Today sees a change at the top of the Cyber Security Challenge, with founder Judy Baker stepping down to be replaced by Bob Nowill as chairman.
Announced this week, Nowill is a former security leader within GCHQ and BT and has served on the board of the Challenge since early 2014. I asked him why he felt it was time to step up to the plate, and he said it was not a time for “wholesale changes, but plenty of continuity”.
Formed in 2010 as a concept to help address the UK skills shortage, the Challenge crowned its fifth winner last month, and among its winners have been three students and two professionals. I asked him if the skills shortage was still at the heart of the Challenge, and Nowill said “definitely”, particularly as pressures have changed and shortages are acute. He said that it has always been a problem getting people from across the engineering and science spectrum into security, engineering and technology jobs.
He said: “We struggle by only recruiting from half of the population, and it is increasing. Some things have changed over the years and I expect people in GCHQ are feeling that as acutely as everywhere else.
“I always found myself in a place where I want to bring people through to improve professionalism, training and career paths, and I am an active part of the IISP and chair the accreditation committee to make sure people treat the profession properly. I am also on the certifying body for the CESG Certified Professional (CCP), so see all of the applications coming through and am in a good position to judge talent.”
The skills shortage has been well mentioned and the Challenge is making strides to address this, but is the problem that we are only expecting those with “STEM” and computer science qualifications to be hired? I told Nowill of my media degree and he said that sort of thing would be great, but that subjects like engineering and science are deemed to be “boys” topics, while life sciences are more “female” oriented.
“Look at parts of the profession like penetration testers, some come in on those paths but some of the best penetration testers have come through alternative paths and the Challenge is about this,” he said. “Those who think of this as a hobby, or are not so ethical hackers, we can flip them from the dark side, and they do well.”
We agreed that the ideal candidate has that inquisitive nature, and the equivalent before computing was someone interested in building something and if it doesn’t work, doesn’t throw it away but tries to fix it – “and those people would be great in the cyber security space” he said.
On his first day in the job, what were his intentions in the job? He said that promoting the “Play on Demand” website game was important, that he hoped it was attractive to all ages, and while they cannot pretend that everyone likes gaming, but it is open to all who do.
Upcoming are the final challenges of 2015, before the sixth challenge begins later this month that will lead to the masterclass in November, while the summer cyber camp will attract mixed teams from military and the public.
Nowill mentioned that those who had attended a previous camp got a basic certification and were nominated to masterclass final. I asked him if he felt it was time that the Challenge offered an industry-recognised certification, something to show that a candidate was capable of working under pressure, both alone and in a team in offence and defensive capacities.
He admitted that looks good on a CV, but it is not a career recognition, but the Challenge gives candidates the right sort of experience and it is a step on the ladder to get accreditation.
“Those people who get through to the masterclass final get entry level accreditation and we have given prizes including student associate memberships and courses with training providers, to CISSP qualification. Going through the challenge gets you on ladder and opens the door to employment,” he said.
“We give them all a certificate and sponsors all get the opportunity to talk to them and invite them to an assessment and an offer of work experience, and it does open that door.”
We concluded by talking about the three most pressing needs for the Challenge to proceed, and Nowill said that they include: scaling up and accessing those people not thought of it, and reaching out to those people who find it interesting; scaling up funding from sponsors and Government and increase its own self sufficiency; and keep track of the National Cyber Security Strategy programme across an national election.
Bob Nowill, chairman of the Cyber Security Challenge, was talking to Dan Raywood