Graduates from Europe's only systems security testing-focused degree course, in Dundee, have the world at their fingertips, writes Ken Mann

As big business battles with the spectre of attack by international cyber criminals, I‘ve learned plotting a career path in counter measures involves a level of intelligence that may even be beyond Bond.

The difference is that this is no fictional movie script. Global entertainment corporation Sony, major UK communications provider TalkTalk and British hospitality brand JD Wetherspoon share one unenviable characteristic. In recent weeks, each has expensively –and very publicly – been the target of information systems hackers. The damage doesn’t disappear overnight.

There are obvious costs attached to hacking. Globally, it is estimated millions of hits occur every day, from the relatively mundane to the mega-malignant.There have even been huge ransom demands. The stakes are high in what must now be regarded as data terrorism.

And so are salaries and promotion prospects for relevantly qualified professional combatants, of whom there are currently too few. That’ll be £10,000 a day, then.

It sounds more like the type of "security" payment associated with serious criminal gang networks. Yet according to the Manpower Group, the UK staffing and executive recruitment firm, that’s the top line fee world markets will bear for senior British-based experts in possession of the right knowledge.

Even those of less lengthy or distinguished credentials, but still possessing a respected consultancy pedigree, are said to be charging £3,000 per day for their services. It’s a classic supply and demand scenario driven in no small measure by a sudden corporate awakening to the real vulnerabilities within nearly every enterprise.

There is now a widely held view that large companies world-wide have been complacent about latent computer threats that have been around for years. But the solution to these problems lies closer to home.

Rapidly rising to become the next elite niche, the issue puts students at Europe’s only systems security testing-focused degree courses firmly in the driving seat towards their career destinations.

Colin McLean is Programme Tutor for the BSc in Ethical Hacking at Dundee’s Abertay University. In 2006 he invented the course on the back of an idea that came from working alongside American electronics giant NCR’s automated telling machine (ATM) research, design and development centre. NCR has long had a presence in Dundee.

"Part of my job was to do a risk analysis of a cash machine, essentially to think like a criminal," McLean explains. One of NCR’s senior managers suggested it would be a good idea to have graduates do
the work.

"We are finding our students – wherever they want to work – will get a job," he adds. "We have two graduates from last year’s cohort who are now working in New Zealand, essentially because the mind-set that they have got is useful throughout the world.

"Everybody is facing the same problems so it really doesn’t matter what country you go to, there aren’t enough graduates in that area. The point at which our graduates get jobs, gets earlier every year.

"Security testing is big. It’s an area that the university specialises in; going in to a company and testing the security of their network."

Known as penetration testers, usually abbreviated to pen testers, it is the vocational structure to their studies at Abertay that McLean believes sets them apart from more mainstream IT disciplines.

Asked why, after a decade of running at Abertay, there aren’t other clone courses, he cites the shear diversity of the cyber security topic as one element. Importantly, though, he believes that it is the Abertay method of teaching the subject, together with industry connections, that has underpinned its the ongoing success of the programme.

"We have approximately 150 students across the four years of the course from a wide range of backgrounds," he says.

"We are very much a vocational university. We’ve got links with many different companies. What we’re actually saying to our students is ‘here is a system, how would you secure it’. I’ll give them an example website which is vulnerable, they’ll then attack it, find out where it is vulnerable, break into it and then at the end they’ll fix it through counter measures. That is to me the way it should be. You need to know what criminals are doing."

It’s simple to say but, of course, more complicated in practice, hence the rewards. One graduate McLean mentions enjoyed a first year pay rise of £11,000. "He is now on £42,000," McLean reveals. "For a 22-year old that’s quite staggering. He’ll be on six figures in three years."

It isn’t all about money. Samantha Beaumont is a final year student with another career driver.

After living for a period in the Middle East she arrived in Dundee purely on the strength of the course reputation.

"I want to help people," she states. "Our whole society is so dependent on technology but none of us know how it works. I wanted to be a doctor. When I decided not to do medicine I wanted to do something that would be the equivalent of it. Ethical hacking came to mind because it’s got a lot of forensics involved. It takes a hacker to know how to catch a hacker."

Be mindful if you’re tempted to apply. A criminal record check is required. Who said there was no honour among thieves?