Slashdot Mirror
UK Companies Facing Cyber Security Staff Shortage (theguardian.com)
Bruce66423 writes: According to a recent survey of recruitment agencies, 81% expect a rise in demand for digital security staff, but only 16% saw that the demand would be met."
Resorting to 'neuro-diversity' [...] "We were originally plucking people from IT and bolting skills on but we changed our entire recruitment policy including targeting different kinds of people," said Rob Partridgeat BT Security. "One area we've looked at is neuro diversity. We know, for example, that some people with Asperger's are highly suited to cyber but don't always have good communication skills so we changed our approach to the way we source and interview candidates.
Resorting to 'neuro-diversity' [...] "We were originally plucking people from IT and bolting skills on but we changed our entire recruitment policy including targeting different kinds of people," said Rob Partridgeat BT Security. "One area we've looked at is neuro diversity. We know, for example, that some people with Asperger's are highly suited to cyber but don't always have good communication skills so we changed our approach to the way we source and interview candidates.
Pay people what they are worth! If you only offer people peanuts then you aren't going to get a warm reception.
Anons need not reply. Questions end with a question mark.
Posting AC. I worked with a developer who told me the following:
"There is a reason why you don't find people interested in cyber security. Companies don't want them, because security has zero ROI."
"After years in DevOps, I will happily have my code run as root or require admin rights on Windows, if it gets the job done. Security isn't something I will give a care about, ever. Mainly because if a company gets sued for my insecure code, their lawyers handle it. If I don't make my deliverables, I get fired, and a Deloitte guy gets my job. So, with the current market, hell with security. If it allows me to make my stuff, I'll happily leave a S3 bucket as public."
Needless to say, I left that company, but that is the norm, not the exception.
Want real security? Pass regulations that actually put some serious pain on a company, like the GDPR. Assuming the GDPR will be enforced and companies start being fined percentages of their revenue, not made into a toothless law like SOX, HIPAA, or other items which at best, might be used against a fall-guy worker.
How much did the UK waste on computer education for all with its BBC Micro https://en.wikipedia.org/wiki/..., Dragon https://en.wikipedia.org/wiki/... and other attempts at generational computer education?
With so much money put into the early use of computers, generations should be computer ready by 2018?
Did the education system discover that very average students stay very average even after using a computer for many years?
That money could have been put into university math and CS. The very best could have been supported at top universities for generations, ready for challenging Cyber Security jobs in 2018.
Domestic spying is now "Benign Information Gathering"
You must be at least this autistic to work here.
echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
Its in the "different kinds of people" news.
Why cant the UK and Ireland educate their own students to some "different kinds of people" standards and fill the few advanced Cyber Security jobs and many technical support jobs?
For the very average Cyber Security work just use vocational education so people can swap out server hardware, use the GUI and enter the command lines they are told.
Cover both the top end and ow end of computer education rather than early computer education. Support the people who want to use computers don't just fill every class room with new computers every year.
The very average students don't learn and the a low budget for university education takes away from the good students who can be educated.
No migrants with issues needed if a nation can educate it own in a good university setting and offer technical training.
Domestic spying is now "Benign Information Gathering"
Leaving the EU wasn't about stopping all immigration. It was about the UK regaining full control over its immigration policies, rather than letting distant, unaccountable EU bureacrats control such matters. The citizens of the UK are fine with letting certain people into the nation, if these people can contribute positively. What isn't wanted are third-worlders who want to leech off of the UK's social programs without contributing anything of value, for example. I know your kind on the political left want to make this matter all about 'racism' and your other buzzwords, but the reality is that there are far more practical reasons for the UK to control ots own immigration policies without interference from distant, foreign bureaucrats.
So what we have, cyber security experts missing. May be its a lot more profitable being illegal, work for yourself, not being judged for color of skin or sex to have some one else blame you for mistakes of others. On other side of scale: incompetent people trying to catch you, just one out of hundreds? IMHO risk might be very calculated here...
...then you aren't really demanding anything. This is Econ 101.
