8 April 2016 – The media has been filled with reports these last few days that the UK surveillance and security agency GCHQ is facing significant challenges in meeting the government’s targets for recruitment over the next four years. Last year the chancellor promised that 1,900 new recruits would be hired by the intelligence agencies by 2020 – with the lion’s share expected to head to GCHQ, as total “cyber spending” rises to £3.2bn (according to the UK government’s budget proposal).
But independent sources close to GCHQ (as quoted in multiple news reports) have complained that the agency would struggle to land the best candidates, with one GCHQ staffer saying (anonymously) that he simply didn’t know where the new talent was going to come from. One big issue: private sector competition. Even the GCHQ admitted … officially … that there are still challenges to be addressed. Authoritative research from the likes of UK firm High Fliers Research shows that the graduate jobs market is becoming increasingly competitive, for a number of reasons. The private sector is in general able to offer better headline salaries, but the public sector generally offers a competitive non-salary package.
Well, if it’s any consolation it’s tough on the other side, too.
As Infosecurity Magazine reports, good cybercriminals are getting hard to find. Research conducted by Digital Shadows shows an application process exists in the cyber crime world not entirely dissimilar from that of traditional careers. The jobs include malware writers, exploit developers, and botnet operators. The article explains how Dark Web talent is recruited:
“This includes job ads on forums or boards, and weeding out people with no legitimate technical skills. The research found that the recruitment process often requires strong due diligence to ensure that the proper candidates come through the process.”
The article also notes that in the untrusted environment of the attacker, reputation is as significant as in the online world and if someone does a bad job, then script kiddies and those who have inflated their abilities will be called out.
One key difference cited is the hiring timeline; the Dark Web moves quickly. As you might imagine, apparently only a short window of opportunity to cash in stolen credit cards and financial access keys. The sense of urgency related to many Dark Web activities suggests speedier cybersecurity solutions are on the scene. As cybercrime-as-a-service expands, criminals’ efforts and attacks will only be swifter.
But it must be one hell of an exit interview.