put in place to mitigate it and to what extent have these been effective? I argue that policy measures implemented so far by some governments indicate that the nature and characteristics of the shortage are still not well understood. Also, it is impossible to assess the effectiveness of these policies, to the point that one is left wondering how many people targeted by government policies have later joined the cyber security sector.
Read more in my report "Mind the Gap: the Cyber Security Skills Shortage and Public Policy Interventions (https://bit.ly/2tpedvs) supported by GCSEC.