Since my last full blog, my work life has taken a few turns, and I briefly left the world of journalism and my specialist subject of IT security. In that time journalists were kept busy by big stories such as the data breaches by Ashley Madison and TalkTalk, the ability to remotely hack a Jeep and the return of ransoms in the form of malware or “stand and deliver” style denial of service attacks.
After leaving the awesome IT Security Guru at the end of RSA Conference week (late April to the uninitiated) I joined analyst firm 451 Research.
Those six months have passed and upon leaving there and my return to journalism, I was delighted to attend another masterclass of the Cyber Security Challenge. The sixth winner since the programme began in 2010, 38 year old Peter Clarke won after completing a 48-hour cyber defence battle investigating and averting a simulated cyber attack involving a biological attack on Church House in the grounds of Westminster Abbey.
The final saw 42 (with 41 making it to the final day) combatants compete in the two-day Masterclass final, developed by a team from QinetiQ and supported by experts from Bank of England, GCHQ, National Crime Agency, BT, Cisco, Falanx Group, Roke Manor Research, Simudyne, and CyberCENTS Solutions.
The Challenge was set up to try and remove the major skills shortage in UK cyber security, by getting more people interested in it and aiming to draw contestants from across UK industry. This year’s winner was an engineer for a car manufacturer, and around half of last year’s finalists are already in their first cyber security jobs.
One statistic that I did find interesting was that more than 50 per cent of the final 42 were involved in online gaming. I talked with Jess, the only female finalist who is studying in her final year of an BsC in Computer Gaming Programming at Leicester De Montfort University.
She told me that she first heard of the challenge through a presentation at the university, where a camp was also held with a capture the flag style challenge. I asked her if she was interested in a career in IT security, and she said she was as “it seems fun and people in security are all from industry and they are a lot more laid back”. Take from that what you will, but the next generation see this job as something enjoyable then it has got to be a positive.
Speaking to Bob Nowill, chairman of the Cyber Security Challenge UK, said that it was about making the challenge accessible. One addition was the online gaming experience Cyphinx which was designed as a Second Life-style environment. “Everything is solely online, this year we removed the face to face and used hacking labs and added to the techologies online,” he said.
I also spoke to Matt Anderson, EMEA director at the SANS Institute, who continued its sponsorship of the challenge. He said that as well as providing prizes, it is working with the challenge to bring unspotted talent through its own cyber academy.
What I’ve always admired about the Cyber Security Challenge is its willingness to talk to those who are not in the sector at a level that they understand. It isn’t about the gender balance and ensuring that the final year of university students win so that they are given jobs at GCHQ, it’s about presenting IT security as a career in a positive light.
As I said, there have now been six winners of the challenge and I’m fortunate to have met and interviewed several of them. This year’s winner said he only entered the Cyber Challenge eight or nine weeks ago without many qualifications, so to be the winner “is unbelievable”.
He said: “I’ve had an interest in cyber for several years now and keep a breadth of the current trends and tools in the industry, but this is the first step towards a future career in the area. I really want this to become my profession and the Cyber Security Challenge has given me a catapult into the industry that you can’t find anywhere else.”
All good news, and Nowill encouraged any individual to have a go at some of the games on the play-on-demand gaming platform.
Registration is already open for next year’s programme and a host of competitions are available to play now. Using the play-on-demand system which allows access to games any time, you could sign up and take part in just a matter of clicks.