A new strategy for diversifying the security profession

Cybersecurity skills are in demand and essential to the well-being of not only organizations of all kinds, but nations as a whole. Yet, until recently, there were few clear paths to a cybersecurity profession. Instead, cyber tends to derive from existing technical careers through qualifications and certifications such as ISO 27001, CompTIA, and CISMP. . You are tech first, then you move to cyber. That’s how it’s always been done.

However, as is now widely accepted, The most effective security teams include members from diverse backgrounds.and not just for those who arrived by traditional routes.

Gillian Vanhauwaert is the pen test team lead for Bulletproof, a cybersecurity services company based in Stevenage. Growing up in Belgium, she followed her science-oriented path at school. After her graduation, she had no idea what to do next.

“I knew you liked games and computers. In my high school, you majored in science, so you wanted to go to engineering school. I did.”

That’s exactly what I want to do. Why have I never heard of this before?

However, an industrial engineering degree wasn’t as interesting as she had hoped, and after a year she switched to web development. Her turning point came when she attended an internship fair in her final year. There she met a student who was learning cybersecurity as part of her course.

“There are a lot of security companies out there and they pitched me ethical hacking. I thought that was great. It’s exactly what I want to do. Why have I never heard of this is it?”

Luckily, she was able to add a cybersecurity module to her degree program. After completing it, she spent her further two years specializing in security before doing an internship in the cyber field.

This zigzag trajectory into cyber careers isn’t uncommon for people in their 20s now, says Vanhauwaert. He said, “He wanted to know that information when he was 18, especially in high school.”

One way is self-study using the many online resources, but the prerequisite is that you need to know about it first. chicken and egg. “I think you’ll need luck to find it.”

Thankfully, things are improving in Belgium, the UK and other countries. The profession has become more visible as the need for cyber expertise has become more apparent and the need to attract young people has become more widely recognized.

Using games to engage people is a very effective way, said Vanhauwaert, referring to Pwnie Island, a game set on an island where you hack your way to success. “These are also coming out more and more. I am very happy to have more resources to gamify this learning.”

Nonetheless, she says she is one of only two female pen testers working.

“People are nice and teams tend to be bondable in many cases. I think GDPR teams, for example, tend to be more balanced and feel a little less lonely. Still, it’s definitely out of balance.”

Cyber ​​Explorers program

The barriers that Gillian Vanhauwaert encountered in his cyber career are a case in point example of what the UK’s Cyber ​​Explorers program is trying to address.

Launched last year, the program aims to spread the appeal of computer science to students ages 11 to 14 and introduce them to areas such as cybersecurity before choosing GCSE courses. The program is part of the UK government’s £2.6bn national cyber strategy NCSCIt is run for the government by the training company QA Ltd.

As of January 23, 37,000 students and 2,300 teachers in 1,920 schools are enrolled in Cyber ​​Explorers. Teachers receive free training as part of the scheme, and experts visit participating schools monthly to provide support. According to CyberFirst project manager Mark Baldwin, student self-enrolment began in December, which has sparked renewed interest.

A key feature of the platform is gamification. Students follow the lives of cyber citizens such as content creator Sam, healthcare worker AJ, sports expert Jordan, entrepreneur Joseph, and environmentalist Zamia. keep them safe.

“In addition to our educational platform on careers and internet safety, we have added elements that reflect games popular with 11-14 year olds. We wanted it to be a thing, a platform,” Baldwin said.

Cyber ​​Explorers is so popular that 90% of registrants have completed at least one module, Baldwin said. He believes that games, colorful designs developed with input from teachers, characters, and a shallow learning curve are all keys to success.

Importantly, 49% of students participating in Cyber ​​Explorers are girls.

It is essential to teach not only the basics of how to stay safe and cyber-secure online, but also the benefits this brings when it comes to career opportunities.

Of course, it is possible that after a student completes a course, they may find that their newfound interest in cyber is nowhere to be found. Therefore, the program seeks to ensure that there are sufficient resources for teachers to link to the curriculum and signposts to external courses. As Cyber ​​Choices and teach Nation to Code.

“We found that the amount of time spent in ICT classes varied from school to school,” explains Baldwin. “This often means that teachers are ‘no time’ and dedicate sessions to essentials based on relevant curriculum, Key Stage 3 and equivalent content. This means you need to provide easy-to-deliver content, links to curriculum, and content that helps incorporate that learning. .”

In addition to participating in topics students want to explore further, it also raises cyber explorer awareness of the everyday risks they encounter in their increasingly online lives. Thanks to advances in technology, children are more connected to society than ever before.

“Teaching not only the basics of how to stay safe and cyber-secure online, but also the benefits this brings in terms of career opportunities and how cyber plays a role in our daily lives,” Baldwin said. is the basis,” he said.

This is the first part of a two-part series on cybersecurity and youth.