Taz Wake

UK Salary nonsense is raising its head again. The UK Treasury is trying to find a Head of Cyber Security for UK£55k. That's.... well... it's.....

I have no words.

Cost of living is definitely a thing, which seems to confuse a lot of US people when they see UK salaries. In *very general* terms, getting £100k is similar to getting US$200k.

But even so, this is terrible.

Yes, I am simplifying but, *most* people in the UK on £100k a year will have a lifestyle similar to, if not better than, most people in the US living on US$200k a year.

And, yes, you will absolutely find a lot of exceptions to that. Well done.

But this is a different problem. It is a senior role, whatever LinkedIn says. It needs someone to be in the most expensive city in the country (at least some of the time) and it needs them to have the knowledge & experience to defend a Critical National Infrastructure target.

It is a Civil Service role, so the current crazy thinking about "overpaid civil servants" and our weird government obsession with cutting all public-paid salaries except their own has an impact.

But this is a significant problem. It really is.

If they have any competent staff left, this needs to be on the Risk Register in BIG letters as a significant, but complex, risk.

For a start, hiring. Who can you hire? Anyone with the skills & knowledge for this role can get 2-3x as much with almost no effort.

I mean, I got more than this for a mid-senior government role with no civilian-world experience 14 years ago.

Whoever they hire for this role is LIKELY to have bluffed something. Or they are going to bounce & just want it for a year or two to improve their CV.

That's a bit of a red flag though, as it means they don't have a strong enough CV to get a similar role... So they either messed up massively somewhere or don't have the knowledge/experience to do the job.

Back to being a bluffer.

The second risk is more financial. If Criminal Gang X want to get someone "inside" the treasury, this makes it pretty obvious that they are dirt cheap.

I am not saying people do not have morals, but if you are senior career, flat sharing with students and eating pot noodles each day and walking to work because your salary won't cover your rent *&* food *&* travel, then a criminal who offers you £100k to look the other way, is a very, very different proposition.

Why spend money buying possibly valid creds from the DarkWeb when you can just offer the Head of Security a decent meal...

I really do wish the best to whoever gets this job but the main risk (IMHO) is that if they won't pay a decent salary for the HEAD, then your staff are underpaid, undertrained, lacking in skill or experience and your security budget will be pocket money. #infosec #cybersecurity #treasury #security

Mar 29, 2023 at 10:36pmWeb
Show threadMichaelMar 31, 2023
@tazwake I totally agree. You could still get a mid level civil service / public sector role for this money. Perhaps they forgot a 1 in the front?
Show threadphiltor 🇺🇦🌻Mar 31, 2023
@tazwake Wouldn't £100k be more like $124K right now? Is cost of living _that_ much higher in the US than the UK?
Show threadfemavenMar 31, 2023
@philtor @tazwake yes, London is one of the most expensive cities in the world. Think about how that salary would translate to a DC or SF market in USD.
Show threadfemavenMar 31, 2023
@philtor @tazwake for reference 1 usd roughly equals .7 gbp using purchasing power parity https://data.oecd.org/conversion/purchasing-power-parities-ppp.htm
Conversion rates - Purchasing power parities (PPP) - OECD Data

Find, compare and share OECD data by indicator.

theOECD
Show threadAGTMADCAT 🇬🇧🇺🇸🇺🇦🇹🇼🇵🇸Apr 2, 2023
@philtor @tazwake Health insurance costs alone can double the effective cost of living for people on modest salaries. The percentage effect drops off as salaries rise, but it can still be substantial.
Show threadphiltor 🇺🇦🌻Apr 2, 2023
@AGTMADCAT @tazwake true, but if you're making $120k in the US you probably have a job with health insurance.
Show threadAGTMADCAT 🇬🇧🇺🇸🇺🇦🇹🇼🇵🇸Apr 3, 2023
@philtor @tazwake Yeah but a good chunk of that insurance payment is coming out of your paycheque, to the tune of at least several grand a year if you have dependents.
Show threadBob BeakerApr 1, 2023

@tazwake

I think you've missed the point. It's a throw away, joke advert so they can say "We tried, but failed to fill the post." Followed shortly by "Here's my mate who can do it on a stupidly overpriced contract."

Show threadNicole ParsonsApr 1, 2023

@tazwake
1/5
There's a strong correlation between income inequality, subpar wages for public servants, and public corruption.

The movie "The Big Short", based on a Michael Lewis semi-fictional novel, did a decent job of explaining how underpaid civil servants contributed to the 2008 financial crisis.

https://en.m.wikipedia.org/wiki/The_Big_Short_(film)

So did Matt Damon's documentary "Inside Job".

https://en.m.wikipedia.org/wiki/Inside_Job_(2010_film)

Consequences:
1. Revolving door
Back & forth hiring between public agencies & private ...
2/5

The Big Short (film) - Wikipedia

Show threadNicole ParsonsApr 1, 2023

2/5
... businesses creates long term conflicts of interest.

