Slashdot is powered by your submissions, so send in your scoop


Forgot your password?
United Kingdom Businesses Security

UK Companies Facing Cyber Security Staff Shortage ( 138

Bruce66423 writes: According to a recent survey of recruitment agencies, 81% expect a rise in demand for digital security staff, but only 16% saw that the demand would be met."

Resorting to 'neuro-diversity' [...] "We were originally plucking people from IT and bolting skills on but we changed our entire recruitment policy including targeting different kinds of people," said Rob Partridgeat BT Security. "One area we've looked at is neuro diversity. We know, for example, that some people with Asperger's are highly suited to cyber but don't always have good communication skills so we changed our approach to the way we source and interview candidates.

This discussion has been archived. No new comments can be posted.

UK Companies Facing Cyber Security Staff Shortage

Comments Filter:
  • Easy solution: (Score:4, Insightful)

    by Gravis Zero ( 934156 ) on Monday December 25, 2017 @07:09PM (#55806247)

    Pay people what they are worth! If you only offer people peanuts then you aren't going to get a warm reception.

    • you need a stable, well funded working class to have children and an education system to train them. Those things are really, really pricey. On the other hand in a dog eat dog economy some folks are bound to make it through sheer force of will, good genetics and dumb luck. Hence the relentless push to bring in labor from overseas. Let somebody else pay the costs to train the next generation of employees, both the economic (food, shelter, schools, etc) and social (e.g. that dog eat dog capitalism again).
    • by Cederic ( 9623 )

      Most cyber security 'specialists' wouldn't work for what they're actually worth.

      It's an industry filled with bureaucratic idiots and pretty much everybody competent that I've met in it has a broader skillset that could get them a number of roles.

      In that regard this company is doing the right thing. Find people with aptitude and get them up and running on it.

      On the flipside, 90% of cyber security is people skills. Oops.

  • by Anonymous Coward

    Posting AC. I worked with a developer who told me the following:

    "There is a reason why you don't find people interested in cyber security. Companies don't want them, because security has zero ROI."

    "After years in DevOps, I will happily have my code run as root or require admin rights on Windows, if it gets the job done. Security isn't something I will give a care about, ever. Mainly because if a company gets sued for my insecure code, their lawyers handle it. If I don't make my deliverables, I get fire

    • by AHuxley ( 892839 )
      The only ROI is for the GCHQ, MI6/5. They take generations of skills and now offer good pay, advancement and housing. People like that have the backgrounds and paperwork to prove they are loyal to the UK.
      The private sector can use a lawyer like person to cover for many random workers globally with no loyalty to the UK.
      Why hire 50 people from the UK to work on a project who can pass UK security when 1 UK person can sign for the work of 49 low cost foreign workers?
      The paperwork is done to some needed lev
    • You want to know why people don't want to work in cyber security and why you can only get autists with zero interpersonal skills? Because anyone with interpersonal skills wouldn't stomach working in that field for long.

      If you come into a packed cafeteria and on a table there are two people sitting by themselves and they, too, don't even look at each other, you found internal audit and itsec. You're about as well liked as athlete's foot. And if your coworkers could shoot their boss who drives them from crunc

      • by AHuxley ( 892839 )
        Re 'wouldn't stomach working in that field for long."
        The GCHQ had to study staff problems from the 1950-70's. It took the GCHQ two decades of intensive study to finally work out how to get and keep the best experts.

        A really good wage, nice location for living in UK and the best working conditions.

        The rate of sale of UK secrets to the Soviet Union and Russia also decreased with better wages and conditions. Troublesome activist union membership was reduced for the better too.
        Security and cyber sec
        • Another reason you want to hire autists. They don't subscribe to strange, deranged ideas like national pride, religious ideas or other bull like this. I work for whoever pays me. I'm not loyal to my home country, there is no logic in such behaviour. I'm loyal to my employer. My employer exchanges money for the work I provide. It is sensible to be loyal to someone like this, as long as this arrangement continues.

          It's also pretty hard to bribe me. It's been tried before, usually with money. I have enough mone

          • by AHuxley ( 892839 )
            +1 for "Some people just want to get their work done." With some work and a lot of resumes and CV detail really good people can be found.
          • by Cederic ( 9623 )

            Another reason you want to hire autists. They don't subscribe to strange, deranged ideas like national pride

            That's an interesting assertion. I can provide a contradictory example, but have no idea whether it's you or me that's going against type here.

            I do though agree that bribery and blackmail just aren't going to work. Not a hope in hell.

      • by Cederic ( 9623 )

        Not sure where you live but in the UK good information security people are highly valued and greatly appreciated.

        Maybe it's the industries I work in though - financial services and related sectors don't fuck about with information security because the information is actual money.

        Someone that can articulate in simple terms the security challenges that require resolution and also propose affordable effective approaches can pretty much name their price, and will immediately be treated as an equal by senior man

      • At least where I'm at, we are working on changing that image. The risk team I'm part of is embedded fairly early into the SDLC and we are a hard gate at several points so that projects hopefully don't move too far forward without our input into security. I have one particular manager of a developer team that I have a really good relationship with. Part of it is that I pretty much drop everything to help his projects meet our security requirements. I know he has talked to others about how security isn't
    • by Salgak1 ( 20136 )

      Want real security? Pass regulations that actually put some serious pain on a company, like the GDPR. Assuming the GDPR will be enforced and companies start being fined percentages of their revenue, not made into a toothless law like SOX, HIPAA, or other items which at best, might be used against a fall-guy worker.

      Actually, hold corporate officers and the management chain PERSONALLY liable for lapses in security. Suddenly, an ROI will erupt from the ether. . .

    • by Cederic ( 9623 )

      "After years in DevOps, I will happily have my code run as root or require admin rights on Windows, if it gets the job done. Security isn't something I will give a care about, ever.

