back to article Cyber-security pro? Forget GCHQ, BT wants to hire 900 of you

Former state monopoly BT is on the hunt for 900 security bods to help it meet the "surge" in customer demand for those skills, following a number of high-profile security and data breaches. The biz currently employs more than 2,500 security folk and reckons its security operations' annual revenues are growing at a double-digit …

  1. Rich 11 Silver badge

    "significant shortage of people in the UK to fill all the roles"

    Well, we'll just have to bring them in from Ukraine and Russia...

    1. Vimes

      Interesting you should mention Russia, given BT's involvement with Phorm and the Russian links that the creator of Phorm has had in the past and been quite content to exploit...

    2. This post has been deleted by its author

    3. Anonymous Coward
      Anonymous Coward

      Ukraine should be no problem pretty soon, if you are prepared to retrain some haunted-looking ex-accountants, Russia ... you wish ;)

  2. Shaha Alam

    ahh security theatre

    the richest of all gravy trains.

    roll up your sleeves and grab your napkins lads.

    1. Vimes

      Re: ahh security theatre

      Particularly since BT seem to be responsible for their own share of blunders. Take this for example:

      https://www.theguardian.com/technology/2011/feb/01/ico-bt-acslaw

      (link found here)

      Funny how the ICO dare to attack BT so rarely...

  3. Buzzword

    Here's a crazy thought

    Train them in-house! Just like big companies used to do.

    In fact, if the concept of forward planning still exists, they should have begun training them a years ago to be ready for today's demand. Plenty of people were predicting growing demand for such skills a few years ago.

    1. Alister Silver badge

      Re: Here's a crazy thought

      Train them in-house! Just like big companies used to do.

      Umm, TFA says:

      "To meet the growing global demand for cybersecurity services and address the skills shortage in the sector, BT expects to take-on and train 170 graduates and apprentices, as part of its 900 recruitment intake in the next 12 months," said the company.

      1. ZSn

        Re: Here's a crazy thought

        But they won't. BT used to have quite a good in-house M.Sc. in telecommunications, provided and checked by UCL. It ran for at least 15 years to my knowledge. They binned it about six years ago because it wasn’t 'cost effective'. I doubt that they would suddenly find the merits of in house training. A few training 'courses' on security to look good on paper, no more I guess.

        1. Vimes

          Re: Here's a crazy thought @ZSn

          I personally also get the impression sometimes that there is a fear of saying anything unpopular within BT.

          Just look at Bruce Schneier: widely respected by his peers, but oddly silent on the subject of Phorm and the ethical situation during the time he spent with BT.

    2. Mark 85 Silver badge

      @Buzzword -- Re: Here's a crazy thought

      That would have been a great idea except for that's not the way corporates work.

      Back then it would have been a cost-center which means cutting manglement bonuses and not returning shareholder value. (I have no idea if BT is publically traded and I'm too arsed to find out but this is general corporate talk.)

      Now that customers are screaming and willing to pay, it will be a profit-center so they go trolling for the lowest cost employees to fill that desk.

  4. Erik4872

    Question is what they will get...

    It's probably the cynic in me talking again, but my experience with "infosec experts" has been pretty mixed. I assume they're looking for actual talent. My experiences have been that some security people are simply there for security theatre -- PowerPoint jockeys from consulting firms, PCI auditor box-tickers, and so on. I don't blame them, security is a very lucrative IT subspecialty that's very easy to ride along on without doing too much.

    If they (and GCHQ and the CIA/NSA) are looking for real experts, that's going to be the tricky part. The real experts aren't cheap, and most of them don't want to work for a telecom company or government agency. Especially the CIA/NSA -- someone would really have to love their country to accept the low pay and invasive background checks required. Then again, government positions may be the only stable jobs left 10 years from now, who knows?

    1. Anonymous Coward
      Anonymous Coward

      Re: Question is what they will get...

      Question is what they will get...

      There is no question on that.

      They will get more Techmachindra contracts. Just with "security coloring", but same qualification as the others.

    2. streaky Silver badge

      Re: Question is what they will get...

      Why would literally anybody want to work for these idiots.

      BT couldn't build a telco network if the government paid them (oh, wait) - couldn't internet their way out of a paper bag one might say (no really why doesn't every house in the country have FTTH for the money the taxpayer has thrown at them).

      GCHQ - the clowns more interested in looking at your cat pictures than finding terrorists.

      Yeah no kidding they are having an issue recruiting. Everybody who knows about this stuff; GCHQ makes their skin crawl. We had this gem like 2 weeks ago which demonstrates exactly what is happening here:

      The people who lobbied me hardest for independent authorisation, something that really passes muster internationally, is the intelligence agencies. It’s partly a question of recruitment for them

      Problem is they don't do as they say and go do comint properly and that's the real issue here.

  5. Anonymous Coward
    Anonymous Coward

    If I had time ...

    I'd create a LinkedIn profile, with a perfect InfoSec pedigree, and see what agencies bite, and what salaries are on offer.