If demand isn't being met, it's not because you aren't willing to pay exorbitant rates, it's because you are legally prohibited from paying those rates to get what you want.
What is legally preventing companies from hiring security professionals? The article doesn't say.
Move on, folks. This is just propaganda to try to get the government to solve the private sector's problems at taxpayer expense!
Any sufficiently unpopular but cohesive argument is indistinguishable from trolling.
A good guest worker system that only brings in people from nations with functioning governments would be a good start.
Some type of points system before the guest worker is allowed into the UK to work on cyber security?
Speak english? Get some points.
Educated? Get some more points.
Healthy and can pass a medical examination? Get more points for not been a burden to the UK medical system on the first day. No transmitting infections.
Can do the job they get offered? Get more points for having an education that is accepted in the UK.
Understand they go back to their own country after that job ends.
No criminals.
Once a person can show they are educated, have needed skills and are not sick, then consider them for short term work to cover cyber jobs that cant be filled.
When the work is over, they return to their own nations again.
Will fit into UK culture and is of good character. No past issue with a faith that demands the UK submit to their faith.
A win for the UK. A win for a good person who is not sick, not a criminal, has an education that is ready for work in the UK.
Domestic spying is now "Benign Information Gathering"
> vocational education so people can ... use the GUI and enter the command lines they are told.
The PROBLEM is that admins and programmers follow a set of instructions that might have been okay for one situation, without understanding and carefully considering the ramifications for *their* situation, on *their* network, considering *current* threat trends. Often they get the commands to enter or the GUI buttons to click from sites like Stackoverflow or Serverfault. The answers on Stackoverflow might more or less answer the question and might more or less work, they do turn on the requested function.
If you don't fully understand what you're doing though, and what "enabling RPC" actually means, that's when you create a giant security hole.
What makes hacking "hacking" is precisely that's it's outside-the-box thinking, coming up with how to leverage things in ways nobody intended. Information security thinking is precisely the opposite of following a standard checklist. It's all about finding the "cheat", not following the rules.
There certainly IS a role for people with basic IT knowledge. Mostly working under someone with advanced IT knowledge with their work reviewed by a security professional. The security person should be a devious, clever type who comes up with ways to get around the rules.
No later than
Understand they go back to their own country after that job ends.
you'd get a "LOL, no". From pretty much anyone capable of doing an IT security job.
Unlike most other jobs, we're talking about something where you have about a tenth of the people capable, willing and able to do the job that would be required. And I mean worldwide.
In other words: You don't get to set the conditions.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
People with IT skills don't interview well. Film at 11.
The real "Libtards" are the Libertarians!
There is a market called EU where you find this kind of profiles:
- democracies ...
- high average education
- same cultural background
- don't waste medical test, they are as much sane than in UK
- they don't even want nationality
-
you need a stable, well funded working class to have children and an education system to train them. Those things are really, really pricey. On the other hand in a dog eat dog economy some folks are bound to make it through sheer force of will, good genetics and dumb luck. Hence the relentless push to bring in labor from overseas. Let somebody else pay the costs to train the next generation of employees, both the economic (food, shelter, schools, etc) and social (e.g. that dog eat dog capitalism again).
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
AC is not been a criminal, speaking english, not been sick, proving they have a suitable education really a challenge for well educated person?
For that they get to enjoy everything the UK has to offer a for a few years as a guest worker.
London, the Lake District , castles, Exeter, shopping, Victoria and Albert museum.
A wage and savings they can put towards something of real value back in their own country when they return.
Domestic spying is now "Benign Information Gathering"
As soon as people wake up and realize that capability based security can fix all of this, "computer security professional" will be about in demand as much as "computer operator" or "system administrator". I wish these folks so employed a nice 10ish year ride until it's over.
So the prophecy is written, again.
Obviously not an unlimited immigration policy. That would be too generous and compassionate. Not at all proper. Only let in the people you can use for their skills and abuse for being born to their parents. That's how to make lifelong friends.
