Can an age-centric approach to cyber security plug the skills gap?
Cyber Security firm Appgate was in the process of deploying its technology at a financial institution when it realised its customer faced a major internal challenge.
While the firm wanted to integrate its legacy mainframe data into its broader cloud strategy, it turned out that a good proportion of its workforce with the knowledge of mainframe computing – staff in their mid-50s to 60s – had left the company during the pandemic.
And Appgate’s customer is by no means unique. Investment management company Hargreaves Lansdown recently reported that, post pandemic, one in ten workers belonging to the younger end of the so-called ‘Baby Boomer’ generation is planning to retire early, compared to one in twenty-five before Covid took hold.
Yet given the migration to remote learning and proliferation of cloud-based working, these skills have never been more in demand.
An Ipsos Mori survey for the Department of Media Culture and Sport involving 700 public and private sector UK-based businesses last year found that approximately half lacked the staff with the technical, incident response and governance skills needed to manage their cyber security.
It is a situation that inspired Zero Trust architecture provider Appgate to commission research in the last quarter of 2021, to find out what can be done to retain older staff and how firms can harness intergenerational differences in approaches to cyber security and IT to address the ever-widening skills gap.
Enter Henry Rose Lee, an expert on intergenerational diversity who specialises in advising firms on how to maximise engagement, productivity and collaboration of different generations within the workplace.
Lee was commissioned by Appgate to undertake a study based around desk research and backed up by two handpicked, externally sourced focus groups that comprised of cyber security staff and IT employees with security skills working across different sectors.
The first group consisted of 20 Baby Boomers while the second was made up of ‘Generation X’ workers in their mid-forties and early fifties.
The study confirmed what Appgate had discovered while working with their financial customer: there’s a growing skills gap created mainly by older workers leaving during lockdown.
According to Rose Lee, ‘The Great Resignation’ among older age categories has occurred in part because “they were given a unique opportunity to step off the treadmill” during Covid.
“Firms shouldn’t be afraid to invite former staff back as consultants, as mentors, or to use them to solve specific problems.”
However, she adds that ageism is also at play. Rose Lee cites a 2019 global research study undertaken by Gallup, which found that Baby Boomers are often overlooked when it comes to career development and skills progression.
“There’s ageism in many workplaces, not just in cyber security: when workers hit their 50s there’s a perception that they are coasting towards retirement, that there’s is little left to teach them – their careers start to become invisible and they receive little in the way of investment or training,” she says.
One way to address the industry brain drain therefore is to offer training to staff at all stages of their career, Rose Lee says. “To encourage Baby Boomers to stay firms need keep on offering them training and seeing them as important members of the family.”
Appgate’s study also found that there’s an emotional intelligence that increases with age that’s also in danger of disappearing as a generation of older workers exit the business.
Rose Lee claims that softer skills prevalent in older workers include deep thinking, information processing and the ability to ignore distractions and focus on what is important.
“These qualities also happen to be essential for the problem solving and decision-making abilities needed to detect, respond and mitigate effectively against cyber-attacks – they’re skills that could be used by firms to devise strategies for managing ransomware attacks or formulating ‘doomsday’ scenarios,” Rose Lee adds.
The good news is that older workers appear to be more than willing to keep offering up their skills knowledge and experience – even once they retire.
Among Appgate’s focus groups, 80% of respondents who were retired or who were about to retire said that they would return to their firm as a consultant or as a trouble-shooter if they were asked to.
“Firms shouldn’t be afraid to invite former staff back as consultants or to mentor and train or to use them to solve specific problems – because they’ve got the emotional intelligence, they’ve got the experience, but they just don’t want to work full time.”
If Appgate’s study is loud on espousing the merits of older workers in cyber security, it is just as quick too to point out the shortcomings of Millennials – a group that is predicted to make up 40% of the workforce by 2025.
While this younger generation is considered tech savvy, the study found that they were not as cyber savvy, lacking a deeper understanding of the back end of security that can make organisations vulnerable to cyber-attacks.
