Interview: Paul Dorey, Royal Holloway University

Among those inspiring the next generation of cybersecurity superstars are those within the universities, teaching and training on a broad range of subjects.

One of the leading universities for cybersecurity is Royal Holloway, whose visiting professor Paul Dorey recently spoke with Infosecurity about what the current crop of students were looking for.

“Royal Holloway has got this year the first GCHQ-assessed cybersecurity relevant computer degree; it is a BSC with large cybersecurity component that is approved by GCHQ,” he said. “Historically there has been a computer degree and students take the masters to specialise in cybersecurity.” He explained that by the time they are taking the masters course, they are definitely seeing a career option in cybersecurity as “you don’t get people saying ‘I’ve no idea why I’m here’ as there is a very high number of applicants.”

Royal Holloway University launched the information security group in 1990, and the MSC course started in 1992 and has now trained more than 4000 students. Dorey said that this year, the MSC intake is 38% up, which amounts to more than 300 people.

Dorey explained that he started as a visiting professor whilst he was working at Barclays. The mission of the information security group was to couple academia to commercial and government, as “you want to keep close to those two communities and because I was close to the lecturers, I wanted to give commercially-relevant lectures and they were very popular with the students.”

Of the students that he taught, some were mature and were going in with a business knowledge, and there were those who were coming out of their first degree and would ask a lot of business questions.

Asked if he sees a positive attitude to learning about cybersecurity, Dorey said he does as students are “full of interest and gone past the barrier of it being seen as boring and geeky and now seen as a cool thing to do.”

So what kind of things is the masters course actually teaching? Dorey said: “The MSC has technical components where they have a lab and they can run attack simulations and detection tools, and it has some fundamental theory on cryptography and smart architects.

“I lecture on governance and we combine it with architecture and it applies to the philosophy of process and measurement.”

The other area that Dorey was keen to talk about, as it also falls within his teaching, is the Internet of Things. He said that this is now being taught for a third year “and it is about what is the issue, who owns it, what is a good approach to managing it and how is it different from managing IT.” He explained that his focus is on fixing the problem, whilst guest lecturers focusing on breaking IoT.

Dorey is also chairman of the IoT Security Foundation, and he said he can teach students the best practices that are being learned in the foundation, and the foundation can learn about what different skills will be required – so it is mutually beneficial.

“Royal Holloway is at an advantage as we had the smart card setup and if you look at IoT, a lot of it is about looking at the devices and setup and understanding what can be trusted, and provisioned in large quantities.”

Following a blog we published on the reality of finding suitably skilled IT teachers, Dorey was asked about what sort of students he is seeing. Dorey, who has also given lectures at Cranfield Defence Academy, and is a visiting lecturer at Portsmouth University and also works with Royal Holloway University’s PhD students, said that some of the masters students are mature and some straight out of the first degree, while some start with a degree in politics and move over, as you will need to lean about the technical, process and psychological pieces. “It is a broad spectrum, but usually the maths and the crypto scares people, but that is only part of the course.”

The issue of diversity also remains a sticking point, and Dorey said that while the UK cybersecurity sector is 91% male, the student ratio is 80% male, “so we’re going in the right direction.”

What’s Hot on Infosecurity Magazine?