Do we really care about Young Security Professionals?
Chair: Martin Gill
Richard Brooks – Director of Young Professionals, ASIS International – UK
Ben Brown – Sr. Special Security Operations Manager, Microsoft
Sarah Norman-Clarke – Head of Information and Cyber Security, Department for Transport
Richard Brooks notes that the security sector’s response to YPs is a ‘mixed bag’. On the one hand there has never been so many opportunities in security. On the other progress is thwarted by the lack of a clear definition of what is a YP mirroring the rather elastic definition of what is and can be interpreted as security. The most commonly used reference point for a YP is to say anyone under 40 years old, but it could be someone younger, anyone new to the industry, anyone in a first career. He argues that there is a huge debate about the career paths available; and key to this debate is the lack of a defined routes to careers. Moreover, only some organisations invest in YPs; the quality of mentoring can be sketchy; and it is difficult to influence the C suite which is key to generating real change albeit Richard feels attitudes are changing. People need to engage with mentoring more, this includes YPs, they too must ‘step forward’.
Ben Brown notes that opportunities for YPS are increasing, albeit that more for some than for others; only some organisations have invested in enhanced mentorship and training. Care is needed in thinking more strategically about the criteria issued for recruits and internally for promotions to avoid exclusionary requirements that are not justified by the needs of the role at hand. Another challenge is finding good mentors, and then engaging them. This is a task to which there is a skill set and one not always appreciated. The very way security has evolved means that many enter the sector at a high level so don’t always have experience of the needs of YPs, this is changing as current YPs develop into more senior roles but it is a long term process. Ben also notes that the security sector is male dominated and its characteristics put it out of kilter with many clients; that should be a reason to focus on recruiting and supporting people. We need to encourage careers, but qualifications don’t always help, the CPP for example can be helpful but is rarely a requirement. In short it is not easy to guide people on how best to pursue a career.
Sarah Norman-Clarke notes that many qualifications that exist are expensive to obtain, not least at the entry level and that is a barrier. Sarah also raises a question mark as to whether the security sector generally – including cyber – has thought through sufficiently the skills needed for different tasks, and the best ways of meeting requirements (not least as not everyone who could be interested in a role/career has relevant qualifications). Much more emphasis could helpfully be placed on transferable skills. The gender representation does not help as you will hear Sarah describe the experience of being in a minority at work. More thought is needed on how we keep people, there is certainly more employers in security can do to show they care about YPs. Sometimes their use can be perceived to be that they are cheaper. It is striking to be reminded by Sarah that change can take a long time – in government circles for example – albeit that some good practices are evolving for example pairing a senior colleague with a junior one to oversee progress. Certainly, there is much to interest potential recruits in a security career, it can be an exciting place to be, we just need to tell more people (including those at school) and then support them.
YPs present the future of the sector but it is clear they are not always embraced and there is more we can do. Recognising the barriers and opportunities are key and as this panel highlights the former are not insurmountable and the latter considerable. Over to security leaders on the one hand and YPs on the other to respond.
28th January 2022
Note, we will build on some of these themes at our forthcoming webinar on ‘Mentoring, does it work? Is the security sector good at it?‘ 17th February, 3.30pm GMT.
Register here: https://us02web.zoom.us/webinar/register/6716426837795/WN_EBBaROGMQJaV6saeb8NQkA