Striving to solve the security skills crisis

"This year we saw lots more players evolving those skills and they were able to narrow in on what information really mattered from a security perspective, what information needed to be actioned, and they were redacting less relevant stuff.

"This was something that was exceptionally visible in the winner Tim. There was real insight into the use case of his analysis."

You do the math

For all the Challenge's progress, however, there are some areas where it has not come along so well. For starters, there was no rise in registrants this year. Just as in 2011, 4,000 applied to take part. Given many participants were re-entrants from last year, growth must have been fairly flat. Despite Baker's insouciance when asked if she was bothered by the stunted rise of the Challenge, this must have stung a little.

Spending miniscule amounts on addressing the skills gap isn't just a false economy, it's bordering on the moronic.

There was also a decline in the number of female participants. This is something Baker has promised to work on, just as she did last year, but it remains to be seen if girls will ever be as interested as boys in IT security.

Yet the core issue plaguing the search for security talent is a somewhat base one: funding. It's what is behind the Challenge's abortive attempts to boost marketing efforts and add more registrants.

"I'm not surprised the number didn't go up hugely from last year because we didn't do intensive marketing at the time of the registration process and we had about as many participants as we could cope with," Baker said.

"We haven't got the money to do extensive marketing. We've got loads of room to grow and as sponsor funding flows through that's precisely what we will do. We know exactly how we want to do it, we just have to be funded to do it."

"The key area for improvement is to make sure the project is sustainable, keeping it going year by year and steadily build the size of it, but without losing that sense of fun and novelty," added CEO Hine, pithily summing up the Challenge's challenge.

Industry can and is assisting in this area. Although they are doing their bit, it would be positive to see giants of the security world, like Symantec and McAfee, doing a little more. But it is not really their prerogative to get this going, especially considering the major players in the security industry are not British. It is the Government who should be doing more.

Whilst the Coalition has committed to an undertaking assuring 180,000 will be handed to the Challenge each year until 2015, more needs to be spent on producing stellar security talent.

There has been plenty of blustering from Government about cyber threats and little substance to back it up. The 650 million pot dedicated to security is not enough that's the consensus amongst industry players and researchers. Spending miniscule amounts on addressing the skills gap isn't just a false economy, it's bordering on the moronic.

Outside of the obvious privacy and national security issues, there are economic concerns at work her too. If the Government doesn't inject more cash into the hunt for talent, there will be more data breaches. More data breaches mean more cost for companies. In turn, the economy will take a hit when firms head elsewhere.

Why would businesses want to settle where they can't get decent security? Why would they come to the UK where lax security is punished by hefty fines? They wouldn't. We need security skills and we need them fast.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.