Feeds

KPMG cuts its funding for UK.gov's Cyber Security Challenge

'We are not a recruitment agency,' snaps back CSC chief

Protecting against web application threats using SSL

KPMG is cutting back on its sponsorship of the UK government-backed Cyber Security Challenge after concluding the puzzle-based focus of the competition is failing to attract the right kind of potential recruits into the infosec profession.

Senior security staff at the professional services firm told Computing that it was scaling back - but not withdrawing - its involvement and sponsorship of the Cyber Security Challenge in favour of other programmes that the firm reckons are a better fit for its recruitment efforts, including working more closely with universities.

"We've drawn down our involvement this year, sadly we didn't see the CVs coming through and the sponsorship is quite expensive - we are a business," Martin Jordan, UK head of cyber security at KPMG, told the magazine."We still sponsor it, but there are a lot of other programmes going on."

KPMG is not looking to recruit "hacker-wannabes" but rather "very bright people that we can train," according to Jordan.

Stephen Bonner, a partner in KPMG's infosec practice, added that the challenge tended to emphasise puzzle solving rather than collaborating as part of a team on a project, a different skill set that is more suited to solving real world information security problems.

"Rarely in our career do we have a time-limited challenge with no conferring, it is slightly artificial and [caters for] the type of person who can perform well on their own under pressure, which is a desirable skill but not essential. Most of our problems are over a long period of time, about influencing others - not a puzzle," Bonner explained.

Bonner credits the challenge with helping to build awareness about infosec as a profession and acknowledged it's not the role of the Cyber Security Challenge to act as a recruitment agency. But he suggested more research on helping to close the skills gap would be preferable to business as usual for the CSC.

"I don't think it was ever CSC's role to find all of the candidates, they weren't a recruitment agency. What we are yet to see is good economic research into what is causing a cyber-skills shortage and what interventions will make a difference, but it is unlikely that a series of competitions would be the most powerful [way of making a difference]," he explained, adding that CSC should focus more of its efforts on improving school computing syllabuses.

The Cyber Security Challenge's main aim is to bring more talented people into the cyber security profession, according to the organisation itself, and a recent promo video. The Challenge started in 2010 with three competitions and has since expanded to a set of 20 exercises intended to reflect the broad range of skills required in the cyber security profession.

The challenge is funded by the UK government and private sector firms including BT, Sophos. HP, QinetiQ and others.

In response to queries from El Reg, Stephanie Daman, chief exec of the Cyber Security Challenge, issued a strong defence of the programme, which she argued goes beyond serving as a tool for recruitment.

"Stephen [Bonner] is right to state that we are not a recruitment agency and therefore our success cannot be measured by the number of CVs that just one of our 70 or more sponsors has received," Daman said. "The fact is many of our backers have welcomed new recruits as a result of their participation in the Challenge, but this is really a by-product of our core objective which is raising awareness of cyber security career opportunities amongst people who have the right potential."

"Examples of direct employment as a result of Challenge participation are only the tip of the iceberg in terms of the impact we are having. Many more candidates are enrolling in their first cyber security training programmes and university courses, gaining entry to industry events and meeting with key employers in order to improve their knowledge of, and suitability for, job opportunities in the coming years," she added.

Daman acknowledged KPMG had a point is arguing that awareness about cyber security as a career needs to be involved in both schools and universities.

"We also agree with Stephen on the importance of tackling this issue in the classroom which is why this year the Challenge launched a pilot schools initiative," Daman. "This has already seen classes of students in over 550 secondary schools up and down the country learning about the industry and beginning to developing code-breaking and cryptography skills. Its success has meant the Cabinet Office have backed the programme for another year, incorporating it officially as part of the UK Cyber Security strategy."

Computer forensics firm Guidance Software has trained 50,000 cyber investigators; Sam Maccherola, EMEA managing director of Guidance Software, said there's a growing need for suitably qualified cyber security staffers.

“There is a growing demand for professionals who can apply investigative skills to the new threat landscape, which is moving towards a climate of highly targeted state sponsored attacks and cyber espionage," Maccherola commented. "Training and recruitment will play a vital role in bolstering our defences against cyber attacks in the future.” ®

Reducing the cost and complexity of web vulnerability management

More from The Register

next story
Early result from Scots indyref vote? NAW, Jimmy - it's a SCAM
Anyone claiming to know before tomorrow is telling porkies
TOR users become FBI's No.1 hacking target after legal power grab
Be afeared, me hearties, these scoundrels be spying our signals
Jihadi terrorists DIDN'T encrypt their comms 'cos of Snowden leaks
Intel bods' analysis concludes 'no significant change' after whistle was blown
Home Depot: 56 million bank cards pwned by malware in our tills
That's about 50 per cent bigger than the Target tills mega-hack
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
NORKS ban Wi-Fi and satellite internet at embassies
Crackdown on tardy diplomatic sysadmins providing accidental unfiltered internet access
UK.gov lobs another fistful of change at SME infosec nightmares
Senior Lib Dem in 'trying to be relevant' shocker. It's only taxpayers' money, after all
Critical Adobe Reader and Acrobat patches FINALLY make it out
Eight vulns healed, including XSS and DoS paths
Spies would need SUPER POWERS to tap undersea cables
Why mess with armoured 10kV cables when land-based, and legal, snoop tools are easier?
prev story

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.