The key to unlocking cyber-skills starts at school
It’s a digital future that we are sending students off into and it is paramount that we prepare them for it. One element of increasing importance is cyber-security; Stephen Jones, MD SANS Institute UK and Nordics, makes a strong case for educating students in cyber-security – bolstering their interest in it and making the school and their future a more secure digital environment
The UK is keen to be seen as a digital innovator, which is probably a smart move considering ongoing uncertainties surrounding the details and final outcome of Brexit. However, along with funding developments in areas like 5G, robotics and AI, there must also be a dedicated focus on protecting and securing the nation’s digital infrastructure. This means educating the next generation of (potential) cyber-security professionals not only on IT security but on why this is such a crucial – and rewarding – career option.
We’re already a hyper-connected society. Recent announcements regarding 5G – the next generation standard which will enable a huge number of internet of things (also known as IoT) use cases – mark another step forward in the digitalisation of things, processes, operations and interactions. This is great news, but it’s vital that innovation does not outpace IT security, which is already a costly and sizeable problem.
Securing the future of cyber skills
A recent government survey found that 43% of businesses had experienced a cyber-security breach or attack in the last 12 months. The severity of attacks – and their cost to businesses and the wider economy – vary, but without effective cyber-security measures and skilled personnel, the potential for damage is huge. It is extremely hard to quantify costs but according to Lloyds of London, a serious cyber-attack could cost the global economy more than £92bn.
Currently, it seems many businesses are doing little to address the problem; the same government report found that only 27% businesses and two in 10 charities have any formal cyber-security policy in place. Whilst organisations do have a responsibility to put policies and personnel in place, they also face a major hurdle: a lack of available people with the necessary skillsets.
Going back to school
Re-skilling and training employees on an ongoing basis can help reduce this gap, but the situation is so severe that it must be addressed at the core: cyber-security must go back to school. Most students today are highly digitally-literate. This offers the perfect foundation upon which to introduce new skills and cyber-awareness, leveraging an existing knowledge of technology.
Given the current – and growing – cyber-threat landscape, this approach should be considered a ‘must-have’ rather than ‘nice-to-have’ for any educational institution. An ‘always on’ usage of social media platforms and online accounts at home, for instance, should be complemented at school – and from an early age – by basics like password management, digital footprint and privacy settings.
Bolstering an interest in cyber-security
This needs to go one step further, however, and begin to introduce to students – and their parents and teachers – the basics of what it takes to become a cyber-security expert and to help develop an understanding of cyber-security as a cool, fun and lucrative career choice. Even for those who had never considered themselves as technically gifted.
Of course, this has the added advantage of pointing those pupils who are already playing around with hacking, in the right direction rather than them potentially drifting towards the ‘bad side’ – where they will only be contributing to the problem rather than helping to solve it.
Fortunately, this approach has had government backing. The UK’s National Cyber Security Strategy was launched in 2016 and sets out a number of initiatives aimed at improving cyber-security skills throughout the school, higher- and post-education sectors. This includes £20m of funding allocated to its Cyber Schools Programme, which is designed to give children aged 14 to 18 clear pathways into the cyber-security industry via direct contact with industry experts.
The programme was launched last year as Cyber Discovery. Aiming to tap into undiscovered cyber-security talent, Cyber Discovery provides a comprehensive cyber-security curriculum delivered through a series of online challenges and training. This allows students aged between 14 and 18 to either learn and progress outside of school hours in their own time or as part of a Cyber Discovery club. The programme takes the crucial approach of building on pupils’ existing knowledge of technology, in order to create cyber-security knowledge.
Gamification – which has been heavily integrated into the Cyber Discovery programme – is one example of a learning style which has proven successful with pupils. Twentieth-century theorists Jean Piaget and Leonard Vygotsky argued that play is a crucial component of cognitive development from birth and through adulthood; an attitude which prevails today but is perhaps under-actioned by many schools and colleges.
Given the shift towards digital gaming over the past two decades, this approach offers the perfect complement to cyber-security course content. Using personal devices to complete learning-based ‘games’ and leveraging online portals for competitions, hackathons and collaborative projects are successful methods of engaging, immersing and educating pupils in cyber-security.
This approach has even proven successful in the workplace; according to a recent report, 96% of businesses that use gamification in the workplace reported seeing benefits and almost all believe that gaming affords players the experience and skills critical to cyber-security, including logic and perseverance.
Teaching teachers, teaching children
Embarking on programmes like Cyber Discovery is great for those children with the time and resources to follow a curriculum outside of school. However, it’s also important that cyber-security education becomes an integrated part of all school curricula and budgets. Just as UK business and industry are facing a cyber skills shortage, many schools have also struggled to hire the teaching talent necessary to implement cyber education.
Almost 70% of teachers in the UK do not think they can teach code effectively to schoolchildren because of a lack of skills and teaching tools, according to research by YouGov. Almost 40% said they do not have access to the right technology software to teach coding. Coding is a crucial part of any cyber-security role, with a lack of knowledge in this area contributing to the skills gap; 44% of tech employers said coding faced the biggest skills gap, while 60% of employers said coding will be one of the most important skills for entry-level tech employees.
