Training the cyber security leaders of tomorrow.

Partnerships between industry and academia are key to plugging the digital skills gap, says Professor Keith Martin in this article that was produced for 'The New Statesman' in May 2020.

It is well accepted that the UK, and indeed the world, is short of cyber security skills. This shortage applies to everyone, ranging from the everyday understanding and practice of cyber security by the general public through to the more sophisticated degree of cyber security awareness necessary for policymakers and business leaders. I hope the pandemic has reminded us that society cannot function without experts, and also that we are short of them.

This was recognised early by the UK government, which included among the many initiatives it launched off the back of the 2011 National Cyber Security Strategy, funding for two Centres for Doctoral Training (CDTs) in cyber security, one of which we have been hosting at Royal Holloway, University of London, since 2013. So what are CDTs, and how do they help to train new cyber security experts for the UK?

CDTs are four-year PhD programmes. Our CDT funds an annual cohort of around ten new starters. Royal Holloway’s CDT has thus far recruited seven cohorts, two of which have now graduated. That’s 20 new experts, 50 on the way, and we currently have funds to train another 40 over the next four years. Each cohort engages in a year of multidisciplinary training before each researcher selects an individual project topic, which they pursue in depth for the remaining three years. Each researcher is also expected to undertake an internship with one of our CDT partner organisations. There are four defining keywords worth expanding on.

There are three significant benefits of the CDTs’ cohort-based approach. Firstly, a PhD can be a long and lonely journey if studied in isolation. Pursuing a PhD within a cohort can be much more nurturing, with lifelong friendships likely to emerge. Secondly, developing a distinctive training programme for a cohort is more effective, and scalable, than bespoke individual training. And thirdly, and perhaps most importantly, a cohort brings together individuals with diverse backgrounds and life experience. We firmly believe that cohorts establish collectives of researchers who are much more creative than the sum of their parts. As an example, one team of four CDT researchers won the inaugural Cyber 9/12 UK security policy competition in 2018.

Our CDT training programme is inherently multidisciplinary. This recognises that cyber security is not solely an issue of technology. It also requires an understanding of how individuals, groups and society more broadly engage with digital technology. Our CDT recruits not just computer scientists, engineers and mathematicians, but also sociologists, psychologists, economists and geographers. The training programme exposes them to the likes of firewalls and encryption, but also to securitisation theory, geopolitics, and human and social factors. They attend taught courses on Royal Holloway’s pioneering Information Security masters programme, but also undertake group exercises such as critiquing national cyber security strategies, designing campus cyber security awareness campaigns and conducting boardroom simulation exercises. We want every cyber security expert we train, regardless of specialism, to appreciate the bigger cyber security picture, and how their expertise contributes to this picture.

Of course, a PhD is ultimately about research. Our CDT’s official title is the Engineering and Physical Sciences Research Council’s CDT in Cyber Security for the Everyday. That “everyday” is multifaceted. Firstly, the research addresses challenges concerning the technologies deployed in digital systems that people use, sometimes inadvertently, daily. Researchers in the CDT have been investigating security of software, data protection in cloud environments, existing security technologies and those that will become mainstream in the future, such as post-quantum cryptography. However, the research also addresses the everyday societal experience and practice of security. Our researchers have been investigating cyber security in the workplace, the privacy and security implications of health and transport apps, maritime cyber security, and the establishment of national data embassies.

Finally, the CDT is all about partnerships. One goal of our CDT is to embed all our CDT researchers within the wider cyber security community. This begins during the first-year training, especially through a series of events that we call Cyber Security in the Wild. Each of these involves an engagement with cyber security practitioners to explore both what their day job looks like, but also their own professional journeys. We do this through field trips to different types of cyber security organisation, as well as by welcoming visitors to our own campus. Our CDT partners also act as hosts for internships.

These have taken students all around the world to experience different cyber security cultures, including Amazon Web Services, HP Labs, Cabinet Office and Nato’s Shape (supreme headquarters allied powers Europe). We are always seeking new CDT partners, so please do get in touch if you would like to consider becoming involved in our training programme or hosting CDT researchers on internships.

Our first CDT cohorts are now fully fledged. CDT graduates have found employment as cyber security experts in a range of established security technology companies, government roles and start-ups, while a couple of others have continued in academia. Providing all the cyber security skills for the UK’s future needs will require many different interventions, at different levels. By training tomorrow’s cyber security leaders, we are confident that the Royal Holloway CDT is playing a very important part of delivering this


Comments

Post a Comment

Popular posts from this blog

Post-PhD thoughts on the Cyber Security field: Amy Ertan, 2017 CDT Cohort, now Cyber and Hybrid Policy Officer at NATO HQ in Brussels.

It has been just over a year since I successfully completed my viva – a milestone that initially felt both terrifying and insurmountable when I first joined the CDT. Now, I have the privilege of reflecting on my PhD journey and how its opportunities have shaped my present. I also wish to inspire curious students to embrace the full potential of the CDT and similar programs.   When I first came across the CDT application form, I initially envisioned transforming from a disillusioned city worker into a technical cyber security wizard, focusing on governance or incident response – as those were the only cyber security functions I was familiar with at the time. Very quickly, the CDT taught me that cyber security encompasses a vast and comprehensive range of approaches, offering me a holistic perspective on the field. Supported by the CDT, I engaged with exciting research and practitioner communities to learn about security governance, feminist and critical approaches, geography, the philos
Read more

Remote working and Cyber Security: Georgia Crossland and Amy Ertan

Image
Introducing the project The shift to remote working represents a huge shift for employees and organisations alike, introducing significant implications for cyber security. Amy Ertan and Georgia Crossland are currently working on a research project, in collaboration with the Research Institute for Sociotechnical Cyber Security (RISCS) and funded by the UK National Cyber Security Centre (NCSC), on the impact of remote working on cyber security and wellbeing. This blog post will give an overview of a section of this project, how remote working impacts cyber security. In response to COVID-19, in March 2020, organisations across the world made the rapid shift away from physical office working to remote working, wherever possible. This shift has had a significant impact across many aspects of organisations. This blog post will offer a high-level overview of how the cyber threat landscape was impacted for many organisations and may further change organisational cyber resilience. Remote workin
Read more

New Publication: Remote Working and (In)Security?: Amy Ertan

Image
A recent research report by CDT researchers Amy Ertan and Georgia Crossland has been published with the Research Institute for Sociotechnical Cyber Security (RISCS). The report examines ‘The Impact of Pandemic-Driven Remote Working on Employee Wellbeing, the Psychological Contract and Cyber Security’, with research carried out through a series of interviews with senior cyber security colleagues between January and April 2021. The full report can be found on the RISCS website: New publication: Remote Working and (In)Security | RISCS. Context In the UK and around the world, the impact of COVID-19 represented a total shift away from what was considered ‘normal living’. One aspect of this change was the rapid transition to remote working as people were encouraged to work from home and limit contact with others as far as possible through repeated lockdown conditions. Fellow CDT colleague Georgia Crossland and I were curious to explore how remote working has impacted the experiences - and se
Read more