creative soul - Fotolia
CyberFirst, which was initially piloted and then launched by GCHQ in May 2016, is a partnership between government and industry to find and fast-track tomorrow’s online security experts who are about to start university or are in their first year.
It is a key part of the UK government’s National Cyber Security Programme and now falls under the National Cyber Security Centre (NCSC), which opened its doors on 1 October 2016 to bring together the key government agencies responsible for cyber security.
The scheme draws people who show potential for a top career in cyber security through school competitions such as the Cyber Security Challenge Schools Programme and maths competitions.
Under the initiative, up to 250 recruits will receive £4,000 student bursaries, paid work placements and employment on graduation.
Through its participation in the initiative, global security and aerospace company Lockheed Martin will sponsor a number of students across a three-year period and provide them with work placements during their studies.
The company will work with the NCSC to help fill the growing skills gap by identifying, supporting and nurturing emerging cyber talent to fulfil the range of roles needed to be the future technical experts in cyber domains.
Chris Ensor, deputy director for NCSC skills and growth, said: “This is the first time government and industry have come together to make a concerted attempt to inspire and support a whole generation of young people to take up a role in cyber security.
“Cyber security is a fascinating career choice which is fundamental to our modern digital society and we are delighted our industry colleagues are supporting CyberFirst.”
Lockheed Martin UK chief executive Peter Ruddock said: “There is an emerging cyber skills gap and it is vital that this gap is addressed.
“Supporting CyberFirst will become an integral part of our work to maintain Britain’s cyber defences and we are excited to be a part of the initiative. Lockheed Martin is focused on the innovation, technology and training that will keep Britain safe, secure and prosperous for decades to come.”
Read more about information security skills
- UK businesses could be put at increased risk of cyber attack by the UK’s severe shortage of cyber security expertise, according to data released by global job site Indeed.
- Companies struggling to fill infosec roles should focus on finding people who can do what they need, not qualifications, according to a security industry panel.
- Expert Joseph Granneman explains important business skills that information security pros need – and how to acquire them – as the discipline matures.
- Information security professionals need to grow their skills, engage with the business, increase security awareness, set business goals and tailor their messages, says a panel of experts.
News of Lockheed Martin’s support for CyberFirst coincides with a report by the Public Accounts Committee (PAC) that highlights six concerns about efforts to keep government data safe from cyber attack, including the government’s struggle to ensure its security teams are suitably skilled.
Responding to the report, Richard Parris, chief executive at cyber security and digital identity firm Intercede, said: “It is refreshing to see the Public Accounts Committee taking the growing cyber security threat seriously, but simply throwing more people at the problem is not the answer.
“There is a gross skill shortage in the area and so we need to change our approach to securing critical data and infrastructure in the public and private sector. It’s time to move from simply investigating breaches, and post-breach vulnerabilities, to actually mitigating the initial risk.”
According to Parris, most of the $120bn currently being spent on cyber security is invested in monitoring for breaches and in mopping up after a breach has occurred.
“But at the same time, the ‘front door’ of most of the infrastructure is closed by a laughably simple and insecure username and password protocol, or a ridiculously complex authentication that is so alienating to the user that it invites shortcuts and work arounds,” he said.
Parris believes that highly secure, user-friendly and cost-effective alternatives are available that would dramatically reduce the number of security breaches, which are mainly due to poor user authentication. “All we need is the political, regulatory and corporate will to make it happen,” he said.
The PAC report highlight a concern about ineffective spending on cyber security and recommends that the Cabinet Office should regularly assess the cost and performance of government information security activities, and identify a set of baseline indicators that departments should report against to support this objective.
Stuart Clarke, chief technology officer of cyber security firm Nuix, said the prevention and detection of cyber attacks require a co-ordinated effort.
“While many technology solutions exist, a lack of skills in the industry means businesses are in danger of creating a security Frankenstein,” he said.
“More effort is required around education and awareness and also ensuring technology is blended with robust policies and procedures that users can understand and align with.
“A unified effort will help us to better understand and identify abnormal activities and therefore be better prepared to prevent incidents occurring.”