Computer security makes use of many skill sets Hero Images/Getty

Studying music? Good news, you may have the skills to work in cybersecurity. An online training platform launching next week in the UK – with the backing of Robert Hannigan, the former director of the country’s GCHQ intelligence agency – is designed to make cybersecurity roles tempting to people, whatever their background.

Cyberattacks now bring organisations to their knees with worrying frequency. Earlier this year the WannaCry and NotPetya ransomwares shut down multiple organisations around the world. And in the last few weeks, details emerged of two of the biggest data hacks ever: the US credit reporting agency Equifax revealed that tens of millions of people’s personal data had been stolen from it, and Yahoo admitted that a large hack in 2013 had compromised all of its 3 billion users’ accounts.

There simply are not enough people with the skills to fend off such attacks. “It’s hard to fill roles just from computer science students,” says James Hadley, CEO of Immersive Labs, the UK company behind the new platform – the Digital Cyber Academy.


The problem isn’t just that there is a shortage of people studying computer science. “Industry relies heavily on tech products to reduce risk,” says Hadley, but new tech isn’t always the solution. People from non-technical backgrounds could bring new perspectives to what is as much a people problem as a computer one.

Hadley, who used to be teach cybersecurity, thinks that students with a wider range of experience would inject fresh ideas. Anyone good at analysing a situation, troubleshooting and problem-solving – or simply with perseverance and curiosity – fits the bill, he says.

“A strong grasp of the technology is valuable, but it’s by no means sufficient,” says Andrew Martin, director of the Centre for Doctoral Training in Cyber Security at the University of Oxford. “Decades of vulnerabilities in popular software products tell us that good software engineers can screw things up quite badly.”

Jobs via a leaderboard

Martin thinks the Digital Cyber Academy is a good idea. For now, the platform is aimed at UK students, who can sign up here. It will offer a range of training courses from complete beginner level to advanced. Scores for completing exercises will be posted to a leaderboard. Companies will then be able to invite candidates who have reached a certain level of competence to apply for roles.

Hadley says the platform will be constantly updated with the latest developments. For example, an existing training platform that Immersive Labs sells to firms for internal recruiting added an exercise about the NotPetya ransomware on the day it hit. “People could read about it in the morning and get their hands dirty in the afternoon,” says Hadley.

Ultimately, Immersive Labs hopes to address entrenched preconceptions about cybersecurity. When Equifax revealed in September that it had been the victim of an attack that exposed the names, addresses and social security numbers of nearly half the US population, critics pounced on the fact that its head of security had a music degree.

“That was hugely frustrating,” says Hadley. “We’re trying to remove these misconceptions.” He says that music has formal patterns and logic that align quite well with cybersecurity. “Many in cybersecurity are self-taught,” he says. “We want to encourage that behaviour.”

Martin agrees. “Many cybersecurity issues arise from the realities of human nature or the way we organise society,” he says. Fixing them requires a diverse set of skills. “The ideal security director is a polymath.”