Feeds

KPMG cuts its funding for UK.gov's Cyber Security Challenge

'We are not a recruitment agency,' snaps back CSC chief

Remote control for virtualized desktops

KPMG is cutting back on its sponsorship of the UK government-backed Cyber Security Challenge after concluding the puzzle-based focus of the competition is failing to attract the right kind of potential recruits into the infosec profession.

Senior security staff at the professional services firm told Computing that it was scaling back - but not withdrawing - its involvement and sponsorship of the Cyber Security Challenge in favour of other programmes that the firm reckons are a better fit for its recruitment efforts, including working more closely with universities.

"We've drawn down our involvement this year, sadly we didn't see the CVs coming through and the sponsorship is quite expensive - we are a business," Martin Jordan, UK head of cyber security at KPMG, told the magazine."We still sponsor it, but there are a lot of other programmes going on."

KPMG is not looking to recruit "hacker-wannabes" but rather "very bright people that we can train," according to Jordan.

Stephen Bonner, a partner in KPMG's infosec practice, added that the challenge tended to emphasise puzzle solving rather than collaborating as part of a team on a project, a different skill set that is more suited to solving real world information security problems.

"Rarely in our career do we have a time-limited challenge with no conferring, it is slightly artificial and [caters for] the type of person who can perform well on their own under pressure, which is a desirable skill but not essential. Most of our problems are over a long period of time, about influencing others - not a puzzle," Bonner explained.

Bonner credits the challenge with helping to build awareness about infosec as a profession and acknowledged it's not the role of the Cyber Security Challenge to act as a recruitment agency. But he suggested more research on helping to close the skills gap would be preferable to business as usual for the CSC.

"I don't think it was ever CSC's role to find all of the candidates, they weren't a recruitment agency. What we are yet to see is good economic research into what is causing a cyber-skills shortage and what interventions will make a difference, but it is unlikely that a series of competitions would be the most powerful [way of making a difference]," he explained, adding that CSC should focus more of its efforts on improving school computing syllabuses.

The Cyber Security Challenge's main aim is to bring more talented people into the cyber security profession, according to the organisation itself, and a recent promo video. The Challenge started in 2010 with three competitions and has since expanded to a set of 20 exercises intended to reflect the broad range of skills required in the cyber security profession.

The challenge is funded by the UK government and private sector firms including BT, Sophos. HP, QinetiQ and others.

In response to queries from El Reg, Stephanie Daman, chief exec of the Cyber Security Challenge, issued a strong defence of the programme, which she argued goes beyond serving as a tool for recruitment.

"Stephen [Bonner] is right to state that we are not a recruitment agency and therefore our success cannot be measured by the number of CVs that just one of our 70 or more sponsors has received," Daman said. "The fact is many of our backers have welcomed new recruits as a result of their participation in the Challenge, but this is really a by-product of our core objective which is raising awareness of cyber security career opportunities amongst people who have the right potential."

"Examples of direct employment as a result of Challenge participation are only the tip of the iceberg in terms of the impact we are having. Many more candidates are enrolling in their first cyber security training programmes and university courses, gaining entry to industry events and meeting with key employers in order to improve their knowledge of, and suitability for, job opportunities in the coming years," she added.

Daman acknowledged KPMG had a point is arguing that awareness about cyber security as a career needs to be involved in both schools and universities.

"We also agree with Stephen on the importance of tackling this issue in the classroom which is why this year the Challenge launched a pilot schools initiative," Daman. "This has already seen classes of students in over 550 secondary schools up and down the country learning about the industry and beginning to developing code-breaking and cryptography skills. Its success has meant the Cabinet Office have backed the programme for another year, incorporating it officially as part of the UK Cyber Security strategy."

Computer forensics firm Guidance Software has trained 50,000 cyber investigators; Sam Maccherola, EMEA managing director of Guidance Software, said there's a growing need for suitably qualified cyber security staffers.

“There is a growing demand for professionals who can apply investigative skills to the new threat landscape, which is moving towards a climate of highly targeted state sponsored attacks and cyber espionage," Maccherola commented. "Training and recruitment will play a vital role in bolstering our defences against cyber attacks in the future.” ®

Top 5 reasons to deploy VMware with Tegile

More from The Register

next story
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
Why did it take antivirus giants YEARS to drill into super-scary Regin? Symantec responds...
FYI this isn't just going to target Windows, Linux and OS X fans
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Home Office: Fancy flogging us some SECRET SPY GEAR?
If you do, tell NOBODY what it's for or how it works
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
'Regin': The 'New Stuxnet' spook-grade SOFTWARE WEAPON described
'A degree of technical competence rarely seen'
Syrian Electronic Army in news site 'hack' POP-UP MAYHEM
Gigya redirect exploit blamed for pop-rageous ploy
Astro-boffins start opening universe simulation data
Got a supercomputer? Want to simulate a universe? Here you go
prev story

Whitepapers

10 ways wire data helps conquer IT complexity
IT teams can automatically detect problems across the IT environment, spot data theft, select unique pieces of transaction payloads to send to a data source, and more.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
How to determine if cloud backup is right for your servers
Two key factors, technical feasibility and TCO economics, that backup and IT operations managers should consider when assessing cloud backup.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.