UK Companies Facing Cyber Security Staff Shortage

Bruce66423 writes: According to a recent survey of recruitment agencies, 81% expect a rise in demand for digital security staff, but only 16% saw that the demand would be met."

Resorting to 'neuro-diversity' [...] "We were originally plucking people from IT and bolting skills on but we changed our entire recruitment policy including targeting different kinds of people," said Rob Partridgeat BT Security. "One area we've looked at is neuro diversity. We know, for example, that some people with Asperger's are highly suited to cyber but don't always have good communication skills so we changed our approach to the way we source and interview candidates.

Easy solution:

[Gravis+Zero]

Pay people what they are worth! If you only offer people peanuts then you aren't going to get a warm reception.

Re:Brexit

[AHuxley]

Its in the "different kinds of people" news.

Why cant the UK and Ireland educate their own students to some "different kinds of people" standards and fill the few advanced Cyber Security jobs and many technical support jobs?
For the very average Cyber Security work just use vocational education so people can swap out server hardware, use the GUI and enter the command lines they are told.
Cover both the top end and ow end of computer education rather than early computer education. Support the people who want to use computers don't just fill every class room with new computers every year.
The very average students don't learn and the a low budget for university education takes away from the good students who can be educated.
No migrants with issues needed if a nation can educate it own in a good university setting and offer technical training.

Re: Brexit

Leaving the EU wasn't about stopping all immigration. It was about the UK regaining full control over its immigration policies, rather than letting distant, unaccountable EU bureacrats control such matters. The citizens of the UK are fine with letting certain people into the nation, if these people can contribute positively. What isn't wanted are third-worlders who want to leech off of the UK's social programs without contributing anything of value, for example. I know your kind on the political left want to make this matter all about 'racism' and your other buzzwords, but the reality is that there are far more practical reasons for the UK to control ots own immigration policies without interference from distant, foreign bureaucrats.

Re: Brexit

[AHuxley]

A good guest worker system that only brings in people from nations with functioning governments would be a good start.
Some type of points system before the guest worker is allowed into the UK to work on cyber security?
Speak english? Get some points.
Educated? Get some more points.
Healthy and can pass a medical examination? Get more points for not been a burden to the UK medical system on the first day. No transmitting infections.
Can do the job they get offered? Get more points for having an education that is accepted in the UK.
Understand they go back to their own country after that job ends.
No criminals.
Once a person can show they are educated, have needed skills and are not sick, then consider them for short term work to cover cyber jobs that cant be filled.
When the work is over, they return to their own nations again.
Will fit into UK culture and is of good character. No past issue with a faith that demands the UK submit to their faith.
A win for the UK. A win for a good person who is not sick, not a criminal, has an education that is ready for work in the UK.

That's the problem, not the solution

[raymorris]

> vocational education so people can ... use the GUI and enter the command lines they are told.

The PROBLEM is that admins and programmers follow a set of instructions that might have been okay for one situation, without understanding and carefully considering the ramifications for *their* situation, on *their* network, considering *current* threat trends. Often they get the commands to enter or the GUI buttons to click from sites like Stackoverflow or Serverfault. The answers on Stackoverflow might more or less answer the question and might more or less work, they do turn on the requested function.

  If you don't fully understand what you're doing though, and what "enabling RPC" actually means, that's when you create a giant security hole.

What makes hacking "hacking" is precisely that's it's outside-the-box thinking, coming up with how to leverage things in ways nobody intended. Information security thinking is precisely the opposite of following a standard checklist. It's all about finding the "cheat", not following the rules.

There certainly IS a role for people with basic IT knowledge. Mostly working under someone with advanced IT knowledge with their work reviewed by a security professional. The security person should be a devious, clever type who comes up with ways to get around the rules.