[BreachExchange] Rehab camps for hackers could help plug digital skills gap

Destry Winant destry at riskbasedsecurity.com
Thu Jul 27 03:01:35 EDT 2017


https://www.thetimes.co.uk/article/rehab-camps-for-hackers-could-help-plug-digital-skills-gap-xhv6szcrg

Teenage hackers drifting towards serious crime are being sent to boot
camps to divert them to careers in cybersecurity. The most talented
could be recruited by the security services.

Seven young men aged 14-18 took part in the first two-day residential
course in Bristol, which was organised by the National Crime Agency
(NCA) in partnership with industry and included games, talks and
workshops led by experts. The agency now intends to hold the courses
across the country.

The participants had all been caught defacing websites, knocking
servers offline or hacking schools and had been arrested, cautioned or
visited by police. One serial offender was given a two-year suspended
sentence with conditions including his attendance at the
rehabilitation weekend.

Richard Jones, manager of the NCA’s Prevent initiative, said: “These
individuals have generally gone further than others of their age
group. We don’t want to reward their activities, but there’s great
value in reaching young people before they become involved in
cybercrime, and even those on the fringes of criminality, when their
skills can still be a force for good.” The participants, the younger
ones being accompanied by their parents, learnt about different roles
in cybersecurity including forensic analysis, network protection and
mounting “red-team” attacks on organisations to identify weaknesses.
They also took part in hacking games and coding challenges and learnt
about bug-bounty schemes, where they could get paid for reporting
vulnerabilities.

Mr Jones said they were especially interested to hear about Cyber
Security Challenge UK, which runs competitions sponsored by companies
and security agencies that are looking for the next generation of
cyberdefenders.

After the weekend, one participant told the BBC: “Now I know
cybersecurity exists it sounds like it would be something I really,
really want to go into. You get the same rush, the same excitement,
you are using it for fun still, but it is legal and you get paid.”

The NCA will monitor the participants after the weekend and hopes to
hold other courses. Experts have warned that Britain does not have
enough cybersecurity professionals. Robert Hannigan, the former head
of GCHQ, predicted a “huge skills shortage” by 2025.


More information about the BreachExchange mailing list