      I'm a nightmare for developers like this - I have the ability to spot the lack of security and the ability to halt a project until it's there.

      That's not my job, and technically I don't have the authority to put the brakes on a $100m project. In practice I'm often in a position to spot this stuff, people come to me because they know I'll act, and I've yet to meet a CIO that'll say, "Nah, fuck it. Go live and damn the consequences."

  • How much did the UK waste on computer education for all with its BBC Micro [], Dragon [] and other attempts at generational computer education?
    With so much money put into the early use of computers, generations should be computer ready by 2018?

    Did the education system discover that very average students stay very average even after using a computer for many years?

    That money could have been put into university math and CS. The very best coul
    • by mikael ( 484 )

      You haven't heard of the company called ARM? The money invested by Acorn into the BBC Micro and the associated training programs, helped to develop ARM CPU architecture that went into mobile CPU's, GPU's and the entire ecosystem. []

      "The Tube interface allowed Acorn to use BBC Micros with ARM CPUs as software development machines when creating the Acorn Archimedes. This resulted in the ARM development kit for the BBC Micro in 1986, priced at around £4000."

    • by Bert64 ( 520050 )

      Because they wasted it...
      They bought computers, but didn't train the teachers how to use them properly.
      They used them to run mundane programs designed for teaching other subjects (poorly), no attempts were made to teach anything about the computers themselves. Attempting to program them yourself was forbidden, as was running any of your own software on them or trying to modify anything.

      • by mikael ( 484 )

        That's very true. Before this project, our school computer lab consisted of a couple of Apple 2 computers. Due to some politics, one of those was moved into the library under instructions of the principal to make computing more "accessible" to students. By the time I left, they were just installing their network of BBC model B's into the computer lab room. The course syllabus would still involve teaching flowcharts and the fundamentals of BASIC programming. One week it would be INPUT keyword, another week I

        • by Bert64 ( 520050 )

          You were lucky that you were even allowed to use BASIC...
          We were shown how to load a few educational programs from floppies, and how to use those programs etc... We had a simple ecosystem simulator, a simple word processor, a simple drawing program, a glorified calculator etc...

          • by mikael ( 484 )

            That's what happens when local business gets involved with the specification of course syllabuses - they want office IT training, not Computer Science 101

    • by Cederic ( 9623 )

      The generation raised on the BBC Micro are all senior management now.

      It's the generation after that which has been let down and outsourced to India.

    • by mikael ( 484 )

      I see what you mean - in order to "make education relevant to the 21st century", the Conservatives gave local business the right to dictate what the school computer studies course syllabuses would be about - local companies didn't want programmers or software engineers, they just wanted IT training.

      • by AHuxley ( 892839 )
        That was the problem. All the education went to just putting random people in front of a new computer. Any new computer.
        The students got to copy type in a slow computer language only used for education.
        All that funding was moved from supporting university math, CS to paying for new school desktop computers all around the UK.
        Government support for production lines jobs to put computer parts together for "education" took university funds. A massive move of financial support from the university sett
  • You must be at least this autistic to work here.

  • So what we have, cyber security experts missing. May be its a lot more profitable being illegal, work for yourself, not being judged for color of skin or sex to have some one else blame you for mistakes of others. On other side of scale: incompetent people trying to catch you, just one out of hundreds? IMHO risk might be very calculated here...
  • by Ichijo ( 607641 ) on Monday December 25, 2017 @07:46PM (#55806389) Journal

    ...then you aren't really demanding anything. This is Econ 101.

    If demand isn't being met, it's not because you aren't willing to pay exorbitant rates, it's because you are legally prohibited from paying those rates to get what you want.

    What is legally preventing companies from hiring security professionals? The article doesn't say.

    Move on, folks. This is just propaganda to try to get the government to solve the private sector's problems at taxpayer expense!

    • by AmiMoJo ( 196126 )

      This. Wages in the UK are a joke at the moment. 50k for a "senior" developer in London. I can get a lot more than that in Europe, at least until Brexit hits.

      That's one of the main "benefits" of Brexit. UK companies don't have to compete on wages.

      • The comedy had increased. A number of the large American software companies, Google, Facebook, Twitter, Amazon, Snapchat, and some of the equally large Chinese ones like Huawei have set up shop in London and are paying competitive (by Californian standards) wages.

        British companies have responded by whinging.

        We've always undervalued engineers in the UK and it's a mindset that seems very deeply embedded in the government, too.

  • People with IT skills don't interview well. Film at 11.

  • As soon as people wake up and realize that capability based security can fix all of this, "computer security professional" will be about in demand as much as "computer operator" or "system administrator". I wish these folks so employed a nice 10ish year ride until it's over.

    So the prophecy is written, again.

  • There is however a shortage of security pros who are willing to work with sticks and rocks or not allowed to do their job.
    There is also a shortage of pros who are willing to work for 2 tacos a day.

    No one wants to be the fall guy for upper management that is not willing to go all in on security.
    Upper management will always blame the security guy after they get hacked even though upper management circumvented or was not willing to follow or back recommended security protocol.

  • I mean there are some simple and easy ways to increase security at any company. It boils down to not doing stupid things.

    However many people have been trained to do stupid things like using Office Software, which is one of the main dangers at any company.

  • Require businesses and media that reports this issue to follow every "Not Enough Qualified ______" with the obvious qualifier "For the Salary Offered."
    Then all of these stories make a lot more sense.
    America is currently throwing a fortune into "STEM". Because of the false claim of a shortage of workers when the real answer is a shortage of pay.
    All they are going to do is crash the tech economy when they flood the market with all the new tech workers that realize they can't make enough money to pay back debt

Any sufficiently advanced technology is indistinguishable from a rigged demo.