Earlier this year, we learned of the impending closure of the Cyber Security Challenge (CSC). We later spoke with those involved in its founding and operation, as well as past participants.

However, I knew that the story of training the next generation of cyber practitioners wasn’t over — there was still much more to be achieved. Since publishing those articles, I’ve made a concerted effort to connect with those actively working to train, encourage, and upskill individuals seeking a career in cybersecurity.

Future Leaders

One of my first stops was in April at the BT Tower, where I attended the final of the Cyber Leaders Challenge. This initiative gives teams of students the chance to experience a live cyber incident scenario and prepare responses, which they then present to industry leaders and their peers.

Rob Black, Director of the Cyber Leaders Challenge, explains the goal is to “overwrite the bias that cyber has to be about tech.” Instead, the challenge focuses on recognising communication and leadership skills — particularly the ability to convey technical information to a non-technical audience.

Black describes the Cyber Leaders Challenge as a “dry test case,” giving participants valuable experience in a safe, supportive setting. After each presentation to an executive panel, students receive ten minutes of live feedback, while earlier rounds include written, qualitative commentary. This feedback helps participants develop both their presentation abilities and team collaboration skills. “It’s about giving them the safest environment to practise,” Black says.

Following in the footsteps of the CSC, the Cyber Leaders Challenge aims to build on its legacy. One of its core themes is ‘connect.’ Black explains: “Connect enables empowering and inspiring. They’re humanising the people they look up to — and connecting with them.”

At its foundation, the Cyber Leaders Challenge promotes community-based participation. “I don’t want them to be shy wallflowers,” Black says. “I want them to feel comfortable talking to anyone and everyone, regardless of which organisation they’re from.” His goal isn’t just for participants to walk away with a few new friends, but to feel connected to everyone in the room and to feel part of a wider community.

While the event SC UK attended did announce a winner, Black stresses that the competition is only one part of the experience. “I want the students to have a busy few days. I want them to come away exhausted — to go back to their libraries and sleep. But I also want them to have met everyone, to be interested in everyone, to come to the after-party with us. That’s how they’re going to network. That’s how they’re going to learn.”

Citing the DSIT survey, Black notes that leadership skills are consistently highlighted as essential but are often overlooked in favour of traditional ‘cyber training’. Yet cyber leaders must work at board level, “to influence, persuade, and communicate.”

“They work across teams responsible not just for technical problems, but for change management and helping organisations foster a cyber-savvy workforce. They must manage risk, uncertainty, and classification — and that’s far more than just technical interpretations.”

That’s why the Cyber Leaders Challenge addresses real-world challenges. “The profession is more complex than simply dealing with technical issues,” Black says. “What we’re dealing with is, by default, complex — and solving those problems requires a multi-disciplinary approach.” Leadership, soft skills, and human-centric thinking are essential. “Those different perspectives challenge each other and bring novel solutions.”

Black warns against the allure of “cool, shiny, technical cyber things,” and the persistent image of “hoodie-wearing hackers.” While the visual appeal is clear, he believes we need to shift the narrative. “Not to professionalise it — that’s the wrong word — but to recognise the breadth of cyber, and the opportunities it holds for people from different backgrounds who can think about complex problems and help solve them.”

The Cyber Leaders Challenge launched with 66 teams in regional qualifiers. Initially partnered with the U.S. Atlantic Council, it now runs independently, shaping future events in consultation with its stakeholders. Black is ambitious to grow the Network further — working with more universities, and evolving beyond a single event into career days, workshops, and more. “Universities focus on academic education,” he says, “but this gives students experiences that complement and enhance what they’re learning.”

Threat Hunting Exercise

Soon after the Cyber Leaders Network final, I was invited to a hackathon event in Central London. While we've just discussed soft skills, technical skills remain just as vital — especially in detection and response.

This event, named Defending the Core, was aimed solely at UK government SOCs. Organiser Philip Blake explained that this was a way to bring in the government sector, as industry and academia had already been addressed elsewhere. “It’s UK Cyber Security Challenge but for government SOCs,” he says.

Blake said their team had identified nation-state attacks as the primary threat and designed a realistic threat-hunting scenario simulating attacks on London. “The idea is to align with the National Cyber Security Strategy and the NCSC’s ‘defend as one’ initiative,” he says. “If people walk away and later call each other to ask, ‘Are you seeing this?’ — then we’ve done our job.”

While some SOCs run exercises regularly, Blake noted this event was designed for departments that don’t always get the opportunity. “It was a blanket invite to all government departments,” he says. Teams from DWP, FCDO, and a CyberFirst group all took part.

Importantly, many of these professionals — despite facing the same threats — had never met before. The teams collaborated while red team operators launched attacks. “This is high pressure — it’s one day, work as a team, find the threat — but it’s also an environment where you’re allowed to fail.”

The event welcomed participants of all levels. Some saw it as a chance to expose junior members to a high-pressure environment. But even more experienced staff benefited. “They might feel they’re contributing nothing,” Blake says, “but they’re often bringing critical behavioural insight to the team.”

Exercise-Based Model

Another initiative I was told about was the Cyber Million programme from Immersive Labs. Kieran Rowley, Immersive’s Director of Community, described it as an exercise-based, skills-first platform — enabling users to demonstrate existing transferable skills or learn new ones through hands-on labs.

Participants can work at their own pace, from anywhere, showcasing their cybersecurity skills to potential employers. With 200 defensive labs — covering skills such as packet capture and log analysis — the aim is to get one million people into entry-level roles over the next ten years. Candidates can apply for jobs with Cyber Million employment partners only after completing all the labs.

The initiative seeks to shift focus away from degrees and certifications. Rowley says the current emphasis on formal qualifications excludes qualified early-career and diverse candidates. It also deters mid-career professionals who may lack credentials but bring valuable experience. “It’s absurd that an industry with a well-documented skills shortage continues to overlook genuine talent just because they haven’t taken the ‘right’ exams.”

He argues for a focus on creativity, critical thinking, and a willingness to learn. “Technical skills can be taught. But we need to place greater emphasis on encouraging individuals with the right aptitude.”

Fifteen years after the formation of the Cyber Security Challenge, this is where we find ourselves in 2025. While many skilled professionals emerge from academia, programmes like those discussed here provide more well-rounded candidates. If the cyber skills shortage is to be addressed, the foundations are already being laid to support the next generation of cyber professionals.

Dan Raywood

Dan Raywood is a B2B journalist with 25 years of experience, including covering cybersecurity for the past 17 years. He has extensively covered topics from Advanced Persistent Threats and nation-state hackers to major data breaches and regulatory changes.

He has spoken at events including 44CON, Infosecurity Europe, RANT Forum, BSides Scotland, Steelcon and the National Cyber Security Show, and served as editor of SC Media UK, Infosecurity Magazine and IT Security Guru. He was also an analyst with 451 Research and a product marketing lead at Tenable.