How to become a cyberspy
Posted on 4 May 2012 at 12:40
“At one single American company, SAIC, which is private and isn’t even listed, if you go to the job listings and search for a position that requires top security clearance, and where the job description contains both the words ‘exploit’ and ‘vulnerability’, you’ll find 168 openings right now,” says Mikko Hypponen, security analyst at F-Secure.
Finding replacements for poached staff isn’t easy, especially given the strict rules on who can apply. The desperate shortage of applicants with the right skills was highlighted recently when GCHQ turned to Facebook to set a challenge for wannabe cybersecurity specialists, with eligible candidates pushed along the recruitment process if they managed to break the “can you crack it?” challenge.
Internet operations analyst
At: GCHQ – Bude (Salary £19,043)
Requirements: A minimum of five GCSEs at grade C or above, or equivalent, which must include Maths, English Language and either a Science or IT subject.
Responsibilities: Use your technical skills at the sharp end of our operations at GCHQ in Bude, Cornwall. Building on your aptitude in IT, you’ll be trained to analyse communications networks and to develop new signals intelligence tradecraft. You’ll use and develop software applications, and an aptitude for script-writing and software development will be beneficial for potential job applicants.
The puzzle, designed to reflect real-life challenges, presented potential candidates for 35 available jobs with a grid featuring 160 pairs of letters and numbers that required a three-stage solution to crack.
Applicants first had to appreciate that the grid was code that could be run by an Intel x86-compatible processor, with the code relying on the RC4 algorithm to decrypt a block of data hidden in the PNG file of the grid itself.
GCHQ said there were various ways of solving the problem, which would demonstrate the way applicants’ minds worked, and that it was representative of challenges faced on a daily basis.
“GCHQ cybersecurity specialists spend time analysing executable code from many sources,” GCHQ says. “Sometimes it can be from malware that’s been discovered, to work out what it does, and where it comes from. On other occasions it can be to assist in the assessment of a security product, to ensure that what the developer has intended to do is actually what they’ve achieved in practice.”
Arm-wrestling with China
But the roles aren’t restricted to analysts working on code vulnerabilities or “arm-wrestling” with adversaries in China or Russia, who are widely believed to be actively targeting the UK’s systems on a daily basis.
Working alongside the coders and hackers are teams assessing the data, feeding it into risk assessment profiles, and co-ordinating resources, sometimes across departments.
“People think of security as being only a technical discipline, but there are a lot of other skills; risk assessment and the training of awareness and security management, which is about assessing things and advising people,” says Amanda Finch, general manager of the Institute of Information Security Professionals. “A lot of people are technical and enjoy getting into how to make things work or create technical controls, and they might be the penetration testers, working out how they can break into things. Then you have people designing firewalls and crypto codes, which is sexy to others – for me, the risk management side is very interesting.”
Despite the intriguing nature of the work, with echoes of Ian Fleming characters, many of the roles have more in common with The Office than James Bond.
There are many routine jobs that are crucial but monotonous: spotting a link in a database could make the difference between locating a potential terror plot or network breach, for example.
“There’s a lot of number crunching involved, purely because of the amount of info that’s available; part of the skill is trying to figure out what’s relevant,” says Thilthorpe. “It requires excellent technical skills to start with, then they’re developed through to a broader and greater understanding.”
For more details about purchasing this feature and/or images for editorial usage, please contact Jasmine Samra on email@example.com
- Yahoo seeks "cool" with Tumblr purchase
- Dell profits slide 79% amid buyout talks
- Forget cloud subscriptions: users prefer standard licences
- McAfee: cloud storage could help spread viruses
- Analysts question Windows 8 as UK PC shipments slump
- McAfee: smart homes need security
- Firefox 21 lands with "health report" and Android update
- Windows Blue (8.1): release date, screenshots, features
- McAfee LiveSafe protects PCs, mobiles and the cloud
- Android boss: Samsung's not a problem for Google
- Hands on with the new Google Maps
- Nokia Lumia 925 review: first look
- Why I won't subscribe to Creative Cloud
- GoPro camera strapped to a remote-control helicopter: the ultimate boy's toy
- Acer Iconia A1 review: first look
- Acer Aspire P3 review: first look
- Acer Aspire R7 review: first look
- How we produce the PC Pro podcast
- Google Now draining iPhone battery
- The government website that doesn't work with IE, Chrome, Firefox, Safari, Macs or smartphones