We take a look at the cyber-security sector: what are the best routes into this industry, the most sought-after skills and the biggest employers.
Cyber security professionals protect organisations against the threat of cyber crime. Around 40,000 people work in the cyber industry and it is an extremely diverse sector.
“Cyber security is all about protecting an organisation’s information and assets but it’s got a lot more complicated because the world has got more complex as systems have become more interconnected,” says Amanda Finch, general manager at the Institute of Information Security professionals (IISP).
Summing up the challenge for today’s cyber security professionals, she adds: “The good guys have got to get it right all the time while the bad guys have just got to get lucky or get it right once. Today the subject is never out of the news.”
What’s happening in the sector?
Business, industry and society’s dependence on the Internet and computer systems will continue to grow so organisations have to assume that threats to the information that resides within these systems will be ever-present over the coming years. Ernst & Young’s (EY) 2014 global information security survey, Get Ahead of Cybercrime, revealed that two-thirds (67 per cent) of organisations are facing rising threats to their information security risk environment but more than a third (37 per cent) have no real insight on the cyber risks necessary to combat these threats. Stealing financial information, disrupting or defacing the organisation and stealing intellectual property or data are the top three threats.
More than half (53 per cent) of organisations say that a lack of skilled resources is one of the main obstacles challenging their information security strategies and statistics from a number of sources highlight the serious skills gap that exists. There is a big drive by the Government and industry to address this. Back in 2011, the Government published the National Cyber Security Strategy (NCSS), which provides a framework for tackling cyber threats and aims to make the UK one of the safest places to do business. A major part of the strategy is increasing the number of people with the skills to ensure this and at the end of last year it launched a further set of initiatives.
These include: grants for colleges and universities to improve cyber security education and learning; setting up cyber camps and mentoring schemes to help computing graduates gain practical experience in conjunction with the Cyber Security Challenge (a series of national competitions, learning programmes and networking initiatives) and the Cyber Growth Partnership (which comprises representatives from academia, Government and industry); the creation of a virtual hub to inspire students into cyber security careers in conjunction with the Council of Registered Ethical Security Testers; and the development of a new Android app by placement students at GCHQ called Cryptoy to highlight the exciting developments in cipher and code-breaking for a new generation of cyber specialists.
What skills will be required/opportunities will exist?
There is an extremely diverse set of roles in the sector with the high-profile end of the profession enjoying a sexy image of individuals secretly tapping away at terminals in government agencies. Equally though, it could involve people enforcing password and network security in a retail outfit.
Sean Smyth, Director at the jobsites CyberSecurityJobsite.com and SecurityClearedJobs.com, says the in-demand roles include those in the areas of IT forensics, information assurance and ethical hacking (where someone hacks into a network to test its robustness). Finch also emphasises the scope of opportunities that exist.
“If you are a problem-solver, you might want to be a malware analyst or penetration tester while if you are interested in how organisations are built and work, you may be attracted to a role such as security architect or risk advisor,” she explains. “If you are a people person, then there are roles such as awareness advisors where you need good communication skills or else business continuity. Engineers may be interested in the area of SCADA (supervisory control and data acquisition) which is becoming increasingly important.”
She adds that there is no one-size-fits-all approach to cyber security any more so organisations need different skill sets according to their particular threats and hence the range of roles available.
Who are my potential employers and what are the best routes in?
The major drive to address the skills shortages means there is a broad range of routes into the sector. The first ever cyber security apprenticeships were launched last year through e-Skills UK with the support of organisations such as Atos, BT, Cassidian, IBM and QinetiQ.
A number of specialist master’s level courses are available at universities such as Royal Holloway in London, University of Warwick, Lancaster University and De Montfort in Leicester.
Meanwhile, the Government and the Open University have also developed a MOOC (massive open online course) on cyber security and the next run of this introduction to the subject starts on 20th April.
Close working partnerships between industry and universities and centres of excellence are being established and last year the development of GCHQ-certified master’s degrees was announced at six universities including Edinburgh Napier and the University of Oxford as well as Lancaster and Warwick.
Those with a good first degree in a relevant subject can find employment opportunities direct on graduate schemes with a range of companies ranging from defence to financial services but also the big four consultancies. There are also a number of smaller specialist consultancies that operate in the field and opportunities exist within the cyber security solutions vendors.
“Don’t overlook vendors because these have a vast depth of technical knowledge and some great technical roles,” says Finch.
In addition to academic training and apprenticeships, there are accredited professional training courses available, which have been certified by bodies such as the IISP, which is helping to raise standards of professionalism in this field. These can help to fill skills gaps and progress your career.
According to Smyth, several interesting career paths are now emerging.
“While organisations are looking for people with experience they recognise the importance of getting individuals at graduate level and training them for the future,” he says. Smyth is also director of two events for the sector: CyberSecurityExpo and SecurityCleared Expo, which gives individuals the opportunity to meet employers in the sector. He adds that in terms of personal attributes, it’s important to have an analytical mind as well as be able to work as part of a team.
“These are not just jobs where you sit in a room and start coding. You have to be personable and able to communicate well.”