Government cyber security staff "should be paid as much as private sector"

The government is facing a cyber-skills deficit owed partly to the way it pays its staff, according to former US cyber intelligence officer for the US Army and the Defence Intelligence Agency (DIA), Bob Ayers.

Ayers, who now works as commercial director at security software firm Glasswall Solutions, said that there is a discernible absence of a long term view from the government to address some of the most fundamental issues involved in cyber security.

"For example, there is a need to create a professional cyber security capability with aggressive recruitment, training and retention of skilled staff. Without changing the way government cyber security personnel are paid, there is a constant draining of skilled government staff to the higher paying private sector," he said.

The government has announced plans to address a cyber security skills deficit in the UK, with new initiatives designed to ensure graduate software engineers have had adequate training in cyber security, recruiting apprentices on a tailored foundation degree course, and plans to put in place a scheme to certify cyber security training courses. It also wants to make it easier for people to move into the field mid-career.

However, plans to increase wages were not mentioned as part of the government's plans, nor were any formal plans to retain experts in the field.

But the experts necessary in the field are no longer the same as those from decades ago, claims Mark Brown, director of information security at professional services firm Ernst & Young.

"The skills required to be a security professional in the past three decades are not the same as now. It's much more of a business focus and about risk management than a technical focus," he said.