Insight into Cyber Security Skills
Ian Harris – Course Leader for (Undergraduate BSc) Cyber Security at RGU
If you could provide a paragraph by way of a small bio on your background, experience, qualifications and skills that we can use by way of an introduction that would be great?
I’m a two times graduate of RGU, I completed a Computer Science degree in 2001 then returned to complete an MSc Information Security degree in 2014. (The previous version of the current Cyber Security Master’s degree).
In between student life, I’ve been employed in Aberdeen at a number of oil companies and service providers. A range of roles; early help desk roles and server support, through to software analyst.
I started teaching at RGU in 2016, covering modules such as ethical hacking, enterprise networking and digital forensics.
- As Course Leader of Cyber Security at RGU, what do you see the biggest challenges that you face in your job?
The students are very capable with the technology and learning new skills, even in their first years of joining us at RGU. The challenge however, is putting these skills into applied context. Very few of the students have work experience, so it can be difficult to make the students understand the business risk and impacts of the cyber security scenarios that we use for teaching. How can a student really understand the massive stress, pressure and financial impact that would come from a high impact cyber security incident?
- How does RGU decide where to focus the learning for its courses within the domain of cyber security?
There are a number of industry certifications which our students could undertake on completing their studies and we try to map our teaching to provide the context and background to give the students the best possible chance of achieving these. We also follow technology trends; such as programming language popularity and emerging technologies, to try and equip students with future proof skills.
- In your view, how is the Energy industry currently positioned to tackle the emerging threat of cyber security?
Implementing and improving cyber security within any industry is a cost, one that could offset future losses but a cost none the less. Legacy infrastructure in much of the North Sea has been protected (even disconnected) from the drive to digitise due to its age, however to improve efficiency and reduce costs more and more of that infrastructure will begin to be connected online. Potentially increasing its vulnerability.
- What is the government body that regulates this domain and what are they doing to help the Energy sector to protect itself?
In recent years there has been a drive from Central Government to raise awareness and improve the situation, with the National Cyber Security Centre (NCSC) driving the change. Smaller companies can progress through a Cyber Essentials program to become certificated, while larger entities are required to follow the advice of the Centre for the Protection of National Infrastructure (CPNI) programs covered by the Network and Information Systems Regulation 2018.
- Do you think there is a skills shortage in this area and if so, how should the Energy industry learn from and work with other sectors to address this shortfall?
There’s a world-wide skills shortage for computing and cyber professionals, with the UK also effected. In 2019 the IET (Institution of Engineering and Technology) produced a report that highlighted the difficulties of employers finding the right candidates with the appropriate skills. 31% reported that they have expanded their technology workforce, however 48% reported difficulties in finding the correct skills.
The energy industry would be well placed to take advantage of the apprenticeship and in work training opportunities that are now available. On the job training or short course style upskilling can help fill the skills gap. These are delivered in flexible way which can allow the employee to continue to contribute to the company whilst undertaking the training.
- What advice do you have for graduates looking to gain skills and experience in this emerging sector?
There are many training courses available, short-term and on-campus University degrees. A formal degree route will give a great experience and a range of skills. Whilst a short course would instil specific cyber security skills and additional IT or technology knowledge that could be applied to a range of opportunities. I believe it’s important to have a wide range of skills to allow a graduate to find employment in the niche that they most enjoy, they can then add additional skills to help them specialise as they progress in their careers.
- How can companies best keep themselves informed as to the governmental guidance on this issue and what should they do if they suspect they are the victim of a cyber-attack.
The NCSC release weekly threat reports and provide guidance and reporting tools for companies to use if they believe that they are at risk or under attack. Depending on the sector the companies work within, the style or type of incident that they may be reporting, there are different agencies to contact. Details for these can all be found on the NCSC website.
Join Our Newsletter