First SANS Cyber Academy unearths top ‘hidden’ security talent in the UK

The first SANS Cyber Academy – an initiative designed to close the skills gap in cyber security expertise across the UK – has just been completed. The end result is a cohort of graduates who rank in the world’s Top 10%, with the top scorer being a clerk who processes parking fines for Nottingham City Council. That someone who has never worked in the profession demonstrates such potential highlights just how much talent we’re potentially missing out on, not to mention the failures of the current system.

Ross Bradley, who has spent the last 15 years processing car parking fines for Nottingham City Council, looks set to become one of the UK’s top cyber security professionals after achieving one of the highest scores ever in the internationally-recognised GIAC cyber security qualifications.

Bradley finished top of the class at the SANS Cyber Academy. The Academy’s unique model chose 31 ‘high potential’ students from over 25,000 candidates who completed an aptitude test and then put them through eight weeks of rigorous cyber training.

“That someone who has never worked in the profession has such potential is proof that the cyber professionals we need are out there, but that the current system is failing to find and nurture them,” expressed Steve Jones, UK managing director of SANS.

Bradley and his fellow students completed the first-ever SANS Cyber Academy at the end of October. The group’s GIAC exam results placed them all within the Top 10% worldwide. The individuals involved are now in discussions with employers who are looking to recruit the best cyber talent to defend their organisations. Indeed, some of the SANS graduates have already received job offers.

Search for cyber aptitude

The SANS Academy was set up to find people with cyber aptitude, but not necessarily experience, and quickly turn them into cyber professionals.

It’s the first ever programme to offer a rapid solution to the cyber skills gap. As such, it looked far and wide in its selection process, bringing in people from all walks of life, including many who may not have considered cyber as a career.

“I was wary of quitting my job and starting the Academy,” stated Bradley, “particularly when I saw that people working in forensics and with degrees were going. I thought to myself: ‘I don’t have a degree, I just work for the Council’, but I’m glad I went. I wasn’t expecting to do so well, but I knew I had to work extremely hard. I put a lot of effort into the course and I’m glad it paid off.”

Kate Booth quit her job as a university lecturer and was offered a place at the Academy after a strong aptitude test score. “The course is great because it includes people of all ages and backgrounds that haven’t followed the usual route to cyber security and doesn’t just look at existing skills but also capability and potential,” said Booth. “We also had some amazing tutors who do in real life what they were teaching us on the course.”

Booth continued: “It’s a great model for bringing women into the industry, avoiding the traditional routes which can be quite male-centric. Half the population are women so we’re missing the talents of a lot of people. I was always interested in maths and science when I was at school, and my parents gave me a lot of encouragement to do what I was interested in, but we need to do more as a country to bring women into cyber security. There’s still a way to go, but initiatives like this can really help females to break through.”

Goldmine of cyber talent

Jim Fox, head of cyber development at cyber security company e2e, attended the Academy’s two recruitment days and has since recruited several graduates.

“We were like kids in a candy store,” enthused Fox. “The Academy is like the Harvard Business School for cyber. You know the graduates are going in based on their aptitude, and will be going through the best training possible. We’re ahead of the game this year and have made some amazing recruits by getting involved early, but we expect there to be a lot more competition for graduates in the future.”

Carl Urban, one of e2e’s new recruits, commented: “The Academy takes people with the raw skills and gives them access to world class trainers. The industry is looking at response as much as prevention, and the training that we’ve received means that all of us now feel confident contributing to organisations looking to fill their cyber skills gaps.”

“The model has proven very effective,” asserted Steve Jones, who’s also the programme manager for the SANS Cyber Academy. “We spend several months assessing and identifying the most promising students, some of whom are working in related fields, but many of whom have never even considered security as a career. We give them the very best hands-on training available and put them through three GIAC examinations. Eight weeks later you have highly-skilled cyber defenders ready for employment.”

Jones concluded: “It’s a good model for an industry with a massive and critical skills gap. We’re now talking to a number of employers about finding and training their 2016 intake of cyber security staff through the next Academy. Our next rigorous selection process will soon be starting.”

How secure are the world’s largest cyber security companies?

After recent high profile security breaches at the likes of TalkTalk and Vodafone, cyber security is big news. With nine out of ten companies claiming to be victims of cyber crime, security is proving to be big business as companies battle to offer their clients the best protection.

However, new research shows that when choosing a provider it’s also imperative to check how financially stable they are. Global market analyst Plimsoll has produced a new study on the world’s 300 biggest cyber security companies which showsthat one-in-six of them is losing money. 44 of these companies are in “perilous financial danger” while the market “looks primed for consolidation” with 26 companies ripe for acquisition in 2016.

David Pattison, lead analyst at Plimsoll, told Risk UK: “It’s something of a gold rush at the minute with most companies completely unprotected until they’re attacked. However, the latest Plimsoll Analysis has identified 44 providers that are financially unstable.”

Pattison continued: “When choosing a company to protect your business, you need to invest a significant amount of time and money integrating their products into your own environment. With this in mind, isn’t it prudent to check if your chosen provider is likely to be around to give the cover you need for at least the next few years?”

The Plimsoll Analysis provides an individual health assessment and valuation on the world’s Top 300 cyber security companies. A series of charts and written summaries highlights which are strong and those that could be heading for financial trouble over the next few years.

*For further details about the analysis contact Plimsoll’s Global Team on (telephone) +44 (0)1642 626422 or via e-mail at: sales@plimsollworld.com

About the Author
Brian Sims BA (Hons) Hon FSyI, Editor, Risk UK (Pro-Activ Publications) Beginning his career in professional journalism at The Builder Group in March 1992, Brian was appointed Editor of Security Management Today in November 2000 having spent eight years in engineering journalism across two titles: Building Services Journal and Light & Lighting. In 2005, Brian received the BSIA Chairman’s Award for Promoting The Security Industry and, a year later, the Skills for Security Special Award for an Outstanding Contribution to the Security Business Sector. In 2008, Brian was The Security Institute’s nomination for the Association of Security Consultants’ highly prestigious Imbert Prize and, in 2013, was a nominated finalist for the Institute's George van Schalkwyk Award. An Honorary Fellow of The Security Institute, Brian serves as a Judge for the BSIA’s Security Personnel of the Year Awards and the Securitas Good Customer Award. Between 2008 and 2014, Brian pioneered the use of digital media across the security sector, including webinars and Audio Shows. Brian’s actively involved in 50-plus security groups on LinkedIn and hosts the popular Risk UK Twitter site. Brian is a frequent speaker on the conference circuit. He has organised and chaired conference programmes for both IFSEC International and ASIS International and has been published in the national media. Brian was appointed Editor of Risk UK at Pro-Activ Publications in July 2014 and as Editor of The Paper (Pro-Activ Publications' dedicated business newspaper for security professionals) in September 2015. Brian was appointed Editor of Risk Xtra at Pro-Activ Publications in May 2018.

Related Posts