Cyber security's rising profile means that only adds to the need for the industry, as well as for the government, to invest in its future workforce writes Cyber Security Challenge director Judy Baker.

In the future, 2010 will be remembered as a hugely important year for the cyber security industry in the UK. The outcome of the SDSR and the newly formed Office of Cyber Security were both clear indications that government is taking our industry very seriously. Outside of Parliament, major news stories such as the Chinese data theft and Stuxnet worm have raised public awareness of cyber security to a new high. However, one aspect that has been glossed over is our skills crisis.

At the start of the year a SANS Institute survey of UK companies found that 90 per cent had experienced difficulty recruiting people with cyber security skills. Nearly 60 per cent of these companies plan to create more jobs in cyber security in the next few years. So we have a skills shortage, an increase in demand and a reduction in the numbers being trained. Why is it that we have such a dangerous skills shortage at a time when graduate unemployment in the UK is at its highest for 17 years and the threats to networks and systems has increased?  

Partly it is down to a lack of understanding of what cyber security jobs are and how to get them. They sound boring, though in fact they are diverse, interesting and challenging. The profession remains immature; job titles are inconsistent across businesses; some jobs are highly technical; others need more soft skills. It is not clear how to get on to the cyber security job ladder or make the move over from a related profession.  

Whilst there appears to be a grey cloud of uncertainty over the supply of future talent required to fuel our industry, 2010 also saw the launch of a much needed silver lining. In April we officially unveiled the Cyber Security Challenge UK and its public launch to candidates was in July. As we approach the end of our first calendar year I would like to offer a review of what has been an incredibly successful nine months and call upon every corner of the cyber security sector to support a very important initiative.  

The Cyber Security Challenge UK was set up as a not-for-profit company in March 2010, aiming to bring more talented people into the profession. It consists of a series of national online games and competitions that test the cyber security abilities of individuals and teams from every walk of life. They are designed to excite and inspire anyone considering a career in the industry, focusing on the skills needed by employers. This year's competitions include a network defence team challenge run by QinetiQ, and a SANS Treasure Hunt supported by Sophos, focusing on website vulnerabilities.  

All the challenge prizes are career enabling and include internships, mentoring in large companies, private sector training courses, assistance with fees at some universities, places on Open University courses and memberships of professional bodies.  

Progress has been swift since the initial launch to the industry in April. In that time we have attracted:

  • More than 20 sponsors to support our initiative including: Detica, Sophos, OU, Cassidian, PwC, QinetiQ, the Office of Cyber Security and Dtex Systems
  • Leading membership and trade organisations including: IISP, ISAF, IAAC, the Digital Systems Knowledge Transfer Network and CREST
  • Almost 4,000 candidates registered as participants, revealing a widespread interest in cyber security and suggesting a healthy appetite within the UK and an untapped resource of talent for our competitions.

Early indicators are that candidates are aged from 16 years old to adults but that the largest group is male and in their mid to late twenties. They are already demonstrating an excitingly high level of amateur UK talent, which is currently not employed in cyber security. We believe that our career-enabling prizes, combined with the professional skills and careers advice we are building into our website, will help encourage this new talent into the profession and that our sponsors will find the recruits they are searching for. Of course not everything is perfect and we are learning and planning to do even better next year. We'd also hope to attract a wide range of different sorts of candidates and address the gender gap that exists within our industry and is represented by the demographic of participants of the challenge so far. Why? Where are all the women? We know there is great female talent out there in the UK and we hope to uncover more of it in future challenges.

This success in 2010 has led to big plans for growth in 2011. We will run more competitions, covering a broader range of the skills employers need. Government continues to give us much valued and useful support but it does not and cannot fund all of our efforts. We rely on further sponsorship from the private sector and academia. We enjoy many valuable gifts from organisations in these areas, from the development and running of competitions to the donation of prizes and hosting of events. In the last nine months we have quickly grown to a size that requires professional management and a properly financed business structure, so we need real money too. In return, an association with the challenge means marketing/publicity, networking and recruitment opportunities, but more importantly, it offers the chance to be part of something that will change the UK's cyber security industry forever, and for the good of everyone.

The challenge represents the best chance our industry has to build for the future and help our nation's businesses and citizens secure themselves from an increasing cyber threat. It represents an unprecedented opportunity for UK security organisations to shape and improve the transition of talented people from talented amateur to skilled professional.

As government and the public increasingly turn to us to ensure the protection of the technologies and communications they depend on, it's never been more important that we establish ourselves as a sustainable, progressive industry, well placed to flourish in our new central role in which we have been placed, rather than cower under the spotlight. To the readers of SC Magazine, I call on you to help us in this cause and support the Challenge in 2011. To the many that have already pledged their support, I say thank you, and we look forward to working with you next year.   

Judy Baker is the director of the Cyber Security Challenge. If your company would like to get involved please get in contact at queries@cybersecuritychallenge.org.uk.