CAN STUDENT AWARENESS

Cyber London recently hosted its second LinkedIn webinar in the CAN series, focusing on student awareness and engagement with the Cyber Access Network (CAN), the latest initiative from the UK Cyber Security Council in collaboration with the UK Cyber Cluster Collaboration (UKC3). The event was hosted by one of our experienced and knowledgeable directors, Simon Newman. Simon first introduced the guest speakers,  David Battersby, the Senior Programme Officer – Professional Standards from the UK Cyber Security Council and Kavitha Srinivasulu, an award-winning technology leader, with 20 years plus of experience in cybersecurity, data protection and cyber resilience. Led by the UK Cyber Security Council, CAN is a new initiative designed to support aspiring cybersecurity professionals by providing the skills, knowledge, and connections needed to enter the industry. After the introductions, David and Katvitha went on to detail how both students and career changers can benefit by joining CAN.

ABOUT THE UK CYBER SECURITY COUNCIL

David first provided some background on the Council, explaining its tagline “ Connect Champion Charter” as a vehicle for connecting organisations and professionals, representing the cybersecurity professional to the government and the public, and acting as a self-regulating organisation for cybersecurity in the United Kingdom. He then detailed the Council’s existing early careers work, including

• the Youth Advisory Panel (YAP) of 16 to 25-year-old students who inform everything that the Council does

• certification mapping for career planning

• the innovative careers framework for budding cyber professionals, which splits cybersecurity into 15 different specialisms – from security testers to risk assessors

• the Cyber Access Hub, which consists of teaching tools and resources for people wanting to learn hard cybersecurity skills

• the Associate Cyber Security Professional (ASAP), which is first on the ladder leading to Chartered Cyber Security Professional

WHY DO CAN?

David went on to explain that CAN is designed to support people on their existing journey into cybersecurity, rather than replace any current training courses. The Council has identified two key groups they’re looking to support – students from universities, colleges, apprenticeships and similar, and career changers who are making a mid-career move into the field. CAN aims to create networking opportunities, both within the community itself and with employers and professionals who can offer useful career advice. The Council also plans to point people towards existing programmes, like the Cyber Clusters such as Cyber London and various certification providers, to avoid duplicating training already out there. David also stressed how important it is to help tackle knowledge gaps through webinars, resources, and other events.

WHAT MADE CAN HAPPEN?

David then explained the thinking behind the CAN initiative, saying that cybersecurity is still a relatively new field and can be tricky to navigate, especially for those just getting their feet wet who often struggle to tell the difference between genuine community-led programmes and those driven more by commercial interests. He pointed out that there’s a clear gap in cybersecurity skills and talent across the UK that needs tackling, and also highlighted the disconnect between what employers expect and what entry-level professionals actually know when they’re starting out in the industry. For example, communication and leadership skills may not shine through in interview processes but are nevertheless strong attributes of potential cyber candidates.

A CONTINUOUS JOURNEY

Kavitha then took the stage and opened her presentation by stating that cybersecurity is a continuous journey. She said it’s never too late to enter the security field, no matter what a person is studying or what career path they are on at the moment. Cybersecurity welcomes anybody prepared to take on the risks and challenges that are encountered in the industry. Katvitha emphasised that passion and interest take precedence for those wanting to pursue a career in cyber. 

CYBERSECURITY ACROSS INDUSTRIES

Kavitha then highlighted some standout statistics about the state of play of cybersecurity and cyber threats in 2024:

• ransomware has become a national security threat

• 70% of organisations were hit by a ransomware attack in 2024

• ransomware attacks are 2.5 times more damaging than other forms of cyberattacks

• attackers succeed in encrypting 62% of customer data

• average downtime due to ransomware varies from 30 to 60 days on average

She also reminded us that hackers are more intelligent than we assume and are constating thinking of new ways to infiltrate networks and breach data.

WHAT IS A CYBERSECURITY INCIDENT?

For the benefit of students, Kavitha then explained exactly what a cybersecurity incident or data breach is. She told us that social engineering attacks are evolving day by day with more than 83% of organisations getting affected by these threats, including phishing, smishing and man-in-the-middle ATTACKS. Common attack vectors include:

• social engineering

• web exploits through unsafe web browsing

• infected removable media

• out-of-date, end of life and unpatched computing systems

Katvitha provided an excellent example of how hackers use a personal computer to access an entire database on a network. She told the story of a student using their own PC and connecting it to the network of a university. Unwittingly, they click on a suspicious link and the hacker then has a free pass. Not only to the data on a single PC but to the entire database of the university.

PROTECTING OUR DATA

Kavitha then detailed some of the best practices we can apply to protect our data using the principles of who, where, why, when and what:

• Who has access to our personal data?

• Where are we storing our personal data?

• Why are we sharing our personal data?

• Until when is the shared data going to be used and how is it restricted?

• What mechanisms do we have in place to safeguard personal data?

She emphasized that it is essential to be cautious when sharing any personal data. Who wants? Why do they need it? What will they use it for?

WHAT TO EXPECT IN 2025

• protection of an ever-increasing attack  surface will gain importance

• 100% compliance with data privacy and regulatory requirements

• global supply chain issues will become data protection issues

• high demand for cybersecurity resources across all sectors

CYBERSECURITY IS AN OCEAN

Katvitha then moved on to discuss the what, where and how we start a career in cybersecurity. She emphasised that there is a vast array of careers in cyber, like an ocean of opportunities and career paths, including risk management, digital identity, vulnerability management, business continuity, data privacy and much, much more. She explained that to start with students should decide whether they want to explore the technical side of cybersecurity or learn about cyber strategies. Katvitha also stated that particular cybersecurity certifications will need to be aligned with the chosen career path in cyber. ISO 27001 will always be the touchstone for certifications – much like completing secondary school before going on to study at college or university.  Katvitha ended by saying that anybody following a career in cyber will always be on a continuous learning curve given the evolutionary nature of the field. She also encouraged students to reach out to platforms like the UK Cyber Security Council and Cyber London for support in both learning and career support and growth.

You can watch a recording of the LinkedIn webinar here.

GET INVOLVED IN CAN

• Find out more about CAN here https://bit.ly/can-cl

• Join CAN here https://bit.ly/canrf-cl