Increasing the impact of Cyber Security Challenge UK (CSCUK) is at the top of the agenda for new chief executive Colin Lobley, who took over the role in January.
From forensic cyber to encryption: InfoSec17
Security technologist Bruce Schneier’s insights and warnings around the regulation of IoT security and forensic cyber psychologist Mary Aiken’s comments around the tensions between encryption and state security were the top highlights of the keynote presentations at Infosecurity Europe 2017 in London.
Now in its eighth year, the government-backed competition is open to UK residents of all ages who are not currently working in cyber security and requires no formal qualifications to take part. The competition is aimed at attracting new talent to the cyber security profession in an attempt to address the cyber security skills gap.
Employer organisations in the UK and around the world are finding it increasingly difficult to find people with the right talent and expertise to fill a growing number of cyber security roles as businesses become increasingly digital and reliant on information technology.
“Everybody is struggling to hire the right talent and even to promote from within because it is not easy to fill their previous roles with anyone from outside,” said Lobley, who previously led HP Enterprise cyber business in UK, Ireland, Middle East, Africa and Mediterranean region.
“There is a huge systemic problem in the market, and I wanted to something about it, which is why I took up the opportunity to work with CSCUK to help bring out the change within the market that is sorely needed,” he told Computer Weekly.
Lobley believes the organisation has the potential of driving the necessary change because being neutral and altruistic in nature, it is well-positioned to pull together various initiatives across industry, government and academia, and he sees this coordination role as being essential.
Although various organisations within industry are running initiatives aimed at boosting numbers in the cyber security profession, these efforts are largely being conducted in siloes. “I think they would all achieve better economies of scale if they were to work in a more collaborative way,” said Lobley.
In addition to working on initiatives with their industry peers, he believes organisations should be working to help augment and support the mainstream education system, which to date has been very poor in what it is offering in terms of cyber security training at all age levels.
“Although there are now some good degree courses out there, there are still not enough of them and there is nothing material to speak of at A-level or at GCSE-level around cyber security apart from a small bit of content in technology GCSEs and computer science A-levels, but that’s not enough,” said Lobley.
“There is a duty of industry, as the experts, to augment mainstream education through things like free summer camps and industry-quality online training courses as well as through teacher education programmes to help them to keep up to date with cyber security developments,” he said.
Across industry, government and academia, Lobley said there are a number of cyber security skills related initiatives, and he believes that his organisation has the potential to fill the need for a coordination body, which is needed to help young people to navigate the opportunities available.
“I often hear from participants in the CSCUK competitions is that they feel lost because of all these point initiatives and don’t know where to turn, next, so this the concept of creating clear cyber security career pathways is an important one,” he said.
At present, there are three main roles for the CSCUK. First and foremost, is the core role of increasing the attractiveness and awareness of cyber security as a profession. Second is nurturing talented people in their journey to a career in cyber security, and third is helping to ensure that the right talent is getting in front of recruiters.
One of the main challenges for CSCUK is to change how the cyber security profession is perceived to make it attractive to a wider, more diverse group of people.
“We need to make it more inclusive and easier for individuals to find a pathway to a career in cyber security and then nurture that talent so they are able to get from where they start to where they want to get to in the cyber security industry,” said Lobley.
Along the way, he said they will be taking part in various cyber security related initiatives on offer. “As the neutral body in the market, I see CSCUK as being able to coordinate that career guidance pathway because we will be able to advertise and champion everything that is available in an easy and altruistic way, enabling us to guide people to the next step on the pathway.”
CSCUK is also working with it sponsors and partners to revise their recruitment processes to ensure that potential candidates are not eliminated simply because they do not have any of the traditional formal cyber security qualifications.
“Sometimes people who do not have those qualifications are as capable and even more capable than people with those qualifications,” said Lobley, which is why the final stages of the CSCUK competition are designed to demonstrate to potential employers the real, working capabilities of participants who may not have formal qualifications.
As a result, he said sponsor organisations are adjusting their recruitment processes and style to include, for example, people who have established careers in business, IT or scientific disciplines and are seeking training or up-skilling opportunities to change careers to information security.
“Awareness to attract people, pathways to get them through and then getting them in front of employers are the big challenges we are tackling,” said Lobley, adding that his role is to scale up the impact of those efforts, which means that CSCUK may soon be hosting fewer, but bigger events.
Grand scale events
The first of these “grand scale” events is expected to attract more than 5,000 visitors and is scheduled for 15 and 16 October in London.
Across the two days, CSCUK is to host Cyber Re:coded, which aims to be Europe’s biggest cyber careers show, alongside the European Cyber Security Challenge (ECSC), an event that will see 19 countries across Europe compete in a two-day competition to find the continent’s cyber champions.
The careers fair is aimed at show casing the cyber security profession and will include an innovation zone, a gaming zone for all levels of cyber skill, an exhibition zone to meet universities and employers, and a series of career-related talks and workshops.
Now in its fourth year, ECSC is coordinated by the European Union’s cyber security agency Enisa with each participating country represented by a team of 10 competitors who must all be under the age of 25, with at least half the team under the age of 21.
This year’s UK Cyber Security Challenge moves another step closer to the final today with the third of four semi-finals taking place in Swindon that involves physical as well as digital forensics.
The theme of the event is serious crime and it is being run in collaboration with the National Crime Agency (NCA).
During the event, 22 of the UK’s brightest young cyber security minds will take on the role of a team of cyber investigators to look into a cyber intrusion at a fictional defence contractor.
Testing skills and abilities
With both intellectual property and national security at risk, the event is designed to test the contestants’ skills and abilities to work as a team and uncover and stop the cyber attack.
Experts from the NCA will be on hand to provide insights based on their own experience on how to stop and prevent a cyber attack as well as discuss what the NCA does and what sorts of roles are available in the field of cyber security.
As well as doing the cyber sleuthing, contestants will also carry out physical searches of locations that may have been used by suspects to look for clues and uncover how the cyber-attack was carried out.
The top eight to 10 competitors from each of the semi-finals as well as top students from the government’s Cyber Discovery schools’ programme will then go through to the final on 24-26 November in Canary Warf to be hosted and designed by Barclays Bank, the first bank to host a CSCUK final.
“The involvement of the Cyber Discovery top performers in the CSCUK final is a small step in terms of the coordination we are trying to drive to ensure that all these initiatives stay joined up and that there are pathways for people to follow,” said Lobley.