Bank of England CIO Sets A Cybersecurity Challenge

Bank of England CIO Robert Elsey plays a central role in protecting the UK's financial sector. Elsey runs a cyber security division that protects around £575 billion sterling payments and securities every day, helps to track all bank notes in circulation and secures £140 billion of gold deposits in the vault. 

The Bank's unique challenges are intensified by a nationwide digital skills gap, which led Elsey to a novel way to boost the bank's defences: a face-to-face cyber security competition that tests the skills of 30 of untapped talents in the UK to identify the next-generation of experts.

The 30 best applicants earn an invitation to the iconic building on Threadneedle Street (pictured) that has been the Bank of England’s home since 1734. They then compete in teams on a series of banking-themed tasks developed by the Bank's security team to simulate the experience of working at a leading financial institution. The competitors combat and contain a cyber attack by planning and improving security architecture, educate staff on the threats and carry out a forensic investigation of the attack.

The event helps the Bank attract talent from diverse backgrounds and show them that technology careers are more varied than they might imagine.

"It starts to show the different qualities you need," says Elsey. "It's not just coding anymore. There's everything from business case history to the climate and sponsoring initiatives. We've got people from all kinds of different backgrounds now working in technology and it's making it a much better place."

The competition combines technical challenges with tests of broader skills. An exercise inspired by Dragons Den requires teams to improve a network design by spending a £1 million budget on a cyber security shopping list, while a pitching competition invites them to present their ideas for a phishing awareness training programme.

"What was nice is that those people that did get involved through a less technical setting could flex their skills in different areas, and could appreciate why it would attract different people in the future," says Elsey.

New sources of cyber security talent

The top 10 performers in the challenge will then attend three-day masterclass in November, and the top performers earn an interview for a role on the Bank of England's security team.

Elsey hopes they will inject some youth into an aging workforce. Only 12% of the cyber security workforce is under the age of 35, while 53% of it is over 45, according to the Center for Cyber Safety and Education’s Global Information Security Workforce Study. This could create new dangers as more experts reach retirements.

"We try to avoid and weed out those who are in the industry," says Elsey. "We're looking for more of the younger students who are interested, or people who are thinking about moving into cyber security."

Their efforts paid off. Around 60% of the competitors were in secondary or further education, while two-thirds were participating in their first event involving Cyber Security Challenge UK, the non-profit organisation that arranged the competition with the Bank.

"It was more about raising awareness that it's not just people who can code that go to these competitions and add value," says Elsey. "In fact, some of our big success stories are people who did mathematics, who hadn't considered technology and coding before, but actually, as mathematicians, they're data scientists and they're analysts.

"Those types of individuals fit in really well with that kind of inquisitive mindset...Where we have done very well in the bank in trying to attract good, diverse employee base is by trying to look in those pockets of people that wouldn't normally think about it, but when they're in it, they love it".

CIO:

You Might Also Read:

Bank of England: Cyberattacks A 'Clear and Present Danger':

US Banks Face A Growing Threat

« Police Are Mishandling Digital Forensic Evidence
Cybercrime Is Increasing In Scotland »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

Siscon

Siscon

Siscon delivers tailor-made compliance solutions that are based on the customer's specific wishes and reality and then supplement with many years of experience in the field.

Kudelski Security

Kudelski Security

Kudelski Security is an international cybersecurity company providing innovative, independent and tailored security solutions for large enterprise and public sector clients.

Cienaga Systems

Cienaga Systems

Cienaga Systems is a leader in autonomous cyber threat hunting technology.

NetGuardians

NetGuardians

NetGuardians is a leading Fintech company recognized for its unique approach to fraud and risk assurance solutions.

Cybersecurity Collaborative

Cybersecurity Collaborative

CyberSecurity Collaborative is a forum for CISOs to share information that will collectively make us stronger, and better equipped to protect our enterprises from those seeking to damage them.

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

Philippine National Police Anti-Cybercrime Group (PNP-ACG)

The mission of the PNP Anti-Cybercrime Group is to implement and enforce pertinent laws on cybercrime and other cyber related crimes and pursue an effective anti-cybercrime campaign.

Red4Sec

Red4Sec

Red4Sec are experts in ethical hacking, audits of web and mobile applications, code audits, cryptocurrency audits, perimeter security and incident response.

CS3STHLM

CS3STHLM

CS3STHLM is the Stockholm international summit on Cyber Security in SCADA and Industrial Control Systems.

Zerodium

Zerodium

Zerodium is the leading exploit acquisition platform for premium zero-days and advanced cybersecurity research.

TAV Technologies

TAV Technologies

TAV Technologies is a provider of technology services to the aviation industry in areas including airport infrastructure systems, digital transformation and cybersecurity.

Technology Innovation & Startup Centre (TISC)

Technology Innovation & Startup Centre (TISC)

TISC is a startup incubator at the Indian Institute of Technology Jodhpur (IITJ) and we back deep-tech startups.

McCrary Institute - Auburn University

McCrary Institute - Auburn University

The McCrary Institute seeks practical solutions to real-world problems in the areas of cyber and critical infrastructure security.

BATM Advanced Communications

BATM Advanced Communications

BATM Advanced Communications is a leading provider of real-time technologies for networking and cyber security solutions.

Delinea

Delinea

Delinea is a leading provider of cloud-ready privileged access management (PAM) solutions that empower cybersecurity for the modern, hybrid enterprise.

Eviden

Eviden

Eviden is an Atos business that brings together its digital, big data and security business lines. It will be a global leader in data-driven, trusted and sustainable digital transformation.