Government cyber security staff "should be paid as much as private sector"

Former US intelligence officer says government needs to be more aggressive

The government is facing a cyber-skills deficit owed partly to the way it pays its staff, according to former US cyber intelligence officer for the US Army and the Defence Intelligence Agency (DIA), Bob Ayers.

Ayers, who now works as commercial director at security software firm Glasswall Solutions, said that there is a discernible absence of a long term view from the government to address some of the most fundamental issues involved in cyber security.

"For example, there is a need to create a professional cyber security capability with aggressive recruitment, training and retention of skilled staff. Without changing the way government cyber security personnel are paid, there is a constant draining of skilled government staff to the higher paying private sector," he said.

The government has announced plans to address a cyber security skills deficit in the UK, with new initiatives designed to ensure graduate software engineers have had adequate training in cyber security, recruiting apprentices on a tailored foundation degree course, and plans to put in place a scheme to certify cyber security training courses. It also wants to make it easier for people to move into the field mid-career.

However, plans to increase wages were not mentioned as part of the government's plans, nor were any formal plans to retain experts in the field.

But the experts necessary in the field are no longer the same as those from decades ago, claims Mark Brown, director of information security at professional services firm Ernst & Young.

"The skills required to be a security professional in the past three decades are not the same as now. It's much more of a business focus and about risk management than a technical focus," he said.

Government cyber security staff "should be paid as much as private sector"

Former US intelligence officer says government needs to be more aggressive

Brown believes that the main problem is that students of today do not realise the options available to them.

"In 1998 there were about 30,000 undergraduates studying maths, science and engineering but this has now reduced to 20,000. We're seeing a massive drop of awareness coupled with the outsourcing of IT to low cost countries, where we now have to question, do the students of today want to be the information security professionals of tomorrow," he said.

To reinvigorate the industry, Brown calls on the government to work with sector skills body e-skills UK to address the choices available to students.

"We have to address the choices to students from the age of nine. We are in a world where our children are digital natives but they understand applications and functions of IT rather than what goes on behind. We need to create awareness for students to choose to take educational subjects for a career in information security," he said.

According to a Cabinet Office report, the government intends to spend £9m on education, skills and awareness for cyber security over 2012 and 2013, with the bulk of spending occuring in the second half of the programme.

Dave Garfield, head of cyber security at consulting firm BAE Detica, believes that although there is a long road ahead, the government is heading in the right direction to fill the skills gap.

"There is a skills gap, victims in this space have been finding it relatively difficult to know who to turn to, the GCHQ's Cyber Incident Response scheme (which BAE Detica is involved with) will allow these people to point to some recognised names to get help," he claimed.

However, he added that although awareness of cybercrime is increasing, the number of attacks are also increasing and therefore the skills deficit will increase over time.

"It's something that industry needs to address quite quickly, we need to be prepared to scale up with the resources that are available to help with these responses," he said.