The continuing progress of the digital revolution has given rise to increasingly sophisticated cybercrime and a growing need to strengthen information security in fields beyond those previously envisioned as under threat. Japan, however, suffers from a marked shortage of personnel who are able to manage information security. In response to these pressures, NRI SecureTechnologies (NRI Secure) hosts an annual security contest aimed at young people. Two members of the Cyber Security Education Service Department who are involved with managing the contest sat down with us to discuss the importance of giving young people experience in cutting-edge information security.

An Opportunity to Experience the Latest in Information Security in a Game-Like Setting

On August 17, the “SANS NetWars Tournament 2018” security contest was held in Tokyo’s Akihabara district. Targeted at students, this contest has been held annually by NRI Secure since 2014 and allows participants an opportunity to compete in a game-like setting to solve information security problems in a CTF (Capture the Flag)* format. “The contest began from the idea of giving young people a chance to experience the latest in information security in the hope that this would help deepen their interest in the field, even if only slightly,” says Kengo Ueda, who is involved with the contest’s operations.

Japan Has A Shortage of Information Security Personnel

Recently in Japan, the lack of personnel who are engaged in information security fields has become a more serious problem. According to the “Findings of METI’s Study of Recent Trends and Future Estimates Concerning IT Human Resources” published in 2016 by the Ministry of Economy, Trade and Industry, as of 2016 there were approximately 280,000 information security personnel in Japan, making for a shortage of 130,000 workers. By 2020, the number of information security personnel will increase to 370,000, but the shortage will increase as well and is projected to reach almost 200,000 persons.

The “NRI Secure Insight 2018” survey conducted by NRI Secure likewise found that “86.9% of Japanese companies have too few information security personnel”. Ken Sato, the General Manager of the Cyber Security Education Service Department, describes the situation.

“They are broadly categorized as information security personnel, but they include engineers, network analysts, consultants, and others in various specialized fields, and the labor shortage is making itself felt in all of those areas. Not only in companies that are specifically focused on information security, but in ordinary companies as well, there is a shortage of personnel who can manage information system risks and assess information security from a managerial standpoint.”

The Significance of Providing a World-Class Training Program for Students

NRI Secure has been focused on the need for information security personnel for some time, and has put in place specialized information security training programs and other similar offerings. One of those programs is SANS Security Training. Developed by SANS Institute, a world-class security research and training organization in the United States, this program is able to provide concentrated training over a period of a few days. At NRI Secure, the program has been provided mainly to members of the workforce, including information security officers and system managers.

Ueda explains the purpose of holding the contest as follows. “The standard program consists of training and a tournament in which participants compete with each other in a test of their techniques. The ‘SANS NetWars Tournament’ offers the tournament portion of the program to students at no cost. The standard program requires a lot of time and money and can be inaccessible for students. With that problem in mind, we isolated the parts of the program that allow for an experience of the world of cutting-edge information security and of the kinds of knowledge and skills required in that world, and created a contest out of those parts. Through the contest, our aim is to show students the depth and the appeal of the information security world.”

Contest Participants Come from All Over Japan

Most of the participants are university students, graduate students and trade school students from around Japan, but there are some high school students as well. Ueda notes that, even though the contest was not highly publicized, “for our first event, in just several days after a notice about the tournament was made, we had more applicants than the 100 spots offered”.

The participants come from many backgrounds and levels of experience, from newcomers to information security to students who have participated in multiple security contests in different regions.

“We haven’t been exhaustive about assessing all of our participants’ reasons for participating,” says Sato, “but when you look at the surveys you see that they find significance in the opportunity to learn about security from the basics onward. We’ve had a lot of repeat participants, and many of them tell us they want to recommend the contest to their friends and acquaintances. Our goal in organizing the contest is to grow the ranks of Japan’s information security personnel, and to deepen interest in this exciting field. We believe we are achieving this goal.”

Teaching the Social Responsibilities that Come with Involvement in Information Security

On the day of the event, before the contest began, a police officer from the National Police Agency Japan Countermeasure against Cybercrime Division took the stage, explained the current realities of cybercrime and the types of acts that constitute unlawful conduct, and made an appeal stressing that roles and positions that can take charge of information security fields will continue to have more and more importance going forward.

“Cyberattacks are becoming more sophisticated,” Sato says, “and the need for competent personnel has started making itself felt in fields that had not been information security targets previously––for example, control technologies for blockchain, smartphones, and IoT. Going forward, we predict that it will be very important for workers to have broad knowledge and deep understanding of various information security fields.”

As it looks to the future, NRI Secure will continue to strive to cultivate information security personnel with a broad range of perspectives, and to take the lead in creating a safe society through IT.

* CTF（Capture the Flag）
General term for contests in which participants compete over information security knowledge and techniques. Participants solve problems in a quiz format and take part in quasi-battles within networks, among other activities.