With high profile incidents like the WannaCry and Petya ransomware attacks making headlines, there is an increasing demand for highly trained individuals who can advise businesses and organisations, government and law enforcement agencies alike on the best ways to protect their computer networks and the valuable, commercially sensitive information stored within.
According to the BBC, research by insurance company Hiscox revealed that 55 percent of UK firms reported cyber attacks in 2019, up from 40 percent in 2018, with many businesses being under-prepared.
Cybersecurity is fast becoming the most pressing and least understood problem for many individuals, businesses and nations. The landscape itself is difﬁcult to visualise, built on layer upon layer of evolving computing equipment, networks, protocols and software. The ways in which it can be exploited are innumerable, with new vulnerabilities discovered daily.
One of the main challenges in the fight against cyber crime is the shortage of professionals with the right skills. The UK government’s Cyber Security Skills Strategy was set up to build sustainable cyber security capability, after a research study showed that 54 percent of businesses and charities have a basic technical cyber security skills gap.
Some universities have recognised the need to develop this capability and are helping to tackle the skills shortage head on.
Coventry University is one such institution. Committed to educating successive generations of researchers and experts, the university is helping to build a cybersecurity army; from developers who can write secure code, to digital forensics specialists and penetration testers.
Adding to its established portfolio of computing related degrees, the university offers a specialist Ethical Hacking and Cybersecurity degree, designed to equip graduates with the knowledge and skills needed to lead the fight against cyber criminals.
While cyber security involves the protection of systems and networks against attacks, ‘ethical hacking’ (sometimes called ‘white hat hacking’) takes things to another level. An ‘ethical hacker’ is a trained professional who works for an organisation, actively seeking out vulnerabilities and leaks in their systems, while working to a code of conduct. Once found, the organisation can take preventative steps to ensure that a malevolent breach of security is avoided.
Coventry University is one of only a few UK institutions to offer an ‘ethical hacking’ course at undergraduate degree level. Here, students have access to a specially designed ‘ethical hacking lab’, providing a safe, siloed environment in which to practise their skills. The course covers the essentials of computer systems architecture, programming, operating systems and databases, together with specialist topics in digital forensics, legal issues, networking, ethical hacking and computer security. Graduates leave with either a BSc (Hons) or can opt for a further year of in-depth study to achieve a Masters (MSci) award.
The course places an emphasis on practical skills through an ‘activity-led learning’ approach. Theory is balanced with hands-on practice, helping students become familiar with penetration testing tools, encryption algorithms and forensic analysis software. Students also have the opportunity to gain additional industry recognised network certification through the CISCO Academy Programme.
Jennifer Wan is about to progress to her third year on the course, having gained two scholarships for her studies – one for academic excellence and another that supports women studying STEM (science, technology, engineering, and mathematics) subjects. Jennifer appreciates the programme’s balance between theory and practice.
“The university focuses a lot on activity led learning, which allows us as students to actually do an activity, then learn from doing that activity. There’s also a lot of theory which I personally find really helps when doing the practical work. There’s a great balance.
“I find that the university can teach you things that you can apply in the future, no matter what area you go into, whether that’s development or innovation.”
The university has garnered a reputation for teaching excellence, with staff benefiting from a mix of practical experience from industry and law-enforcement, combined with active research in cybersecurity. Projects the university is engaged in include the incorporation of cryptography into network services for centralised management, machine learning for intrusion detection, low-power security systems and the security of embedded devices and the Internet of Things (IoT).
Using its extensive links with industry, the university aims to help graduates secure rewarding jobs with security companies, large corporations and government, where they can make a difference in the field and the organisations they work for. Students have previously benefited from placements with high profile security consultancy organisations such as BAE Detica, Nettitude and NCC Group.
Career paths in ethical hacking can depend on a professional’s own interests and can be as varied as the organisations they work for, but job titles include security analyst, security consultant, penetration tester or even chief information security officer.