Q&A with the Cyber Security Challenge participant who landed a cyber role at PwC
Computing speaks to Chris Doman, who came second in one of the challenges, about how the CSC enabled him to enter the cyber security field
The Cyber Security Challenge UK (CSC UK), a series of national events designed to encourage talented professionals to join the UK IT security industry, is a government- and industry-backed initiative that has enabled 40 participants to secure IT security roles.
But Chris Doman, a 27-year-old former software developer from Essex, believes that the challenge is a success.
Doman triumphed over 1,200 cyber teams from 53 countries on his own to finish second in a US military cyber security competition, designed and hosted by the US Department of Defense Cyber Crime Centre (DC3) and run by the CSC UK - he missed out only to a team of professionals from aerospace and defence technology firm Northrop Grumman.
Doman is now a senior associate in PwC's cyber threat detection response team, and he told Computing how the Cyber Security Challenge helped him to get to where he is now, and offered advice to those looking to sign up to the next challenge.
Q. What is your background, and why did you apply to participate in the Cyber Security Challenge?
Doman: I started programming at school, and got into the security side of things. I used to look online at competitions and entered some, and set up some of my own as well.
I went to university and did computer science at Cambridge, and after that I worked as a web developer, and started my own company [Ignite Research] with a friend in 2009. It was a big data company, in which we had to crawl the web and find data on hotels and set up sites based on that.
Although the big data side of things was interesting, the actual application of it wasn't. So I saw the Cyber Security Challenge - which I remembered seeing a few years before - and signed up to it as I had an interest in the cyber security field.
Q. So was it the challenge that got you the role that you're in today?
Doman: Yes, definitely. I wasn't really applying to places because I wanted to see what I could do, and after I did well in the forensic competition then [companies] started talking to me. It was great to demonstrate what I could do, it's quite hard to demonstrate [those skills] without something like the challenge around.
Q. Do you believe there is a cyber security skills gap?
Doman: Yes. We're recruiting ourselves and we're asking around if anyone knows people with the required skill set. [Cyber security] is growing very fast, things have changed, more companies are being attacked and there's a lot more money involved, so there is definitely a skills shortage in keeping up with that.
Q&A with the Cyber Security Challenge participant who landed a cyber role at PwC
Computing speaks to Chris Doman, who came second in one of the challenges, about how the CSC enabled him to enter the cyber security field
Q. Do you think that is to do with a lack of awareness of roles in cyber security and initiatives like the Cyber Security Challenge?
Doman: [The challenge] is not necessarily the most obvious path to go for, and a lot of people don't know that they are good at these skills, so a lot of them don't get into it.
As for awareness, when I graduated, I did think about it but that was because I had a keen interest in it. There wasn't such an explosive need for it as there is now; there are a lot of new cyber security fairs, so it is getting better.
But I suppose you have to have heard about it in the first place in order to get into it, so a lot of companies are going to academic institutes to talk to students and get more people thinking about it as a career choice.
Q. Are you looking to stay in cyber security?
Doman: So far I'm loving it. The work is really interesting in terms of the kinds of things I'm doing. I definitely want to keep doing it. My role involves detecting threats, seeing what's happening on the network and detecting when the bad guys are there, or could be there, and then track what those people are up to, and see who they are attacking and how - it's all very interesting. I just want to keep progressing and building up my skills here.
Q. What advice would you give to those looking to participate in the Cyber Security Challenge?
Doman: To get involved - I wish I'd done it earlier. There are different competitions depending on your skill set, so there was the forensic side of things, which I did, as well as more traditional kinds of things on the defence side, and then there's risk assurance. They also had a lot of training opportunities: some to develop technical skills and others for people skills.
Once you've got a place on the challenge, what I found helped was to do as much research as I could and find out what the competitions have been like in the past. No matter what you learn from these things, it will be useful for your career, so I'd just try to read a lot and practise things.
Q. How can the Cyber Security Challenge be improved?
Doman: Those working on the challenge took a lot of feedback from the participants on how to improve things. Perhaps one way is to do them more often. Perhaps they should encourage a range of groups - not just the ‘techiest' people to join in.
Computing and QA Training's Securing Talent campaign aims to raise awareness of the growing need for people with cyber security skills in industry and government, and for clearer pathways into the cyber security profession.