Friday, 19 September 2014
masthead+quote+image
Advanced search

Hacking the skills shortage

‘Argh!’ The shout of frustration rises above the sound of furiously tapping keys. ‘It feels like we’re so close but then so far away,’ says the middle-aged man hunched over the laptop as his immaculately dressed team mate peers over his shoulder. Then comes a cry from the young woman across the room: ‘Holy crap!’ She may have made a breakthrough but immediately clamps her hand over her mouth, worried she has disturbed the deep concentration of the rest of the team.

This is the UK’s first civilian cyber security camp. As part of a wider industry-driven campaign to promote careers in the sector, 50 participants are spending this weekend at the MoD Defence Academy near Swindon and Glasgow Caledonian University to take part in a series of challenges that will test their hacking skills and show them how they might put those skills to use in a new career.

As with many other areas of the UK’s technological economy, the cyber security sector is facing a skills shortage, both current and impending. So for the fourth year running, a group of private companies, trade bodies, government organisations and universities have come together to run a series of events they hope will attract new talent, which for the first time includes these four-day camps delivered by IT security firm C3IA.

Though the new events have a competitive edge – the participants will be ranked against one another for a place in a national final and the weekend will culminate in an England versus Scotland challenge between the two camps – their primary aim isn’t to find specific new recruits for the organising companies but rather to encourage more people to seriously consider the industry and to give them relevant experience.

‘We’re trying to broaden the talent pool,’ says Nigel Harrison from the board of Cyber Security Challenge UK, the not-for-profit company that runs the events on behalf of nearly 80 sponsors including BT, Microsoft, the Cabinet Office and a host of SMEs. ‘We do get repeat customers but we’ve deliberately targeted people we’ve not seen before who might not have the confidence or don’t think they’ve got the skills to work in the industry.’

It’s an important point. My ignorant idea of cyber security is rows of GCHQ operatives relentlessly fending off attacks from Chinese cyber spies. But after taking part in one of the more basic challenges at the camp, I’ve learned cyber security can often be more about better website design, learning to spot holes and applying problem solving skills to programming. And that the demand for expertise is coming from a range of technology-related companies.

The sector doesn’t need to take the country’s top graduates and put them through months of security service-style training; it needs people who can think laterally and manage risk, with an understanding of how coding works but not necessarily the knowledge to hack into a government mainframe. So companies believe that convincing people they might already have the skills for a cyber security career and giving them a way to build experience for their CV will help create a pipeline of new employees.

Most of the participants at the Swindon camp seem to fall into the categories you might expect: twenty- and thirty-something men with careers or at least degrees in IT who are looking for a new challenge. But they certainly don’t fit the hacker cliché of social outcasts living in their mothers’ basements (and I count only two spotty teenagers among them). And there are plenty of exceptions.

Tasha Godwin left the RAF to have a family and is now studying forensic computing (focusing mostly on data retrieval for organisations such as the police) but likes the idea of moving into cyber security for the private sector. Outgoing and smartly dressed, she’s visibly excited about the day’s events, although she admits she knows little of what to expect and is a bit nervous.

‘I wanted to practice techniques but I was worried about the legalities [of trying to find security flaws in professional websites],’ she says. ‘A military background is very different to this and I need a civilian entrance way. But a lot of companies don’t know about forensics: they just proxy it out.’

After watching the participants battling with encrypted passwords, puzzling over mysterious sound recordings and staring at screens of code that could be taken from The Matrix, I realise this camp isn’t just for anyone who thinks cyber security sounds cool. And it helps if you have the personality that gets a huge kick out of solving puzzles – a thrill that was described to me as ‘addictive’ at several points.

But recent maths graduate James Arden tells me he’s had little formal training in the skills he’s putting to use in the challenge and has instead picked things up largely from the internet or from other events he’s been to. ‘Some of the challenges were very difficult and they’ve highlighted a lot of knowledge gaps for me,’ he says. ‘But we had all the skills we needed within the team. My personal skillset is critical thinking.’

So what can the wider engineering industry learn from the cyber security sector’s attempt to address its skills problem? Firstly it’s a reminder that professional expertise has to build on a certain degree of basic knowledge and existing interest in the field. But it also shows how convincing people they can do something is sometimes as important as making sure they have the right skills.

Giving people a chance to take part in technical activities, even though they might not have much technical knowledge or experience, can help people realise they have other qualities that would be welcomed by the industry. Not everyone can be an engineer and boosting the status of the profession is important, but demystifying what engineers do might also help lure a wider range of candidates.


Readers' comments (4)

  • Fascinated to read of this approach!
    I am now so old that I can remember when a computer was the thing that sent you the wrong gas bill! and little else! Indeed one of the excuses that the subsequently privatised utilities would use in the early 70s as a catch-all to deal with any complaints/problems was ---"ah, its the computer."

    At that time, I arranged the very first telex-operated time-share system to be installed in the board-room of my then employer (Scragg, the firm that made the machines that put the crimp into Crimplene) on trial. I will never forget the comment from the MD. "get that new-fangled rubbish out of here, we are not having any of that in here. We have been doing very well without it!" For a firm who the year befoe had posted a massive loss, laid off several hundreds and went belly-up a few years later, a remarkable approach to new technology.
    Hackers? not required from outside the company or country, there are plenty of managerial Luddites already here!

    One of the sons of a neighbour (who went to school with ours) eventually became what was termed an 'ethical' hacker at an organization located not a million miles from a well-known spa town in a location not too far from Bristol/Bath...I recall him as a spotty-faced boy in short trousers. Comforting to know that the future of our Nation is safe from Cyber attack via such safe hands

    Unsuitable or offensive? Report this comment

  • I know many people in the cyber security sector and they are paid very well. So much so that senior people drive Aston Martins etc. You will never see that in engineering.

    Unsuitable or offensive? Report this comment

  • "You will never see that in engineering."


    Not in this country anyway. I do find it ironic that these whitehat hackers fail to realise the irony of attacks from "relentless Chinese cyberspies" when they are doing precisely the same to them.

    Unsuitable or offensive? Report this comment

  • Education in science, technology, engineering and mathematics needs to be strengthened. Our colleges and universities are not graduating enough students with strong science degrees, computer science or otherwise. Graduates with the right kinds of backgrounds for data scientist – computer science, statistics, machine learning – are coming out of the universities, but they are not coming out in sufficient numbers. As a result, firms are struggling to hire full-time or contract staff for IT and engineering positions. In working with IT staffing agencies, I know it's important to know their true professional goals. Help them achieve their growth goals and help them establish a career growth path.
    Than Nguyen

    Unsuitable or offensive? Report this comment

Have your say

Mandatory
Mandatory
Mandatory
Mandatory

My saved stories (Empty)

You have no saved stories

Save this article