Two UK universities are going to split £7.5m in government funding to train the next generation of cybersecurity experts. The University of Oxford and Royal Holloway University bagged £3.65m and £3.8m respectively to run doctoral courses in computer security from the Engineering and Physical Sciences Research Council and the …
Just wondering ...
It seems fine putting money in to academia to meet a perceived need.
But has any thought been given to provide industry a similar amount of money to train up suitable candidates (standard selection processes to apply?) actually within the front lines themselves?
Re: Just wondering ...
... couldn't (shouldn't?) industry find the money themselves?
Or at least invest in one of those 50/50 funding schemes with research councils...
Just a quick point
I think it should be Royal Holloway, University of London. Not sure it is a university in its own right....
or as the students have been known to call it Royal Holloway Conference Centre (also a College)
What are they?
"Doctoral Course" ?
As I understand it (from doing a PhD back when Noah was a lad), a PhD is not a "course". I was explaining to my kids the other day why, in in general, only felons and weirdos have more than one PhD. Once you have one you have established yourself as someone who can do research - there would be no need to do another one, you could just do another 3 years post-doctoral study, doing research, attending conferences, publishing papers, and maybe teaching students, without writing another thesis (quite often the least valuable form of academic writing). Of course there are honourable exceptions ...
If this were a postgraduate course, I would be sorely tempted. I have always wanted to work in this area, but my career seems to have wanted to go in a different direction.
Re: "Doctoral Course" ?
I'm currently preparing to do a "taught Masters" (to be carried out in my own time after work) - I've undertaken the required courses and now have to do a research project which will culminate in a dissertation and an oral presentation. As part of this, there are a series of assignments that have to be completed along the way to show that:
1. I'm working on the project
2. I have a good idea of what I'm supposed to be doing
3. I'm making progress towards the end result
The tutor assigned is supposed to advise on stuff such as if the thing works from an academic standpoint; but not how valid the research or conclusions are from a factual poit of view.
Not wishing to denigrate the individuals that are taken on to do this reseach, I would question if it will do that much for the security industry (or business as a whole). It might highlight some new security vulnerabilities, but industry (and the country) really needs better trained people working in many areas, rather than just a dozen or so people that can read and write to a high academic standard.
Re: "Doctoral Course" ?
A PhD is completely different to a taught masters course. BAsically it means there are a number of cutting edge research projects to be undertaken - the PhD candidates will carry them out under the supervision of a principal investigator. This isn't about training a dozen highly specialised technicians - this is about carrying out fundamental info security research.
good idea but in practice not so
I came out of University in 2008 (when shit hit the fan) I had interviews with the Security services, only to discover the pay grade, it's all well and good paying for these types of programs to teach and educate in the area but this needs to be backed up with half decent salaries or like me just go into the city and earn x2-3 times what the Govt pays, entice with those on par with the city and there won't be a brain drain.
Re: good idea but in practice not so
You mean, you prefer to be a despicable traitor to your own people ? You prefer to rob them for a high salary instead of protecting them for a meagre one ? After they have paid for your education ?
Yeah, that sounds like the modern-day "elite". Now, hand me the popcorn and let me see how it works out for pax americana (of which Britain is one of the appendices these days).
Flagellate the moribund equine one more time
I see one of the Oxford bullet points is:
"effective systems verification and assurance"
I imagine that this is some 'formal methods' stuff being taken for another canter round the block. Not, clearly, that it is completely worthless, but I do have a feeling the Oxford Comp Sci academics are quite good of relieving people of their money by putting a new spin on whatever they wanted to do anyway.
Pause briefly to mock their 'about us' page with its links that aren't https://www2.cybersecurity.ox.ac.uk/contact-us/
Sponsored by Huawei?
The above comments more or less reflect my own experience in academia.
It certainly is not practical, it certainly is not up to date and it certainly is not cutting edge (academia that is).
It does tend to be biased with whom the fund holder is listening to and some individuals currently attracting funding for many (usually good) reasons.
Perhaps the dosh would be better spent in industry or military research establishments (do we have any of those left now? Or have they all gone bye-byes?)
Maybe a funding model for gov is: money goes to private sector, SLAs put in place, results shared on a secure access "open" platform model (It's open to those with secure access, it does not exist for those without secure access)?
Glorious Danegeld enters the Stage, Front and Centre, Anonymous and Invisible?
Once expert in cybersecurity, does one realise that any and all SCADA systems [and as far as humans are concerned, is that every system ever devised] are catastrophically vulnerable to guaranteed successful attack and zeroday exploitation of Command and Control personnel and there be no possible defence against such expertise, other than presumed and assumptive systems controllers ….. [and man, are they oxymorons, be they governments, and/or fiat money and perceived wealth distribution systems, and/or specialising military units, and/or underground movements, and/or alternative economic powerhouse models and/or whatever, [for real power resides in that which can recognise and accommodate all possible and available state and non-state actors in such Great Games plays] …. engaging with such novel players and agreeing to pay them whatever they want to not pass on irresponsibly that which they would know, or only that which they know will destroy all that attempts to discover that which needs to be known to guarantee security and protection against cybersecurity expertise.
The abiding enigmatic difficulty for such established and vulnerable to cyberattack systems which recognise their own weaknesses in what is really an advanced information and sublime intelligence field, is that that which they would face and be confronted with may have no needs which need to be fulfilled and therefore their wants are quite arbitrary and most easily fed with unlimited access to a never ending supply of always immediately available flash cash for spending?
Nerds' Revenge or Pilgrim's Progress ... or Both and Something Different and ....
... a Titanic Paradigm Shift of Power to Virtual Control Vehicles?
Ok, so now that y'all know that is what happens whenever cybersecurity experts share what they know, or are paid obscene amounts of folding to not share what they know, who wants to be one, both able and enabled to crash and smash test dodgy dumb systems?
- It's true, the START MENU is coming BACK to Windows 8, hiss sources
- iSPY: Apple Stores switch on iBeacon phone sniff spy system
- Chinese gamer plays on while BMW burns to the ground
- Pic NASA Mars tank Curiosity rolls on old WET PATCH, sighs, sniffs for life signs
- How UK air traffic control system was caught asleep on the job