Open University’s Chitra Balakrishna explains the wide array of courses they offer for cyber security and her role in the UK Cybersecurity Council.
Q. Why is there a skill shortage in Cyber Security and why have women not traditionally considered careers in the sector?
Numerous statistics point to a severe shortage of cybersecurity professionals and this skills gap is a global problem. There are over four million cyber security jobs unfilled each year around the world and a recent survey by the Department of Science Innovation and Technology indicates there is a proportional shortage of cyber security skills within UK.
This skills gap is largely being driven by the huge increase in cyber security threats over the last five years due to so many new devices connecting to the internet, without any real thought being given to the security consequences of those technologies, applications and devices. This exponential increase in threats requires more skilled professionals to fix the problems and address future risks.
Cyber security is predominantly a male workforce, so it is very important to remove entry barriers for women who want to work in the industry. One way to do this is by demonstrating that cyber security is a discipline that requires a wide range of technical and non-technical skills. Cyber security as a sector needs more women for its own good. Protection and safeguarding are traits that are intuitive to many women and will be a natural fit in cyber security roles, helping them thrive in the sector.
The skills gap is further compounded by the fact that cyber security has an image of being 'geeky', ‘highly technical', ‘complex’ and even ‘dark and mysterious’ leading to a relatively small uptake of cyber security-related degrees and careers.
The shortage of professionals coming into the sector also indicates that we are not recruiting from a broad enough pool, often overlooking the skills of women, ethnic minorities, and neuro-diverse individuals. The digital world is all pervasive and consequent cyber security challenges will be varied and diverse, requiring a diverse workforce to effectively address the issues.
Q. As head of the Open University cyber qualifications, you are also involved in the UK Cybersecurity Council. Can you tell us more about why it was created, what its purpose is and what it's hoping to achieve?
Cyber security as a profession only emerged in recent years and is still not a recognised discipline like engineering, for example.
The UK Cyber Security Council promotes and stewards nationally recognised standards for cyber security in support of the UK Government’s National Cyber Security Strategy.
Right now, there is a need for a professional body that brings together a variety of players including training bodies, accreditation bodies, certification providers, industry players and academic institutions that offer cyber security as a degree qualification. All these players require streamlined guidance to take the profession forward to make cyber security a more established profession with well-defined pathways.
As a member of the Board of Trustees, I work quite closely with multiple working groups within the council and one of my first tasks was to define 16 specialisms as part of streamlining cyber security career pathways and offering routes into and through the profession. It's a flexible definition that individual practitioners, current or future, can use to plan out a possible career, in effect a sort of map for people to navigate the profession. These specialisms include areas such as cyber security generalist, cryptography, communication security, cyber security governance and risk management.
Q. How does your research around Serious Games concepts and behavioural analytics help with training and education?
My research has shown how Game-play coupled with behavioural analytics can help personalise cyber security training so that it can adapt to the end-user’s current security behaviour and their individual perception of risk.
One of my goals is to demystify cyber security for students, large businesses and the wider population. I'm passionate about changing the way we teach cyber security and firmly believe cyber security is now everybody's concern as we are all going to be affected, influenced and impacted by the cyber security risks of this digital world we live in.
95% of cyber security breaches are caused by human errors and the average cost of these cyber security breaches is more than $3 million, but are humans really the problem? Most businesses have invested in cyber security awareness programs to train their workforce, but these training programs are often dry and non-engaging for the end users. Businesses use it as a tick-box compliance-based exercise without there being any demonstrable reduction in risks caused due to human factors.
These training programs offer no insight into the security behaviour of the workforce or why humans behave the way they do in a given cyber security context. Different people perceive risk and security differently. Perhaps humans are not the problem but our inability to understand and empower them is!
Serious Games concepts and behavioural analytics can help us to assess and influence security behaviour among the adult population. People behave in a certain way in a given cyber security context and once we understand the current behaviour and the reason for their behaviour, we can then create personalised training and education for them.
Q. What Cyber Security courses and qualifications does The Open University currently offer?
The Open University Department of Computing and Communications has a very strong cybersecurity academic group with over 16 senior academic members with vast experience and wide areas of expertise. We offer a variety of cyber security courses, from formal undergraduate and postgraduate qualifications to informal micro-credential courses and badged courses on our free learning platform, OpenLearn.
With over 3500 students studying our undergrad qualifications and over 100 students in our postgraduate courses, The Open University is the country's single largest cybersecurity qualification provider. Our courses cover the three sought-after streams of computing namely networking, cybersecurity and digital forensics. The program is well-balanced between Theory and Practice with a strong technical focus and centers around the relationship between technology, people, processes and the physical environment and related cybersecurity issues. On completion, students will be able to pursue a wide array of career pathways within public and private sectors, charity sectors, and technology and non-technology domains.
In addition to formal qualifications, we offer free badged courses on the OpenLearn platform. The Gamified Intelligent Cyber Aptitude and Skills Training course is one of the most popular with over 100K+ learners. We also offer micro credential cyber security courses on the Future Learn platform to help prepare students for the Cisco Certified Network Associate (CCNA) Cyber Ops certification.
The Open University has a legacy of making learning accessible to students whose life circumstances may mean traditional study routes just aren’t possible for them. While many of our students choose to study full-time and work, we have a lot of part-time students who pace their studies around their own life commitments. The Open University prides itself on being open to everyone and offering flexible study that fits around your life.