It's little over a year since it was first mooted, but the National MBA in Cyber Security from Coventry University Business School launched today at a House of Commons event addressed by shadow business minister Chi Onwurah MP, with support from both the prime minister and leader of the opposition - and the first students are starting courses in January 2015.
Sir Kevin Tebbit, former director of GCHQ and chair of the National MBA advisory board told SCMagazineUK.com: “Our ideal candidate is probably already ten years into their career, so about 35 years old. He or she could either be in middle management wanting to get into senior management with a stronger understanding of the information security world. Or the other way around – a CIO in a company wanting to move into top level management, to be able to interpret the technical aspects of the role better to board level management.
“They would see this as a useful arrow in their quiver to take them there. They would not necessarily need any prior cyber-security knowledge other than the awareness you would expect from someone of that age group. It's broader than direct cyber but will teach people how to understand the nature of the threats and how to deal with them.
“There is a practical rather than theoretical focus. It might suit a company secretary with responsibility for risk, or a CISO or CIO reporting to the board, or a finance director broadening skills. We are talking about fast-burn quick-delivery –trying to up-skill people on how to use cyber-security to benefit their organisation.”
Professor Richard Benham FRSA, whose came up with the idea of the National MBA in Cyber Security while developing a national MBA in Policing, and is also on the advisory board adds: “We will be teaching management skills to technologists, and an understanding of cyber-security issues to non-technical students, appreciating the levels of security needed.” Benham told SC: “There will be training models for specific skills, legal aspects etc, and we may develop sector specific modules for say finance or law enforcement. It will be a very ‘applied' qualification, not just an academic qualification. And we will be looking for advice from industry, government, anyone who has an interest, to define what areas and modules need to be covered.”
Mike Loginov, vice chair of the National MBA advisory board, and a chief cyber strategist elaborated to SC: “It's not (just) chalk and talk – its simulated environments, coping with attack scenarios that have happened in real life, re-engineered to get learning outcomes. They are stressful.”
There will thus likely be candidates ranging from new graduates to those with an MSc or other MBA and extensive practical experience.
The NMBA course will cost £10,500 and contain eight modules; it would ordinarily take 18 months to two years to complete, but is flexible so it can be spread over six years with payment also spread out to accommodate those working while doing the course – much of which will be provided by eLearning and video from industry experts.
Some students sponsored by their company may be able to pursue issues of immediate benefit to their company – but these would likely be areas such as security architecture and broader issues, and not be reactive or providing sticking plasters to specific temporary problems.
Further down the line – in 2015 – the aim will be to offer PhD courses (the National DBA in Cyber Security), developing a research business, as well as shorter courses at lower levels, developing modules. These will include a National Cyber Awareness Course – a one day non-technical mass market course, accessible enough for everyone, alerting them to the risks they face at work and at home, talking about their own use of cyber-technology.
Among the drivers to establish the course was the lack of industry knowledge displayed by boards of companies that had been breached, and were then breached again. Benham explains: “It just seemed to fill a gap in the marketplace for all the reasons articulated today. I combined the concept of an MBA, added the National aspect to make it consistent across sectors and across the UK, and it appears to have hit the mark in terms of defining an area that needs to be addressed by the UK, particularly government and boards. That's been ratified by the pace at which it has come to market. I think I have been very lucky with the timing and have a great team. We already have a list of people queuing up to come on the course.”
Coventry MP Bob Ainsworth told attendees, “Outreach to the private sector is the critical issue – outside the FTSE 350 (understanding of cyber-security) is a big problem.
Paul Simmonds, CEO of the Global Identity Foundation, and a former CISO at ICI, commented to SC that it was even worse, saying, “There are fewer than 30 CISOs in the FTSE 100 who have real board level reporting –either being on the board or reporting to someone who is.”
Benham suggested to SC than the Finance industry, often seen as particularly good at cyber-security, had significant problems, saying: “The banking industry has large amounts of compliance, but if one instance goes wrong the impact is enormous.
I do expect a UK bank to fail within five years due to a cyber-attack –and there will be a ripple effect through the whole financial market. We hope it won't happen, but realistically the sheer number and intensity of attacks suggests that it will. Their data is money. While the attackers are after money, even if there is no financial loss, if there is a big enough breach there is also the reputational damage for the bank which could also bring it down – look at what happened with Northern Rock – the brand became toxic. A well coordinated cyber-attack with social media campaign against it could do it – though I know the Bank of England disagrees.”
For Loginov, it is not just the FTSE, but the Government which still has more to do, telling SC that: “A new Italian EU Commissioner described how an Italian organised crime group (presumably the Mafia) is spending €1 billion per year on defending its online activities – whereas the UK government says it is spending £860 million over five years. We are still not taking it seriously enough.”