Conflicts of interest as seen in oil lawyer Jeffrey Clark & the Jan 6 coup.

And Koch's Federalist Society lawyers on the Supreme Court.
And public policy advisors with their stupid "trickle down" economic theories.

https://en.m.wikipedia.org/wiki/Trickle-down_economics

2. Looted national treasuries & impoverishment
Public corruption siphons taxpayer dollars out of the local economy & into Swiss & American banks. It permits the ...

3/5

Trickle-down economics - Wikipedia

Show threadNicole ParsonsApr 1, 2023

3/5
... looting of national treasuries to fund genocidal wars on Ukraine & Yemen.

https://www.newstatesman.com/business/economics/2022/03/our-addiction-to-oil-has-paid-for-putins-war

https://www.cbsnews.com/news/bank-scandal-2020-2-trillion-transaction-suspected-illegal-activity-money-laundering/

https://worldpopulationreview.com/country-rankings/most-corrupt-countries

3. Public Tolerance for Public Corruption
Countries with high corruption create public expectations that an underpaid official will make up the shortfall in bribes & extortion.

https://www.chicagotribune.com/la-ed-gifts-20160829-snap-story.html

https://en.m.wikipedia.org/wiki/Baksheesh

https://academic.oup.com/book/35304
4. Failed States
Countries with high corruption create failed states. Crisis go ...

4/5

Our addiction to oil has paid for Putin’s war

High oil prices and the West's failure to diversify its energy mix have bankrolled a tyrannical regime.

New Statesman
Show threadNicole ParsonsApr 1, 2023

4/5
... unresolved. Corrupt states cannot cope with climate change for example.

https://www.cfr.org/in-brief/lebanon-failed-state-heres-what-numbers-say

https://www.ptfund.org/corruption-as-an-indicator-of-a-failed-state/

5. Income inequality worsens
Another consequence of an underpaid public service is that only the independently wealthy can afford the opportunity costs of holding public office or gain entry to high profile employment.

Access to such high profile employment limits perspectives on solutions and leads to foolishness like Powell using interest rates to curb ...
5/5

Is Lebanon a Failed State? Here’s What the Numbers Say.

The August explosions in Beirut were the latest in a series of man-made disasters that have led some experts to say Lebanon is becoming a failed state.

Council on Foreign Relations
Show threadNicole ParsonsApr 1, 2023

5/5
... greed, corporate price gouging, stock buybacks, exorbitant management compensation schemes.

It tends to fill the public service with nepotism hires and no-work/no-show patronage appointments. It results in budget overruns and shoddily run public projects from "consultancy fees".

https://thehill.com/opinion/finance/387537-unpaid-internships-unfairly-favor-the-wealthy/

https://www.mercurynews.com/2022/06/29/fraud-san-jose-fremont-home-develop-cost-sec-silicon-sage-real-estate/

https://en.m.wikipedia.org/wiki/No-show_job#:~:text=A%20no%2Dshow%20job%20is,of%20political%20or%20corporate%20corruption.

https://www.salon.com/2021/05/15/matt-gaetz-gave-escort-no-show-government-job-report_partner/

Unpaid internships unfairly favor the wealthy

The notion that students should have to forgo pay and incur additional debt to gain work experience is ludicrous.

The Hill
Show threadMarcusCSCApr 2, 2023
@Npars01 no fucking shit, as most work the summer to cover living cost the next semesters
Show threadQueApr 2, 2023
@tazwake that role is at minimum missing a leading one and in all honestly maybe a two given how much bullshit it’s going to be.
Show threadthefathippyApr 2, 2023

@tazwake

It's not a very...enticing... salary for someone who will very much be in the spray zone when the shit, as it does, inevitably hits the fan.

<converts currency>
They're taking the piss. I earned more than they offer as a mid level public sector admin dweeb/tech writer <checks calendar> eight years ago. Our security team earned the same as me or more. The CIO scored double my pay, and consultants earned a hell of a lot more again.

As you say, the RISK!

Show threadJosh O'Connor-ChenApr 2, 2023
@tazwake WTF? Salaries in NZ are also nowhere near the US, but 55k GBP is around the going rate for a service desk team lead...
Show threadex or current IDF unwelcomeApr 2, 2023
@tazwake Peanuts, if they are any good they'd make more as hackers.
Show threadMaria AbreuApr 2, 2023
@tazwake This is a big problem across all of the public sector in the UK at the moment, see also teachers, doctors etc. In universities, not strictly speaking public sector, but with govt imposed funding freezes, we are really struggling to fill senior roles. Our salaries are around 1/2 those of comparable jobs in Germany or Scandinavia, and around 1/3 to 1/4 of US salaries.
Show threaddanodonovanApr 2, 2023

@tazwake

I think the job title is misleading, from the job listing:
> We are looking for an experienced Head of Cyber Security to lead a team of two cyber analysts

> We are a team of around 40, responsible for the Treasury’s technology, security and knowledge and information management services.