The Russians have won. They have made the world a cesspool of distrust, greed, fear and hate.
It's hard for them to see them over the 'Outsource to {country} today!' pamphlet they have stuck in front of their faces.
There is however a shortage of security pros who are willing to work with sticks and rocks or not allowed to do their job.
There is also a shortage of pros who are willing to work for 2 tacos a day.
No one wants to be the fall guy for upper management that is not willing to go all in on security.
Upper management will always blame the security guy after they get hacked even though upper management circumvented or was not willing to follow or back recommended security protocol.
Rick B.
If they are so productive, well-adjusted, already raised and educated (on someone else's dime), why send them back to their home country afterwards? Surely the UK economy benefits more from retaining these best-of-the-best workers that are attracted from abroad.
Plastic rice okay with you?
And having regained control, increase it?
Don't think that's what the dipshits in Barnsley were intending, judging by what I saw on Question Time a few weeks back.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
I mean there are some simple and easy ways to increase security at any company. It boils down to not doing stupid things.
However many people have been trained to do stupid things like using Office Software, which is one of the main dangers at any company.
"unaccountable EU bureacrats control such matters. " "third-worlders who want to leech off of the UK's social programs without contributing anything of value" - those 2 statements alone prove you don't know what you are talking about. It is all about racism for leavers who play the immigration card.
"The hands that help are better far than lips that pray." - Robert Ingersoll (1833-1899)
You never hear the blinkered brexiters complain about immigrants from outside the EU which is a larger number than any EU immigration and the non-EU migrants are even less likely to speak english
"The hands that help are better far than lips that pray." - Robert Ingersoll (1833-1899)
LOL - ignorance is bliss in your case.
"The hands that help are better far than lips that pray." - Robert Ingersoll (1833-1899)
Speaking English is generally a requirement for non-EU migrants, although most EU ones do speak it. It's a big problem for families.
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Where would this magical land be? I don't know a single country or company for that matter that isn't looking for IT-security and can't find any experienced security people.
We used to have a Bill of Rights. Now, with the rights gone, all we have left is the bill.
Although.. I wouldn't take a CISO job for much less than $150k (or its GBP equivalent).
All the accountability but never the required resources and a guarantee that you will at some point fail.
Good CISOs are worth every penny.
the shortage is in place to hire guest workers that are tied to the job and if the quit / are fired are forced to go home.
Require businesses and media that reports this issue to follow every "Not Enough Qualified ______" with the obvious qualifier "For the Salary Offered."
Then all of these stories make a lot more sense.
America is currently throwing a fortune into "STEM". Because of the false claim of a shortage of workers when the real answer is a shortage of pay.
All they are going to do is crash the tech economy when they flood the market with all the new tech workers that realize they can't make enough money to pay back debt and have to drop out of science and tech altogether. I've seen it in another field here and it's not pretty. Flood of workers means unemployment, low wages, and no bargaining power. It won't take long for them to all refuse to work in tech and just throw their degree in the garbage.
2020: More CS majors behind the counter at Starbucks than at the tables.
On another note, please compete with other countries that offer much the same, plus quality of life (not in the sprawl of london with overpriced property, for starters. And the weather....). Added points : Nicely educated and efficient workers tend to come with wife and kids too. One does not relocate his family based on a "work contract" at risk of termination at the slightest whim of an employer. Slavery is long gone. You will have to provide a far better deal for highly educated specialists. Also, please remember that your language (well globish really) is the only langage needed to work as a security specialist in most of the world. (But of course a second and a third langage is even better). I can understand that you want to guard against the unwashed masses (poor uneducated). We can even agree that ethnicity is definitly a factor that should be taken under consideration. But with your conditions... Well, good luck to attract highly skilled workers in the global competition. It would be easier to emigrate to the U.S. !
---
By the way I apologies my dear US friend, I'm French...
Which third worlders will be prevented from coming by leaving the EU?
AC wrote: "overall, a spiritual market shift is needed first if we want to create the properly secured infrastructure and products to let millions of people depend on."
