As someone who spends their working life protecting others from risk, you surely have the right to bullet-proof your own career by talking to a recruitment firm that has the experience and reach to put you in touch with organisations that have the need, appetite and budget to place information security right at the top of their priorities.
Most of our clients are operating within financial services. This places them right at the frontier of cyber risk. When a robber was asked why he robbed banks, he famously answered “because that’s where the money is”. Nothing’s changed. Whether it’s pounds, dollars or bitcoins, the organisations storing or transferring them have an acute need for cyber specialists to safeguard their operations.
So if you can demonstrate experience-hardened cybersecurity skills gained on a permanent or interim basis, we feel certain that our clients will want to talk to you.
International Professional Services Consultancy
The candidated was engaged on major a DLP programme with a leading UK building society.
Global Leader in Application Security Risk Management
Major Aviation Brand
International Professional Services Consultancy
The candidated was engaged on major a DLP programme with a leading UK building society.
Global Leader in Application Security Risk Management
Major Aviation Brand
We want to talk to you. Drop us a line and tell us about yourself!
Diversity remains a key issue for the technology industry. According to a recent BCS report, 18% of IT professionals have BAME backgrounds. BAME people are also less likely to hold senior positions — only 9% are directors and 32% are supervisors (for comparison 43% of white employees have a supervisory role). The lack of diversity becomes even clearer when considering specific ethnic groups. For example, black women make up just 0.7% of the technology industry — a representation rate that is 2.5 times lower than in other industries. Clearly, the technology industry is still struggling to achieve true diversity, so what can companies do about it?
It’s easy to say the right thing, harder to put this into action. Setting targets, continually measuring diversity and reviewing progress helps organisations to commit to change. For example, some big companies like Facebook and Pinterest have tried to use the ‘Rooney rule’ where at least one woman and one person of colour are interviewed for director positions within the company. However, progress has been limited and concerns about it being a ‘diversity tickbox’ exercise have been raised. More recently, it’s been emphasised that targets need to be set at all levels of seniority, and that there needs to be external accountability for failure to meet targets.
On the other hand, sometimes companies fail to say enough. Statements of diversity support are important to attract new staff and ensure existing employees are reassured by an inclusive company culture — both those with BAME backgrounds and beyond. For example, Unilever recently pledged their support for a campaign working to end discrimination against hairstyles associated with racial, ethnic and cultural identities. Given that this kind of discrimination often happens in the workplace, a major employer taking a stance sends out a powerful message.
Many people from under-represented groups have concerns that a career in tech is ‘not for them’. This can be reinforced by a lack of people who look like them in senior positions. In addition, some BAME communities prioritise traditional jobs such as medicine, law and finance over technology careers. Companies can participate in outreach in schools and other settings to expand on what a technology career looks like and address concerns someone might have about entering the world of technology. Outreach can help to shed a light on available opportunities while also sending a clear message about the company’s commitment to a diverse workforce.
There’s been a recent discussion about diversity training — particularly the low reliability of the implicit association test and its lack of impact on reducing real-world biases — to the extent that the civil service has stopped all unconscious bias training. However, while certain tools have been criticised, research shows that ongoing diversity training is successful when it combines a range of techniques and is complemented by other diversity initiatives. It’s clear that diversity training needs to be ongoing and not seen as a substitute for wider policy change.
After the Black Lives Matter movement put the spotlight on diversity in 2020, many companies turned to their staff for advice. There have been several instances of people from BAME backgrounds being asked to speak about and advise on diversity practices amidst a climate of emotional trauma and, in some cases, fear of later reprisals from the organisation they were asked to defend. It’s important not to place the burden of improving diversity on individuals — especially if they are unsure how to refuse and are not being compensated for their extra work. Diversity — like any other organisational strategy — should be managed by qualified professionals and engaged with by interested employees.
The technology industry’s track record when it comes to diversity is far from perfect. However, changes are being made. It’s clear that actionable, long-term strategies are needed to truly support organisational diversity in tech.
McGregor Boyall are pleased to announce the appointment of Terry Witham as Director of our Info & Cyber Security Recruitment Practice.
Terry has over 20 years’ experience in recruitment that ranges from building international recruitment teams to solution selling around the globe. As a specialist in the Info & Cyber Security recruitment space, he will drive the growth of McGregor Boyall’s Info & Cyber Security Practice on a national and international basis.
Commenting on his appointment Terry said, “I’m really excited to have finally landed at McGregor Boyall, who possess a phenomenal name in the recruitment industry both in the UK across the Middle East and APAC regions.”
“I am delighted to have Terry on board to build on and expand our Info & Cyber Security Practice both in the UK and internationally” said Group CEO Laurie Boyall. “His experience speaks for itself, and his proven track record of delivery across consultancy and project solutions will be pivotal as we expand our offering in this area.”
