Encouraging the next generation of cyber security experts

library
crime | hacking | security

This week’s theme in National Cyber Security Awareness Month is all about encouraging new talent to join the industry. Both Sophos and I are huge believers in the importance of encouraging the next generation of talent in information security.

Over the past couple of years we’ve seen numerous reports which highlight the need for more skilled information security professionals.

Not only do we not have enough people, but we are also not making sure we tap enough into the very talented individuals already out there.

Why does this problem exist and why do we care?

Technology is becoming more and more embedded into our everyday lives. We are carrying around mobiles, sharing information constantly and integrating systems in to our power, utilities and healthcare.

As we do this the risk of ever-more severe attacks becomes even greater.

Technology is a growing supporting pillar of our financial markets and critical infrastructure so we need the right talent to keep us all safe.

The rapid proliferation of platforms, devices and applications means we not only need more skilled individuals, but entirely new categories of expertise.

Building that takes time, and if we fail to act soon the skills deficit could have an even greater impact on our society. And without positive application there’s a risk that those with such skills may end up breaking the law to satisfy their need for challenge.

Why are we in this situation?

As part of initiatives like the Cyber Security Challenge, which aims to identify talented individuals of any age or background and get them in to the industry, I talk to quite a few very talented young adults who have as much capability as some already in the industry.

When I ask them why they hadn’t considered a career in cyber security before, they often reply “I didn’t think I was good enough” or “I didn’t realise it would be an interesting job”.

One of the biggest problems is that cyber security isn’t advertised as a career path to children, and often computer science classes are significantly behind the expertise of the children entering the classroom.

What can we do?

We need better mechanisms to recognise talented individuals, whether they developed their skills through academic or less conventional self taught methods.

Gamification is the perfect strategy, making security challenges both interesting and fun to play.

Over the past few years it has become cool to be a geek (well, I would argue it was always cool) so we should capitalise on this and advertise it as a viable career path for those who are interested in computers.

Initiatives like the drone-hacking competition we hosted recently at Sophos really help to encourage interest and develop skills.

Lastly, many security roles within business demand several years’ experience, but that limits the pool. We need to create more internships to allow people to gain experience after they have proved themselves in challenges like the one above.

Security is a key role for our society moving forward and is a rewarding and really interesting profession. If you know someone who is interested in computers, encourage them to find a challenge near you and consider a career in security.

I’d love to hear more about the initiatives you have in your countries to develop cyber security talent or ideas you have to encourage more people to consider the profession, so leave a note in the comments or tweet me at the address below.