Loading presentation...

Present Remotely

Send the link below via email or IM

Copy

Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.

DeleteCancel

Make your likes visible on Facebook?

Connect your Facebook account to Prezi and let your likes appear on your timeline.
You can change this under Settings & Account at any time.

No, thanks

The Cyber Security sector in the UK

Session for those unfamiliar/less familiar with what the Cyber Security sector currently looks like and how to get into it as a student/grad
by

CSDO City University London

on 27 April 2017

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of The Cyber Security sector in the UK

The Cyber Security sector in the UK
An Introduction - November 2016
Some recent headlines
Some stats
£80 billion
Routes in to the sector
• “I was an intelligence analyst who hated his job, so I applied to the computer systems intern program. Although I later became known for security expertise in the private sector,
I was never given any security-specific training
. Instead, I had years of on-the-job and formal training in good technical and operational practices. My later success in penetration
testing
was mostly built on detecting the absence of good practices, not formal training in how to hack systems or perform social engineering; I never had to use any advanced skills, given the woefully poor security I encountered. In any case, security positions
are not entry-level positions
, and if you treat them as such, you will have terrible security. The best security practitioners have experience in the technology and processes that they are supposed to secure.”
– Ira Winkler, September 2015
Entry level positions!
1 year placements
• National Grid, Thales, Fujitsu, PwC, BAE Systems, G-Research…

But what would I be doing?

David Gilchrist
Currently careers adviser, specialise in Technology careers advice
Formerly IT consultant
Worked for an organisation with some information security specialisations
Fiat Chrysler recalls 1.4 million cars after Jeep hack
- July 2015

Car industry
The internet of things
US Centcom Twitter account hacked by pro-IS group

– January 2015
Government
Terrorism
Anonymous hacker reveals how they will destroy ISIS and its ability to carry out terror attacks
– December 2015
Terrorism
Ukraine Accuses Russia of Cyber Attack on Kiev Airport
– January 2016
Government
Inter country conflict
University students across the UK have been unable to submit work, after the academic computer network known as Janet came under cyber-attack
– December 2015
Public Sector
Higher Education
Whodunnit? The Mystery of the Sony Pictures Hack
– December 2014
Film and media
Cyber-attacks increase leads to jobs boom
– March 2014
Unspecified
All?
[UK Chancellor of the Exchequer] Phillip Hammond pledges to nearly double cyber security spend
– November 2016
Government
Lack of responsibility over information security putting UK businesses at risk of fraud
- November 2015
Business
Retail
£3.2 billion
50 a second
between 26 billion and 30 billion
70%
1.5million
0%
Francis Maude Minister for the Cabinet Office, Aug 2014:

“The UK cyber market is worth over
£80 billion
a year and rising. As part of this Government’s long-term economic plan, we want to make the UK one of the most secure places to do business in cyberspace. We have a £860m Cyber Security Programme which supports law enforcement’s response to cybercrime and we are working with the private sector to help all businesses protect vital information assets.”

http://national-security.governmentcomputing.com, November 2015

Under part of efforts to defend "Britain in a cyber-age", Osborne said he would be investing in a number of areas ranging including both defensive and offensive measures, "If you add together the spending on core cyber security capabilities, protecting our own networks and ensuring safe and secure online services, the government's total cyber spending will be more than
£3.2 billion
," he said.

The UK Cards Association, August 2015:

“The number of card transactions made on the internet has increased by 20 per cent in the past year with consumers spending £11.5 billion online in August, according to the latest figures from The UK Cards Association. There were 130 million card payments online in August - almost
50 a second
- up from 108 million in the same period last year.”
Securityintelligence.com, November 2014

“The estimated growth of [The Internet of Things] is expected to hit between
26 billion and 30 billion
devices by 2020, with an estimated market worth of between $6 trillion and $9 trillion.”
Infosec Institute

“The Global State of Information Security® Survey 2015 issued by PricewaterhouseCoopers comes to the conclusion that about
70%
of connected [Internet of Things] IoT devices lack fundamental security safeguards.”
Prospects.ac.uk

The 2015 Global Information Security Workforce Study predicts that the global cyber security workforce shortage will reach
1.5 million
within five years as demand outstrips supply.
The Financial Times, 18th November 2015