    Just a finger in the air figure, but I would expect things to *start* at around £50-60K, and bet the offers are £20-30K ....

    1. Probie

      Re: If I had time ...

      Did I laugh - "Start around 50-60K". Well that would not be enough to get anyone half way decent with their head screwed on in a business way. Info Sec consultants get what £600 per day? Why oh why would they volunteer for a pay decrease?

    2. Anonymous Coward
      Anonymous Coward

      Re: If I had time ...

      Give yourself an Asian name, and try not to look like Steve Jobs's dad particularly if you are writing in French ;)

  6. Warm Braw Silver badge

    Protecting stuff is rarely as interesting as breaking it

    The trouble with infosec jobs is that, on the whole, they're deadly dull most of the time - procedures, policy and procurement; audit, archive and architecture. They need people who would be as happy in accountancy as IT. However you dress it up, however much you pay, the number of candidates is always going to be limited.

    And while you obviously need staff to deal with the human aspects of information security, it's not clear to me why users should be paying security people to put sticking plasters on the broken IT equipment they're buying. If the manufacturers put more emphasis on the more exciting work of demonstrating how hackable their systems are - and then fixing them - then perhaps there would be enough people around to deal with security admin.

    1. This post has been deleted by its author

  7. Anonymous Coward
    Anonymous Coward

    Fix your stuff first

    Love to help, but on the regular days my broadband connection drops from about 3.5Mbit to 300K, I won't be able to join the online conference calls.

  8. Anonymous Coward
    Anonymous Coward

    Deadly dull / exceedingly arrogant

    Having dealt with lots of Infosec peeps, the deadly dull ones are preferable. The other sort treat everyone as idiots, bang on about the most unlikeliest of attacks and generally p*ss everyone off. You might as well pull all your comms out, burn the cables and not turn on the computers according to their genius.

    One InfoSec 'professional' wanted all IT deliveries (This for a £90 million project for a defence prime) sent to his 2 room office so he could check the seals weren't broken on delivery, otherwise he'd refuse to sign off the infrastructure as someone could've re-written the flash on the switches etc etc. Oh and we were banned from printers because, well I can't remember, the exploit was like something from Dungeons and Dragons...

    1. Anonymous Coward
      Anonymous Coward

      Re: Deadly dull / exceedingly arrogant

      "ou might as well pull all your comms out, burn the cables and not turn on the computers according to their genius."

      Well - a reasonable security starting point is to consider that the only secure computer is one with no network connection, placed in a room that you have the only key to.

      That's clearly impractical but it's useful to keep in mind. It's not unreasonable to consider how well your proposed security measures measure up against the ideal.

      1. Anonymous Coward
        Anonymous Coward

        Re: Deadly dull / exceedingly arrogant

        >>That's clearly impractical but it's useful to keep in mind. It's not unreasonable to consider how well your proposed security measures measure up against the ideal.

        Nope a reasonable security starting point is one which keeps the lights on and the business running. An Infosec bod will tell you how any security can be got around, usually with a highly trained (eastern European / China) gerbil.

        So its not just unreasonable but unrealistic. That's why ALARP was invented for H&S to bring common sense to risk.

  9. Walter Bishop Silver badge
    Facepalm

    Cybersecurity is unfixable.

    Given the nature of some of the systems currently connected through the Internet, 'cybersecurity' is unfixable and it's going to get much much worse in the future. Especially considering the role of such organizations as GCHQ is to dilute security not to enhance it.

  10. Mark 85 Silver badge
    Trollface

    Let's gvie a vote of thanks then to MS

    Well, if it weren't for Windows, there might not be as much money being spent on security, computer crime wouldn't be as easy, etc.

    I guess MS needs a vote of thanks from the security industry and the cyber crime industry.

    1. Steven Jones

      Re: Let's gvie a vote of thanks then to MS

      Really? And how many of the high profile leaks from the likes of Talk Talk, Panamanian Law firms, Snowden and so on have been down to security problems in Windows? Most of these are down to lax application designs, security procedures or the perennial problem of exposure to staff with privileged access to data.

      1. Anonymous Coward
        Anonymous Coward

        Re: Let's gvie a vote of thanks then to MS

        To limit this to high profile leaks is disingenuous and you know it.

        MS security issues are responsible for the daily intrusions of privacy / identity theft / DOS botnets that allow hackers, as well as the security services, to make careers out of them.

  11. Anonymous Coward
    Anonymous Coward

    Headline missing a crucial word - "BT wants 900 CHEAP infosec bods to defend Blighty"

    Security analyst role starting rate - somewhere in the low to mid 20k range. Same crappy graduate rates. You might make senior consultant at 46k if your able to live with yourself long enough.

    1. Anonymous Coward
      Anonymous Coward

      Or able to live on your own long enough, like 50 yo cat-piss smelling man.

  12. Grenou

    It's the same as getting NHS staff from 'somewhere'.

    Make the announcement and the experts will miraculously appear..

  13. -martin-

    The salaries are way too low to attract any good people, let alone pro's.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019