UK cyber challenge aims to fill IT talent shortage
- 18 January, 2011 00:03
Paul Laverack of London is an actor, but he's considering a possible career change -- to computer security.
It's a somewhat unlikely career transition, but is one of the many examples of how a country-wide competition designed to spur interest in computer security, the U.K. Cyber Security Challenge, is already working as intended.
Launched last year, the challenge is a series of competitions that anyone can enter, in fields ranging from digital forensics to network security. More than 4,000 people registered to be part of the program, including Laverack, who won one of the competitions, the DC3 Digital Forensics Challenge.
Laverack, who lives in East London, has never been employed in IT and has a degree in psychology. For the forensics challenge, he completed a series of increasingly difficult tasks from doing rudimentary file analysis to recovering the partition of a hard drive. As part of the prize, he will get to attend a week-long security academy hosted by the security vendor Detica that is usually for the company's new recruits.
"All of the knowledge I used in the competition was things I'd built up over the years dealing with my family's accidental file deletions and virus infections," Laverack said. "It was just knowledge I accumulated over the years."
Over the weekend, the U.K. Cyber Security Challenge held its first face-to-face competitions in Farnborough, England, at a secure joint facility run by Boeing and a major U.K. defense contractor, QinetiQ. The two companies have built an area called "The Portal," an advanced setup for conducting computer security networking exercises.
The competitions coincide with a four-year, £650 million (US$1 billion) effort by the U.K. government to shore up the nation's cyber security, as it sees growing computer-based attacks as a threat to the nation's economy.
But the nation is struggling to find people to fill computer security jobs, a result of university programs that haven't kept up with the times and, some say, simply lack of interest. The Cyber Security Challenge is a grassroots effort to find people who have a homegrown talent for computer security and hopefully link them up with employers.
"You don't need to have been studying this for years," said Judy Baker, director of the organization and former deputy director of the U.K.'s National Infrastructure Security Co-organisation Centre. "We want people who are interested who maybe have some rudimentary skills to have a go."
Jay D. Abbott, director of threat and vulnerability management at PricewaterhouseCoopers, said he has had difficulty recruiting for computer security jobs. In the past, universities did not have the programs in place to educate students in the field. Those that are qualified often taught themselves.
"It's very difficult to find good people out there," Abbott said.
Computer security today still is a field where raw ability -- problem solving, good communication skills -- win out over a lack of academic credentials.
Sophos, one of the Cyber Security Challenge's sponsors, has 25 years of experience hiring in the field. "Had we tried to use academic background as a sole qualifier, we would not be in business," said James Lyne, a senior technologist with the company. As an example, Sophos employs a former chef in its labs, he said.
"We focus on introducing our own assessment of behaviors -- the expertise and natural aptitude," Lyne said.
Despite being one of the most important aspects of a country's economic security, the field of cyber security is completely unregulated compared to industries such as financial services, medicine and law. "The heartening message for people who would participate in the competition is 'Do not be discouraged by the fact you have an unusual career path'," said Stewart Room, a partner with Field Fisher Waterhouse, another sponsor.
Of the 4,000 or so initial registrants for the competition, most are males in their mid-to-late 20s. Most have never had a job in cyber security or are students, and more than 600 people are unemployed.
Alexander McDonald, 25, is a graduate of Kings College in London who specialized in Web development. He cracked one of the ciphers, a challenge that was issued to all registrants where they had to solve a tricky encryption puzzle.
McDonald thought that computer security was beyond his grasp but he was one of the few to crack the cipher. It started with base-64 encoded text that yielded a jpeg image of a cartoon from xkcd.com. Many participants thought the cipher was far too easy and simply lead to the image, but the cartoon actually contained another cleverly encoded cipher that McDonald cracked.
"I wasn't actually as bad as I initially thought," McDonald said. "I learned things along the way that I hadn't learned at university, programming skills. You just have to apply yourself to learn more."
The winners of the Cyber Security Challenge will attend a "master class" in March, where one person will be selected after additional competition to be the U.K. Cyber Security Champion.
Send news tips and comments to firstname.lastname@example.org