Dr Frank Stajano, reader in security and privacy, University of Cambridge
Dr Frank Stajano, reader in security and privacy, University of Cambridge

Cyber-security continues to make headlines and remains a concern for individuals and professionals working across the political and business spectrum. This is unsurprising as the amount of threats organisations and individuals face continues to increase. Gemalto's Breach Level Index revealed that 1.4 billion data records were compromised in 2016, an 86 percent increase on the previous year. This highlights just how big a challenge protecting information has become and the importance of making sure we can keep ourselves and our institutions secure.

There are many different challenges when it comes to cyber-security, but one of the main obstacles that organisations face at the moment is the lack of talent in the industry available to them. This is an issue that has been highlighted before and appears to be getting worse, with a recent report from (ISC)2 finding that that the shortage in cyber-security workers will reach 1.8 million globally by 2021.

Fortunately, the cyber-security skills gap is not going unnoticed and public and private organisations alike are taking steps to address this issue. Initiatives such as the Government's Cyber Schools Programme will go a long way to helping develop the cyber-security talent of the future.  

But we cannot rely solely on the Government and businesses to address the skills gap. Higher education establishments can play an important role in helping develop the cyber-security talent these organisations are in need of. Universities have the power and knowledge to instill a solid foundation of principles and theories into students, ensuring that they are responsive to training and understand the theories of where problems come from and how to manage them depending on the situation they are in.

It would be wrong to believe that the role universities play in training cyber-security professionals is teaching students how to solve specific problems and how to keep different types of networks and infrastructures secure. The role of academic institutions is more than this, the technology industry is never stagnant, new tools are constantly developing to improve performance and services and as these technologies change, so to do the threats posed by attackers as they look to access and exploit these devices.

Because of this, what universities need to train students in is not working with technology itself, but rather teaching them the skills to adapt and change with the industry. Through combining theory with the opportunity to learn skills in a real-world environment, students will be able to develop the skills the industry needs while also gaining experience of applying them in a working scenario.

Face to face competitions are a good way of combining theory and practice. Through a competitive scenario, students can test their skills against their peers, learn new abilities and collaborate with like-minded individuals, all in an inclusive and enjoyable atmosphere.

An example of this competitive training recently took place at the Inter-ACE competition. This event, backed by the National Cyber Security Centre (NCSC), Cabinet Office, Leidos and NCC Group, was created to allow students interested in cyber-security to experience real-world cyber-challenges to test and improve their skills. Contestants got to meet like-minded peers from across the UK while learning about the avenues open to them in the sector and meeting industry and government officials.

It is not just in the UK where the competition format is being embraced, this format is also being utilised on a global scale. Following on from Inter-ACE, the winners of the competition also earned a place in the annual Cambridge2Cambridge (C2C) cyber-competition taking place in July. C2C is jointly organised by the University of Cambridge and the Massachusetts Institute of Technology (MIT) Boston, US and will see students from the best universities from across the UK and US unite to learn cyber-security best practice and demonstrate their ability to become the cyber-talent of the future.

Through initiatives such as these, universities across the world can ensure that students can move out of education and into the workforce with all the skills to meet the challenges of the cyber-security landscape, helping protect businesses, individuals and public organisations, addressing the skills gap in the process.

Contributed by Dr Frank Stajano, reader in security and privacy, University of Cambridge

*Note: The views expressed in this blog are those of the author and do not necessarily reflect the views of SC Media or Haymarket Media.