“Global demand for cyber security experts is forecast to outstrip supply by a third before the end of the decade, with companies struggling against what one senior industry figure has called the “largest human capital shortage in the world. Mark Brown, UK and Ireland executive director of cyber security and resilience at EY adds that there is already “virtually
0 per cent
unemployment” in the industry, but the shortage is only set to get worse.”
Top information security threats for 2016
o Theft of personal data from Point of Service (POS) payment devices

o Security weaknesses connected to Bring Your Own Devices (BYOD) and the connecting and disconnecting to organisations’ networks

o Cyber criminals targeting small to medium sized organisations (SMEs) that tend to have weaker information security protection

o Continued increase in Ransomware attacks where criminals ask for money in return for stopping their cyberattack

o Cloud based security services
http://www.informationsecuritybuzz.com/articles/top-information-security-threats-for-2016/
One
point of view
Grad schemes
• National Grid – Cyber Security Specialists
• Thales – Grad software engineer, Security
• British Telecom (BT) – Security Graduate Programme
• Qinetiq – Cyber Security Graduate
• PwC – Cyber Security
• Hewlett Packard – Information Security Consulting Graduate
• Atkins – Security and Technology Grad Development Programme
• Fujitsu – IT Operations and Security Graduate
• GCHQ – Cyber Security Information and Assurance
• Selex ES – Graduate SOC Analysts
• G-Research – Information Security Analyst
• FDM announces new Cyber Security pathway
Minimum requirements?
"Approximately half of information security specialists have an undergraduate
degree
, with the most common degree subject being [Computer Science]." - Prospects.ac.uk job profile for Information Security Specialist

“Applicants might need to be
security cleared
as, depending on the role, they'll have access to sensitive information; for example when working for government or law enforcement agency establishments.” - Prospects.ac.uk job profile for Information Security Specialist

“the UK Government’s 2014 Cyber Security Skills report… revealed that CISSP, CISM, ISO 27001 LA, CLAS and CISA are among the
information assurance qualifications
they look for when recruiting staff.” - more likely for experienced hire, not student/grad roles

Keeping informed
• Cyber Security Challenge UK
• SC Magazine
• SecurityWeek
• InformationSecurity Buzz
• @paulsparrows, Cyber Attacks stats info
• Securityintelligence.com
• IBM’s X-Force Threat Intelligence Quarterly
• http://national-security.governmentcomputing.com/

• http://www.ey.com/Publication/vwLUAssets/EY-cybersecurity-and-the-internet-of-things/$FILE/EY-cybersecurity-and-the-internet-of-things.pdf

• http://www.ey.com/Publication/vwLUAssets/EY-cyber-threat-intelligence-how-to-get-ahead-of-cybercrime/$FILE/EY-cyber-threat-intelligence-how-to-get-ahead-of-cybercrime.pdf
Cyber Security Panel event
Thursday 10th November
6pm to 8pm
The Northampton Suite
Prospects job profiles
http://www.prospects.ac.uk/information_security_specialist_job_description.htm
More Prospects
• http://www.prospects.ac.uk/features_a_career_in_cyber_security.htm
• http://www.prospects.ac.uk/case_studies_graduate_employers_department_business_innovation_skills_case_study_2.htm
• http://www.prospects.ac.uk/case_studies_graduate_employers_department_business_innovation_skills_case_study_1.htm

SANS Cyber Academy Graduates
Suited for...
Junior SOC Analyst
Junior Security Adviser
Junior Penetration Tester
Behavioural Malware Analyst
Incident Responder Team Member

From the Cyber Security Challenge site
INCIDENT & THREAT MANAGEMENT & FORENSICS
RISK ANALYSTS & MANAGEMENT
POLICY MAKERS & STRATEGISTS
OPERATIONS & SECURITY MANAGEMENT
ENGINEERING, ARCHITECTURE & DESIGN
EDUCATION, TRAINING AND AWARENESS
RESEARCH
CHIEF TECHNOLOGY OFFICERS

https://cybersecuritychallenge.org.uk/careers/typical-roles/
https://cybersecuritychallenge.org.uk/about-us/overview/

“Users can learn the basics of cyber by creating 3D avatars and explore a virtual world before playing the competition games.”
From this competition you could advance to a two day Masterclass challenge created in conjunction with top information security employers.
Over the years over 50% of those students taking part in the Masterclass have received job offers from the companies involved.
http://www.meetup.com/UK-Hackathons-and-Jams/
https://www.sans.org/media/emea/Cyber-Academy.pdf

There is a selection process including an aptitude assessment, skills assessment and interview
8 weeks – classes and labs on week days from 9 to 5
Graduates will complete three major certifications: GSEC, GCIH and GCFE through the 8 weeks
SANS also run their own Hackathons

plus
Monday (6-8pm): Careers in Technology panel event
Tuesday (1-2pm): What an Outstanding Tech Graduate Looks Like talk
Tuesday (6-8pm): Developing as a Developer with City Tech Society talk
Wednesday (10am-1pm): Get in the Game (Computer Gaming) Careers talk
Wednesday (6-8pm): Meet your Technology and Computer Science Predecessors networking event
Thursday (3-4pm): Succeeding in Technical Job Interviews workshop
Book your places online – https://careershub.city.ac.uk/students/events
Another route?
In house info security vs.
Consultancy info security


Blackfoot UK
IRM Security
Jaw Consulting
Advent IM
Aristi
ECSC
etc...

But do they take on graduates?


Defcon
Bugcrowd
44Con
Info security
'communities'
Info security hackathons
https://www.hackevents.co/cities/london
Full transcript