SANS launches aptitude test for would-be cyber sleuths

News by Rene Millman

Online quiz analyses applicants cyber potential, £30k scholarships up for grabs

The SANS Institute launches a new in-depth Cyber Aptitude Assessment today in a bid to close the skills gap in the UK IT security industry.

The test enables anyone interested in cyber-security to gauge the quality of their existing skills. The organisation said that the test would identify the nation's top performers who will be helped into cyber-security careers.

It has been created by experts and trainers at SANS to “assess the skills and innate capabilities most needed to achieve success in a modern cyber-security careers”.

Those undertaking the test that show the most potential to fill roles in government and industry will be offered scholarships at the SANS Cyber Academy, an eight-week intensive boot camp offering world class cyber-security training, valued at £30,000.

The online assessment consists of approximately 40 multiple-choice questions which must be completed within 45 minutes.

Some questions look at existing IT and security knowledge – such as networking concepts, security procedures, programming languages, and hardware. Others pose maths problems, comprehension tests and logic puzzles to assess personality traits that the organisation said highly successful cyber-security personnel often display. This includes the ability to parse information and extrapolate important elements, and to pick up new technical concepts quickly.

At the end of the quiz, participants get a summary report showing their strengths and weaknesses in different areas of cyber-security, and a benchmark ranking against others who have taken the assessment.

While the results are completely confidential, data from the tests will be anonymised and used to help SANS to work with the UK government to identify skills gaps and inform cyber-skills policy and funding.

However, the SANS institute was quick to point out that the test was not the be-all and end-all to filling the skills gap.

“The Cyber Aptitude Assessment is designed in part to find those individuals that may not have previously considered a career in security. The profession needs new talent and this is a new method for finding them,” Stephen Jones, SANS UK managing director told

“This is not a silver bullet and must be viewed alongside other important skills initiatives, but it will play a part closing the skills gap. Our intention is to continually seek out the best raw talent, provide them with intensive SANS training and then make those skilled individuals available to UK enterprises and government.”

Amanda Finch, general manager at the Institute of Information Security Professionals told SC that her organisation supports “any measures that encourage talented individuals to join the infosec profession”.

“Being a SANS tool it will benefit from having a wide reach and can be well regarded,” she said.

“It will help to highlight the fact that we have a skills shortage and encourage people to get involved, including some who may not otherwise apply or aren't sure if they are suited to the profession. It is very positive as individuals will now have the opportunity to try their hand at infosecurity in the comfort of their own home and enable others to participate that may not have the opportunity to travel or time to attend face-to-face assessments,” added Finch.

“Online tests can contribute towards finding the right recruits; there are several careers paths within the infosec profession and this will be helpful for many of them. However, we need to remember that other factors that also need to be taken into consideration such as soft and interpersonal skills, which are less easy to measure using online tools.”

Stuart Reed, senior director at NTT Com Security told that while this was a step in the right direction for helping to close the skills gap, “encouragement and identifying aptitude is one thing – though this must be underpinned by and access to, relevant training”.

Chris Yule, principal security consultant at Dell SecureWorks, told SC that the test is “very much focussed on finding security analysts who can trawl through log events and incidents and understand and respond to them”.

“There's another security skills shortage which this doesn't address, and is a much harder problem: having enough senior people who can understand the business and technical aspects of security who can educate their senior management on the risks they face,” said Yule. “With the growing prevalence of embarrassing breaches in the public domain, senior managers are increasingly asking questions of their information security teams and struggling to get the answers they need.”

David Kennerley, senior manager for Threat Research at Webroot told SC that IT security is so diverse that one single test is unlikely to cover all the areas, so it is likely SANS focused on the areas they feel have the widest skills gap.

“Top security professionals need technical skills, but also a very good understanding of the business they are in, only then can risk be appropriately calculated. Hopefully this test will act as a stepping stone, but there is still a need for organisations to implement detailed training programmes,” he said.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews