Blog post

CyberUK by the numbers

Created:  24 Mar 2017
Updated:  24 Mar 2017
Author:  Ian Levy
Part of:  Skills and training
An artist's impression of the key themes of CyberUK 2017

Input metrics are a piece of cake. It’s easy to measure how much effort we’ve put into something and claim a win because we worked hard. But we should really be looking at output metrics too - the numbers that tell us how close we've come to achieving a goal.

For CyberUK, I think we can be proud on both counts. The team – across public and private sector – worked incredibly hard to deliver a conference that was free for the public sector to attend yet cost the taxpayer not a penny. And the curated technical content at the show had a low enough snake oil quotient that it could actually help the attendees provide better security for their organisations.


Figures to marvel at

Using the #CYBERUK17 hashtag, we had over 700 tweets, from more than 400 users, reaching 1.3 million individuals. In total, this content was viewed 2.2 million times. The 80,000-plus unique visitors to our website over the 3 days were treated to 17 new CyberUK-related blog posts. 

170 speakers helped us deliver 39 hours of high quality content over 4 streams to over 2000 delegates. 12 small companies competed in our Dragons’ Den, organised with DCMS, and 4 will be working with the NCSC going forward. And (pause for breath) surprisingly for a government security conference, there was even mainstream media coverage, including 8 broadcast pieces. 

Ian Levy at the CyberUK 2017 panel


Our community

There’s a lot of numbers there, but they all work towards a single goal: making the UK the safest place to do stuff online. This is the headline ambition of our National Cyber Security Strategy (NCSS), a purposefully and unashamedly ambitious project.

The NCSC is a focal point for actions and ideas which feed into the high level goals of the NCSS, and we may even act as a forcing function occasionally. But, there’s no way we can deliver that strategy by ourselves. We need to build a community of professionals (of all flavours - not just traditional techies) to collectively deliver that strategy. Now is the time to do that.


People power

The theme of the conference was ‘People – our strongest link’.

In her opening keynote, Emma W talked about how listening to people and taking their needs into account can help organisations do better security. I think we can apply that concept at a national scale. The deciding factor in whether we actually manage to make the UK the safest place to do stuff online, isn’t a piece of technology. It's not a new standard or magic pixie box either. It’s whether we, as a community, can come together behind a common cause and work together.

I don’t mind if our adversaries win because they’re better than us [OK, I do mind]. But I really mind if they win because we’re collectively too daft to pull together.

Happily, for me, CyberUK17 saw the start of that community-building effort.


Code of conduct

That’s not to say there weren’t things to improve on from the conference. There were times when some of our delegates felt excluded or uncomfortable because of the actions of others.

In my closing session, I threw out a call to arms. Let’s make the cyber security industry an exemplar for diversity and inclusion – because, let’s be honest, it sucks at the moment.

The start of that journey is a community code of conduct. We need to come together and describe what this community is going to be like – what’s acceptable and what isn’t, what sorts of sanctions apply to various unacceptable behaviours. And we need to start discouraging behaviours and attitudes we won’t accept.

I’d like to quickly get to a standard we can all get behind and then have us publicly sign up to it, on the road to making it mandatory for working with the NCSC (and, I hope, other organisations in the sector). If you’re interested in helping out, please email and let us know. We’ll try to do everything virtually, so it shouldn’t be a huge burden. You can also use that address to let us know when our staff perhaps haven’t maintained the standards we aspire to.

We’ve spent years talking about how to improve diversity (race, gender, neurodiversity etc) in the sector. Now’s the time to actually *do* something about it. All the pipelines of new talent we’re building will be for nought if we don’t have a welcoming and inclusive community for this new talent to explore.


To one and all

Finally, I’d like to thank everyone who helped make CyberUK17 a success. The events team and venue staff, the NCSC Technical Directors who curated the content, the industry sponsors, DCMS for making the Dragons’ Den real, all the exhibitors who came with the right attitude. The Spotlight Stage speakers (that’s a hard gig – respect to you all!). But most of all the delegates. Thanks for your effort, sharing your expertise and your engagement. It’s ironic that they’re all input metrics. Let’s open CyberUK18 with some outcomes that we can achieve together!


Ian Levy

Technical Director, NCSC



Peter - 26 Jul 2017
The danger with metrics Ian is that you can make the measurable important and forget what is really important because it is difficult to measure. Don't fall into the trap other government departments have.
Scott - 25 Sep 2017
The technology is usable, it's regretfully due to other parties that want to subvert "Standards" whilst inserting weaknesses. Simon & Speck etc. The scale of the problem that wont just vanish can be seen clearly on & the laughable way in which certain parties even now through contractual obligations are inserting flaw's into various aspects of the technology rendering it unusable (systemd).

Perhaps what is laughable is that these parties through there actions are bringing global war between the "Communist" regime and the "Democratic" right, by failing to understand that they have been caught violating there "Security" mandate and in effect helping "Larger" corporate entities evade TAX legislation to the tune of "800 Billion Dollars" of misappropriated funds and all so they could break and violate standards in a "Better" way.
NCSC Communications Team - 29 Aug 2018
This blog is now closed to comments.

Was this blog post helpful?

We need your feedback to improve this content.

Yes No