Sad, but true -- and in more areas of life than that. Thus my sig - - and the Albert Einstein quote that helped inspire it: "The release of atom power has changed everything except our way of thinking... the solution to this problem lies in the heart of mankind. If only I had known, I should have become a watchmaker."
Although, 70 years later, now that every smart watch has more computing power than was needed to design the first nuclear weapons, the choice of career is not so easy...
A 21st century issue: the irony of technologies of abundance in the hands of those still thinking in terms of scarcity.
Guest workers would be for a short term lack of professionals in a nation.
Once the education system has caught up with that lack of graduates, the number of guest workers can be reduced.
Count every guest worker in, count every guest worker out after the set time for their job has ended.
If a person wants to stay in there UK, let them apply for that in a more formal way.
Staying on after been granted entry as guest worker and just expecting special consideration to stay?
Other people who applied to stay in the UK legally and not not used the guest worker system to sneak in would have first consideration.
A guest worker system is for people who expect to return to their own nation after they got one job over a short term.
Not to them change jobs while in another nation and demand the right to stay on.
Not to then demand decades of work and an old age pension after staying on.
Domestic spying is now "Benign Information Gathering"
I've asked you "Why?" and your answer isn't much more than a circular re-statement of what you want to happen. The most reasoning I can pull out of it is that you're worried about their pensions creating a drag on the economy, as if the pensions of health-inspected foreign workers will cost any more than the pensions of uninspected domestic workers.
You do raise the idea of a separate, "more formal" path to permanent residence, but again I must ask why. What difference will there be in the vetting and other requirements? Is the UK going to have this separate path out of the kindness of their heart, or is it strictly to benefit the economy, like the guest worker program?
Oh, it won't reduce it - it'll increase it. St. Theresa's city chums are desperate to get into India, but there's a ton of protectionist regulation in place at the moment. The Rupee pro quo will be something like H1-Bs, just you wait and see.
Business needs its cheap and compliant labour. It'll get it from Pakistan if it can't get it from Poland.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
I wouldn't describe any of the Eastern Europeans I know as "compliant".
They put up with working hours and conditions that nobody else would. When you hear on the news about ten fruit pickers living in a caravan they aren't usually from Newcastle or Leeds.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
So their own people get good jobs first?
The people from the UK who stayed in university and graduated well? Why should they have their jobs taken by a person just wondering into the UK and demanding the right to work?
A more restricted guest worker placement system stops people entering the UK, taking a job and then demanding the "right" to stay in the UK and keep the job. Then demand an old age pension and to bring other people into the UK?
Government funded health care into old age?
Just for getting one job many years ago?
While a more restrictive guest worker system is in place UK education can produce the same needed gradates. A vocational training system can produce the more skilled workers too. Everything can be done to fill most jobs can be supported within the UK.
The UK can catch up with what is lacking in its own education system while using guest workers in the short term and then return the guest workers to their own nation when the work is done.
Count every guest worker in. Count every guest worker out. If they really want to stay they can apply when back in their own nation again. Just like anyone wishing to live in the UK they can formally with with others wanting that privilege. A guest worker system is not a free pathway to the right to just overstay in a nation.
The vetting keeps out criminals, people with no english skills, people with no actual education that can be used in the UK, people who are sick and need a lot of health care.
Vetting also shows if the person with the needed skills is actually the person who is taking the job. Not a person who stole or created a set of documents to get into the UK with the cover of a set of documents.
Vetting can allow a disruptive persons character to be sorted from people who want to change UK laws to that of their own.
People who have caused problems in their own nation or while been in other nations.
Domestic spying is now "Benign Information Gathering"
You may be amazed to learn that people from the former Communist countries can also do things like accountancy and software development. They don't put up with any more shit than the locals in jobs like that from what I've seen.
I wonder if any of them are good at statistics? If you know any, ask what percentage are in those kind of jobs.
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Most of the Eastern Europeans I know are in those kind of jobs. I'm wondering what point you're trying to make about them being inferior or something.