UK cyber challenge aims to fill IT talent shortage

While cyber threats are increasing, those willing to work in the field are scarce

Paul Laverack of London is an actor, but he's considering a possible career change -- to computer security.

It's a somewhat unlikely career transition, but is one of the many examples of how a country-wide competition designed to spur interest in computer security, the U.K. Cyber Security Challenge, is already working as intended.

Launched last year, the challenge is a series of competitions that anyone can enter, in fields ranging from digital forensics to network security. More than 4,000 people registered to be part of the program, including Laverack, who won one of the competitions, the DC3 Digital Forensics Challenge.

Laverack, who lives in East London, has never been employed in IT and has a degree in psychology. For the forensics challenge, he completed a series of increasingly difficult tasks from doing rudimentary file analysis to recovering the partition of a hard drive. As part of the prize, he will get to attend a week-long security academy hosted by the security vendor Detica that is usually for the company's new recruits.

"All of the knowledge I used in the competition was things I'd built up over the years dealing with my family's accidental file deletions and virus infections," Laverack said. "It was just knowledge I accumulated over the years."

Over the weekend, the U.K. Cyber Security Challenge held its first face-to-face competitions in Farnborough, England, at a secure joint facility run by Boeing and a major U.K. defense contractor, QinetiQ. The two companies have built an area called "The Portal," an advanced setup for conducting computer security networking exercises.

The competitions coincide with a four-year, £650 million (US$1 billion) effort by the U.K. government to shore up the nation's cyber security, as it sees growing computer-based attacks as a threat to the nation's economy.

But the nation is struggling to find people to fill computer security jobs, a result of university programs that haven't kept up with the times and, some say, simply lack of interest. The Cyber Security Challenge is a grassroots effort to find people who have a homegrown talent for computer security and hopefully link them up with employers.

"You don't need to have been studying this for years," said Judy Baker, director of the organization and former deputy director of the U.K.'s National Infrastructure Security Co-organisation Centre. "We want people who are interested who maybe have some rudimentary skills to have a go."

Jay D. Abbott, director of threat and vulnerability management at PricewaterhouseCoopers, said he has had difficulty recruiting for computer security jobs. In the past, universities did not have the programs in place to educate students in the field. Those that are qualified often taught themselves.

"It's very difficult to find good people out there," Abbott said.

Computer security today still is a field where raw ability -- problem solving, good communication skills -- win out over a lack of academic credentials.

Sophos, one of the Cyber Security Challenge's sponsors, has 25 years of experience hiring in the field. "Had we tried to use academic background as a sole qualifier, we would not be in business," said James Lyne, a senior technologist with the company. As an example, Sophos employs a former chef in its labs, he said.

"We focus on introducing our own assessment of behaviors -- the expertise and natural aptitude," Lyne said.

Despite being one of the most important aspects of a country's economic security, the field of cyber security is completely unregulated compared to industries such as financial services, medicine and law. "The heartening message for people who would participate in the competition is 'Do not be discouraged by the fact you have an unusual career path'," said Stewart Room, a partner with Field Fisher Waterhouse, another sponsor.

Of the 4,000 or so initial registrants for the competition, most are males in their mid-to-late 20s. Most have never had a job in cyber security or are students, and more than 600 people are unemployed.

Alexander McDonald, 25, is a graduate of Kings College in London who specialized in Web development. He cracked one of the ciphers, a challenge that was issued to all registrants where they had to solve a tricky encryption puzzle.

McDonald thought that computer security was beyond his grasp but he was one of the few to crack the cipher. It started with base-64 encoded text that yielded a jpeg image of a cartoon from Many participants thought the cipher was far too easy and simply lead to the image, but the cartoon actually contained another cleverly encoded cipher that McDonald cracked.

"I wasn't actually as bad as I initially thought," McDonald said. "I learned things along the way that I hadn't learned at university, programming skills. You just have to apply yourself to learn more."

The winners of the Cyber Security Challenge will attend a "master class" in March, where one person will be selected after additional competition to be the U.K. Cyber Security Champion.

Send news tips and comments to

Join the CSO newsletter!

Error: Please check your email address.

Tags QinetiqsecurityDesktop securitydata protection

More about Boeing AustraliaetworkPricewaterhouseCoopersSophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jeremy Kirk

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place