Data and securityCyber SecurityMoJ struggling to recruit cyber security staff because ‘it’s just not cool’

MoJ struggling to recruit cyber security staff because ‘it’s just not cool’

Ethical hackers don’t want to work for government says anonymous blogger

An anonymous blogger from the Ministry of Justice (MoJ) has admitted the government is struggling to find and keep the country’s top talent because ethical hackers don’t want to work for it.

The blog post describes the frustration of recruiting for security engineer roles at MoJ Digital and Technology. All too often it seems those who apply are only capable of delivering a “templated report that looks like a list of results from an automated scan”.

“We want people who have ethically hacked systems to hack our systems,” said the blogger, “but instead we end up with ethical folk (who) want to hack.”

 

Change of approach

As a result the department changed its approach to advertising, instead advertising in venues used by more technically-minded or academic researchers, such as forums, Internet Relay Chat (IRC) channels and conferences.

That resulted in interest either from top talent abroad who couldn’t relocate, or from promising mid-level individuals who were quickly snapped up by industry.

 

Not cool

“Security-minded folk who can think originally still don’t think working for government (which is not all about intelligence agencies) is cool,” added the blogger. “And for good reason; some see government IT to be a massive legacy monolithic monster (partially true) where they will forever be in a dank corner, trying to troubleshoot memory issues in some mid-90s middleware, and be valued by how many colour-coordinated reports they can churn out (not true).”

Looking forward, the blogger concluded: “It is up to us to give them the freedom to use their creativity, and put to use what they’ve traditionally done purely for the kicks. We need to incentivise these talented people with (nearly) free reign, explain the stakes to them, let them shape security practices in a department along the lines they feel comfortable.

Let them work flexible hours, let them work from (nearly) wherever they want. They already have the expertise to know what goes in a good policy and what broken guidance looks like. Let us show them how their efforts can make a difference.”

Related Articles

Making the cloud a safe space

Cloud Computing Making the cloud a safe space

4d Guest Writer
Leading cyberlaw academic calls for review of CCTV and AFR implementation

Cyber Security Leading cyberlaw academic calls for review of CCTV and AFR implementation

1w Austin Clark
Government security analysts 'at risk of being overwhelmed by attacks'

Cyber Security Government security analysts 'at risk of being overwhelmed by attacks'

2w Austin Clark
DCMS proposes new cyber security council in latest consultation

Cyber Security DCMS proposes new cyber security council in latest consultation

3w Austin Clark
Securing unified communications – securing countries and citizens

Cyber Security Securing unified communications – securing countries and citizens

3w Guest Writer
IoT security: a barrier to deployment?

Cyber Security IoT security: a barrier to deployment?

3w Guest Writer
Cyber matters – now not later

Cyber Security Cyber matters – now not later

4w Guest Writer
Housing associations collaborate around cyber awareness

Cyber Security Housing associations collaborate around cyber awareness

4w Austin Clark