Tag Archives: (ISC)2

BT to lead creation of 2017 Cyber Security Challenge UK Masterclass

Cyber security experts from BT, Airbus, the National Crime Agency, the Bank of England, Cisco, McAfee, Checkpoint, De Montfort University’s Cyber Technology Institute and 4PumpCourt have announced that they will stage “the most advanced Cyber Security Challenge UK Masterclass ever” on 12-14 November in London.

Spanning two-and-a-half days, Masterclass is the culmination of a year’s worth of nationwide face-to-face and online competitions designed to unearth and nurture new talent for the cyber security industry and address a critical skills shortage that affects Government, businesses and the public.

Led by BT in partnership with Airbus, the competition will see dozens of the UK’s top cyber enthusiasts face each other in a battle that will test their capabilities to deal with cyber attacks and their understanding of business know-how. The challenges will evaluate contestants’ technical, business and soft skills, in turn mirroring the different ways in which professionals communicate today.

This year’s Masterclass will demonstrate how cyber security can be an accessible career choice that has a number of different facets and pathways. BT recently identified 87 different roles in the cyber security industry, each requiring a different skill set, which will be reflected in this year’s competition.


Highly experienced professionals from Government as well as public and private sector organisations across the country will judge the contestants for a number of aptitudes that will rank their suitability for jobs in the sector. The best performing candidate will be crowned Cyber Security Challenge UK Champion.

Thousands of pounds’ worth of career-enabling prizes will be issued to those who take in the finale including training courses, tech equipment and even a fully paid-for Master’s degree sponsorship at De Montfort University, allowing one lucky contestant the chance to study for an MSc in Cyber Security.

Over the years, more than half of the contestants in the Challenge’s face-to-face and Masterclass competitions have moved into jobs in the industry after demonstrating their skills in front of assessors.

Competitions like this are crucial for identifying top quality recruits that could reduce the skills deficit. Industry association (ISC)2 predicts the skills gap will reach 1.8 million unfilled positions by 2022, leaving a lack of professionals able to defend our infrastructure from hackers.

Nigel Harrison, acting CEO at Cyber Security Challenge UK, said: “This year’s consortium of sponsors is working on taking Masterclass to the next level, adding new dimensions and levels of game-play that we’ve yet to see in our competitions to date. We’re always trying to match our challenges to the way in which industry is evolving and ensure that they test for the skills industry requires. We look forward to seeing how the finalists fare in a modern cyber security scenario.”

Rob Partridge, head of BT’s Cyber Academy, added: “Filling the cyber security skills deficit is immensely important for the long-term safety of the UK’s digital economy. We need to make sure that industry and Government are collaborating such that young people are engaged and switched on to the breadth of roles in cyber security and the various career paths available to them. These competitions are vitally important for unearthing hidden talent and helping to develop the next generation of UK cyber talent to the standard being set in many other countries.”

Kevin Jones, head of cyber security architecture and innovation at Airbus, explained: “In order to continue protecting vital UK infrastructure and businesses from both current and future cyber threats, it’s particularly important that we address the skills shortage. Competitions such as Cyber Security Challenge UK help to provide a safe and representative environment for contestants to gain experience and learn from industry experts, which in turn will help them understand the variety of skills needed and the careers available within the cyber security sector.”

Leave a comment

Filed under Risk UK News

UK Government’s plans to professionalise information security “too rigid” for industry

UK Government plans designed to establish an ‘approved standard’ and potentially underwrite ‘Chartered’ status for UK cyber security professionals have been called “worrying” by John Colley, managing director for (ISC)2 EMEA.

Following last week’s release of the policy paper: ‘Cyber Security Skills: Business Perspectives and Government’s Next Steps‘ by the Department for Business Innovation and Skills in advance of the UK budget announcement, Colley highlighted an over-reliance on the CESG Certified Professional (CCP) as a foundation for all skills development in the UK.

The paper details the Government’s support for cyber skills development and specific initiatives to be funded in 2014-2015. Among some very welcome commitments to work with industry on skills and work experience initiatives, the report outlined the intent to mandate compliance with the GCHQ-led CESG Certified Professional (CCP) scheme as a foundation to accredit private sector training.

The scheme would also form the basis for the development of university curricula, funding incentive schemes through the Higher Education Authority and to provide guidance for business of all sizes. Further, only ‘relevant’ courses accredited under the CCP scheme would be eligible to be showcased on the Government-recognised Sector Skills Council site: e-Skills UK Cyber Academy Learning Pathways.

Meeting the commercial sector’s needs

“This is worrying,” said Colley. “I fear the CCP scheme will not meet the needs of the commercial sector. This scheme goes into fine detail to define roles, several levels of competency specific to those roles and locks everyone into a rigid, expensive and over-complicated process for maintaining something that’s never going to be fit for purpose.”

John Colley: managing director for (ISC)<sup>2</sup> EMEA

John Colley: managing director for (ISC)2 EMEA

(ISC)2 EMEA managing director John Colley is encouraging a review of the UK Government’s plans, which were published last week.

Colley points out that the CCP scheme, originally launched for Government in October 2012, has been developed based on the IISP skills framework published in 2007, and that there has been no communication around how the CCP scheme is to be kept up-to-date.

GCHQ, the Government’s intelligence and security agency, was funded to develop the CCP scheme and worked to define six roles for Government in October 2012. A seventh role was added to the scheme last week, and there are plans to define several more.