“Millennials value productivity and speed and tend to move quickly, so they look for fast solutions and balk at the time it takes to implement stronger security controls,” Rose Lee observes.
“Mixing generations within cyber security teams balances the digital savviness of youth with the wisdom and experience of age.”
She points to a 2019 NTT report, Cyber Security and The Next Generation, which found that almost 40% of Millennials would pay a ransom to a criminal gang to get back to normal as quickly as possible.
The same report also found that that younger generations consistently tended to underestimate the amount of time it took for businesses to return to normal after a cyber-attack.
“It’s not that younger people don’t care, it’s just that they’re used to working fast and so drive through things without fully understanding the risks and can take their eyes off the ball,” says Rose Lee.
One of the conclusions from Appgate’s study is for firms to devise projects that comprise of intergenerational teams, fusing the unique skills that each generation can bring to the workplace.
“Mixing older and younger generations within cyber security teams balances the digital savviness of youth with the wisdom and experience of age. The Millennials’ first-adopter appetite can often lead them to look for timesaving shortcuts that result in more cyber security risk.
“Boomers have higher emotional intelligence and a fire-fighter’s intuition for things that don’t look or feel right making them crucial cyber security defenders.”
“Sitting in the middle, Gen-Xers can be the conduit to ensure back-and-forth collaboration and knowledge transfer across teams.”
While the scope of Appgate’s study was to address the skills gap caused by older workers leaving, omitting a Millennial focus group feels like a missed opportunity.
Would we have found out that a large part of the entry-level work involved in cyber security – the fielding of hundreds of alerts and false positives every day – isn’t the most stimulating of tasks? And why are speed and productivity of such value to a cloud-native generation that has not grown up with Mainframe IT systems?
“When firms allow their staff to work from home all the time something is lost. Culture is lost. Collaboration is lost. Innovation is lost. That’s my firm belief.”
Nonetheless, Rose Lee does have advice that addresses how to attract and retain much sought after Gen-Z and younger Millennial software developers and IT workers into the industry.
“First of all, you need to create a sense of purpose,” she says. “If young talent can understand what the purpose of an organisation is beyond what it produces or offers up as a service or how much money it makes, that can be very powerful. Does it keep the NHS safe? Does it help feed the world? Does it protect valuable IP?”
Rose Lee adds that Millennials – like their older colleagues – also value career progression and training, while creating a workplace that is as comfortable as their home environment for a generation now used to remote working, is also attractive.
At its Swedish offices in Gothenburg, for example, where Appgate competes with Volvo and Apple to attract software developers, its interiors have received a minimalist overhaul to attract new talent.
Appgate’s sales engineering manager Gernot Hacker says: “The walls are dark grey, with lighter grey panels, desktops and cables are hidden from sight – I’m in my fifties so it’s not really the kind of thing I pay attention to, but workplace surroundings are such a large percentage how many people feel about their jobs now.”
Besides aesthetics, Rose Lee adds that it’s important to create a sense of community within the workplace for all age groups – whether staff are working remotely or on premises.
“You need to create a sense of belonging wherever you work from. That could be through social media, it could be through the events, or the connections that you create in the workplace.
She also believes that more enlightened organisations are starting to create events that require staff to come into the workplace – as encouraging a hybrid mix that creates more of a sense of community.
“It might be part of an adoption or part of your training or an all-hands-on town hall meeting or an innovation session. But it is about encouraging that mix of working from home and working in the office. “
Although it is too early a call to make, the diversity expert predicts that over the next couple of years research will emerge that shows that when firms allow their staff to work from home 100% of the time, something is lost.
“Culture is lost, collaboration is lost. Innovation is lost. That’s my firm belief and I’m starting to see research come out the Centre for Economic Policy Research which reveals that while productivity is okay, that sense of engagement, connection, contribution, collaboration, and the kind of ‘feel good’ things that come out of working together are starting to get lost.
She warns: “We may be losing that human magic, that thing that makes us special, that thing that makes us beyond and above the computer, or AI or robot.”
Subscribe to our Editor's weekly newsletter