Wanted. Top infosec pros willing to defend Britain on shabby salaries
- Reference: 1730183169
- News link: https://www.theregister.co.uk/2024/10/29/gchq_needs_advanced_cybersecurity_professionals/
- Source link:
In a recent job advert, the Government Communications Headquarters (GCHQ) sought a lead cyber security expert and advertised annual pay of £41,935 ($54,408). It's also looking for a senior cyber security expert willing to sign up for £50,937 ($66,085). The role is in the National Cyber Security Centre, based in the UK capital, so there's an additional £6,250 ($8,109) London Allowance, and the possibility of a small "skills payment."
"The roles are practical, technical roles that may involve software development, system configuration and testing, or software and hardware security analysis," the [1]advert reads "You will engage with partners and user groups externally to gain insights and collaborate on developing solutions."
[2]
Candidates are also expected to show skills in hardware and software security, system and device security architectures, be familiar with commodity IT platforms and networking kit, and possess some cryptography skills.
[3]
[4]
GCHQ may struggle to find willing recruits, as less demanding private sector jobs offer significantly superior pay.
[5]Stifling Beijing in cyberspace is now British intelligence's number-one mission
[6]GCHQ's NCSC warns of 'realistic possibility' AI will help state-backed malware evade detection
[7]Ex-GCHQ software dev jailed for stabbing NSA staffer
[8]Kaspersky says Uncle Sam snubbed proposal to open up its code for third-party review
For example, entry-level workers joining consumer goods giant Unilever's cyber security graduate training scheme with no commercial security experience get a base pay of £35,000 ($45,400), plus gym membership and a pension. For more senior roles – like the IT security manager role at aerospace outfit BAE – the upper end of the salary limit is around £75,000 ($97,000) per annum. Cisco business unit Splunk will match that for the right security analyst.
As you'd expect for a security job – where there is a critical skills shortage – the sky's the limit with some firms. Six-figure salaries are not uncommon.
GCHQ does have one thing few employers can match: the chance to defend one’s country from the insides of Britain's cyber security hub. It seems a high price to pay for not being able to tell friends and family what you do for a living.
[9]
If the UK wants to get the best security talent, it might be worth paying market rates. Based on this listing that's just not happening. If anyone is interested the deadline for applications is Monday November 4. ®
Get our [10]Tech Resources
[1] https://www.gchq-careers.co.uk/jobs/ncsc-cyber-security-expert.html
[2] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=2&c=2ZyDAWkx1tDYrMVKhYc742QAAAQA&t=ct%3Dns%26unitnum%3D2%26raptor%3Dcondor%26pos%3Dtop%26test%3D0
[3] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZyDAWkx1tDYrMVKhYc742QAAAQA&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[4] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=3&c=33ZyDAWkx1tDYrMVKhYc742QAAAQA&t=ct%3Dns%26unitnum%3D3%26raptor%3Deagle%26pos%3Dmid%26test%3D0
[5] https://www.theregister.com/2024/05/16/the_uks_alarm_over_china/
[6] https://www.theregister.com/2024/01/24/ncsc/
[7] https://www.theregister.com/2023/11/03/gchq_software_dev_stabbing/
[8] https://www.theregister.com/2024/07/25/kaspersky_us_review_snub/
[9] https://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/6978/reg_security/front&sz=300x50%7C300x100%7C300x250%7C300x251%7C300x252%7C300x600%7C300x601&tile=4&c=44ZyDAWkx1tDYrMVKhYc742QAAAQA&t=ct%3Dns%26unitnum%3D4%26raptor%3Dfalcon%26pos%3Dmid%26test%3D0
[10] https://whitepapers.theregister.com/
But wouldn't that mean living surviving in Liverpool?
There, FTFY
I take it
You've not been to Liverpool recently? The city is beacon of Victorian high rises, boast many a watering hole and even had friendly policeman willing to politely ignore a very impressed Yorkshireman somewhat over enjoying himself in the place.
You can earn 300k doing the same at any commercial business that cares.
The government pays train drivers significantly more than this. Bad government cyber security allowed the NHS to get taken out nationally and regionally many other times.
Why would you bother?
As for Liverpool, 70% of employment is from the public sector so no change there then.
Low salaries for security reasons?
I guess it weeds out those who are motivated by money and thus may be susceptible to malign financial influence?
Re: Low salaries for security reasons?
Or attracts those who are already paid salary by a foreign hostile state.
Salary
*interview almost finished*
interviewer> Okay, great. let's talk about your salary package. Now, before you laugh, hear me out until I finish. We can only pay 42 grand, *looks around and whispers* but you'll have access to valuable data and if you are as good as you say, surely you'll be able to flog it on dark web and earn yourself proper income without us knowing. *backs to normal voice* That's why "base pay" is low, to weed out impostors.
expert> That's absurd! I would never do that! *wink wink* 42 grand is a fortune where I live and we have food banks, they even have organic vegetables!
interviewer> Welcome aboard!
