BT Security chief executive Mark Hughes said this strategy of seeking talent from new areas is vital for all firms if they hope to avoid falling victim to hackers. He argued that the current UK cyber skills gap means firms must recruit and nurture talent wherever they find it.
"Recruiting skilled people is a big deal for BT. For example, recently we added about 137 people to my team alone. Some of these were apprenticeships, some were people with existing network skills, some were graduates," he said at the 2013 RSA conference, attended by V3.
"In addition to that we're involved in the Cyber Security Challenge UK. As a leading internet service provider you need quite a broad network of skills. People who are good at cryptography aren't necessarily good at managing devices. That's why we're going through other streams while still looking at universities."
The Cyber Security Challenge is a public competition designed to help find people with the skills to work in the security industry. Entrants go through a series of challenges to discern their strengths and weaknesses, in areas such as code tracking, attack mitigation, penetration testing and cryptography. BT has been a constant supporter of the initiative and has partnered with the GCHQ to create the final stage of the 2013 challenge.
Hughes highlighted the company's experience in finding skilled penetration testers as a key reason the company recruits outside of universities. "Penetration teams are key people and they are tricky to recruit for a variety of reasons. I'm aware of what people like CREST [the Council for Registered Ethical Security Testers] are moving to do to help with this, but the skills are sometimes grown in house."
CREST is an independent body that provides accreditation to penetration testers, which has been praised by numerous companies within the security community for its efforts to create a constant set of standards within penetration testing.
Hughes cited BT's experience in mitigating threats during the 2012 Olympic games as proof of the need to constantly recruit skilled security professionals.
"What we learned during the games is the age-old truth that a lot of technology won't solve your problems. The technologies we have are getting better and better, but so are the criminals," he said.
"Having the right people with the rights skills and understanding around the systems is so important. It's as much about having the right process and people in place that understand the network enough to take real-time action, as it is about having the right technology."
The BT chief said as well as new skilled people, businesses will also have to continue adapting their systems to deal with new threats. "The nature of current threats means it is no longer a case of build it [security] and walk away, it's about setting it up as something that's going to continue to evolve," he said.
Despite the growing nature of the threat Hughes said there are still some areas BT will not recruit from. "We don't employ anyone with a conviction, but I invest a lot in what I call my security academy, which is where if I see someone with specific skills I invest," he said.
Outside recruitment the BT chief highlighted information sharing as another way businesses can protect themselves from hackers. Hughes paid special creed to the UK's Cyber Security Information Sharing Partnership (CISP).
"Another key lesson we learned is about sharing intelligence. We've talked about it a lot but recently it has finally begun to happen in a number of areas where we operate. In the UK we have CISP, which we're a part of. Thanks to things like it we're really beginning to see actionable intelligence being shared," he said.
The UK government launched CISP in March as a part of its ongoing Cyber Security Strategy. The CISP initiative is designed to increase the amount of threat data being shared between the public and private sector by creating a central information hub.
No comments:
Post a Comment