Cyberchallenge aims to lure in new talent

The UK has launched a national cybersecurity challenge to attract new talent to the information security industry, but is a series of competitions going to do the trick?

The UK has launched a national cybersecurity challenge to attract new talent to the information security industry, but is a series of competitions going to do the trick?

There is, however, little doubt that the UK has to do something to address the shortfall, with roughly 50% fewer people signing up for computer-related degrees since the peak in 2000, and fewer still going into security.

As supply goes down demand is increasing, and is only likely to increase even faster with government ambitions to promote the UK as a data safe-haven, said James Lyne, senior technologist at security firm Sophos.

"It is fairly evident from the market that demand outstrips supply, and there is no sign of a slowdown in the increasing size of the problem," he said.

Proven demand

Recruitment firm Reed Technology reports a definite increase in demand to fill IT security roles.

"Large blue-chip clients, in particular, are looking for experts to assist with the technical and project management aspects of online security," said Andrew Gardner, operations director at Reed.

"Drawing new people and skills into this sector is vital as more and more businesses store sensitive customer information online," he said.

A survey by the Sans Institute found that 90% of organisations in the IT security industry are finding it difficult to recruit cybersecurity professionals.

Experienced security specialists are the hardest to find, and while it is easier to bring younger less experienced people into the field, it is still far from straightforward.

Hobbyists and people with raw talent in other, related professions are the biggest pool of untapped talent, but without specific security qualifications, hard to identify and find.


Paul Vlissidis, group technical director at NCC Group, said the challenge will help tap into those resources by raising the profile of cybersecurity as a recognised career path.

Web developers, for example, typically make good application testers, but there are probably thousands of web developers who have never considered going into security.

"This is a classic example of where the challenge could open the eyes of web developers to an alternative career, which would be powerful," he said.

According to Vlissidis, demand for penetration testing continues to rise every year, but competition for hiring people with the necessary skills is also increasing.

The cyber challenge could help alleviate that problem, especially if it is to be held on an ongoing basis, but he said, it is also that the challenge is not allowed to become a self-congratulatory exercise for those already in the security industry.

"The challenge must reach out to the wider community of qualified professionals such as web developers, application developers, and network engineers to encourage them to do more training to move into cybersecurity," he said.

Soft skills

Another common challenge in recruiting security professionals is that it is not a purely technical discipline.

"It needs highly skilled technicians who are also good communicators, and generally that is not a package you see too often, said Vlissidis.

The competitions have been designed to address this need, said Judy Baker, director of Cyber Security Challenge UK.

The US challenge is made up of three separate competitions being run by different organisations, but the UK challenge includes two face-to-face rounds.

"This means we can test a wider variety of skills as we recognise that our businesses do not need only deep technical skills. They want people with interpersonal skills who can talk to company board and get them to spend money on security where necessary," she said.

The competitions have been designed to attract more talented people to join the security industry and help build a UK pipeline for future security experts.

The UK has taken a broader approach than the US to include things like vulnerability discovery, source code analysis, forensics, and secure coding, said Lyne.

"The US has had a lot of success, but I think we can do a whole lot more here in a wider range of industries," he said.

Participants will get the opportunity to get the feel for what it is like to work as a cyber security professional by running through components of an internal training programme developed by Sophos, such as quizzes on malicious code analysis.

Sponsor opportunity

In addition to attracting new talent, the challenge provides a forum for sponsors across the UK security community to share ideas and information.

The challenge deals with issues spanning both education and technology, said Kevin Streater, executive director for the IT & telecoms sector at the Open University.

"We see it as an excellent opportunity to continue our long-standing partnerships with industry to address the national challenges facing our workforce," he said.

Education institutions are often criticised for failing to provide appropriate training opportunities, but that is only possible if they understand what the current challenges are, and the skills required by industry to address them, said Streater.

The challenge is pulling many different organisations together, and will provide a way of reaching a common understanding of the UK's cybersecurity needs.

"This is one way in which universities can work with industry to ensure the courses we are offering and the research we are producing supports the real needs," said Streater.

Education and training is in fact an important focus for the challenge with all prizes being in the form of career-enabling opportunities, which should go a long way to ensure that many of the potential pitfalls will be avoided.

Prizes include specialised training, internships and memberships of security organisations.

Training on offer from the Open University is in the form of individual courses that can be fitted around full-time jobs to help professionals more easily make the transition to a career in security.

According to the organisers, there is a big assortment of such prizes, and the overall winner of the competition will receive an award package that is tailored to personal career development needs.

The UK Cyber Security Challenge may not solve all problems with recruitment in the sector, so there will be room for other initiatives to run in tandem but, in principle, the competition design is sound, drawing on a wealth of experience in the industry at home and abroad.

Read more on Antivirus, firewall and IDS products