“I’m really looking forward to enhancing both McGregor Boyall’s recruitment and consultancy solutions across the UK and internationally” added Witham. “I truly believe McGregor Boyall has a unique brand to take to market to integrate value-add talent solutions and contingent recruitment.”
We surveyed 1,500 employers to gather data on current hiring trends, returning to the office, skills in demand and the impact the global pandemic is having on salaries and rates. We are pleased to be able to present the results below:
Working from home has been vital to slow transmission of the coronavirus. However, a new threat has emerged: increased online activity, use of new applications and less secure home networks are opening up individuals and organisations to a host of cyberattacks.
The problem
According to a recent Forbes article, in an analysis of the first 100 days of the COVID-19 crisis security firm Mimecast reported a 33% increase in detected cyberattacks – including spam (+26%), malware (+35%), impersonation (+30%) and blocked URL links (+56%). Certain industries are being particularly targeted, such as healthcare (e.g. The World Health Organisation have reported a fivefold increase in cyberattacks and PPE themed scams have increased) and banking (increased use of online banking presents many opportunities for hackers – such as exploiting new users who may not be familiar with the service).
A recent report from McKinsey highlighted the multitude of potential cybersecurity risks exacerbated by remote working. For example, changes in app-access rights (such as enabling off-site access and lack of multifactor authentication) and use of personal devices or tools (such as a laptop without central control or an unsecured network) increase the opportunities for cyberattacks. While technology was vital to navigate our way through the COVID-19 crisis, rapid adoption of new digital offerings has increased risk. New tools such as video-conferencing have been particularly affected, where an unauthorised person joins a call to steal information or cause disruption. There are also fake tech support scams – increasingly sophisticated attempts to manipulate remote workers (especially those who may be working from home for the first time) with fabricated access and other tech support issues.
The weakest point in any technical system is the person sitting behind the screen. The majority (at least half, according to Trustwave’s 2020 Global Security Report) of cyberattacks occur via social engineering, a psychological manipulation process using tactics such as sending a scam from a trusted source. As always, cyber-criminals know how to target human vulnerabilities, and the number of phishing scams capitalising on our fear of COVID-19 has significantly increased. In addition, we are more likely to fall for a scam when tired or stressed – given the change to working from home, where many are juggling a variety of stressors – we might be even more vulnerable to these kinds of attacks right now.
What can you do?
Given that the person behind the screen represents a security weak-point, they also represent an area of improvement. We will need to learn how to practise good cyber-hygiene, similar to how we adopted thorough hand-washing and social distancing to reduce the risk of the coronavirus.
There are several excellent resources on improving cybersecurity. For example, Siemens have provided their eight top tips for cybersecurity in the home office, including only bringing home essential devices, not mixing personal and business use of devices and ensuring all software is always up to date. The Electronic Frontier Foundation provide more in depth advice on how to spot a phishing scam.
However, while this information is useful, it can be more difficult to establish reliable cyber-security habits. A reported three in four remote workers have yet to receive cybersecurity training, despite the clear increase in risk. More importantly, remote workers are falling for these cyber-attacks. This was recently highlighted by software development company, Gitlab, who found that 1 out of 5 of their own remote-working staff exposed user credentials by replying to a fake phishing message. Regular testing of existing cybersecurity plans in this manner can help to identify areas for improvement.
The future
While cyber-attacks are growing ever more sophisticated, so is cybersecurity. Gamification is one fresh approach to cybersecurity training. Reading through countless tips and the odd video on cybersecurity is unlikely to translate to robust cyber-hygiene habits. However, gamified training results in increased engagement, knowledge and information retention.
Increased investment in cybersecurity may provide us with a host of interesting ideas. Cheltenham Borough Council recently announced plans for a £400 million campus development, situated next door to GCHQ, said to be the ‘Silicon Valley of the UK’. The complex will help to bridge the current skills gap and enhance the UK’s cybersecurity capacity.
Clearly, the coronavirus has highlighted a variety of cybersecurity threats. With remote working expected to continue for the foreseeable future and beyond, it is vital to address current shortcomings in security. Looking forward, the industry is an exciting one, poised for innovation and development.
Our Technology Market Insights Report & Salary Guide 2020 provides the latest insights on the market collated by our Technology Recruitment Teams, and from data collected from surveying our clients and candidates.
Our Scotland Salary Guide 2019 provides the latest salary data collated by our specialist Recruitment Teams covering:
Our England Regions Salary Guide 2019 provides the latest salary data collated by our specialist Recruitment Teams covering:
Our Technology Market Insights Report & Salary Guide 2019 provides the latest insights on the market collated by our Technology Recruitment Teams, and from data collected from surveying our clients and candidates.
Search for the best jobs in the world