The federal government has pledged nearly $ 1 billion to strengthen its cybersecurity capabilities – but even the security agency, which is in charge of most of the work, acknowledges that recruiting is a challenge.
The Canadian e-spy agency, Communications Security Establishment, is expected to receive a large inflow of funding to launch cyber operations and prevent attacks on government servers, power grids and hospitals.
CSE, which collects and decodes intelligence signals and is also responsible for technological security for the government, says it receives 10,000 to 15,000 job applications a year. But only about one or two candidates out of 100 applicants continue to be hired after skills testing and security checks.
“It’s no secret that recruiting high-tech organizations remains challenging and highly competitive,” said CSE spokesman Evan Koronevski.
“At CSE, the same is true because of the specific technical competencies we need for many of our positions, the security clearances required and the current requirement to relocate successful candidates to the national capital region.”
CSE is still developing how many code breakers and code developers it needs to keep up with the growing demand for their services. Koronevski would not say how many vacancies CSE is trying to take. The agency has an annual depletion rate of about four percent, he said.
“We just don’t have a talent pool, and without developing that talent pool, we’re going to have a lot of problems,” said John Zabiuk, chairman of the cybersecurity program at the Northern Alberta Institute of Technology in Edmonton.
Bidding War for Top Talents
As the number of ransomware and malware attacks increases, more companies and organizations are investing in their internal cybersecurity, he said.
“It’s kind of like a crazy fight right now for organizations trying to find cybersecurity skills and employees. And that’s why when they find a person, that person is so wanted, “Zabuk said.
Governments often find it difficult – if not impossible – to equalize these wages in the private sector, he said.
“It’s almost like a bidding war for employees, so if you can’t play this game, you’re going to miss those talents,” he said.
The Communications Security Establishment Canada complex in Ottawa. The agency collects and decodes signal intelligence and is also responsible for technological security for the government. (Sean Kilpatrick / Canadian Press)
A quick look at LinkedIn shows a handful of former CSE employees who have moved to senior positions in private companies.
Christine Chianfarani is the CEO of the Canadian Association of the Defense and Security Industries, which represents hundreds of defense, security and cybernetics companies. She said that since there was not much in the recent federal budget, suggesting that the government would rely on the private sector workforce, she was “preventively pessimistic”.
“In a country as small as ours, we are all fighting for the same talent. That’s the problem. How can they do it alone? It will be an endless shortage of resources,” she said.
Can Ottawa work with the private sector?
Cianfarani pointed to a program run by the UK’s National Cyber Security Center, called Industry100, which brings together government and industry representatives to identify vulnerabilities and prevent cyber attacks.
According to the UK program, secondment from the private to the public sector varies from one day to a week to a month. Participating organizations continue to pay the salaries of posted workers – which are often higher than the salaries of public services. Security permits are still required.
“I refuse to believe that if the United Kingdom can figure out a way to replace classified networks, classified systems and the public-private domain, we can’t understand that in Canada,” Chianfarani said.
“The approach we know no longer works. We think that needs to change and this budget has not given us the warmth. “
Public Security Minister Marco Mendicino, who is overseeing Ottawa’s national cybersecurity strategy, said one of his goals is to increase the cybersecurity workforce.
Some of those efforts, he said, could include searching abroad.
“I think we need to create special ways to attract talent in the field of cybersecurity,” Mendicino said.
“We should never compromise on security just to hire someone. But what I am talking about is working closely with the provinces and provincial regulators to make sure that if someone comes and has a solid degree or diploma that qualifies them, bureaucracy and bureaucracy will not stop them. turn it on as quickly as possible. “
So far, CSE has said it is updating its recruitment programs and focusing on its cooperative programs to attract students.
“We recognize that there are challenges and limitations for those working in the security and intelligence community,” Koronevski said.
“But CSE’s work is about protecting Canadians – our security, our economy and our communities – and we take our work very seriously.”
Add Comment