In an unassuming room in the depths of London’s Church House, on the grounds of Westminster Abbey, 41 amateur hackers sit at screens and attempt to thwart an attack on the Royal Family.
The threat is just a simulation, but the lack of cyber security talent to protect us from such a plot is a very real concern.
In a world where 15-year olds are hacking into major corporations like TalkTalk from their bedroom, the Cyber Security Challenge UK has been set up to teach people with these unique skills that they can pursue a lucrative career in cyber security.
This year’s second Cyber Security Challenge Masterclass saw candidates put their skills to the test by first identifying the insider threats within a fictitious pharmaceutical company, before thwarting a biological threat by taking control of the building’s environmental control system, all while working to real-life ethical and legal guidelines.
After two days of gruelling assessment by staff from GCHQ, the National Crime Agency and others, Peter Clarke (below), a 38 year old networking engineer from Leicester, was crowned champion. Clarke proves that it’s not just young talent, but also people looking for an exciting career change that can thrive in the sector.
Clarke said of the win: “I feel like it’s been a rollercoaster ride. I only entered the Cyber Challenge eight or nine weeks ago without anything higher than a GCSE and a few Microsoft qualifications in my back pocket so to be here now is unbelievable […] the Cyber Security Challenge has given me a catapult into the industry that you can’t find anywhere else.”
Bob Nowill, Director of the Cyber Security Challenge UK, believes that gaming is the way to get talent interested in the sector. “The next generation of cyber security talent is likely to come from the gaming environment,” says Nowill, “so we have to reach them in their own environment.”
In order to achieve this the challenge moved from a set of static games that could only be accessed at certain times to a visually rich, on-demand gaming environment called the virtual skyscraper.
More than 50 percent of this year’s competitors identify as gamers, with the combination of technical curiosity, problem solving skills, competitiveness and a desire for peer recognition lending themselves to a career in cyber security.
According to a study by (ISC)² there is a projected global shortfall of 1.5 million cyber security staff by 2020.
The chancellor addressed the shortfall in his November 17 speech to GCHQ on cyber security: “We will never succeed in keeping Britain safe in cyberspace unless we have more people with the cyber skills that we need.”
He continued: “Training the next generation of coders is vital – both for our economy and our security.”
Every one of last year’s 42 competitors received at least one job offer, and one in two are now gainfully employed in the sector.
Salaries in cyber security are high: over £55,000 on average in the UK according to mysalarychecker.com. The challenge is to teach young people with these sort of technical skills that cyber security is a viable, and highly rewarding career path.
Stephanie Daman, CEO of the Cyber Security Challenge UK, said: “This is the most realistic Masterclass we have staged to date. While there is drama and suspense as the storyline unfolds, everything the candidates are doing matches the tasks of those fulfilling cyber security jobs in real life.”
Finalist Jess Williams. Photo: Cyber Security Challenge UK
For the second year running only one female qualified for the final of the masterclass, 22 year old Jess Williams.
As a young woman studying Games Development at De Montford University, Williams personifies what the competition is trying to achieve.
“All of my friends think it’s really cool, but they would never do it,” admits Williams.
“Most of my friends are girls and they are studying things like fashion and they think it [the Cyber Security Challenge] is some weird magic and that I can hack into people’s Facebook and stuff, so I have to tell them it’s not really like that.”
Being the only girl in the competition doesn’t faze her though. “I’m really competitive, so, for me it’s about proving that I deserve to be here.”
In the post-Snowden world and with the government looking to finely balance the need for personal privacy against real threats to national security with its Draft Investigatory Powers Bill, the Cyber Security Challenge ensures all competitors are working within real life legal frameworks.
The competition requires candidates to not just display technical proficiencies but also ‘soft’ skills. “You can’t win the masterclass if you are just a techie,” as Bob Nowill put it.
Tim Carrington, 25, was another of the 41 finalists and he makes the very important distinction between black and white hat hacking.
“This is a nice way to practice these skills without breaking the law,” says Carrington. “You might have all the commands to smash your way in, but working under the legislation to gain access is a good professional skill. Otherwise this thing would have been over yesterday.”
Fancy yourself as a budding cyber security star? Sign up and start playing the Cyber Security Challenge games.