PROFESSIONAL ISSUES

PAGE \* MERGEFORMAT 1
 CONTENTS
1. INTRODUCTION 3
2. EXPECTATIONS OF GRADUATES 3
3. PROFESSIONAL ISSUES 3-4
3.1. EXAMPLE SCENARIO 4-5
4. SOLUTIONS 5
5. CONCLUSION
5
6. REFERENCES 6

PAGE \* MERGEFORMAT 1
 1. INTRODUCTION
Cybersecurity is an ever-evolving industry that requires professionals to constantly be
updating their skills and understanding potential threats that can occur on a users network. In a blog
written by Hospelhorn in 2019, she argues that there are an ever increasing amount of new and
increasingly more complex cyber-attacks, but not enough security professionals to fill this demand.

Results of a survey completed by Protectwise showed that only 9% of the younger generation
would be interested in a career in cybersecurity - with 35% of them not knowing enough about the
career path or feeling like the educations requirement is too steep - this can also affect graduates, as
discussed by Babulak, because many jobs will require additional certifications on top of a degree.

2. EXPECTATIONS OF GRADUATES
When applying for a position as a graduate cybersecurity professional, the most common
expectations set out by employees is to get involved with a team and, most importantly, the
willingness to learn. Security jobs can have a long recruitment process due to background checks and
getting graduates the necessary clearance for the role (GCHQ, N.D.). Due to the nature of the role,
working under pressure in time-critical situations and strong communication skills are essential in
succeeding as a graduate.

Searching through job advertisements online shows that many places expect users to
understand OSINT and Enumeration, with previous experience in fields such as Networking or Server
administration. On top of this, graduates may be expected to have experience engaging with
customers at all levels - whilst this will depend on the position, interpersonal skills will be required as
cybersecurity roles are always within a team.

A graduate position is one of learning and development, employers will expect that graduates
will be vocal about any additional training required and be able to see the graduate growing in to the
role over time.

3. PROFESSIONAL ISSUES

One of the main difficulties graduates will face is finding a role - whether graduate or not, in
the cybersecurity sector. Cybersecurity is a very broad topic and an employee may require potential
employees to have various certifications and pre-existing knowledge which is verified through a
technical interview. Though, these interviews can also be used to gauge how much someone knows to
better support them learning rather than whether they are suitable for a position or not.

Graduates going in to the workforce will be faced with various issues, one of which is
customer communication. Communication and interpersonal skills are key components in successful
social engineering (which may be a role required of a graduate) and to build and maintain good
relationships with customers. Coming straight out of university in to a role that requires these skills
can be a challenge.

PAGE \* MERGEFORMAT 1
 On top of these, there will be a huge technical learning curve dependent on the roles and
requirements. For example, a graduate starting a job as a member of a Blue Team (a professional that
fixes exploits in a network) may have no experience working to patch vulnerabilities. This requires
them to fully understand how a vulnerability has been exploited and figuring out a way to patch it.

3.1 EXAMPLE SCENARIO

Figure 1: Cybersecurity Graduate Advertisement [online]

Figure 1 shows a job advertisement found on Indeed.co.uk for a Cybersecurity Graduate.

Under essential skills it’s clear that graduates will be required to have good communication skills with
both customers and colleagues, ability to write technical reports, to work well under pressure and to
tight deadlines, network administration and knowledge of development (python) and Unix/ Windows
OS.

Network administration and knowledge of Unix/ Windows can be covered within a 3 year
degree, however, they will need to learn how to communicate with customers clearly. Sometimes, this
means users will have to explain complex faults in ‘layman’s’ terms for users to understand. On top of
this, they will need to be able to integrate and begin working effectively as part of a team.

PAGE \* MERGEFORMAT 1
 The job description labels potential additional certifications a graduate can earn whilst
working there including CREST, CPIA and CRIA. Other vacancies may require these certification as
a pre-requisite of applying rather than something offered as a bonus of the role.

4. SOLUTIONS
In order to resolve some of the difficulties that graduates may face when transitioning in to
the workplace, there are various potential solutions a company can implement, three examples are
listed below:

Lack of Certifications: In the case that a company wants graduates to have additional certification,
where available, the company can offer those certifications. This guarantees that the graduates are
qualified and meet the specification set out by the employer.

Interpersonal Skills: With no easy solution to developing interpersonal skills within a team and with
customers, continuing to support graduates as they learn these skills and training via mock calls will
assist in their ability to learn and explain complex faults simply.

Previous Experience: A common issue faced in all job roles is previous experience working with
technologies or software, such as network infrastructure. Where no pre-existing experience exists,
graduates can learn before applying for roles, or endeavour to research requirements and request the
relevant material before graduation. Organizations should attempt to train graduates to understand
why Cybersecurity is important and not just the necessary skills (BSC, N.D.).

5. CONCLUSION
There is no specific answer for how graduates can adept and enter a workplace with
knowledge of everything to be expected, as with any other job role. Entering in to cybersecurity
presents many challenges as they will need to be aware of all aspects of a customer infrastructure,
including the human factor. However, with the right resources and support available it’s possible for
graduates to learn and adapt to a role in this industry.

Word Count without References: 992

PAGE \* MERGEFORMAT 1
 6. REFERENCES
Outsource UK., (2020). Cyber Security Graduate [online]. Indeed. [Viewed 30 March 2020]. Available
from: https://www.indeed.co.uk/Graduate-Cyber-Security-jobs-in-England?vjk=142ff4f26be6b86d

Varonis., (2020). “Solving the Cybersecurity Skills Shortage Within Your Organization [online].
Varonis. [Viewed 30 March 2020]. Available from: https://www.varonis.com/blog/cybersecurity-
skills-shortage/

ProtectWise., (2019). Survey Suggests Younger Generations Including Females May Fill The
Cybersecurity Talent Gap [online]. ProtectWise. [Viewed 29 March 2020]. Available from:
https://www.protectwise.com/post/survey-suggests-younger-generations-including-females-may-
fill-the-cybersecurity-talent-gap/

Babulak, E., (2017). Chapter 1: Introduction to Cybersecurity in Education. Cybersecurity 2017. Pg. 9.

BCS., (N.D.). Cybersecurity in CS Degrees [online]. BCS. [Viewed 30 March 2020]. Available from:
https://researchportal.port.ac.uk/portal/files/4914545/ITNOW_NS_250416.pdf

GCHQ., (N.D.). Cyber Security Analyst (Graduate) [online]. GCHQ. [Viewed 31 March 2020]. Available
from: https://www.gchq-careers.co.uk/transcripts/podcasts/computer-network-operations/cyber-
security-analyst-(graduate).html

PAGE \* MERGEFORMAT 1