Cyber training and education programmes

“GCHQ brings a lot to the table,” continued Colley, “but it’s not the only perspective that’s relevant here. It’s important to see strong endorsement from Government for cyber training and education programmes, but one with such a narrow focus is limiting. By the time everything is documented and published, there’s a huge risk that requirements will have changed.”

Colley, who has 16 years’ experience as a hiring manager for cyber security within the financial sector, points out that the priority is to develop people with a good level of all-round security knowledge rather than to develop different areas of focused, specialist skills.

The Government’s intent to address university curricula at all levels and to encourage greater collaboration between industry and academia are particularly welcomed.

“We need to cultivate volumes of people with solid foundations to develop and adapt in what is a very dynamic field of practice,” outlined Colley.

“People following the CCP scheme will be locked into a focused career path and struggle to move laterally. The latter is exactly how people develop that all-round knowledge and experience that allows them to advance in the commercial sector today. I would like to see a broader, more inclusive approach that allows market-influenced development to continue to respond to the very fluid requirements of the profession.”

Leave a comment

Filed under IFSECGlobal.com News

(ISC)2 report finds conflicting demands, goals and threats make enterprise security “increasingly challenging” for CSOs

C-level data from the 2013 (ISC)² Global Information Security Workforce Study illustrates paradoxes in application vulnerabilities and mobile devices and a shortage of qualified staff.

(ISC)², the world’s largest not-for-profit information security professional body and administrator of the CISSP, has issued new data that outlines the chief challenges faced by top enterprise security executives and illustrates the broad range of complex – and sometimes conflicting – challenges faced by today’s enterprise information security leaders.

Some key paradoxes the CXO study found are as follows:

Application vulnerabilities were the top-rated threat to the security of enterprise data (72% of executives rated it as a chief concern), yet many executives also reported that the demands of their organisations make it difficult to develop and implement secure application development processes.

Similarly, 70% of executives rated mobile devices as a top threat to their organisations, but many reported that they had not successfully implemented mobile security policies and programmes.

The majority of security executives (77% in the government sphere and 63% in private industry) believe they have too few people on their IT security staff, yet 61% cited business conditions as an obstacle preventing them from hiring more personnel.

(ISC)2 has issued new data which shows that top security executives are faced with a myriad of critical yet sometimes paradoxical security choices

(ISC)2 has issued new data which shows that top security executives are faced with a myriad of critical yet sometimes paradoxical security choices

Despite the concerns they registered over a shortage of trained personnel, more security executives plan to increase their spending on technology in the next year (39%) than on staffing (35%).

A View From The Top

The new report, entitled ‘A View From The Top – The (ISC)² Global Information Security Workforce Study CXO Report, conducted through the (ISC)2 Foundation, offers a detailed perspective on the attitudes and plans of 1,634 C-level executives from enterprises around the world.

The data was collected as part of (ISC)2’s sixth Global Information Security Workforce Study (GISWS) in partnership with Booz Allen Hamilton, and conducted by Frost & Sullivan. The study offers a snapshot of the priorities, plans and concerns of top security executives in a wide range of industries – and the challenges they face in making decisions in today’s dynamic, turbulent cyber security environment.

“Senior security executives, it appears, are getting sidetracked from the key security issues at hand as they balance the pressures of an evolving threat landscape and the business,” said John Colley, managing director for (ISC)2 in the EMEA region.

“They recognise application vulnerability is the number one threat and yet they are unable to devote their time, attention and obvious leadership in the field to help correct the situation. It is imperative that they keep a strategic perspective on security, looking at the issues holistically in order to develop effective solutions to deal with problems, the nature of which is constantly changing.”

The report data indicates that top security executives are faced with a myriad of critical, yet sometimes paradoxical security choices. For example, CXOs said that two of their chief cyber security concerns are potential damage to the organisation’s reputation (83%) and IT service downtime (74%).

Yet when asked how they spend their time, the top two answers were governance, risk and compliance (74%) and security management (also 74%), which indicates that administrative tasks and priorities dominate their daily agendas.

Security: the dilemma for information security executives

“Security is a dilemma for information security executives,” stated Michael Suby, Stratecast VP of Research at Frost & Sullivan and author of the report. “Data is proliferating and becoming more fluid, yet the need to protect it is greater than ever. Similarly, there is the challenge of today’s sophisticated attackers who are becoming increasingly skilled at hiding their exploits. The most significant threat to an organisation is what it does not know or cannot detect.”

William Stewart, senior vice-president at Booz Allen Hamilton, added: “It’s clear that chief security executives are faced with an array of challenges that cannot be overcome by any single methodology or set of solutions. One of the biggest obstacles security departments face is the dynamic interplay between an organisation’s business and IT priorities and the rapidly changing nature of the threat environment. To overcome this challenge, CXOs need to focus on prioritising critical assets, closely collaborating with the other organisational leadership and conducting thoughtful and forward-looking threat analysis.”

Likely the largest study of the information security profession ever conducted, the 2013 GISWS was conducted late last year through an Internet-based survey. Since its first release in 2004, the study gauges the opinions of information security professionals and provides detailed insight into important trends and opportunities within the information security profession. It provides a clear understanding of pay scales, skills gaps, training requirements, corporate hiring practices, security budgets, career progression, and corporate attitude toward information security that is of use to companies, hiring managers, and information security professionals.

The full study can be found here: https://www.isc2cares.org/IndustryResearch/GISWS/

Leave a comment

Filed under IFSECGlobal.com News