Ctdit23 1125 125 website image.jpg

Gamifying cyber: new strategies to diversify the security profession

Gamifying cyber: new strategies to diversify the security profession

Image:
Gamifying cyber: new strategies to diversify the security profession

Getting a job in cybersecurity used to rely on luck or sideways movement, but new programmes like Cyber Explorers are changing that

Cybersecurity skills are in demand, essential for the well-being of organisations of all types, as well as the nation as a whole. And yet, until recently there have been few clear paths to a cybersecurity profession. Instead, cyber has tended to be an offshoot from an existing tech career via qualifications and certifications such as ISO 27001, CompTIA and CISMP. You're a techie first, then you move to cyber. That's the way it's always gone.

But as is now widely accepted, the most effective security teams include members from a wide variety of backgrounds, not just those who have arrived via the traditional routes.

Gillian Vanhauwaert is a young pen test team lead at Stevenage-based cybersecurity services company Bulletproof. Cybersecurity was not even on her radar growing up in Belgium, where she followed a science-oriented path at school. Having graduated, she had no idea about what to do next.

"I knew I liked games and computers and my high school said you've done sciences so you probably want to go to engineering, which is what I did."

That's exactly what I want to do. How come I've never heard of this?

However, the Industrial Engineering degree wasn't as interesting as she'd hoped, and after a year she switched to web development. The turning point came in her final year when she attended an internship fair where she came across students who had done cybersecurity as part of their courses.

"A lot of security companies were there, and they pitched ethical hacking to me and I thought, that sounds amazing. That's exactly what I want to do. How come I've never heard of this?"

Fortunately she was able to add cybersecurity modules onto her degree course. After completing that she spent another two years specialising in security, before undertaking internships in the field of cyber.

Image
Gillian Vanhauwaert
Description
Gillian Vanhauwaert

This zig-zag trajectory into a cyber career is not unusual for people now in their twenties, Vanhauwaert said. Certainly, it would have been better to have known about the option earlier. "I really would have wanted to have that information at 18, and especially in high school"

One route in is self-learning using online resources, of which there are many - but the prerequisite is you need to know about it first. Chicken and egg. "I think you need to get lucky to stumble upon it."

Thankfully, the situation is improving in Belgium, the UK and elsewhere. The profession has become more visible as the requirement for cyber expertise has become more apparent and the need to attract young people more widely recognised.

Using games to draw people in is a very effective route, said Vanhauwaert, mentioning Pwnie Island, a game set on an island where you hack your way to success. "There's more and more of these coming out as well. I'm very happy there are more resources now to gamify this learning."

Nevertheless, she says she's one of only two female pen testers where she works.

"People have been nice and often teams tend to be combinable, for example, there can be GDPR teams which do tend to have a bit more of a balance, which makes it feel a bit less lonely, I guess. But even so, there's definitely an imbalance."

The Cyber Explorers programme

The barriers that Gillian Vanhauwaert encountered to a cyber career are a casebook example of what the UK's Cyber Explorers programme seeks to address.

Launched last year, it's aimed at broadening the appeal of computer science for students aged between 11 and 14, introducing them to areas such as cybersecurity before they choose subjects for their GCSEs. The programme is part of the UK government's £2.6 billion National Cyber Strategy, and sits within the CyberFirst programme pathway designed in partnership with the NCSC. It is run for the government by training company QA Ltd.

As of 23rd January, there were 37,000 students and 2,300 teachers in 1,920 schools registered to Cyber Explorers. Teachers receive free training as part of the scheme, and experts visit participating schools on a monthly basis to offer support. Student self-registration was launched in December, which saw another surge of interest, said CyberFirst project manager Mark Baldwin.

A key feature of the platform is gamification. Students follow the lives of some of the cyber citizens, such as Sam the content creator, AJ the medic, Jordan the sports professional, Joseph the entrepreneur and Zamia the environmentalist, with students taking on roles including forensic investigator and social engineer as they battle to keep them safe.

"As well as an educational platform around careers and internet safety, we have added elements which mirror games popular with 11 to 14-year-olds. We wanted it to feel enjoyable, accessible and easy to use and not like a typical e-learning platform," said Baldwin.

Cyber Explorers has proved to be extremely popular, with 90% of registrants completing at least one module, Baldwin said. He believes the games, the colourful design developed with input from teachers, the characters and the shallow learning curve have all been key to its success.

Crucially, 49% of the students taking part in Cyber Explorers are girls.

It's fundamental that we teach them not only the basics of how to stay safe and cyber secure online but the benefits this can have in terms of career opportunities

Of course, it's possible that students could complete the course and then find there's nowhere to go with their newfound interest in cyber, so the programme seeks to ensure there are plenty of resources for teachers to link into the curriculum and also signposts to external courses such as Cyber Choices and Teach the Nation to Code.

"We have found that schools vary in the amount of time devoted to ICT lessons," Baldwin explained. "This often means teachers are ‘time poor' and devote the sessions to what's essential based on the relevant curriculums, Key Stage 3 and equivalent. This means we have to provide content that's easy to deliver, links to the curriculums and helps embed that learning."

As well as engaging students in a topic they will hopefully take further, there is an awareness-raising aspect to Cyber Explorers about the everyday risks encountered in a life lived increasingly online. With advances in technology, children are more connected to broader society than they ever were before.

"It's fundamental that we teach them not only the basics of how to stay safe and cyber secure online but the benefits this can have in terms of career opportunities and how cyber now plays a role in their everyday lives," Baldwin said.

This is part one of a two-part series on cybersecurity and young people.

You may also like

AT&T data breach exposes call records of 'nearly all' wireless customers
/news/4335210/breach-exposes-records-nearly-wireless-customers

Hacking

AT&T data breach exposes call records of 'nearly all' wireless customers

Stolen data isn't publicly available yet, the company claims

Tech isn't as meritocratic as you think
/feature/4334521/tech-isnt-meritocratic

Leadership

Tech isn't as meritocratic as you think

And relying on graduates to fill vacancies isn’t working

Google strengthens Advanced Protection Program with passkey integration
/news/4334642/google-strengthens-advanced-protection-program-passkey-integration

Security Technology

Google strengthens Advanced Protection Program with passkey integration

To enroll in APP with a passkey, users need a compatible device and browser