Striving to solve the security skills crisis

The Cyber Security Challenge is doing a fine job, but flat registration growth and weak Government funding are cause for concern, Tom Brewster discovers.

With so many people out of work and with many more redundancies to come, moaning about skills shortages feels a little insensitive. But when talking about an employment crisis that has a major influence on national security, it doesn't feel so bad to have a grumble.

The information security industry in this country has been suffering from a dearth of talent for years. Even though recent McAfee-backed research suggested the UK was better prepared for attacks than many, plenty more must be done to bolster the nation’s defences.

The consequences of inaction are clear: few security pros means ineffective security. Imagine if our armed forces consisted of only a few thousand semi-competent soldiers, or if our defences could do little more than prevent a rambunctious group of football hooligans from causing chaos.

Such analogies are not overly hyperbolic. Every day Government bodies and successful private businesses are seeing data stolen and websites defaced. Often, the skill required to enact illicit breaches is minimal. Simple SQL injections or easily organised DDoS attacks are embarrassing councils and corporations alike.

The scale of the problem is getting bigger, as is the depth of the problem.

That's why in 2010, the UK Cyber Security Challenge was launched, inspired by a similar programme in the US. Its aim is simple – produce security professionals and get them working.

IT Pro has been tracking the Challenge's progress since its inception. As it heads into the final stages of its second year, what's clear now is that this promising initiative is moving fast, with so many competitions taking place it's hard to keep up. Yet amidst the frenetic goings on, there lurk niggling issues that need addressing if the Challenge is to meet its ultimate aim.

Upping their game

From an infrastructural stance, the improvements have been dramatic. Just last month, the project's first CEO was appointed. He carries an impressive CV too. Prior to his move over to the Challenge, Duncan Hine was head of security for NATS, the organisation responsible for UK air traffic services.

Before that, he was helping run security operations for the Home Office's Identity and Passport Service. Hine was also CIO of the Post Office. Put simply, his experience in high-profile IT is exemplary.

And importantly, he is fully aware of the nature of the crisis at hand. "The national skills shortage in this area and related areas is really profound. The scale of the problem is getting bigger all the time," Hine told IT Pro.