Talented People to Secure Our Future. Judy Baker, Director Cyber Security Challenge UK

Talented People to Secure Our Future Judy Baker, Director Cyber Security Challenge UK

A story Starts in the US, Comes to the UK Outcome: more and better cyber security talent in US and UK businesses The next chapter. Are you in it?

Chapter One The Problems

The US Discovery Skills shortage Need 10,000+ more talented people National competitions Have other nations got the same problem?

% In the UK 90% have difficulty recruiting

c 60% more jobs in next five years

The Problem: Skills shortage - 90% have difficulty recruiting Demand increasing c60% plan for more jobs 50% Less people applying for careers in IT University places reportedly not all full Interest/variety of jobs not well understood

Why are Cyber Security Jobs such a well kept Secret? What do people doing the jobs think? Profession still maturing Range of jobs growing Need technical experts but also: good communicators, flexible, responsive dynamic people.

Chapter 2 Solving the Problems 1. Getting the political context right 2. Raising enthusiasm/identifying talent 3. Career enabling prizes 4. Finding the first rung on the careers ladder

Cyber Security Challenge UK set up March 2010. Aims: Create richer & larger pool of cyber security talent Develop skills critical for Business, Society, National Defence, Digital Economy. Increase UK demand for University, other training places Raise awareness of the attraction of cyber jobs Enable people with talent

UK Government has recognised the need for Action Strategic Defence and Security Review announced a new National Cyber Security Programme. 650million over 4 years Transformative Programme for cyber security to address threats and seize opportunities. Getting the right talent in place will be vital for the success of the programme.

Raising enthusiasm & Identifying talent By running competitions Clarify what cyber security jobs are, why they are fun and what the career options are Virtual competitions focused on skills needed Finalists meet face to face Masterclass for winners of all competitions Enable career progression through prizes

Three competitions for 2010 1. The QinetiQ Network Defence Challenge small network and medium network next year enterprise network? Face to face and a Winning team from each category. 2. The Sans Treasure Hunt (website vulnerabilities). Most popular, c3,000 registered. Finalists (top 25) to Sophos face to face 3. UK Strand to the DC3 Digital Forensics Challenge before launch 22 teams from UK now 155.

The Best 25 Invited to Masterclass HP Labs & Cassidian Uses Cassidian simulator and HP Labs complex modelling skills. Expert Judging Panel Top 25 compete as individuals but play in teams. Cyber Security Champion UK Awards Ceremony. and a bit of blind dating

2010 Competitions Framework DIGITAL FORENSICS COMPETITION NETWORK DEFENCE COMPETITION TREASURE HUNT COMPETITION UK Stream of Challenge (Unlimited number of teams) Small Networks Challenge Medium Networks Challenge Challenge (unlimited individuals) Challenge (unlimited individuals) Challenge (unlimited individuals) Face to Face Challenge (2 teams) Face to Face Challenge (2 teams) Face to Face Play off (25 individuals) FORENSICS CHALLENGE UK CHAMPION SMALL NETWORKS CHAMPION (1 team) MEDIUM NETWORKS CHAMPION (1 team) TREASURE HUNT CHAMPION CYBER SECURITY CHAMPIONS MASTERCLASS (25 individuals) 2010 UK CYBER SECURITY OVERALL CHAMPION

Prizes are Career Enabling winner of specialism And Masterclass examples below Bursary to Queens University Free Open University places Internships in major companies Places Detica Academy Places Sans Training Courses Opportunity to try the CREST test rig qualification. Membership of leading professional bodies BCS, IISP, ISAF and more

Did it raise Enthusiasm?..thanks for providing us with such a well thought out, fun and interesting competition! I'm very happy with my rank.. (just outside the top #25 threshold unfortunately!) I found the whole concept thoroughly enjoyable and extremely useful I'm hoping to participate again next year..

Did it raise enthusiasm?.- considering I have only just turned 17, there are very few opportunities like this for me! As a final year student, I am hoping to attain a job in security after graduation next year. It's proving quite difficult speaking to recruiters from companies, as when you speak to them regarding security they do not know much about what roles they offer, a place in the top 25 would really have been ideal!

Why are Cyber Security Jobs such a well kept secret? And Getting on the ladder for a job Who do I need to hire for the future? What skills are going to be relevant? What credentials and courses show good skills? Where do I find the best candidates? What area should I focus on? How do I demonstrate my skills? Where can my skills be applied? Solving cyber problems is just an interest Employers Candidates

Limit of Influence for Challenge Cyber job First or second job Case Study Cyber Expert And Role Model Case Study Case Study Vision of Destination Roles Case Study Interest Job or Course Challenge Case Study Case Study Professional Body Guidance Time Expertise Given Back to Professional Bodies Prepared by KAS September 2010 20

Chapter Three Did it work? What next in the UK

Progress has been fast: Formed not for profit company - March 2010 Launched to Infosec community - April 27 2010 Gathered funds and starting business processes - May/June Launch to candidates and first cipher challenge- July 2010 UK has an appetite. c4,000 registrations in 2 months Run first competitions Sept/Dec 2010 First winner Dec 2010 Face to Face Challenges - January 2011 Masterclass and Awards Ceremony - March 2011

Measuring performance. Did we increase interest and awareness in cyber security jobs or courses? Demographics Aged 16 to adult. Large group of males in their mid 20s. Want training; fees paid at university; work experience.

Reach to Market This year mostly web based and social networking. University careers officers and libraries networks Launch by our Security Minister, wide publicity.. a lot of help from the cipher challenges Next year. Road shows. Skills and career conferences. STEM, Women in Technology.

Cipher Challenge designed by PWC Cyber Security Sudoku? Propagated through social networking. Well received, about right level fun to do Run quarterly. Also identifying talent. Second challenge linked to Skills London conference Next New Year and then Infosec in April.

The Next Chapter not written yet 1. Ambitious plans to extend in the UK, maybe 6 competitions next year. 2. Dependent on sponsors 3. Overseas?

Other Benefits Communicates hard cyber security messages in a good news, fun fashion Promotes information sharing between competitors, companies and nations

The Vision: Digital forensics Network defence Web security Risk Management Policy Making Legal Issues Network forensics Cloud computing Mobile technology

Running a Growing Business Lots of help and donations Model based on competition writers paying for the development of the competitions they write. But communicating with 4,000 candidates, programme managing competitions, PR, marketing all needs management and money. Funded entirely by sponsorship. Year 1 primarily private sector but some Government funding.

Types of Sponsors Platinum plus Platinum Gold Silver Need Money and also Value in Kind Designing and running competitions Hosting events Donating Prizes Hosting the website Giving expert advice

Why do sponsors get involved? Networking with leading figures Thought leadership Brand association - excellence in cyber Media and publicity opportunities Demonstrating in-house expertise Recruitment Share our aims. Want a strong cyber security profession to secure the UK s future.

National Challenges

Any Non-Challenging Questions? And if you are interested in supporting us do let us know: queries@cybersecuritychallenge.org.uk