"Richard, we have a dilemma" this is a conversation I have frequently with customers... we all know what I’m talking about; Cyber Security skills shortages.

I wrote a post last year about this exact subject and how the Big Four were now open to Consultants without a University degree and were considering people's experience, not solely academic merit, when hiring. I am a big advocate of this.

Having said that, I am taking nothing away from the credibility of University Degrees. I believe obtaining a degree plays a valuable part in making an informed decision about your career path, whilst learning and understanding the mechanics behind your chosen subject. I frequently talk to Senior Managers, CISOs and security professions who are doing a part time Masters or Ph.D purely for their love of Security and for the thirst for knowledge, (hats off to them, I'm not sure I could hack it on top of a day job)!

The challenge Information Security will face in the future, is being able to train students on real time risks, hacking methods and knowing what happens in a business daily, defending their most valuable assets. 

Internships during degree study is a great way to gain hands on experience and to gain valuable experience which could put you in a good position for a career in Information Security, and possibly, even within the business you are currently interning at.

Another area which I believe could vastly increase the support needed to tackle the skills shortage is a more even balance of males to females. 

The starting point for this is making security roles look as appealing and attractive to females as well as males. Starting with the terminology used in entry level through to senior level job adverts. Even the images used (there are proven stats around this) can make a difference to appealing to a more diverse workforce. These intricacies in promoting careers in Security could make the difference to females choosing Information Security as a profession.

I’m not saying wording in an advert and more inclusive imagery is going to solve the Cyber skills shortage overnight (predicted to be a shortage of 1.8m by 2022) but every little helps!

As a specialist recruiter, I am seeing an increased interest from IT professionals with 5 – 10 years’ experience in IT Architecture or Analytics, but not in Security; these professionals could potentially be up-skilled in Security due to the large amount of skill cross over. 

Some of my customers are opening up roles internally to people like this to see if they would like to start a career in Security. 

This kind of behavior could definitely be a quick win and one which should be explored by more companies.

What do you think is the answer to skill shortages in Information Security?