The key to unlocking cyber-skills starts at school
It’s a digital future that we are sending students off into and it is paramount that we prepare them for it. One element of increasing importance is cyber-security; Stephen Jones, MD SANS Institute UK and Nordics, makes a strong case for educating students in cyber-security – bolstering their interest in it and making the school and their future a more secure digital environment
The UK is keen to be seen as a digital innovator, which is probably a smart move considering ongoing uncertainties surrounding the details and final outcome of Brexit. However, along with funding developments in areas like 5G, robotics and AI, there must also be a dedicated focus on protecting and securing the nation’s digital infrastructure. This means educating the next generation of (potential) cyber-security professionals not only on IT security but on why this is such a crucial – and rewarding – career option.
We’re already a hyper-connected society. Recent announcements regarding 5G – the next generation standard which will enable a huge number of internet of things (also known as IoT) use cases – mark another step forward in the digitalisation of things, processes, operations and interactions. This is great news, but it’s vital that innovation does not outpace IT security, which is already a costly and sizeable problem.
Securing the future of cyber skills
A recent government survey found that 43% of businesses had experienced a cyber-security breach or attack in the last 12 months. The severity of attacks – and their cost to businesses and the wider economy – vary, but without effective cyber-security measures and skilled personnel, the potential for damage is huge. It is extremely hard to quantify costs but according to Lloyds of London, a serious cyber-attack could cost the global economy more than £92bn.
Currently, it seems many businesses are doing little to address the problem; the same government report found that only 27% businesses and two in 10 charities have any formal cyber-security policy in place. Whilst organisations do have a responsibility to put policies and personnel in place, they also face a major hurdle: a lack of available people with the necessary skillsets.
Going back to school
Re-skilling and training employees on an ongoing basis can help reduce this gap, but the situation is so severe that it must be addressed at the core: cyber-security must go back to school. Most students today are highly digitally-literate. This offers the perfect foundation upon which to introduce new skills and cyber-awareness, leveraging an existing knowledge of technology.
Given the current – and growing – cyber-threat landscape, this approach should be considered a ‘must-have’ rather than ‘nice-to-have’ for any educational institution. An ‘always on’ usage of social media platforms and online accounts at home, for instance, should be complemented at school – and from an early age – by basics like password management, digital footprint and privacy settings.
Bolstering an interest in cyber-security
This needs to go one step further, however, and begin to introduce to students – and their parents and teachers – the basics of what it takes to become a cyber-security expert and to help develop an understanding of cyber-security as a cool, fun and lucrative career choice. Even for those who had never considered themselves as technically gifted.
Of course, this has the added advantage of pointing those pupils who are already playing around with hacking, in the right direction rather than them potentially drifting towards the ‘bad side’ – where they will only be contributing to the problem rather than helping to solve it.
Fortunately, this approach has had government backing. The UK’s National Cyber Security Strategy was launched in 2016 and sets out a number of initiatives aimed at improving cyber-security skills throughout the school, higher- and post-education sectors. This includes £20m of funding allocated to its Cyber Schools Programme, which is designed to give children aged 14 to 18 clear pathways into the cyber-security industry via direct contact with industry experts.
The programme was launched last year as Cyber Discovery. Aiming to tap into undiscovered cyber-security talent, Cyber Discovery provides a comprehensive cyber-security curriculum delivered through a series of online challenges and training. This allows students aged between 14 and 18 to either learn and progress outside of school hours in their own time or as part of a Cyber Discovery club. The programme takes the crucial approach of building on pupils’ existing knowledge of technology, in order to create cyber-security knowledge.
Gamification – which has been heavily integrated into the Cyber Discovery programme – is one example of a learning style which has proven successful with pupils. Twentieth-century theorists Jean Piaget and Leonard Vygotsky argued that play is a crucial component of cognitive development from birth and through adulthood; an attitude which prevails today but is perhaps under-actioned by many schools and colleges.
Given the shift towards digital gaming over the past two decades, this approach offers the perfect complement to cyber-security course content. Using personal devices to complete learning-based ‘games’ and leveraging online portals for competitions, hackathons and collaborative projects are successful methods of engaging, immersing and educating pupils in cyber-security.
This approach has even proven successful in the workplace; according to a recent report, 96% of businesses that use gamification in the workplace reported seeing benefits and almost all believe that gaming affords players the experience and skills critical to cyber-security, including logic and perseverance.
