Feeds

KPMG cuts its funding for UK.gov's Cyber Security Challenge

'We are not a recruitment agency,' snaps back CSC chief

Choosing a cloud hosting partner with confidence

KPMG is cutting back on its sponsorship of the UK government-backed Cyber Security Challenge after concluding the puzzle-based focus of the competition is failing to attract the right kind of potential recruits into the infosec profession.

Senior security staff at the professional services firm told Computing that it was scaling back - but not withdrawing - its involvement and sponsorship of the Cyber Security Challenge in favour of other programmes that the firm reckons are a better fit for its recruitment efforts, including working more closely with universities.

"We've drawn down our involvement this year, sadly we didn't see the CVs coming through and the sponsorship is quite expensive - we are a business," Martin Jordan, UK head of cyber security at KPMG, told the magazine."We still sponsor it, but there are a lot of other programmes going on."

KPMG is not looking to recruit "hacker-wannabes" but rather "very bright people that we can train," according to Jordan.

Stephen Bonner, a partner in KPMG's infosec practice, added that the challenge tended to emphasise puzzle solving rather than collaborating as part of a team on a project, a different skill set that is more suited to solving real world information security problems.

"Rarely in our career do we have a time-limited challenge with no conferring, it is slightly artificial and [caters for] the type of person who can perform well on their own under pressure, which is a desirable skill but not essential. Most of our problems are over a long period of time, about influencing others - not a puzzle," Bonner explained.

Bonner credits the challenge with helping to build awareness about infosec as a profession and acknowledged it's not the role of the Cyber Security Challenge to act as a recruitment agency. But he suggested more research on helping to close the skills gap would be preferable to business as usual for the CSC.

"I don't think it was ever CSC's role to find all of the candidates, they weren't a recruitment agency. What we are yet to see is good economic research into what is causing a cyber-skills shortage and what interventions will make a difference, but it is unlikely that a series of competitions would be the most powerful [way of making a difference]," he explained, adding that CSC should focus more of its efforts on improving school computing syllabuses.

The Cyber Security Challenge's main aim is to bring more talented people into the cyber security profession, according to the organisation itself, and a recent promo video. The Challenge started in 2010 with three competitions and has since expanded to a set of 20 exercises intended to reflect the broad range of skills required in the cyber security profession.

The challenge is funded by the UK government and private sector firms including BT, Sophos. HP, QinetiQ and others.

In response to queries from El Reg, Stephanie Daman, chief exec of the Cyber Security Challenge, issued a strong defence of the programme, which she argued goes beyond serving as a tool for recruitment.

"Stephen [Bonner] is right to state that we are not a recruitment agency and therefore our success cannot be measured by the number of CVs that just one of our 70 or more sponsors has received," Daman said. "The fact is many of our backers have welcomed new recruits as a result of their participation in the Challenge, but this is really a by-product of our core objective which is raising awareness of cyber security career opportunities amongst people who have the right potential."

"Examples of direct employment as a result of Challenge participation are only the tip of the iceberg in terms of the impact we are having. Many more candidates are enrolling in their first cyber security training programmes and university courses, gaining entry to industry events and meeting with key employers in order to improve their knowledge of, and suitability for, job opportunities in the coming years," she added.

Daman acknowledged KPMG had a point is arguing that awareness about cyber security as a career needs to be involved in both schools and universities.

"We also agree with Stephen on the importance of tackling this issue in the classroom which is why this year the Challenge launched a pilot schools initiative," Daman. "This has already seen classes of students in over 550 secondary schools up and down the country learning about the industry and beginning to developing code-breaking and cryptography skills. Its success has meant the Cabinet Office have backed the programme for another year, incorporating it officially as part of the UK Cyber Security strategy."

Computer forensics firm Guidance Software has trained 50,000 cyber investigators; Sam Maccherola, EMEA managing director of Guidance Software, said there's a growing need for suitably qualified cyber security staffers.

“There is a growing demand for professionals who can apply investigative skills to the new threat landscape, which is moving towards a climate of highly targeted state sponsored attacks and cyber espionage," Maccherola commented. "Training and recruitment will play a vital role in bolstering our defences against cyber attacks in the future.” ®

Beginner's guide to SSL certificates

More from The Register

next story
Russian hackers exploit 'Sandworm' bug 'to spy on NATO, EU PCs'
Fix imminent from Microsoft for Vista, Server 2008, other stuff
FYI: OS X Yosemite's Spotlight tells Apple EVERYTHING you're looking for
It's on by default – didn't you read the small print?
Microsoft pulls another dodgy patch
Redmond makes a hash of hashing add-on
'LulzSec leader Aush0k' found to be naughty boy not worthy of jail
15 months home detention leaves egg on feds' faces as they grab for more power
Kill off SSL 3.0 NOW: HTTPS savaged by vicious POODLE
Pull it out ASAP, it is SWISS CHEESE
Facebook slurps 'paste sites' for STOLEN passwords, sprinkles on hash and salt
Zuck's ad empire DOESN'T see details in plain text. Phew!
Admins! Never mind POODLE, there're NEW OpenSSL bugs to splat
Four new patches for open-source crypto libraries
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.