Editor’s Note: Stephen Miller is a lab team manager at pharmaceutical giant GSK in Hertfordshire, southern England. Earlier this month Stephen was named UK cyber security champion, beating thousands of registered players during a yearlong competition to find the most talented amateur cyber defenders.
Story highlights
Stephen Miller is the reigning UK cyber security champion
Miller: Cybercrime has grown exponentially in scale and sophistication in recent years
Cybercrime is backed by a highly organized black market and is worth billions of dollars
Cyber security is often regarded as hobby for young people rather than "genuine" career
Cyber security is big news right now. It seems a new high-profile breach is reported almost daily and yet this represents only the very tip of the iceberg. Backed by a highly organized black market worth billions of dollars, cybercrime has grown exponentially in scale and sophistication in recent years. In the face of this mounting threat, government and industry are manning the defenses. But finding the right people to protect some of our most valuable data isn’t straightforward and requires a new approach.
Over the past three years I have competed in a unique set of security games, backed by UK government, industry, academics and professional bodies, known as the Cyber Security Challenge. This aims to find talented amateurs by testing their skills with realistic competitions.
Read more: International cyber attacks on the rise
In my time playing the Challenge I have come face to face (or face to screen) with many dangerous viruses and computer code, and defended networks from simulated live-hacking attempts carried out by the UK’s leading cyber defense experts. Last week, I was fortunate enough to be crowned the UK’s cyber security champion. It’s an experience that has taught me much about the skills required to defend a computer system, but also about the difficulties the industry faces finding people with these skills.
This is a major problem as cyber-attacks become more frequent and threaten us on various levels.
The first aspect is the threat posed to the internet-using public. Scam emails and infected websites still represent a major source of income for cyber criminals. From a technical point these threats are easily solved through freely available anti-virus software and the use of decent solid passwords for your online accounts. However, the attacks continue due to the ease of bypassing these defenses by compromising the user. Technical defenses are of little use if the user clicks on the wrong link or accepts security warnings automatically without question. The fact these scams are still out there shows they are still effective and we have some way to go to educate the public on safe use of the internet.
Above this sits corporate and industrial vulnerability that threatens organisations’ most valuable data – be it financial records, customer data or intellectual property. The UK government has placed the potential cost of a single corporate cyber-attack in the hundreds of millions and it’s not just traditional technology and internet-based companies that are at risk. Whether it is the pharmaceutical industry where I work, aerospace companies or even the food industry, all own private information that could be of significant value and potentially accessible for those who know how.
The highest level of threat represents the potential for state-sponsored attacks and future “cyber warfare” exposing vulnerabilities of our critical national infrastructure to online attack. While the nature of this threat landscape is uncertain, the potential damage a cyber-attack could pose to our internet-dependent telecommunications, power and even water infrastructure, has seen cyber security rise sharply up government agendas around the world in the last five years.
With cyber security a recognized priority at all levels of society, it is not that surprising that employers of this profession such as those I have met through playing the Challenge are on the lookout for new talent to fill increasing job vacancies.
However they face their own challenge uncovering people for these jobs. Our education system in the UK has yet to catch up with a young, rapidly growing and ever-changing industry. My IT lessons focused on the use of software rather than its development or how to secure it.
And while there are people who like me developed this knowledge and skills off their own back, there is still limited information out there about cyber security as a career option. I always saw it as more of a hobby, or a source of intellectual challenges, but never a genuine job possibility with the potential to progress upwards within a business or organization.
This has all changed since playing the Challenge where the excitement of the profession, and the variety and diversity of employers has shown myself and many of the thousands of other Challenge participants, what this sector could offer them. The key is how they have gone about it using realistic and engaging games and exciting problem-solving activities developed by the professions themselves that inspire talented potential recruits to utilize and hone their skills to tackle real-life problems.
While the Challenge won’t solve our recruitment issues on its own it is vital that countries like the UK look outside of the traditional academic pathways if they are to build a healthy pipeline of cyber defenders to protect internet users from those that wish them harm. As someone with no formal training in this sector, I know as well as anyone that the skills for the good fight can be in anyone and as a nation we must not ignore this pool of untapped talent if we are to keep the internet a safe place for us all to enjoy.
The views expressed in this column are solely those of Stephen Miller.