Government ‘not cool enough’ for the best cybersecurity talent, admits MoJ
Recruiter says best white hat hackers see gov as a "monolithic monster"
The creme de la creme of cyber security talent don't think working in government is "cool", according to an internal recruiter at the Ministry of Justice (MoJ).
In a blog post, the recruiter said that he had interviewed his 10th candidate in three months for a security engineer role, but lamented the fact that security-minded people who can think originally don't perceive working in Whitehall as cool.
The MoJ recruiter said that these people had good reason too, as they see some government IT to be a "massive legacy monolithic monster", which he admitted was "partially true".
However, he said that the perception that if they were to work for government, they would "forever be in a dank corner, trying to troubleshoot memory issues in some mid-90s middleware, and be valued by how many colour-coordinated reports they can churn out" wasn't true.
The recruiter said that the MoJ had taken different approaches to hiring in a bid to attract the right talent, but as the interview process went on, the department was left underwhelmed with many of the candidates' answers.
However, the recruiter didn't blame the candidates entirely. "Of the countless years of experience they have, with hundreds of assessments they have done, they know to deliver a template report that looks like a list of results from an automated scan," the recruiter explained.
"Their client expects it, which means their risk team is happy, everyone's backs are covered and everyone gets paid. Happy days".
But the recruiter emphasised that this is not what the MoJ is looking for - it wants people who have ethically hacked systems to hack the MoJ's own computers.
"We expect a combination of consulting and architecting, with a massive entree of penetration testing ability, preferably with a niche area of expertise in networking or crypto or web application development. Real stars in the field!" the recruiter said.
The MoJ's changed approach to try and advertise in areas where its intended audience engages, such as Hacker News, did work to some extent, with the recruiter claiming that the MoJ found some "solid midlevel folk, with experience and understanding, who could've easily progressed to the senior role in a few months".
But the department's recruitment process was exacerbated when private sector firms swooped in and hired all of these people.
The MoJ recruiter said it was now up to the government to incentivise these talented people with flexibility both in terms of where they work and what hours they work.
"They already have the expertise to know what goes in a good policy and what broken guidance looks like. Let us show them how their efforts can make a difference."
What you need to know about migrating to SAP S/4HANA
Factors to assess how and when to begin migrationDownload now
Your enterprise cloud solutions guide
Infrastructure designed to meet your company's IT needs for next-generation cloud applicationsDownload now
Testing for compliance just became easier
How you can use technology to ensure compliance in your organisationDownload now
Best practices for implementing security awareness training
How to develop a security awareness programme that will actually change behaviourDownload now