So it's not _the_ Head - but _a_ head, and that 'head' has a relatively minor / junior manager role.

Show threadTaz WakeApr 12, 2023

@danodonovan Absolutely, but that is just additional problems. It means they are paying a junior manager about the same they could get years ago, or about the same a junior pentester can get now.

In 2009, I worked for the civil service managing a team of 2 people and was paid £55k on entry. Paying less, more than a decade later is crazy.

Then the title itself creates issues. Having multiple "heads" of cybersecurity would imply they have no clear structure and staff will be routinely confused who to go to or who is responsible. It also implies that the post holder will carry potentially unknown responsibilities but no authority.

Another issue is who will apply? They want "an experienced Head of Cyber Security", but they don't really want that because they seem to be offering a role for a SOC team lead. But no SOC team leads will apply because they ask for an "experienced Head of..." and no experienced Head of.. will apply because the pay is terrible and its really a SOC team lead role. That reinforces the problem with the organisational structure. They clearly have no idea what they need, or how to get it. In turn, that implies cyber security is not a significant area of business for them, because they haven't bothered learning about it.

I bet they don't make the same mistakes when hiring HR people.

Show threadSimon FrankauApr 2, 2023

@tazwake If I've done my maths right (probably some tweaks needed for CPI vs. RPI on annuity prices etc., absence of really dumb mistakes etc.) their DB pension scheme is worth pretty much 50% of base, and is presumably rather tax efficient.

Still doesn't compare to tech industry jobs, but they're fools if they don't heavily emphasize the value of the pension.

Show threadTaz WakeApr 12, 2023

@sgf Unless it is radically different from the civil service pension scheme I had in 2009, if the post holder stays in post for 20 years, it will return approximately £18k a year as a pension. (This can vary between alpha, nuovos and other schemes though).

I kind of feel earning £30k a year more and paying £24k into a private pension has a better RoI.

Show threadSimon FrankauApr 12, 2023

@tazwake You're probably right, if you have direct experience - I was trying to just work it out from the docs and annuity prices!

And yes, I'd also favour much better pay and a DC pension, even if people underestimate how much annuities cost. OTOH, if you don't emphasise the benefits you make the comparison look even worse than it actually is.

Show threadJosh (he/his)Apr 2, 2023

@tazwake

People with that range of certification AND leading a team of 40 people command about $150-200K in NYC in the private sector.

https://www.civilservicejobs.service.gov.uk/csr/index.cgi?SID=c2VhcmNoc29ydD1jbG9zaW5nJnBhZ2VjbGFzcz1Kb2JzJm93bmVyPTUwNzAwMDAmdXNlcnNlYXJjaGNvbnRleHQ9Mjk3ODgxMjkmcGFnZWFjdGlvbj12aWV3dmFjYnlqb2JsaXN0JmpvYmxpc3Rfdmlld192YWM9MTg0NjE5OSZvd25lcnR5cGU9ZmFpciZzZWFyY2hwYWdlPTE5

https://www.salary.com/research/salary/employer/amazon-com-inc/cyber-security-architect-iv-salary#:~:text=The%20base%20salary%20for%20Cyber,average%20base%20salary%20of%20%24214%2C034.

Head of Cyber Security - Civil Service Jobs - GOV.UK

Search and apply for jobs in the UK Civil Service

Show threadJosh (he/his)Apr 2, 2023

@tazwake

Hm. What are the odds whoever is posting this job has a friend with a consulting company that's going to get gigantic contracts because the actual civil servants have no clue...

Show threadAvonLovesBlakeApr 2, 2023

@tazwake It's such a false economy, because it creates a massive incentive to make money by giving out Gov Security Contracts to whichever company is willing to pay the Head of Cyber Security the biggest kickback -

which means Gov Security Purchases won't go to the best companies, or the most cost-effective companies, but the ones most willing to do bribes...

Show threadGeorgeWLApr 2, 2023

@tazwake Another possibility, it's fake job put up for a friend of a minister, who doesn't actually do any work, and it's effectively used so they can bribe them legally

That's happened (and been caught) more than you'd expect

Show threadkkarpieszukApr 2, 2023
@tazwake they are not searching with this salary, it is common practice: they have already person for this job but this is public money so first they have to look in open market. That person will be hired as has no competition and quickly salary will be raised to the normal level.
Show threaderica_sea55Apr 2, 2023
@tazwake 55k for a HEAD of cyber security? No wonder there’s so many hacks 😂 will their job entail installing McAfee antivirus on all government computers 😂😂