KPMG is cutting back on its sponsorship of the UK government-backed Cyber Security Challenge after concluding the puzzle-based focus of the competition is failing to attract the right kind of potential recruits into the infosec profession. Senior security staff at the professional services firm told Computing that it was scaling …
> Most of our problems are over a long period of time
Of course they are - no sensible parasite ever bleeds the host out all at once.
"What we are yet to see is good economic research into what is causing a cyber-skills shortage and what interventions will make a difference"
It's yet to be seen because it's unnecessary. The answer is the elephant in the room: MONEY.
People flock to banking because there is the potential of lots and lots of money. There are always lads (and it's usually lads) who will do great things at no cost just because they can. But building a framework around this eccentric behavior is not rational. Like most people, the candidates sought want to know there is a good salary and excellent career prospects on offer. As I recall, the "opportunity" was to work with GCHQ at a salary a janitor would be embarrassed to talk about. So when I write "good salary" I don't mean good government salary. I mean a salary competitive with a profession like medicine, accounting, banking.
The solution is simple: make working in cyber-security an economically attractive option with long term prospects. At the moment it's not perceived that way. Until it is, cyber-security skills will be lacking and those lads who do great stuff for laughs will be the ones breaking in. And they are the ones that don't work in a team - that is unless its got a moniker like Lulzsec or Anonymous.
As a CSC contestant...
So is KPMG not using the corporate social responsibility fund for this?
It’s hard to not sound too biased as I owe the CSC a lot but it’s sad to read this. In the 4 live events I attended with the CSC I have never met a KPMG representative or was told about KPMG opportunities.
I have to praise the Cyber Security Challenge UK for the work they have done. Although their core result is to raise awareness I think the greatest ‘by-product’ is the boost in confidence that all the contestants get. The experiences that the CSC can give are awesome, to be able to tell people you went for NetWars at Bletchley Park or visited Aston Martin Prodrive. I haven’t had an interview since where there these stories haven’t failed to impress even non-techies. So much confidence from having a genuinely interesting technical development story.
Although the CSC challenges may not be ‘realistic’ they have to meet realistic constraints. The contestants, which are generally full time students/employed, are giving up their weekends and evenings to practice and turn up to the events. Modelling a game that accounts for solving “problems over a long period of time” I would argue isn’t a realistic option. I’m also surprised to read that the ROI by visiting Cambridge’s computing society is better then the CSC 'investment' - way to cut out the rest of the nation.
I’d love to see much smaller companies get involved with the cybersecurity challenge. Those where directors and shareholders would take the time to actually observe the live competition instead of waiting for CV’s to come in. However I wonder if the sponsorship costs force only the large corporates to be able to make the cut.
Finally - I second the above comment about GCHQ’s starting salary for technology graduates– which is surprisingly small. IBM, Microsoft and BT are all offering a 25-35% better starting salary for none specialist roles. “People work here because they want to work here” was the justification for this - a tad pretentious perhaps.
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Microsoft refuses to nip 'Windows 9' unzip lip slip
- US Copyright Office rules that monkeys CAN'T claim copyright over their selfies
- Tesla: YES – We'll build a network of free Superchargers in Oz
- True fact: 1 in 4 Brits are now TERRORISTS