The Internet belongs to everyone. Let’s keep it that way.

Protect Net Neutrality
Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

The Cyber Security sector in the UK

Session for those unfamiliar/less familiar with what the Cyber Security sector currently looks like and how to get into it as a student/grad
by

CSDO City University London

on 26 October 2017

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of The Cyber Security sector in the UK

The Cyber Security sector in the UK
An Introduction - November 2017
Some recent headlines
Some stats
£80 billion
Routes in to the sector
• “I was an intelligence analyst who hated his job, so I applied to the computer systems intern program. Although I later became known for security expertise in the private sector,
I was never given any security-specific training
. Instead, I had years of on-the-job and formal training in good technical and operational practices. My later success in penetration
testing
was mostly built on detecting the absence of good practices, not formal training in how to hack systems or perform social engineering; I never had to use any advanced skills, given the woefully poor security I encountered. In any case, security positions
are not entry-level positions
, and if you treat them as such, you will have terrible security. The best security practitioners have experience in the technology and processes that they are supposed to secure.”
– Ira Winkler, September 2015
Entry level positions!
1 year placements
• Deloitte, BAE Systems, Roke, Atkins…

But what would I be doing?

David Gilchrist
Currently careers adviser, specialise in Technology careers advice
Former IT consultant
Worked for an organisation with some information security specialisations
Some children's GPS watches have security flaws: EU consumer group
- October 2017

Retail
The internet of things
Joint Strike Fighter plans stolen in Australia cyber attack
– October 2017
Government
Defence
Anonymous hacker reveals how they will destroy ISIS and its ability to carry out terror attacks
– December 2015
Terrorism
North Korea likely behind Taiwan SWIFT cyber heist: BAE Systems Plc
– October 2017
Government
Inter country conflict
U.S. warns public about attacks on energy, industrial firms
– October 2017
Public Sector
Power industry
A widening cyber-security skills gap is threatening UK companies
– January 2017
Unspecified
All?
Major new cyber security innovation centre for London - an investment of up to £14.5 million to develop next of generation of cyber security technology to help keep nation safe
– July 2017
Government
Lack of responsibility over information security putting UK businesses at risk of fraud
- November 2015
Business
Retail
£3.2 billion
1 in 5
200 billion
2/3rds
3 times
0%
Francis Maude Minister for the Cabinet Office, Aug 2014:

“The UK cyber market is worth over
£80 billion
a year and rising. As part of this Government’s long-term economic plan, we want to make the UK one of the most secure places to do business in cyberspace. We have a £860m Cyber Security Programme which supports law enforcement’s response to cybercrime and we are working with the private sector to help all businesses protect vital information assets.”

http://national-security.governmentcomputing.com, November 2015

Under part of efforts to defend "Britain in a cyber-age", Osborne said he would be investing in a number of areas ranging including both defensive and offensive measures, "If you add together the spending on core cyber security capabilities, protecting our own networks and ensuring safe and secure online services, the government's total cyber spending will be more than
£3.2 billion
," he said.

Tektonika, June 2017:

“Skycure reports that 21% of organisations have traced a data breach to their BYOD (Bring your own device) program.”
Vision Critical, April 2017

"[Intel] forecasts 200 billion connected devices by 2020"
Tektonika, June 2017

“Two-thirds of UK small businesses don’t think they’re vulnerable to cyber crime. ”
The Independent, January 2017

Employer demand [to fill cyber security roles] exceeded candidate interest by more than three times, according to Indeed, resulting in the biggest skills gap of any country in the world, bar Israel.
Cyber Security Ventures study, September 2016

“Cyber security unemployment rate at zero"
Top information security threats for 2016
o Theft of personal data from Point of Service (POS) payment devices

o Security weaknesses connected to Bring Your Own Devices (BYOD) and the connecting and disconnecting to organisations’ networks

o Cyber criminals targeting small to medium sized organisations (SMEs) that tend to have weaker information security protection

o Continued increase in Ransomware attacks where criminals ask for money in return for stopping their cyberattack

o Cloud based security services
http://www.informationsecuritybuzz.com/articles/top-information-security-threats-for-2016/
One
point of view
Grad schemes (some of)
Deloitte - Cyber Risk 2018 Grad Programme
Qinetiq - Cyber & Intelligence Graduate
Leonardo - Graduate Systems Engineer, Cyber
Thales - Graduate Trainee Cyber Analyst
Atos - Cyber Security Graduate Programme
Fujitsu - Cyber Security Graduate
Roke - Graduate Engineer Information Security
BT - Security Graduate
Minimum requirements?
"Approximately half of information security specialists have an undergraduate
degree
, with the most common degree subject being [Computer Science]." - Prospects.ac.uk job profile for Information Security Specialist

