Feeds

KPMG cuts its funding for UK.gov's Cyber Security Challenge

'We are not a recruitment agency,' snaps back CSC chief

Next gen security for virtualised datacentres

KPMG is cutting back on its sponsorship of the UK government-backed Cyber Security Challenge after concluding the puzzle-based focus of the competition is failing to attract the right kind of potential recruits into the infosec profession.

Senior security staff at the professional services firm told Computing that it was scaling back - but not withdrawing - its involvement and sponsorship of the Cyber Security Challenge in favour of other programmes that the firm reckons are a better fit for its recruitment efforts, including working more closely with universities.

"We've drawn down our involvement this year, sadly we didn't see the CVs coming through and the sponsorship is quite expensive - we are a business," Martin Jordan, UK head of cyber security at KPMG, told the magazine."We still sponsor it, but there are a lot of other programmes going on."

KPMG is not looking to recruit "hacker-wannabes" but rather "very bright people that we can train," according to Jordan.

Stephen Bonner, a partner in KPMG's infosec practice, added that the challenge tended to emphasise puzzle solving rather than collaborating as part of a team on a project, a different skill set that is more suited to solving real world information security problems.

"Rarely in our career do we have a time-limited challenge with no conferring, it is slightly artificial and [caters for] the type of person who can perform well on their own under pressure, which is a desirable skill but not essential. Most of our problems are over a long period of time, about influencing others - not a puzzle," Bonner explained.

Bonner credits the challenge with helping to build awareness about infosec as a profession and acknowledged it's not the role of the Cyber Security Challenge to act as a recruitment agency. But he suggested more research on helping to close the skills gap would be preferable to business as usual for the CSC.

"I don't think it was ever CSC's role to find all of the candidates, they weren't a recruitment agency. What we are yet to see is good economic research into what is causing a cyber-skills shortage and what interventions will make a difference, but it is unlikely that a series of competitions would be the most powerful [way of making a difference]," he explained, adding that CSC should focus more of its efforts on improving school computing syllabuses.

The Cyber Security Challenge's main aim is to bring more talented people into the cyber security profession, according to the organisation itself, and a recent promo video. The Challenge started in 2010 with three competitions and has since expanded to a set of 20 exercises intended to reflect the broad range of skills required in the cyber security profession.

The challenge is funded by the UK government and private sector firms including BT, Sophos. HP, QinetiQ and others.

In response to queries from El Reg, Stephanie Daman, chief exec of the Cyber Security Challenge, issued a strong defence of the programme, which she argued goes beyond serving as a tool for recruitment.

"Stephen [Bonner] is right to state that we are not a recruitment agency and therefore our success cannot be measured by the number of CVs that just one of our 70 or more sponsors has received," Daman said. "The fact is many of our backers have welcomed new recruits as a result of their participation in the Challenge, but this is really a by-product of our core objective which is raising awareness of cyber security career opportunities amongst people who have the right potential."

"Examples of direct employment as a result of Challenge participation are only the tip of the iceberg in terms of the impact we are having. Many more candidates are enrolling in their first cyber security training programmes and university courses, gaining entry to industry events and meeting with key employers in order to improve their knowledge of, and suitability for, job opportunities in the coming years," she added.

Daman acknowledged KPMG had a point is arguing that awareness about cyber security as a career needs to be involved in both schools and universities.

"We also agree with Stephen on the importance of tackling this issue in the classroom which is why this year the Challenge launched a pilot schools initiative," Daman. "This has already seen classes of students in over 550 secondary schools up and down the country learning about the industry and beginning to developing code-breaking and cryptography skills. Its success has meant the Cabinet Office have backed the programme for another year, incorporating it officially as part of the UK Cyber Security strategy."

Computer forensics firm Guidance Software has trained 50,000 cyber investigators; Sam Maccherola, EMEA managing director of Guidance Software, said there's a growing need for suitably qualified cyber security staffers.

“There is a growing demand for professionals who can apply investigative skills to the new threat landscape, which is moving towards a climate of highly targeted state sponsored attacks and cyber espionage," Maccherola commented. "Training and recruitment will play a vital role in bolstering our defences against cyber attacks in the future.” ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Top 10 endpoint backup mistakes
Avoid the ten endpoint backup mistakes to ensure that your critical corporate data is protected and end user productivity is improved.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Backing up distributed data
Eliminating the redundant use of bandwidth and storage capacity and application consolidation in the modern data center.
The essential guide to IT transformation
ServiceNow discusses three IT transformations that can help CIOs automate IT services to transform IT and the enterprise
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.