Training the cyber security leaders of tomorrow.

Partnerships between industry and academia are key to plugging the digital skills gap, says Professor Keith Martin in this article that was produced for 'The New Statesman' in May 2020.

It is well accepted that the UK, and indeed the world, is short of cyber security skills. This shortage applies to everyone, ranging from the everyday understanding and practice of cyber security by the general public through to the more sophisticated degree of cyber security awareness necessary for policymakers and business leaders. I hope the pandemic has reminded us that society cannot function without experts, and also that we are short of them.

This was recognised early by the UK government, which included among the many initiatives it launched off the back of the 2011 National Cyber Security Strategy, funding for two Centres for Doctoral Training (CDTs) in cyber security, one of which we have been hosting at Royal Holloway, University of London, since 2013. So what are CDTs, and how do they help to train new cyber security experts for the UK?

CDTs are four-year PhD programmes. Our CDT funds an annual cohort of around ten new starters. Royal Holloway’s CDT has thus far recruited seven cohorts, two of which have now graduated. That’s 20 new experts, 50 on the way, and we currently have funds to train another 40 over the next four years. Each cohort engages in a year of multidisciplinary training before each researcher selects an individual project topic, which they pursue in depth for the remaining three years. Each researcher is also expected to undertake an internship with one of our CDT partner organisations. There are four defining keywords worth expanding on.

There are three significant benefits of the CDTs’ cohort-based approach. Firstly, a PhD can be a long and lonely journey if studied in isolation. Pursuing a PhD within a cohort can be much more nurturing, with lifelong friendships likely to emerge. Secondly, developing a distinctive training programme for a cohort is more effective, and scalable, than bespoke individual training. And thirdly, and perhaps most importantly, a cohort brings together individuals with diverse backgrounds and life experience. We firmly believe that cohorts establish collectives of researchers who are much more creative than the sum of their parts. As an example, one team of four CDT researchers won the inaugural Cyber 9/12 UK security policy competition in 2018.

Our CDT training programme is inherently multidisciplinary. This recognises that cyber security is not solely an issue of technology. It also requires an understanding of how individuals, groups and society more broadly engage with digital technology. Our CDT recruits not just computer scientists, engineers and mathematicians, but also sociologists, psychologists, economists and geographers. The training programme exposes them to the likes of firewalls and encryption, but also to securitisation theory, geopolitics, and human and social factors. They attend taught courses on Royal Holloway’s pioneering Information Security masters programme, but also undertake group exercises such as critiquing national cyber security strategies, designing campus cyber security awareness campaigns and conducting boardroom simulation exercises. We want every cyber security expert we train, regardless of specialism, to appreciate the bigger cyber security picture, and how their expertise contributes to this picture.

Of course, a PhD is ultimately about research. Our CDT’s official title is the Engineering and Physical Sciences Research Council’s CDT in Cyber Security for the Everyday. That “everyday” is multifaceted. Firstly, the research addresses challenges concerning the technologies deployed in digital systems that people use, sometimes inadvertently, daily. Researchers in the CDT have been investigating security of software, data protection in cloud environments, existing security technologies and those that will become mainstream in the future, such as post-quantum cryptography. However, the research also addresses the everyday societal experience and practice of security. Our researchers have been investigating cyber security in the workplace, the privacy and security implications of health and transport apps, maritime cyber security, and the establishment of national data embassies.

Finally, the CDT is all about partnerships. One goal of our CDT is to embed all our CDT researchers within the wider cyber security community. This begins during the first-year training, especially through a series of events that we call Cyber Security in the Wild. Each of these involves an engagement with cyber security practitioners to explore both what their day job looks like, but also their own professional journeys. We do this through field trips to different types of cyber security organisation, as well as by welcoming visitors to our own campus. Our CDT partners also act as hosts for internships.

These have taken students all around the world to experience different cyber security cultures, including Amazon Web Services, HP Labs, Cabinet Office and Nato’s Shape (supreme headquarters allied powers Europe). We are always seeking new CDT partners, so please do get in touch if you would like to consider becoming involved in our training programme or hosting CDT researchers on internships.

Our first CDT cohorts are now fully fledged. CDT graduates have found employment as cyber security experts in a range of established security technology companies, government roles and start-ups, while a couple of others have continued in academia. Providing all the cyber security skills for the UK’s future needs will require many different interventions, at different levels. By training tomorrow’s cyber security leaders, we are confident that the Royal Holloway CDT is playing a very important part of delivering this


Comments

Post a Comment

Popular posts from this blog

Remote working and Cyber Security: Georgia Crossland and Amy Ertan

Introducing the project The shift to remote working represents a huge shift for employees and organisations alike, introducing significant implications for cyber security. Amy Ertan and Georgia Crossland are currently working on a research project, in collaboration with the Research Institute for Sociotechnical Cyber Security (RISCS) and funded by the UK National Cyber Security Centre (NCSC), on the impact of remote working on cyber security and wellbeing. This blog post will give an overview of a section of this project, how remote working impacts cyber security. In response to COVID-19, in March 2020, organisations across the world made the rapid shift away from physical office working to remote working, wherever possible. This shift has had a significant impact across many aspects of organisations. This blog post will offer a high-level overview of how the cyber threat landscape was impacted for many organisations and may further change organisational cyber resilience. Remote workin...
Read more

New Publication: Remote Working and (In)Security?: Amy Ertan

Image
A recent research report by CDT researchers Amy Ertan and Georgia Crossland has been published with the Research Institute for Sociotechnical Cyber Security (RISCS). The report examines ‘The Impact of Pandemic-Driven Remote Working on Employee Wellbeing, the Psychological Contract and Cyber Security’, with research carried out through a series of interviews with senior cyber security colleagues between January and April 2021. The full report can be found on the RISCS website: New publication: Remote Working and (In)Security | RISCS. Context In the UK and around the world, the impact of COVID-19 represented a total shift away from what was considered ‘normal living’. One aspect of this change was the rapid transition to remote working as people were encouraged to work from home and limit contact with others as far as possible through repeated lockdown conditions. Fellow CDT colleague Georgia Crossland and I were curious to explore how remote working has impacted the experiences - and se...
Read more

The Artificial Intelligence Monster: Nicola Bates

Image
Christopher Booker in 2004 wrote of the seven basic plots to any story, one of these being ‘overcoming the monster’. Within Hollywood, such ‘monsters’ often reflects the zeitgeist balancing commercial requirements with the political and societal preoccupations of the age. The monster evolves over time - from Russia in the Cold War years through to lone actors and terrorists and now to seemingly shadowy figures controlling intelligence. Whilst generally lighter in tone, such monsters also exist within children’s cinema. In recent years this monster has become increasingly defined by their use of highly sophisticated technology, finally becoming the technology in ‘The Mitchells vs. the Machine’*. Lethal technology and subversive machines aren’t new concepts in children’s movies. They can, for example, be found in ‘Short Circuit’ back in 1986. This movie begins with five United States military robots in a training exercise against tanks and focusses upon one of the robots becoming ‘alive’...
Read more