Slashdot Mirror

← Back to Stories (view on slashdot.org)

Security Talent Shortage Hits Cybercrime Groups, Too (csoonline.com)

Posted by BeauHD on from the minimum-wage dept.

itwbennett writes: A report released today by Digital Shadows finds that cybercrime organizations "face many of the same hiring problems as defending security organizations, but with their own particular twists," writes Maria Korolov. In particular, the groups are finding a shortage of qualified candidates for jobs such as malware writers, exploit developers, bot net operators, and mules. But, unlike legitimate organizations, "cybercriminals are limited in their ability to properly vet new hires, to widely advertise for needed talent, and to find people who are both trustworthy and are willing to break the law," writes Korolov. One thing the criminals have in common with defending organizations: entry-level skills are the easiest to find. This is one reason why many attackers use simple tools and attack methods.

5 of 40 comments (clear)

  1. Maybe they can take the H1b's! by Joe_Dragon · · Score: 4, Funny

    Maybe they can take the H1b's!

  2. Small pool of talent by rmdingler · · Score: 3, Insightful

    ...find people who are both trustworthy and are willing to break the law.

    It is also difficult to train a hunting dog to bring you ducks but leave the chickens alone.

    You can do it; just remember that dogs are much easier to train and far more loyal than their human counterparts.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  3. Re:Who is sucking up all the top talent and why no by Euphorinaut · · Score: 4, Informative

    The demand is just growing faster than the supply. More things in the world are connected and therefor vulnerable, while most organizations won't start pretending to take security seriously until something bad happens.

  4. Cybercrime needs a stable Windows base by Applehu+Akbar · · Score: 3, Funny

    Cybercrime has gone through a rough patch recently because of the fragmentation of its OS base. So many users still on XP, and the higher-end users cycling rapidly through Windows 7, then 8 and 8.1, and now 10. As soon as the majority of users can be migrated to 10 as Microsoft intends, cybercrime will be off and running again.

  5. nature of things? by umghhh · · Score: 3

    There have been many different things proposed of which many are valid but what about this that I experienced first hand few times in different areas: you outsource as much as you can leaving only the system architects and some other key jobs in house. Theya re competent and well paid. After a while these key staff loses its fresh experience with the stuff they make but more importantly the normal way of raising among the ranks to become a key staff member is not possible anymore - we hire only experts and gurus that also know our systems well enough - guess what - the paths leading there are not possible anymore as bottom of the pyramid is 'in the cloud'. Other interesting side effect is: the bottom of the pyramid people are not going for the best of technical choices as there is no point - the architects of our own company are only one of the many customers. Looks like win win to me...