Building on top of 30+ years of experience in IT training and placing entry level server engineers and technicians, Cerco IT, in 2021, developed a programme to address the alarming shortfall in the UK’s Cyber Security talent pool.

According to the UK Government there is an estimated short fall of 10,000 Cyber Security
professionals per year in the UK recruitment pool.

The phantom menace

Perhaps when we think of ‘hackers’ we conjure an image of a socially awkward teenager in a dark room, dressed in a hoodie and surrounded by glowing monitors. To a certain degree this may be accurate but the problem is much worse than this somewhat simplistic, almost romantic vignette may suggest.

The greater threat comes from state sponsored activity that operates on such a large scale it is almost unfathomable.

Web sites present the most obvious vulnerability

Once upon a time it was important just to have a website. If you had the budget you’d hire a specialist web design agency. If you didn’t, or, worse still, you considered it a mere gimick to keep up with, you may have handed responsibility to your nephew in his bedroom. As eminently capable as either of these developers was they couldn’t have foreseen the threat that lay ahead which in turn didn’t accurately inform them of the correct technical decisions to make.

Regardless of the underlying technology, many websites have developed and evolved over the last 20 – 25 years to the point where they require teams of people to maintain. Server technology evolves as do network capabilities and encryption methods. But sat beneath many websites is a code base that hasn’t been overhauled in years. To a hacker with determination these websites are little more than playgrounds.

Sensitive data may be residing within insecure databases whose front door is left wide open by poor coding. User input via a web form may be injected straight into a database query with little or no sanitisation. This was quite common 20 years ago but in 2022 it is unforgivable.

A perfectly viable question to ask is, how well do you know your website and its underlying technology?

But a far more damaging question would be, how well does a hacker with nefarious intent know your website and underlying technology?

Communication breakdown

If you were so inclined you could construct a diagram that illustrates exactly how information is handled on your network. This may be a network local to your business premises (LAN) or a wider network that links numerous premises (WAN). Ideally of course you would already have this diagram and would review it periodically for improvement and maintenance purposes.

This visualisation is precisely what a hacker is attempting to achieve. Where are your weaknesses? Where might there be a hub that requires configuration? e.g. a firewall.

Requests that are routed through your network may not have always come from a legitimate source. With the correct tools and a keen eye you can respond to such threats. But far better is to identify the weak links in your network configuration before anyone from the outside has had chance to exploit them.

To a hacker bent on maximum disruption a vulnerable network is as good as the door to the bank vault blowing freely in the wind.

A solution

Unsurprisingly the attack methods that we have touched upon have numerous names. Collectively we refer to this scenario as the attack or threat surface. Essentially, where can I gain access to your system and wreak havoc.

Each of these nefarious attack methods is a form of penetration and the discipline of identifying vulnerabilities is known as penetration testing.

Penetration testers are a huge part of the 10,000 per year shortfall in the cyber security talent pool.

At Cerco IT we take candidates from all walks of life with a background in IT and passion for security and train them to be penetration testers.

Many of our trainees have worked with us before as Field Service Engineers. Many have come to us from employers looking to strengthen their security teams. And many have come to us from a position within the UK Armed Forces. In fact our relationship with numerous Armed Forces charities and our recognition as a Silver Covenant Award winner for our commitment to those leaving service is something were are immensly proud of.

Via our training partner, Merimetso, themselves former GCHQ employees, we train our candidates to the CyberScheme standard. Specifically, the CyberScheme Team Member standard.

Our fully trained and passionate penetration testers already posses numerous skills and accreditations. Here are just a few:

• EC-Council Certified Ethical Hacker certification
• All legal aspects of Ethical Hacking
• Kali
• The pentester’s toolbox: NMAP, Metasploit, NetCat, SQLMap etc
• The OSI Model, TCP/IP and UDP, wireless networking
• CompTIA Network +, Pentest +, Security +
• Military Threat Intelligence
• Microsoft MTA: Security Fundamentals
• Windows Server Administration Fundamentals
• Azure Data Fundamentals
• Python, C, C++, PHP, JavaScript
• Prince2 Practitioner
• Relational Database Administration (Oracle, Microsoft)
• Cerco Certificate in Systems & Networking (CCSN)
• Windows, Mac OS and Linux operating systems

Next steps

If you are looking to strengthen your Cyber Security team and are interested in hiring hungry and freshly trained talent with today’s crucially relevant skills, please do contact us.

We’d be more than happy to schedule a call with you either via a traditional landline or through MS Teams.

You can read more about our Cradle to Cyber programme within our brochure.

We hope to speak with you soon and help you protect your business from the phantom menace.