Re: Salary
It is a plant. These senior civil service types are all oxbridge graduates (or would pretend to be) and could never say:
"earn yourself proper income without us knowing ."
What is a first in classics if one doesn't know that the gerund takes the genitive (or somesuch nonsense.)
viz "without our knowing."
If GBP42,000 is going rate for GCHQ infospec specialist I hate to think what the civil service pays its system administrators (BoFHs.) Explains a lot I suppose. Peanuts and Monkeys. We wouldn't want our spooks to be competent, would we?
The Australian public service has the same problem over a wide range of IT and other skill sets which has lead to a heavy dependence on external contractors and consultants paid far above public service pay scales which has attrited the remaining public service staff who can have a salary bump of up to AUD200,000 for the same roles outside. The inflexible public service structures and corresponding relative pay scales set in concrete pretty much ensure there isn't any real possibility of change.
Not tell friends and family what you do for a living...
At least when you tell them you work at Morrisons it will be a fiction commensurate with your lifestyle.
Re: Not tell friends and family what you do for a living...
You can. I applied for "the service" once, on a whim as I had no work experience in IT at that point. The letter said you can tell family, just try keep it to a minimum.
Re: Not tell friends and family what you do for a living...
Must be fun in the pubs in Cheltenham on a Friday night.
"What do you do for a living?"
"Oh, I work in Morrisons"
"Really, I work in Morrisons too! Meet my friends Ruth and Andy, they work in Morrisons as well. Who are you here with?"
"George and Pete. They work in, er Lidl"
almost like...
..they're deliberately leaving us open to attack....
meanwhile over the pond...
....working for a US guvmint agency of similar capability you get paid waaay higher.
Yet it must work for GCHQ as they don't actually seem light on capability, often achieving more than their highly renumerated cousins.
Personally though, even though potentially it has some fascinating technical aspects (which you may or may not see as I know its highly compartmentalised even within the donut) that crushing OPSEC/PERSEC oversight wouldn't make it much fun (although I understand the need for it). Nor do I have a desire to live in Cheltenham.
I'll take the six figure commercial salary instead please.
Pay grades
The basic problem is a hierarchy that puts people into grades with a small number of rigid pay steps within each grade. You can't pay them more without increasing the grade and you can't increase the grade as that would impact the management hierarchy above them and lead to senior managers having "technically" more senior and better paid staff working for them. They really do need to focus on paying very large "skill" bonuses.
Re: Pay grades
Exactly that - the NHS has the same problem that jobs are rigidly graded with no accommodation for the market. So as it stands we quite frankly can't get seasoned pros to get out of bed for the sort of money we're offering. That in turn means ... contractors, except we're currently in a "contractors bad" phase so ... body shopping from the consultancies instead.
Re: Pay grades
How does the NHS cope with other technical skills?
Is the manager of a team of brain surgeons simply paid more to be a people manager of them? You can do people management of a team without being able to get your hands dirty and do the technical aspect surely?
Why does pay have to be purely a heirachy?
Thats what needs to be sorted out here...
I wish their managers the best of luck
When I worked for a US Govt Dept, we had a similar - though less severe - pay differential between those inside the organization and in industry. It wasn't uncommon to have a civil servant supervising contractors making 2x their salary.
The only retention tools I had were a rather generous leave policy, decent health cover, and extremely generous educational benefits. By and large we could retain just enough skilled and dedicated people to get the job done.
Hopefully GCHQ has some truly extraordinary benefits, educational plan, and so forth.
Re: I wish their managers the best of luck
Not a .gov story, but related to a US software company...
Similar to London salary weighting, the only way the company could attract people from the bigger (and sexier) Silicon Valley companies was with money. Sadly HR made the banding inflexible, so people had to be hired at senior levels to get a salary that could let the hiring manager compete with the likes of Adobe, Amazon, etc. New grads were getting hired in California as "Senior..." tech grades and poisoning the whole system in other locations (around the US and worldwide) with their lack of experience.
Back on topic though, governments the world over need to learn that they are not going to attract the best talent with their salaries. They might attract the ones that want to work for them, but that's not necessarily the best talent and is certainly not the right way to retain them long term.
How not to get the top talent, in the most demanding jobs, 101. Sexiness of the job aside, 40k to be working in London with London commute is atrocious.
If you have that level of ability you can easily command 60k in the private sector even working for a boring corporation. And with a few years experience in the bag probably quite a bit more as a contractor.
For example, entry-level workers joining consumer goods giant Unilever's cyber security graduate training scheme with no commercial security experience get a base pay of £35,000 ($45,400), plus gym membership and a pension.
But wouldn't that mean living in Liverpool?