“Applicants might need to be
security cleared
as, depending on the role, they'll have access to sensitive information; for example when working for government or law enforcement agency establishments.” - Prospects.ac.uk job profile for Information Security Specialist

Keeping informed
• Cyber Security Challenge UK
• SC Magazine
• SecurityWeek
• InformationSecurity Buzz
• @paulsparrows, Cyber Attacks stats info
• Securityintelligence.com
• IBM’s X-Force Threat Intelligence Quarterly
• http://national-security.governmentcomputing.com/

• http://www.ey.com/Publication/vwLUAssets/EY-cybersecurity-and-the-internet-of-things/$FILE/EY-cybersecurity-and-the-internet-of-things.pdf

• http://www.ey.com/Publication/vwLUAssets/EY-cyber-threat-intelligence-how-to-get-ahead-of-cybercrime/$FILE/EY-cyber-threat-intelligence-how-to-get-ahead-of-cybercrime.pdf
Cyber Security Panel event
Monday 6th November
6pm to 8pm
The Northampton Suite
Prospects job profiles
http://www.prospects.ac.uk/information_security_specialist_job_description.htm
More Prospects
• http://www.prospects.ac.uk/features_a_career_in_cyber_security.htm
• http://www.prospects.ac.uk/case_studies_graduate_employers_department_business_innovation_skills_case_study_2.htm
• http://www.prospects.ac.uk/case_studies_graduate_employers_department_business_innovation_skills_case_study_1.htm

SANS Cyber Retraining Academy
HM Government program delivered in partnership with trainer organisation SANS
10-week program, London Monday-Friday
32 students graduated in 2016, 55 in 2017
The remit for applicants is to have no cyber experience
"A few easy questions, then came the lengthy application, aptitude test and finally face-to-face interview.”
“The course covers a foundational understanding of operating systems, networks and a secure infrastructure" - begins with 75% theory, reduces throughout the 10 weeks and by the end is 100% hands-on work.
SANS also run their own Hackathons

From the Cyber Security Challenge site
INCIDENT & THREAT MANAGEMENT & FORENSICS
RISK ANALYSTS & MANAGEMENT
POLICY MAKERS & STRATEGISTS
OPERATIONS & SECURITY MANAGEMENT
ENGINEERING, ARCHITECTURE & DESIGN
EDUCATION, TRAINING AND AWARENESS
RESEARCH
CHIEF TECHNOLOGY OFFICERS

https://cybersecuritychallenge.org.uk/careers/typical-roles/
https://cybersecuritychallenge.org.uk/about

Firstly virtual challenges, leading on to face to face challenges
From this competition you could advance to a two day Masterclass challenge created in conjunction with top information security employers.
Over the years over 50% of those students taking part in the Masterclass have received job offers from the companies involved.
http://www.meetup.com/UK-Hackathons-and-Jams/
plus
Mon. (2pm-3pm): Writing application forms for Technology graduate programs webinar
Tue. (12pm-1pm): What an Outstanding Tech Graduate Looks Like in 2017/2018 talk
Wed. (12pm-1pm): Introduction to the UK Tech sector in 2017 talk
Thu. (12pm-1pm): Succeeding in Technical Job Interviews workshop
Thu. (3pm-4pm): Insurtech – Introduction to these new and emerging Tech Job roles with the Chartered Insurance Institution workshop
Thu. (6-8pm): Careers in Technology panel event
Fri. (6-8pm): Developing as a Developer with City Tech Society talk

Book your places online – https://careershub.city.ac.uk/students/events
Another route?
In house info security vs.
Consultancy info security


Blackfoot UK
IRM Security
Jaw Consulting
Advent IM
Aristi
ECSC
etc...

But do they take on graduates?


Defcon
Bugcrowd
44Con
Info security
'communities'
Info security hackathons
https://www.hackevents.co/cities/london
www.gradcracker.com
targetjobs.co.uk
www.ratemyplacement.co.uk
On that note...

Bank of England Technology Competition
Theme: Cyber Security
Students aged 16+
Opens for entries from today
Full transcript