GCHQ, BT and Lockheed go talent spotting as UK faces cyber skills shortage

The organisations staged a cyber attack on London's financial sector

GCHQ and firms such as Lockheed Martin and BT attempted to identify Britain's most talented "cyber defenders" last week in order to ensure the UK's citizens and businesses are protected against future cyber attacks.

In a dark room deep beneath the streets of Whitehall, the Cyber Security Challenge Masterclass saw seven teams of six investigate a cyber attack from a foreign government that was crippling the City of London's financial sector.

The attack, although simulated, was designed by experts from BT, GCHQ, the National Crime Agency (NCA), Juniper Networks and Lockheed Martin, to be as real as possible, making online banking platforms inaccessible, new stock market flotations impossible and compromising BACS.

The 42 finalists - whittled down from over a thousand candidates after a series of virtual and face-to-face qualifying competitions that have been going on over the past 12 months - were informed of the cyber attack, via a "breaking TV news bulletin" on Thursday evening and asked to react to it on Friday using mostly open source tools.

Stephanie Daman, chief executive of Cyber Security Challenge, said: "This Masterclass is the biggest, most realistic and exciting cyber defence simulation we have ever run. The combination of government organisations, multinational technology and defence companies and one of the largest telecommunication companies in the world working together to secure the future of the profession makes today a really special occasion."

Speaking from the competition, held at the Cabinet War Rooms that sheltered Winston Churchill and his government during the Blitz, a GCHQ employee told Techworld that the UK could be vulnerable to a high-level online attack because of a lack of talented and skilled cyber experts.

The employee, who cannot be named for security reasons, added that "more than one" cyber security finalist has been recruited by GCHQ since the competition was launched in 2010.

Meanwhile, Lockheed Martin managing director Paul Weatherly said the US defence firm was sponsoring the competition to show people that a career path in cyber security now exists.

"At the moment, I think we all agree there just isn't enough quantity out there," he said. "So we're very happy to support anything that stimulates that because that's in our interests."

Unlike GCHQ, Lockheed Martin has not employed previous competition finalists but that could be about to change.

"Previous cyber security challenge winners have not been the type of recruits for us," said Weatherly. "We've recruited directly through our recruitment network and through the university relationships we have but this is an interesting avenue for us and that's why we're exploring it further."

He added: "We're looking for the right combination of technical skills, analytical skills and communication skills."

Will Shackleton, the finalist who went on to be crowned the competition winner on Saturday evening, told Techworld: "I think lots of people are here in the hope they'll get a job at the end of it. It's certainly a very good opportunity."

Shackleton, a first-year computer science student at Cambridge University and the creator of an Android app that has received over 2.5 million downloads, will be interning at Facebook, in California, this summer, where he hopes to work on the back end or security side of the social media platform.

By winning the event, Shackleton will now receive up to £90,000 in funding for industry training, university courses, and access to strategic industry events.

Government figures show cyber crime is a big problem, with 93 percent of large businesses and 87 percent of smaller ones having reported a cyber breach in the past year.

Last Thursday, the government announced plans to teach children as young as 11 about careers in cyber security, while providing them with new learning materials.

Join the CSO newsletter!

Error: Please check your email address.

Tags acsNational Crime AgencyBTsecuritylockheed martinjuniper networksGCHQ

More about BT AustralasiaCambridge UniversityFacebookGCHQJuniperJuniperLockheed Martin

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sam Shead

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place