Salus Cyber is a
community-focused cyber business and provides consultancy to impart expert
advice on how a company can maximise strategy, increase profits, add value, and
resolve issues. Cyber Security consultancy supports
all those key elements and acts as a critical friend to a business dealing with
complex issues where they lack internal capacity.
Salus was founded on strong
values, integrity, accountability, and trust. These are the core factors that
need to be considered when looking to the future and the next generation of
talent within the industry.
The explicit needs of other
businesses are significantly different to Cyber due to the regulatory
requirements of NCSC in the CHECK space. Currently, most graduates entering the
industry have specific skillsets based on their courses but not the general
skills which are fundamental to understanding the wider cyber security
implications of a business. Due to this, one of the biggest challenges being
faced is that there is no natural fit from the University/Education pathways to
provide Cyber businesses with the skillsets they require.
There is an ever-increasing
number of pathways (Cyber degrees) however the critical elements such as penetration
testing are not covered to the extent required by the industry, this is due to
the ever-changing requirements and technologies which is something Cyber
businesses need to consider due to the time and training required.
One of Salus’ graduate consultants,
Cameron Doran, entered the industry through a Cyber degree pathway and provided
insight into the process:
Brief overview of the University
course
I undertook a four-year degree
based on building the required skills to be able to perform a security audit of
computer networks and systems. The course also built knowledge on how to
prevent certain cyber-attacks from happening and included three modules based
on ethical hacking.
Why I considered the course?
The reason I decided to do this
University course, as opposed to another similar course was because this course
covered the fundamentals to be able to progress into any sector of
cyber-security. While the course did focus on learning how to perform a
penetration test, the course also investigated areas such as, learning how to
do coding with C++ (focusing on Data Structures and Algorithms), Digital
Forensics (hard-disk drives and mobile phones), and Computer Networking (OSI
Model, network traffic analysing, mapping a network). The course opened a lot
of doors for exploring and discovering what areas of cyber-security I enjoyed
and then in my final year allowed me to focus my honours project on that area.
Another benefit of going through a University course is that there are plenty
of opportunities to do work placements through the University. Being able to do
these types of work placements will enhance your
chances of getting a foot in the door.
I decided to do this course
because during high school, the subject I enjoyed doing the most was computer
science. This led to me wanting to pursue a career in computing. The reason for
going into the cyber-security industry (specifically penetration testing) was
because it seemed like the area that would open the most doors and a sector
that was growing in demand. I also personally enjoy the challenge of a field
that is constantly changing with new skills and concepts to learn.
Salus have
continuously enabled new starters in cyber security to get high-quality
work-related experience and a professional career pathway. Additionally, we
hope to take on 1 – 2 apprentices through the University of Gloucestershire and
CyberFirst whilst advising school children on how to get into the industry by sending
books to them to help assist their journey.
Salus understands that to retain
a healthy consulting team, a combination of graduates, senior consultants and experiences
from other industry sectors which have links to Cyber are required to ensure we
can continuously adapt to the specific needs of our clients. This includes having
technical assessors appointed by the National Cyber Security Centre (NCSC) to
ensure that the skills within the UK market remain at the cutting edge and contributing
to the work of an industry assessment body (The Cyber Scheme and the Cyber Trust)
to give back and support the development of standards in the sector
Another challenge being faced
within the Cyber industry is retention. The average length of an employee’s
time with a company in the UK is just under 3 years and for Cyber it is even
shorter. When factoring in development and continuous training, a Cyber
business will usually have approximately 2 years of output from a consultant
which brings into consideration the return on investment (ROI) cost issues associated.
Salus has invested heavily in new talent and developing the next generation of
specialists, seeing a 54% growth in its workforce over the past year, being
able to pair this with a healthy work culture is vital to retaining this talent
and limiting the challenges faced.
When looking out towards the next
5 years and how the industry will shape its approach towards recruitment, the
main factor to consider is the technologies that will be in play. With the rise
in automation, digital twins and artificial intelligence, the risk is that
there will be a delta between humans learning to do a trade craft when during
significant parts of their career it is machines that will do most of the work.
The question which needs answering is, how do you become a specialist in a
field when people don’t want to use you as a practitioner? The ability to keep
humans in the lifecycle moving forward is going to the be the biggest challenge
faced by the Cyber industry.
Does the future look bright? The
answer is yes but;
The advance of technology across
all facets of society and life provides significant benefits to all of us and
needs to be embraced by all businesses. Alongside that comes the responsibility
for effective assurance and security to be provided to protect the users of
that technology. The NCSC highlighted its views on the future of
technology assurance in the UK and it promotes the concept of continual
assurance through the life of the product or service.
This means we must all think
differently when embracing new technology but also be clear about how we
maintain an effective understanding of risk within our current and legacy
technologies which still prop up significant parts of society. An annual MOT
type approach to cyber assurance testing will not be adequate to mitigate the
growing business risks we face and have seen in real terms with the growth of
Ransomware and data theft over the past few years.
Those that see criminal or
political opportunity in the vulnerabilities in technology are growing their
capabilities. This has always been the case, but the digital world allows
much more flexibility in how, when, and where from to ply that tradecraft. Cyber
Security needs to grow and keep one step ahead of these challenges for the rest
of society to have confidence in the services and systems they use.
Salus lives the continual
assurance life in how it functions, operates, and seeks to promote that with
its clients and partners. We also seek to attract diverse talent that can
define and develop new concepts and methodologies around technology assurance
and embrace the different skills and experience they bring to enrich the team.
Cyber Security is a great industry to work in and provides significant
professional development opportunities across a diverse range of technologies
and services and a huge sense of reward in helping businesses manage risk
better.