Funding the foundations
Again, several pledges have been made to support school leaders in attracting and retaining teaching talent. As part of the 2017 Autumn Budget, £84m was committed to upskilling computer science teachers, which was followed by an announcement in May this year that the National Centre of Computing Education, along with 40 schools across the UK, will be part of a programme to train up to 8,000 computing teachers on digital skills. The 40 Cyber Schools Hubs will host events, trial cyber security content, develop new ways of engaging pupils and build educational resources for teachers.
Stimulating and sustaining growth in the cyber security sector will take a collaborative, nationwide approach. Government funding, appropriate allocation of school budget, and backing from industry bodies and tech companies are all required to help train teachers, and to educate schoolchildren. As well as unlocking career opportunities in cyber-security, equipping pupils with IT skills will allow them to safely navigate our digital world – for the benefit of themselves, and the wider UK economy.
Industry: Cyber Security News
- DevSecOpp- Security design / review consultant. SC Clearance. London
CH7838 London £70,000 DevSecOpp- Security design / review consultant. DevSecOpp- Security design / review consultant will ensure that newly created, public facing apps are secure by design and by default by aligning them to current / best practice security policies and standards into the design phases. The individual must have a technical software / application development background with specalist experinece in secure architecture design. (Frameworks, processes, best practice etc) Practical experience translating and ensuring that the OWASP top 10, ISO27001, HMG frameworks requirements are reviewed and embedded into project designs which are implemented is essential. Experience working projects through a full development lifecycle is key. You will work along side the design and project teams to idenitfy and mitigate risks throughout the design phases. This is a permanent role. SC clearance is essential as is the ability to get to the London office. (When appropiate #covid) Security DevSecOps consultant. To arrange a discreet call book via https://calendly.com/chris-holt/devsecopp--security-design-review-consultant
- SPLUNK SOC Analyst level 3, London.
SPLUNK SOC Analyst level 3, Must be able to commute to the City of London. Onsite role. Security clearance needed. The SPLUNK SOC Analyst level 3 must have current experience working within a SOC environment with specific experience using a range of tools and techniques to investigate security incidents. Current experience with Splunk is essential. any additional experience Individuals with Elastic Security SIEM are highly desirable. Any of the following certifications are desirable Splunk Phantom certified admin, Splunk Core Certified Power User / Advanced, Splunk Certified Enterprise Security Admin, etc The role will include, but not be limited to working with sophisticated information security tools, investigating security incidents, incident management, technical escalation, process improvement, research into the latest threats, reporting etc The individual MUST currently be living in the UK and be able to achieve UK security clearance. (SC) This is a permanent role To arrange a call with Chris Holt https://calendly.com/chris-holt/arranged-call-with-chris-holt-elastic-siem-engineer-soc Chris.Holt@dclsearch.com
- ISO 27001 & Business Continuity Security Specialist, End User
- United Kingdom
CH7828 ISO 27001 & Business Continuity Security Specialist, End User, £70,000 United Kingdom ISO 27001 & Business Continuity Security Specialist needed to join a Cyber team within an end user. The ISO 27001 & Business Continuity Security Specialist will have end to end responsibility for the information security and Business Continuity management system. ISMS/BCMS. Both from an information security and technical security perspective working alongside the CISO. Experience must include, but not be limited to; a mix of Information Security standards, frameworks, audit principles, controls / policies and the management and use of the technical tooling to achieve compliance. ISO 22301, ISO 27001, NIST Cybersecurity Framework etc An ideal candidate will be working within an end user environment with a cyber consultancy background. Experience taking a company through accreditation is highly desirable Experience managing internal stakeholders, technical teams and external third parties essential Flexible working, very occasional travel to London office This is an exclusive role to DCL Search & Selection. Looking to interview immediately. https://calendly.com/chris-holt/iso-27001-business-continuity-security-specialis
- PCI- DSS Security Consultant, End User
PCI- DSS Security Consultant needed to join a Cyber team within an end user. The PCI- DSS Security Consultant will have end to end responsibility for PCI - DSS and its continuing certification. Both from an information security and technical security perspective working alongside the CISO. Experience must include, but not be limited to; a mix of Information Security standards, frameworks, audit principles, controls / policies and the management and use of the technical tooling to achieve compliance. PCI objectives / 12 key requirements, OWASP top 10, ISO 27001, NIST Cybersecurity Framework etc An ideal candidate will be working within an end user environment with a cyber consultancy background. PCI Cloud compliance, specifically someone with experience taking PCI-DSS from on premise into the cloud is HIGHLY desired. However, someone with Solid PCI experience with a strong technical background which include Cyber / Secure by design etc would be considered. Experience managing internal stakeholders and external third parties essential. Flexible working, but with the ability to get into London. This is an exclusive role to DCL Search & Selection. 1st stage interviews to happen the week of the 14th September Arrange a call with Chris on https://calendly.com/chris-holt/arrange-a-call-chris-dcl-pci-compliance