Teaching teachers, teaching children
Embarking on programmes like Cyber Discovery is great for those children with the time and resources to follow a curriculum outside of school. However, it’s also important that cyber-security education becomes an integrated part of all school curricula and budgets. Just as UK business and industry are facing a cyber skills shortage, many schools have also struggled to hire the teaching talent necessary to implement cyber education.
Almost 70% of teachers in the UK do not think they can teach code effectively to schoolchildren because of a lack of skills and teaching tools, according to research by YouGov. Almost 40% said they do not have access to the right technology software to teach coding. Coding is a crucial part of any cyber-security role, with a lack of knowledge in this area contributing to the skills gap; 44% of tech employers said coding faced the biggest skills gap, while 60% of employers said coding will be one of the most important skills for entry-level tech employees.
Funding the foundations
Again, several pledges have been made to support school leaders in attracting and retaining teaching talent. As part of the 2017 Autumn Budget, £84m was committed to upskilling computer science teachers, which was followed by an announcement in May this year that the National Centre of Computing Education, along with 40 schools across the UK, will be part of a programme to train up to 8,000 computing teachers on digital skills. The 40 Cyber Schools Hubs will host events, trial cyber security content, develop new ways of engaging pupils and build educational resources for teachers.
Stimulating and sustaining growth in the cyber security sector will take a collaborative, nationwide approach. Government funding, appropriate allocation of school budget, and backing from industry bodies and tech companies are all required to help train teachers, and to educate schoolchildren. As well as unlocking career opportunities in cyber-security, equipping pupils with IT skills will allow them to safely navigate our digital world – for the benefit of themselves, and the wider UK economy.
Industry: Cyber Security News
- Identity & Access Management (IdAM) Consultant
- Upto €100,000 plus bonus and benefits
An Identity & Access Management Consultant is needed to lead and drive technical and or business transformation projects in a client-facing position for a prestigious consultancy in Germany. The Identity & Access Management Consultant will be responsible for technical design and implementation of Identity & Access Management/IAM products within a wide variety of clients. The Identity & Access Management Consultant will have a blend of technical hands-on and client-facing consultancy with the ability to develop new business. Broad technical knowledge across Identity and access management is benefical. The Identity & Access Management Consultant will need to have technical hands-on experience with one or more of the following core areas; Privileged Access Management (PAM, CyberArk, Beyondtrust, Thycotic) Identity Governance Administration (IGA, Sailpoint, Omada, RSA) Customer Identity & Access Management (CIAM, Forgerock PSD2) The Identity & Access Management Consultant must have the willingness to travel to customer sites across Germany (once we are allowed to)
- Cyber Vulnerability and Threat Hunter, London
REF CH7915 Cyber Vulnerability and Threat Hunter, London £50,000 London To monitor and identify cyber threats and vulnerability within a public sector environment. MIRE Att&ck, CIS, OWASP, Vulnerability management tools MUST be able to commute to central London MUST be able to achieve UK SC Clearance. On going support and development. Apply today for more information or contact me directly on Chris.Holt@dclsearch.com or 07884666351
- Ping Identity Consultant
- upto €850
Looking for experienced PIng Identity Consultants, Looking for consultant with Implemenation or Architect experience in the Ping identity product set (Ping Federate, Ping Access, Ping Directory, Ping Adapter development, SDK etc) This would be for implementation projects, working across Europe. You will be responsible for providing implementation services to our clients from information gathering through to implementation. Evaluating client business, process, systems, and technology requirements and advise clients on best practices to help guide and solidify proposed designs. Manage Client expectations, Stakeholder Managment, ensuring design match business requirements this is a remote role you can be based anywher in Europe
- Ping Identity Consultant
Looking for experienced PIng Identity Consultants, Looking for consultant with Implemenation or Architect experience in the Ping identity product set (Ping Federate, Ping Access, Ping Directory, Ping Adapter development, SDK etc) This would be for implementation projects, working across Europe. You will be responsible for providing implementation services to our clients from information gathering through to implementation. Evaluating client business, process, systems, and technology requirements and advise clients on best practices to help guide and solidify proposed designs. Manage Client expectations, Stakeholder Managment, ensuring design match business requirements this is a remote role, you can be based anywhere within Europe