By Martyn Ruks
Even in 2015, if you talk to security people about cyber skills in the UK (and indeed further afield), they will undoubtedly tell you the following:
This is a big problem as in this complex and interconnected world, we will increasingly depend on people with the right skills and aptitude to protect governments, businesses and critical infrastructure.
And the impetus is growing rapidly. In the past two years, there has been an explosion in the number of damaging and highly-visible system compromises. If you're reading this, I hardly need to mention who.
To those of us within the industry, these events have come as no
So why is this happening?
When we start to analyse the reasons behind why these events occur, we always come back to a single problem - a broad lack of cyber skills.
And whilst this post won't discuss
this in detail, one thing that most agree on is that both industry and government should be focusing
on developing these people who can prevent the compromises of tomorrow.
Despite my earlier point about the shortfall in British talent, we are
still a world leader in security, possessing some of the brightest minds
in the field. So on the industry side of things, my view is this -
we need to take advantage of our experience and specialism in a way that will benefit as many others as possible.
So what do we mean by that? If a single company like MWR can equip people with
the right approach and attitude for solving the difficult problems as well as
inspiring them to go on and teach others what they have learned - then, through the "multiplication factor" effect, we can
amplify our efforts and increase our influence.
I hope that doesn't seem like an oversimplification - we certainly don’t underestimate the scale of the
challenge. However, what we cannot do is leave the problem for other
people to address.
What sort of skills are needed?
Before we start the process of finding these solutions, it’s also important that we clearly understand what skills we need to pass on to others in order to equip people for the challenges we are facing.
isn’t solely about teaching technical security information, computer science
disciplines, hacking techniques or the use of defensive tools and technologies.
If it was, we could deliver those through professional training
courses, University degrees, industry bodies, security conferences and Capture
the Flag contests.
Make no mistake, all of those have their place but if this
is all we are using to inspire and teach the next generation of Cyber Security
professionals, then we are missing the bigger picture.
Teaching from a textbook can only teach what we know already, whereas the problems we face in the security industry every day need
constantly new approaches and different thinking.
I believe that to thrive in a rapidly-changing environment such as cyber
security, you need to sharpen the creative, problem-solving part of
This is something that we have come to call the "HackFu Mind" - something which will be covered frequently throughout this site and in our later blog posts.
How do you create this mindset?
We've now created a case for a progressive approach to cyber-skills education, but how do we do that in practice?
Well, we believe that the approach needed to develop this mindset should include the following key aspects:
In our opening article we discuss how we see the problem space and what some of the challenges are so given all of that, what are we looking to achieve with this website.
As we said previously we don’t claim to know all the solutions but we are certainly trying things that will enable us to find them. Along the way we’ll learn lots of lessons, we’ll no doubt have a few false starts but we’ll also get some stuff right. It’s that journey that we’re going to share on this site, including all the initiatives and events that we’re planning to run to support it all.
We don’t know yet exactly what will be on this site but the one thing we’re certain of is that it will be thought provoking, philosophical, challenging and most importantly it will be fun and engaging. We’ll get techie at times, something we make no apology for, as well as extracting the concepts and key points that we encounter along the way.
We also want your help on our journey. We want you to tell us your thoughts and experiences of what we’re doing and hopefully some stories about how you’ve taken our ideas and turned them into your own projects, events and general awesomeness. We want to know the good, the bad and the ugly and to get involved please get in contact via Twitter and then keep coming back to this hub for more insight and information.
So hold on tight, this will be a wild ride for all of us.