A recent job ad is causing plenty of head-shaking, suggesting that some government high-ups appear to be out of touch with the current state of the cybersecurity job market.
There is plenty of evidence that the world needs cybersecurity talent. According to a recent ISC2 survey, 33% of organizations cannot staff their security teams adequately
The result of this shortage is that these professionals are handsomely rewarded — but no-one appears to have told the UK government.
Government Communications Headquarters (GCHQ, the UK equivalent of the US’s National Security Agency, or NSA), has just advertised for a chief information security officer. The role, which the ad describes as “one of the most influential cyber security leadership roles in the UK,” offers a maximum salary of £130,000 (about $175,000) — and none of the stock options or other inducements common in industry.
Successful candidates will have “expertise in securing cloud environments and emerging technologies within digital transformation programmes, alongside a strong understanding of regulatory compliance frameworks such as NIST, ISO 27001, GDPR and GovS 007. Professional certifications such as CISSP, CISM or CCISO are highly desirable,” the ad said.
The job ad stresses the importance of the role. “As CISO, you will work with colleagues to set and implement the organisation’s cyber and information security strategy, striking the right balance between capability, acceptable risk and technological progress. You will integrate security governance into a complex set of cross-agency organisational decision-making forums ensuring that information risks are managed effectively.”
It’s a daunting set of responsibility for a senior professional working for an organization responsible for keeping an entire nation safe from cybercriminals and hostile powers, while pulling in a salary roughly equivalent to the salary of a security architect at a mid-level US company.