Gavin Patton spends his days grappling with the dangers of cyber-warfare.
The 23-year-old graduate engineer works in a Cyber Range at Queen’s University’s Centre for Secure Information Technologies (CSIT), a virtual environment that emulates the threats that can emerge in the “real world”.
“Companies can bring in their security employees to take part in different scenarios that we have created in order to test their defence and attack strategies,” he said.
“We have created multiple scenarios where the red team have to hack in and the blue team have to stop them from getting in – you have got hackers and defenders.
“It is a great way for companies to develop their employees skills in attack and defence.”
- NI hub for cyber-security experts
- PSNI opens cyber-crime centre
- On the inside of a hacking catastrophe
CSIT is home to the UK’s largest cyber-security research cluster and educates future employees for an industry in NI which now has a workforce of about 1,700.
It has also fostered a number of spin-off companies.
ISC2 – the industry body for security professionals, says there is a global shortage of skilled staff, with more men than women operating in the sector.
Leading cyber-security expert, Prof Máire O’Neill, principal investigator at CSIT, wants to encourage more women into the field.
Sarah McCarthy, 27, a cryptography researcher at the centre who is set to complete a PhD in computer science, sees more opportunities opening up for women.
“Just having her [Prof O’Neill] as a leader is really encouraging women to come into the field in our group at the centre,” she said.
“More respect is being given to women in the field.
“I don’t think we are excluded from any opportunities.”
Within 10 years, the Department for the Economy aims to “make Northern Ireland a global innovation hub for cyber-security”, supporting 5,000 jobs.
In October, it signed a memorandum of understanding with the Department of Commerce in the US state of Maryland which will see both exchanging best practice in the industry for the mutual benefit of both economies.
Earlier this year, Baltimore’s city government battled a ransomware attack that crippled its systems for more than two weeks.
The National Security Agency and US Cyber Command are among the federal government agencies based in Maryland and the state has a cyber-workforce of more than 117,000.
Brian Castleberry from Maryland Department of Commerce said training would be available for cyber-security professionals in NI, and collaboration was crucial in a sector where new technology is constantly emerging.
“If you bring two areas together, that will increase job numbers in both clusters,” he said.
“We have a Maryland company that has technology for drones.
“If a drone is coming to attack you they have got this cyber software that will intercept it and return it back to where it was coming from.”
Investment and education
Over the last five years, Invest NI has offered £68m in financial assistance to firms involved in cyber-security.
There are about 75 companies within the sector, ranging from global firms employing more than 100 in a department to smaller businesses with a handful of workers.
As well as Queen’s University, the education of cyber-security professionals in NI, who can earn more than £40,000 on average, is being harnessed by the Ulster University and Belfast Metropolitan College.
Kevin Curran, a Professor of Cyber Security at Ulster University, recognises there is a shortage of cyber-security talent.
“This is good for those cyber-security graduates now, but not good for others especially as the human attack surface is growing each day with more people coming online,” he said.
Philip Allen, Curriculum Area Manager in IT Services at Belfast Metropolitan College, said it was important to pass on knowledge so more colleges can provide courses.
“Globally there are over one million jobs that need to be filled in cyber-security,” he said.
“If we don’t fill the gaps we are open to getting an attack from God knows where.”
Simon Whittaker, a director at NI cyber-security firm Vertical Structure, is aware of potential problems in recruiting staff.
He believes there is “a limited pool of people with the required experience, and the rise of Foreign Direct Investment companies in Northern Ireland is driving up salaries”.
“This can have the impact of driving up salaries for indigenous firms and also driving up costs which then impacts our position as a cost-effective place to outsource,” he said.
However, he added that organisations including the Department for the Economy, Invest NI, CBI and business representatives were working to try and improve this.
Invest NI is working with the CBI’s NI Digital Working Group and the Department for the Economy to develop a Digital Skills Action Plan for Northern Ireland.
It said various initiatives “have already been implemented including the introduction of university Masters courses in cyber-security, and Assured Skills Cyber Academies”.
CSIT’s head of strategic partnerships and engagement, David Crozier, believes the agreement with Maryland is positive for NI and that the target of 5,000 cyber-security jobs in a decade is achievable.
“With our post A-Level students here in the region we know at the moment we lose about 30% going across the water to study,” he said.
“If we retain more of those, we now have the jobs for them.
“Cyber-security is a $200bn (£152bn) market in the US, if we just get a small fraction of that, it is still a big thing for Northern Ireland.”