Skip to main content

Watch on YouTube

Listen to the Podcast


Check out the show description

📝Show notes:

There is a lot of talk about the 'cybersecurity skills gap' - but what does this mean? What can organisations and individuals do to address it?

In this episode, Michala Liavaag gives her view on these questions and provides useful resources for leaders and individuals to help tackling this thorny issue.

👉 Cited in this episode:


National Cyber Security Centre Cyberfirst scheme Trailblazers

Chartered Institute of Information Security's roles framework

Charity Security Forum

Charity IT Leaders


Data Security Centre NHS


Found this useful? Please rate and review, as it helps reaching more people

👍You can also subscribe and share on social media

💬 Contribute to future episodes with your cyber security concerns and questions


🤝Connect with Michala and Cybility Savvy:




✍🏾Written and produced by Michala Liavaag

🎦Co-produced and edited by Ana Garner video

🎵Music by CFO Garner


Read the episode transcript

Welcome to Cybility Savvy, the show that demystifies cyber security for not-for-profit boards and leaders.

Hello, I'm your host Michala Liavaag founder of Cybility Consulting, and in this episode we're going to have a little talk about the cyber security skills gap which some of you may be aware of. So, through the pandemic more than ever we've seen a huge increase in digital transformation connecting systems together and because of the rush to do this we've talked previously about how your cyber security has been left behind kind of you know we'll get to that later.

But in this episode I'd like to talk a bit about the cyber security skills gap and how we have a perceived shortage in a way around the number of jobs that are available and not enough people to fill them. Yet at the same time, we've got a lot of people who are sort of coming up and starting to study through schemes like the government's National Cyber Security Centre's Cyber First Scheme which is excellent with several programs. So, they're coming up through the challenges that organizations need people with the knowledge skills and experience to actually deal with things now. So, it's not so much a skills gap as an experience gap.

Now you might be one of these organizations who don't have anyone skilled on staff. You may have assumed like many people that cyber security would just be dealt with you know by the IT team not recognizing that there's actually some opposing priorities and conflicts of interest here which I'll talk much more about in a future episode, but for today in terms of this experience gap what is happening to address it? Have you got who you need in your organization?

Now for the larger organizations amongst you I would really encourage you to sign up to the National Cyber Security Centre's Cyber First Scheme as a supporter. Create opportunities so that these students are coming through can actually get some practical work experience because that's actually what's going to help them move forward and fill this experience gap that we have now. For those of you who have young kids or grandkids there's actually lots happening for people at a young age starting with the Trailblazers and again I would encourage you to get your kids having a look at these schemes, playing some of the games and seeing if they're interested in this line of work. There are careers for everybody in cyber security; it's not a narrow IT field.


Here in the UK the Chartered Institute of Information Security has a roles framework and you can read about some of them there. In the US they've actually done some really wonderful work in defining the cyber security roles, easily over 50, and the different areas and the skills knowledge that you need to actually fulfil those, with clear pathways for progression throughout them. So, no matter where you are in that journey or people you know in those journeys you can support them by sharing these resources.

So if you are one of these organizations that doesn't have anybody looking at cyber security and is tagged on somebody else's role and you want to you know go and address the risk by hiring somebody in, one of the things we do see a lot is that organizations aren't actually sure what they need and so job descriptions tend to be a bit of a ridiculous wish list; you're looking for that amazing unicorn that doesn't exist. So even if you aren't sure what should go into that job description, take advantage of your colleagues in other networks whether it's the Charity Security Forum, whether it's Charity IT Leaders or perhaps it's A Kivo and other organizations as well for trustees, there are people out there who've been through it and can help you. So, I'd strongly recommend that you do that, so you actually have a chance at hiring the right person for what you need in the organization.

Now it wouldn't be right to have an episode talking about cyber security skills without them thinking about your cyber security skills. If you are leaders in the NHS for example, then there are some opportunities for you through the Data Security Centre that can give you some dedicated training for you and your boards. If you work in other organizations again check your networks, quite often they will run specific cyber security courses for leaders. And naturally here at Cybility we're always happy to talk to people about what their needs might be.