Winning the cybersecurity race

The cybersecurity industry demands the constant refreshing and updating of skills, with a need for fluidity between academic research, industry, and military roles. Only then will the whole industry benefit from the shared knowledge and experience.

The panellists were asked the question: what are the challenges bringing this about and where does the industry begin?

Having worked in cybersecurity for nearly 20 years, Helen Phillips, group leader at Defence Science and Technology Laboratory (DSTL) has first-hand experience of the pace of technology change. She said we need to address breaking down some of the organisational boundaries.

Phillips stated: “The fundamental skills that we need within the cybersecurity industry haven’t changed that much.”

The defence industry has, and is continuing to embrace future technologies, and has begun to develop an understanding of how we will operate in cyberspace in the future.

From a class of over 150 university students, Phillips was 1 of 45 girls, she thought that 20 years on she would be seeing far more women within the workplace, in computer science and cybersecurity type roles. This reinforces the importance of identifying ways in which we can improve the diversity within the cybersecurity workforce.

“This tells me that there is a huge pool of untapped talent out there that we’re currently not using in our space, and there must be a way for us to do that,” said Phillips.

To understand, and keep up with this complex, constantly evolving industry, it will be important to have with different experiences and perspectives to come together and understand how to tackle these complex problems.

Something that Phillips is excited about is understanding how people from organisations can work together to understand how to nurture not only the existing talent, but the future talent that is out there as well. She added: “We can then make sure that we’re able to provide those fulfilling careers across industry, academia, and government, and understand how to move between those and have a career for life.”

The importance of cyber on security operations

Ian Chesworth, head joint user for intelligence and cyber at the UK Ministry of Defence, discussed the importance of cyber security on operations within the defence industry.

The cyber and defence industry must operate within the domain of operations, meaning a reliance on capabilities that support air, land, maritime and space.

The different domains demand different skill sets, and although there is some commonality, for example science, technology, and engineering, there are more specific skills required. For example, there will be a stark difference between the coding skills required today and the skills required in the future.

One way the UK Ministry of Defence combat this is through offering a Java Coding Scheme, which has allowed over 2,300 people within the industry to gain coding skills. Chesworth also explained how the UK Ministry of Defence has established a Defence Cyber School, for cyber training and education to both joint and single service organisations.

Additionally, the industry must recognise the importance of people in these operations: “Yes there’s technology and integration requirements, but fundamentally, it wont work without the people, and we need to attract the very best people,” said Chesworth.

To attract the “very best people”, Chesworth said the industry must ensure that the proposal is clear. Talent within schools and universities needs to be reached and recruited. Once this talent has been recruited: “We need to manage their careers, professionally developing them to get them trained to the right level, and reward them for that training,” said Chesworth. This is what will lead to the retention of the talent and skills.

Preparing students for industry

Yvonne James, senior lecturer in computer science at the University of Lincoln, gave a university perspective on the issue, discussing the need for universities to become more agile and flexible to prepare students for the cyber industry.

She described universities as “slow to change organisations”, regarding the curriculum structure, and said the key issue in academia is the regulations. This leaves little opportunity for deviation, thus presenting significant problems she argued.

James stated: “This creates a massive barrier because it means that we don’t have a level of flexibility, we can’t be agile, we can’t let it [the curriculum] change to fit the needs of the military, or what the cyber industry might need.

“We need to think more about how we upskill the workforce, how we enable lifelong learning, and how we help those partnerships working within the cyber industry and the military.”

She advocated changing the rigid structure of a three-year course, and lengthy application process need to be altered, keeping up with the fast-paced cybersecurity and defence industry.

“What we see today is different tomorrow, is different to next week, is different in a few months,” stated James. The industry is changing so fast, universities and the cyber industry need to work together to ensure that future generations are equipped with the capabilities and opportunities of lifelong learning, to ensure they can keep on top of that.

Students will need to ensure they keep on top of studying to keep up with the changing demands and fulfil the needs of the cyber industry and the military.

One way that universities can move away from this standardised education model is to offer students the chance to complete shorter courses, gaining ‘micro credentials’, allowing them to build up a plethora of courses gain a full degree.

The University of Lincoln has opportunities like these available and is starting to think about how it can tie in other professional qualifications within general curricula, for example coding courses to be taken alongside a traditional course.

According to James the focus should be how do we encourage students to work within the industry?

James reflected on her own experience as a child, explaining how she was fascinated by a computer system at her dad’s work which sparked her interest in technology.

She suggested that by introducing children to the benefits of technology, with some light exposure to the notion of computing, we can encourage the children of today to have an interest in technologies at an early age.

“We have seen more clubs appearing in schools, and we now have a curriculum built around some computer science elements, training teachers and exposing pupils at an earlier age to that kind of environment,” continued James.

It is important to acknowledge that some people will leave, and this needs to be accepted, but this will regenerate the whole workforce as new talent will continually be recruited.

He challenged the perception that the military must follow certain rules in terms of what it is allowed to discuss publicly, but he said it can talk about the skills, level of training and entry qualifications required. “We can absolutely communicate with people who are in universities or schools and get them to understand the sort of career opportunities available to them within and beyond defence,” he said.

Chesworth believed the industry must look towards how to enable the greater reach into universities within the cyber-domain, as well as initiatives such as the Defence Cyber School. This will enable the industry to bridge the gap between the beginning academic phase and the career phase of people’s lives.