UK Spy Agency GCHQ Is Losing Cyber Talent

In a new document from the Intelligence and Security Committee of Parliament, Britain’s spy agency GCHQ describes its difficulty in fending off tech companies keen to poach its workers.

In the annual report, GCHQ highlights the growing international cyber threat and its need to scale up its own cyber operations accordingly, while noting that hiring and keeping cyber specialists in its ranks poses a strategic challenge.

“As noted previously, the level of resource allocated by Government to cyber-related activities has increased considerably, and it is set to do so still further over the next five years,” the report states.

“… The continued expansion of cyber-related work is dependent on the Government’s ability to recruit and retain cyber specialists. GCHQ previously told us that it struggles to attract and retain a suitable and sufficient cadre of in-house technical specialists because it inevitably has to compete with big technology companies which are able to pay significantly more.”

Four years ago, GCHQ informed Parliament that it had worked to put “more flexible reward packages” in place to attract technical specialists. In an update on the initiative, GCHQ noted that “[this] has worked up to a point. It stemmed the flow of people going out in particular areas at particular stages of their career” while observing that “it does lose people for salaries. We couldn’t possibly compete with four, five times what they are getting from us.”

According to the report, GCHQ admitted that it “can probably never compete purely on salaries,” but still sees the unique nature of its work as a strong draw for potential recruits:

“We compete on mission, worthwhile work, on interesting work, on variety. If you’re a pure mathematician, we’re the biggest employer of pure mathematicians in the UK. 

“Going to some of these companies can be quite disappointing. Very well paid, but quite dull… You can go and be an actuary in the City and earn a fortune and use maths, but it won’t be quite the same as using maths where we are”.

To meet emerging cyber threats, the FBI famously signaled that it might disregard its longstanding drug use policy in order to hire 420-friendly hackers. “I have to hire a great work force to compete with those cyber criminals and some of those kids want to smoke weed on the way to the interview,” former FBI director James Comey told an audience at the White Collar Crime Institute conference in 2014.

Later, after coming under fire from then-senator and noted marijuana enemy Jeff Sessions, Comey retracted his comments and claimed that he was joking, but it’s clear that intelligence agencies are rethinking longstanding norms in order to shape a new kind of workforce, one that can rise to meet the rising tide of global cyber threats.

Techcrunch

You Might Also Read: 

Cybersecurity Has A Serious Talent Shortage:

Former Spy Chief Takes Top Cybersecurity Job:

GCHQ Wants Teenage Girls To Join The Cybersecurity Fight:

 

 

« Social Media Is 'Ripping Society Apart'
British IT Bosses Fear Sophisticated Cyber Threats »

ManageEngine
CyberSecurity Jobsite
Check Point

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Deductive Labs

Deductive Labs

Deductive Labs consulting services help customers with their technology, security and automation challenges.

Proact IT Group

Proact IT Group

Proact is Europe's leading independent data centre and Cloud services enabler. We deliver flexible, accessible and secure IT solutions and services.

Duo Security

Duo Security

Duo combines security expertise with a user-centered philosophy to provide two-factor authentication, endpoint remediation and secure single sign-on tools.

SecuGen

SecuGen

SecuGen is a leading provider of advanced, optical fingerprint recognition technology, products, tools and platforms for physical and information security.

Khipu Networks

Khipu Networks

Khipu Networks is an award winning Cyber Security Company delivering a wide range of network, wireless and security solutions, technologies and services across multiple sectors.

Pixalate

Pixalate

Pixalate is an omni-channel fraud intelligence company that works with brands and platforms to prevent invalid traffic and improve ad inventory quality.

iHLS Startups Accelerator

iHLS Startups Accelerator

iHLS Accelerator is the first startup accelerator in the world in the security and homeland security field.

Qmulos

Qmulos

Qmulos’ real-time continuous monitoring risk management suite, Q-Compliance, provides a massively flexible and scalable solution to optimizing operational security.

SecureDrives

SecureDrives

Passwordless Authentication & Encrypted Data Storage Solutions from SecureDrives. We are enabling organisations to work safely and securely, using technology driven solutions.

Redsquid

Redsquid

At Redsquid we are all about making a difference to our customers with the use of technology, as an innovative provider of solutions within IoT, Cyber security, ICT, Data Connectivity & Voice.

Analog Devices Inc (ADI)

Analog Devices Inc (ADI)

Analog Devices is uniquely positioned to deliver security at the edge, where the data is born, because our sensor solutions convert the physical, analog world into the digital world.

DigitalWell

DigitalWell

DigitalWell provide fully managed IT and communications solutions for a truly innovative end-to-end experience - for your customers and teams.

Ostrich Cyber-Risk

Ostrich Cyber-Risk

Ostrich Cyber-Risk is a risk management company that helps organizations reduce the complexity of identifying financial and operational risks related to your cybersecurity posture.

Tidal Cyber

Tidal Cyber

We formed Tidal for one simple reason—we believe that defenders need and deserve tools and services that make achieving the benefits of threat-informed defense practical and sustainable.

Uptime Institute

Uptime Institute

Uptime Institute is an unbiased advisory organization focused on improving the performance, efficiency, and reliability of business critical infrastructure.

Velaspan

Velaspan

Velaspan design, deploy, and manage enterprise wireless networks and cybersecurity solutions for leading businesses and brands.