innovative cyber talent spotting in an uncertain world @ uk mod

1 © 2016 IBM Corporation

Innovative Cyber Talent spotting in an uncertain

world @ UK MoD

Commander Stuart Royston Royal NavyTrevor Pons Senior Manging Consultant IBM


Scope

1. Cyber: The Problem 2. Cyber: The Solution Unique challenges How DCAT being used

3. Cyber: The Way Forward Commercialisation Validation Report Simulation (Gamified Attraction Assessment)

“An effective cyber capability is dependent on the quality of its people”.


CYBER: The Problem


Nature of Cyberspace (Highlights)

• Virtual & Created by Humans

• Continuum of National Functions− Blurring Military, Criminal & Espionage− Crossover with National Security

• Global / Pervasive− Not Just Internet− Asymmetry

1. State-prohibited. The national government will help stop the third-

party attack

2. State-prohibited-but-

inadequate.

The national government is cooperative but unable to

stop the third-party attack

3. State-ignored. The national government knows about the third-party

attacks but is unwilling to take any official action

4. State-encouraged. Third parties control and conduct the attack, but the

national government encourages them as a matter of

policy

5. State-shaped. Third parties control and conduct the attack, but the

state provides some support

6. State-coordinated. The national government coordinates third-party

attackers such as by “suggesting” operational details

7. State-ordered. The national government directs third-party proxies

to conduct the attack on its behalf

8. State-rogue-conducted. Out-of-control elements of cyber forces of the

national government conduct the attack

9. State-executed. The national government conducts the attack using

cyber forces under their direct control

10. State-integrated. The national government attacks using integrated

third-party proxies and government cyber forces

J. Healey, “Beyond Attribution: Seeking National Responsibility for Cyber Attacks,” Atlantic Council, 2012


•


Threat

TIME

Number of Threats

Capa

bilit

y

Script Kiddie

Hacker

Hacktivist

Crime Sponsored

State Sponsored

TIME

TIM

ENowNow

FutureFuture


Adjusting to New Forms of Warfare


“The People Problem”

• Higher voluntary outflow (VO) rate from technical roles

• Conventional military posting mechanisms presents challenges

• Very high level of technical competence requires significant training – need individuals to be capable ‘right off the bat’


The Requirement• To Seek ‘latent’ ability not pre-existing knowledge

• Recruitment− Select the very best from a wide pool across Defence− Objective standard for employment in a Joint Cyber Unit− Support existing selection processes− Manage talent in our workforce better

• Training− Find higher quality individuals with greater learning capacity

• Retention− Long term workforce management strategy; recruiting the most

passionate encourages excellence


CYBER Talent Identification:

The UK MOD Assessment Solution


Defence Cyber Aptitude Test (“DCAT”)

• AIM:− Identify the best personnel with the right aptitude, skills and

competencies to succeed in Cyber roles.

• OUTPUT:− Overall percentile score.

• CONTENT:− Test consists of several sections: Realistic Job Preview Cognitive Ability (Numerical & Verbal) Fault Finding Bridges Checking Behavioural


Social People

The Environment we ‘Live’ and ‘Work’ in is changing rapidlyThe ‘3 Layers of Cyber Space’

Cognitive

Virtual

Personality

Information

Physical

Network

Real


The New World of Data and Information


The Importance of Defence in the Cyberspace domainhas never been more important


Defence Cyber Aptitude Test (“DCAT”) Overview

• AIM:− Identify the best personnel with the right aptitude, skills and

competencies to succeed in Cyber roles. ‘Selector’ Format

Section ObjectiveRealistic Job Preview

Give a realistic expectation of role

Numerical Measures how well candidate reasons with numbersVerbal Measures how well candidate reasons with words and sentences

Error Identification Ability to Identify Errors quickly

Attention to Detail Measures ability to identify errors quickly and correctly

Behavioural Measures personal characteristics and preferences


Realistic Job Preview - A realistic expectation of role


Cognitive Skills CAT ( Computer Adaptive Test)Numerical Reasoning with numbers


Cognitive Skills CAT ( Computer Adaptive Test)Verbal Reasoning with words and sentence's


Error Identification - ability to identify errors quickly and correctly - identifying the wrong code in a sequence


Attention to detail - ability to identify errors quickly and correctly - identify number of errors between numbers in circles and lines


Behavioural Perspective for Cyber roles


Test Creation ProcessInterviews, focus

groups and mini test trial to determine “what good looks

like”

Analysis of results and

recommendation of trial test content

Creation of test content

Build of online trial test

Trial of all content wth Army, RAF,

Navy

Analysis of results and

recommendation of final test content

Build of online DCATTraining and launch of DCAT

Data collection period & analysis

Situational Judgement Test content created

Build of three new versions of DCAT

Roll out of new versions of DCAT

1

8

9

5

10 12

2 3 4

68

11


Candidate Experience


DCAT Administration• DCAT administered as a SaaS through the Assess

Platform• JPA Competence

• DCAT Pass threshold• Continually monitored normative sample


CYBER: The Way Forward


Future Challenges


DCAT Evolution

• FY15/16− Set up costs for test build only and use with individual licence quota.− Additional spend for:

Enhanced Cyber Intelligence Analysis Test (replaces RJP) Develop Individual Report Selectable Behavioural Test (removal allows DCAT to screen existing workforces)

• FY16/17− Develop ‘non-fail’ test for recruiting use at public awareness events

• Future: − Licenced sales through MOD Crown Commercial

MOD owns the bulk of the DCAT IPR Potential sales to allies at our discretion Commercial opportunity

innovative cyber talent spotting in an uncertain world @ uk mod

Presentations & Public Speaking