At a conference in Paris last week, one of Europe’s most senior financial regulators said something that everyone in financial services IT recruitment already knows – that there’s a serious shortage of cyber-security professionals. According to Sabine Lautenschläger, “banks and financial market infrastructures are struggling to find staff with the skills and experience needed to fend off cyber-attacks”, and this is one of the biggest risks to the whole financial sector.
To a very large extent, the regulators have caused this problem themselves, of course. One of the biggest areas of skilled labour shortage is in “penetration testing” and “threat intelligence” – in other words, “ethical hacking”.
Ethical hackers are the people who check the security of banking systems in the only reliable way to do so – by trying to break in from the outside. According to new European rules, every bank needs to expose its critical systems to this sort of attention at least once a year, and the less important systems every three years. When you consider that a large bank might have hundreds of things to test, and that an ethical hacking “red team” could consist of half a dozen people, it’s easy to see that the banking system can find work for anyone and everyone capable of doing this specialised job.
Worryingly, though, it might be the case that part of the problem is that the banks are in a competition for top talent with the criminals themselves. According to Ms Lautenschläger, law enforcement agencies across Europe have noticed that over the last couple of years, hackers have got a lot more sophisticated in their understanding of the financial sector. Rather than running attack scripts and then not knowing what to do with the results, they are concentrating on specific high-value systems and trying to exploit highly technical vulnerabilities. It therefore be might be that some of the “ethical hackers” were not actually all that ethical, and got tempted to use all the information they gathered in their job for nefarious purposes...
Salaries and bonuses in cybersecurity are bound to continue rising as the labour market pinch becomes more acute. The prospect of turning your knowledge into a massive heist and heading off to the sun with a sack of Bitcoins is not something we’d recommend, but it is there too. This looks like a hot area to be training in.
Have a confidential story, tip, or comment you’d like to share? Contact: firstname.lastname@example.org in the first instance. Whatsapp/Signal/Telegram also available.
Bear with us if you leave a comment at the bottom of this article: all our comments are moderated by human beings. Sometimes these humans might be asleep, or away from their desks, so it may take a while for your comment to appear. Eventually it will – unless it’s offensive or libelous (in which case it won’t.)