Cyber Security Challenge Launched To Address UK Skills Shortage

A cyber security challenge has been launched this morning in order to address the shortage of appropriate IT security skills in the United Kingdom.

The challenge was first mooted at the Infosec Security Show in April and is modelled on the US Cyber Challenge, but for UK citizens. It will set tasks, such as treasure hunts or network break-ins, for people who want to establish their information security skills. Winners will get prizes, but will also be up for real jobs in the industry.

“It is about enriching the pool of talent in the UK,” said Judy Baker, Challenge Director. “90 percent of the industry are telling us they cannot recruit the people they need with the necessary skills. We have a problem here getting the right amount of people and the right calibre of people,” she told eWEEK Europe UK.

Creating UK Talent

“We are looking to pump up talent in the most diverse ways, but it is not just about skills, but also the ability to communicate about it,” she said.

“The big idea is that we will create interest in IT security by running competitions. From these, the best people will win through to face to face competitions (master class or playoffs). The Cyber Security Champion UK will emerge from these masterclasses.”

According to Baker, these challenges will include a lot of technology but also hopefully will be fun as well. She said that the prizes awarded would be tailored for each individual and could include free places on Open University courses, free membership of a professional organisation, intern opportunities etc.

Baker said that initially there would be three main competitions. “We are anticipating running a lot of competitions, but to begin with we are focusing on three,” said Baker.

Three Competitions

The first competition is a ‘network defence challenge’ which is a team challenge divided into two strands. The first strand is for small networks such as small businesses or school), and the second strand is for medium networks. It hopes to offer an enterprise network strand next year. Ten teams will compete in the small networks strand and ten in the medium network strand. “Teams will be given business problems to work on over a couple weeks, and the best two answers will go to two playoffs, and will a winner will be selected from these two strands,” said Baker.

The second competition was been dubbed a treasure hunt, where individuals will play an online game which will take about two hours to complete, looking for website vulnerabilities. “They will also be asked questions, and we expect a number of these games to run from September to November this year, depending on how many people want to play,” Baker said. The six best players will be invited to the playoffs and the winner and runner up will be invited to the masterclass.

The third competition is a digital forensic challenge. This is written by DC3, the cyber crime unit of department of defence in the US. There are an unlimited number of teams that can compete here (22 teams are already competing). The challenge covers 20 different areas of forensics. “However DC3 has agreed to create a seperate strand to the international competition and will now have a UK winner,” said Baker.

“Registration forms will be on the new website on Monday morning, and the competitions will  playoff during the remaining months of this year,” said Baker. “By mid January we will have the face to face competitions (i.e. the playoffs) and by the end of February we will have the masterclass and awards ceremony.The next round starts after that, with more competitions added.”

Baker also said that there will be a teaser challenge, which is essentially a coding challenge, available on the website on Monday. The  first person to come up with the right answer will win a “mystery prize.”

Open University

“The main reason that the Open University is participating in this is that there is a recognised skills gap in the market at the moment,” said Kevin Streater, executive director for IT and telecoms at the Open University. “There is a disconnect between what the industry needs and what is going on in academia. Hopefully eduction can be a major filler for these skills gaps.”

“The Open University hoping that it can bring industry and academia much closer together and we think that the cyber security challenge is where we may see this happen and kill the major skills gap in the industry,” said Streater. “Universities are not delivering the necessary skills at the moment, and students are failing to see the opportunities from IT security or understand how to grasp these opportunities.”

“We are doing both, as we are encouraging people to get involved in the challenges, and we are putting in up prizes, and offering free courses for cyber security. Most of courses are aimed at people already in work (70 percent of our students are already in work),” said Streater.

The Open University already offers two core courses in this regard, namely computer forensics and information security management. These six and nine month courses offer different qualifications. A third course covers ‘managing the software enterprise’.

“This is a growing area of the curriculum for us, so we are working of new courses at the moment, said Streater. “The core aspect for us to provide the link between industry and academia and show that it can work.”