The Cyber Security Challenge has proved the talent is out there, but maybe just the tip of the iceberg has been revealed, says Eric Doyle
If anything shows that being a security professional is a vocation, the Cyber Security Challenge is it. After almost a year of trials and tribulation, the Cyber Security Champion 2011 was crowned in Bristol.
Was the winner a security professional (for there were several such entrants)? No. In fact, neither was the17-year old runner up.
Dan Summers, a postman from Wakefield, ended up with the handsome glass trophy and Stuart Rennie, a student from Cambridgeshire, ran a close second.
On The Verge Of A Secure Future
“I’m absolutely jubilant. Over the moon,” a shell-shocked Summers told eWEEK Europe. “It just knocked me for six. I really enjoyed it, I enjoyed performing, I enjoyed working in the teams. We had such good competition. We had such a broad array of talent – I didn’t dream it would be me standing holding the trophy at the end of the day. I mean, people taking photos – it’s absolutely crazy.”
As with all the best award ceremonies, the outright winner was kept secret until the end and both Summers and Rennie were left wondering when the reality of it all would sink in.
I asked Summers if the £5,900 prize would make a change to his career path. He replied that he’d have to let it all sink in first. With several courses and exams plus access to several industry bodies and conferences, he will have plenty to base his decision on.
“At this stage, I’ve got to take stock but I do want to be in cyber security. Just being around these guys and seeing what they do – how they work – it’s fantastic.”
Magnanimous in his second placing, Rennie was full of praise for Summers’ achievement.
“He was just reeling things off. He was just amazing. I would have been happy to have been beaten by anyone here because everybody is so talented and amazing – but he definitely deserved to win,” he said.
For a competition in its first year, the Cyber Security Challenge has been an eye-opener for everyone involved. Baroness Pauline Neville-Jones, the government’s minister for cyber security and anti-terrorism, who presented the top prize and has been following the competition with interest, said, “It shows that cyber security as a career is not dry and just for techies. It’s a job that is vital for protecting the future of the UK economy and the government has put it slap bang in the centre of its policies. It’s one of the few areas where new, extra money has been allocated [by the government].”
The real issue is that few are entering the security branch of IT but the need for staff is increasing. The Challenge is bringing to light new talents and sparking interest in people who would never have considered a career in IT, let alone in IT security.
John Colley, managing director, of(ISC)2 EMEA, said, “The pertinent issue, however, is not only how to attract people into the profession, but also how to give them the right development opportunities once they have made the decision to enter the industry.
“Given the rapidly evolving technologies, the threats they pose and the lack of corresponding skills in many organisations today, businesses are looking to hire people with at least three to four years relevant experience. The real challenge therefore is how do we as a profession provide the right processes and opportunities to develop these talented individuals so that they are equipped with the requisite experience that makes them attractive to employers.”
The real challenge: nurturing new talent
Colley pointed out that the posts advertised are for people with a few years of experience. There is little at the entry level to allow school and university leavers to enter the business and yet, as the competition shows, there is so much innate ability out there.
Perhaps it’s time that the general IT industry followed the example of Microsoft and IBM who, in other areas of IT, have introduced apprenticeship schemes. At the moment, it appears that the security sector is structured in silos that separate the education sector from the industry and closer ties are needed to incubate the talent that is out there.
The Open University has created an outline of courses that can lead the rank and file IT worker along the path to CIO membership. It was good to see people like Kevin Streater, the Open University’s executive director for IT and telecom, sitting alongside Terry Neal, SANS director for EMEA, on the Cyber Security Challenge Talent Management Committee. Perhaps the CSC could become more than just a useful competition.
And The Winner Gets:
Dan Summer’s prize comprised: the engraved CSC award; complimentary entry to the Council for Registered Ethical Security Testers (Crest) Registered Tester (CRT) exam; Global Information Assurance Certification (GIAC) exam and a SANS Institute course; one year affiliate membership of the Institute of Information Security Professionals (IISP) and a year’s BCS The Chartered Institute for IT membership; a free place at ISC conference and Information Systems Security Association (ISSA); and an Open University module of training.