I didn’t expect UK government confirmation of my post: Shortfall in Cypbersecurity Talent or Compensation? so quickly!
I argued against the groundless claims of a shortage of cybersecurity talent in the face of escalating cybercrime and hacking statistics.
If there were a shortage of cybersecurity talent, cybercrime should be going down. But it’s not.
The National Crime Agency reports:
The National Crime Agency has today published research into how and why some young people become involved in cyber crime.
The report, which is based on debriefs with offenders and those on the fringes of criminality, explores why young people assessed as unlikely to commit more traditional crimes get involved in cyber crime.
The report emphasises that financial gain is not necessarily a priority for young offenders. Instead, the sense of accomplishment at completing a challenge, and proving oneself to peers in order to increase online reputations are the main motivations for those involved in cyber criminality.
…
Government agencies, like the FBI for example, are full of lifers who take their breaks at precisely 14:15 PM, have their favorite parking spots, play endless office politics, masters of passive-aggression, who make government and/or corporate work too painful to contemplate for young cybersecurity talent.
In short, a lack of meaningful peer respect and a sense of accomplishment is defeating both government and private hiring of cybersecurity talent.
Read Pathways Into Cyber Crime and evaluate how the potential young hires in there would react to your staff meetings and organizational structure.
That bad? Wow, you are worse off than I thought.
So, are you going to keep with your certificate-driven, cubicle-based, Dilbert-like cybersecurity effort?
How’s that working out for you?
You will have to take risks to find better solutions but you are losing already. Enough to chance a different approach?