Data and securityCyber SecurityMoJ struggling to recruit cyber security staff because ‘it’s just not cool’

MoJ struggling to recruit cyber security staff because ‘it’s just not cool’

Ethical hackers don’t want to work for government says anonymous blogger

An anonymous blogger from the Ministry of Justice (MoJ) has admitted the government is struggling to find and keep the country’s top talent because ethical hackers don’t want to work for it.

The blog post describes the frustration of recruiting for security engineer roles at MoJ Digital and Technology. All too often it seems those who apply are only capable of delivering a “templated report that looks like a list of results from an automated scan”.

“We want people who have ethically hacked systems to hack our systems,” said the blogger, “but instead we end up with ethical folk (who) want to hack.”

 

Change of approach

As a result the department changed its approach to advertising, instead advertising in venues used by more technically-minded or academic researchers, such as forums, Internet Relay Chat (IRC) channels and conferences.

That resulted in interest either from top talent abroad who couldn’t relocate, or from promising mid-level individuals who were quickly snapped up by industry.

 

Not cool

“Security-minded folk who can think originally still don’t think working for government (which is not all about intelligence agencies) is cool,” added the blogger. “And for good reason; some see government IT to be a massive legacy monolithic monster (partially true) where they will forever be in a dank corner, trying to troubleshoot memory issues in some mid-90s middleware, and be valued by how many colour-coordinated reports they can churn out (not true).”

Looking forward, the blogger concluded: “It is up to us to give them the freedom to use their creativity, and put to use what they’ve traditionally done purely for the kicks. We need to incentivise these talented people with (nearly) free reign, explain the stakes to them, let them shape security practices in a department along the lines they feel comfortable.

Let them work flexible hours, let them work from (nearly) wherever they want. They already have the expertise to know what goes in a good policy and what broken guidance looks like. Let us show them how their efforts can make a difference.”

Related Articles

Housing associations collaborate around cyber awareness

Cyber Security Housing associations collaborate around cyber awareness

16h Austin Clark
Six top security and risk management trends revealed

Cyber Security Six top security and risk management trends revealed

1w Austin Clark
DDoS Defence Demands a Hybrid Approach

Cyber Security DDoS Defence Demands a Hybrid Approach

2w Guest Writer
NHS Digital joins forces with IBM to beef up NHS cyber security

Cyber Security NHS Digital joins forces with IBM to beef up NHS cyber security

3w Austin Clark
HMRC storing voice ID data 'without consent'

Cyber Security HMRC storing voice ID data 'without consent'

3w Austin Clark
Government’s rapid cloud adoption lacks security (Infographic)

Cloud Computing Government’s rapid cloud adoption lacks security (Infographic)

1m Austin Clark
Combatting the cyber security skills crisis: Retraining could help public sector digital transformation

Cyber Security Combatting the cyber security skills crisis: Retraining could help public sector digital transformation

1m Guest Writer
The need for a strategic approach to cyber security purchasing

Cyber Security The need for a strategic approach to cyber security purchasing

2m Guest Writer