The first SANS Cyber Academy – an initiative designed to close the skills gap in cyber security expertise across the UK – has just been completed. The end result is a cohort of graduates who rank in the world’s Top 10%, with the top scorer being a clerk who processes parking fines for Nottingham City Council. That someone who has never worked in the profession demonstrates such potential highlights just how much talent we’re potentially missing out on, not to mention the failures of the current system.
Ross Bradley, who has spent the last 15 years processing car parking fines for Nottingham City Council, looks set to become one of the UK’s top cyber security professionals after achieving one of the highest scores ever in the internationally-recognised GIAC cyber security qualifications.
Bradley finished top of the class at the SANS Cyber Academy. The Academy’s unique model chose 31 ‘high potential’ students from over 25,000 candidates who completed an aptitude test and then put them through eight weeks of rigorous cyber training.
“That someone who has never worked in the profession has such potential is proof that the cyber professionals we need are out there, but that the current system is failing to find and nurture them,” expressed Steve Jones, UK managing director of SANS.
Bradley and his fellow students completed the first-ever SANS Cyber Academy at the end of October. The group’s GIAC exam results placed them all within the Top 10% worldwide. The individuals involved are now in discussions with employers who are looking to recruit the best cyber talent to defend their organisations. Indeed, some of the SANS graduates have already received job offers.
Search for cyber aptitude
The SANS Academy was set up to find people with cyber aptitude, but not necessarily experience, and quickly turn them into cyber professionals.
It’s the first ever programme to offer a rapid solution to the cyber skills gap. As such, it looked far and wide in its selection process, bringing in people from all walks of life, including many who may not have considered cyber as a career.
“I was wary of quitting my job and starting the Academy,” stated Bradley, “particularly when I saw that people working in forensics and with degrees were going. I thought to myself: ‘I don’t have a degree, I just work for the Council’, but I’m glad I went. I wasn’t expecting to do so well, but I knew I had to work extremely hard. I put a lot of effort into the course and I’m glad it paid off.”
Kate Booth quit her job as a university lecturer and was offered a place at the Academy after a strong aptitude test score. “The course is great because it includes people of all ages and backgrounds that haven’t followed the usual route to cyber security and doesn’t just look at existing skills but also capability and potential,” said Booth. “We also had some amazing tutors who do in real life what they were teaching us on the course.”
Booth continued: “It’s a great model for bringing women into the industry, avoiding the traditional routes which can be quite male-centric. Half the population are women so we’re missing the talents of a lot of people. I was always interested in maths and science when I was at school, and my parents gave me a lot of encouragement to do what I was interested in, but we need to do more as a country to bring women into cyber security. There’s still a way to go, but initiatives like this can really help females to break through.”
Goldmine of cyber talent
Jim Fox, head of cyber development at cyber security company e2e, attended the Academy’s two recruitment days and has since recruited several graduates.
“We were like kids in a candy store,” enthused Fox. “The Academy is like the Harvard Business School for cyber. You know the graduates are going in based on their aptitude, and will be going through the best training possible. We’re ahead of the game this year and have made some amazing recruits by getting involved early, but we expect there to be a lot more competition for graduates in the future.”
Carl Urban, one of e2e’s new recruits, commented: “The Academy takes people with the raw skills and gives them access to world class trainers. The industry is looking at response as much as prevention, and the training that we’ve received means that all of us now feel confident contributing to organisations looking to fill their cyber skills gaps.”
“The model has proven very effective,” asserted Steve Jones, who’s also the programme manager for the SANS Cyber Academy. “We spend several months assessing and identifying the most promising students, some of whom are working in related fields, but many of whom have never even considered security as a career. We give them the very best hands-on training available and put them through three GIAC examinations. Eight weeks later you have highly-skilled cyber defenders ready for employment.”
Jones concluded: “It’s a good model for an industry with a massive and critical skills gap. We’re now talking to a number of employers about finding and training their 2016 intake of cyber security staff through the next Academy. Our next rigorous selection process will soon be starting.”
How secure are the world’s largest cyber security companies?
After recent high profile security breaches at the likes of TalkTalk and Vodafone, cyber security is big news. With nine out of ten companies claiming to be victims of cyber crime, security is proving to be big business as companies battle to offer their clients the best protection.
However, new research shows that when choosing a provider it’s also imperative to check how financially stable they are. Global market analyst Plimsoll has produced a new study on the world’s 300 biggest cyber security companies which showsthat one-in-six of them is losing money. 44 of these companies are in “perilous financial danger” while the market “looks primed for consolidation” with 26 companies ripe for acquisition in 2016.
David Pattison, lead analyst at Plimsoll, told Risk UK: “It’s something of a gold rush at the minute with most companies completely unprotected until they’re attacked. However, the latest Plimsoll Analysis has identified 44 providers that are financially unstable.”
Pattison continued: “When choosing a company to protect your business, you need to invest a significant amount of time and money integrating their products into your own environment. With this in mind, isn’t it prudent to check if your chosen provider is likely to be around to give the cover you need for at least the next few years?”
The Plimsoll Analysis provides an individual health assessment and valuation on the world’s Top 300 cyber security companies. A series of charts and written summaries highlights which are strong and those that could be heading for financial trouble over the next few years.
*For further details about the analysis contact Plimsoll’s Global Team on (telephone) +44 (0)1642 626422 or via e-mail at: firstname.lastname@example.org