Re: And what will CareCERT be doing?
Hmm good point.
CareCERT actually do seem to contribute to the NHS security effort so presumably they'll be toast at some point. Maybe they'll give G4S a call...
6 publicly visible posts • joined 2 Feb 2017
This, 100%
I asked a friend in one of the big consultancies why NHS managers recruit external consultants at 5x the cost, for things their own staff could do, and his belief is that they're happy to pay just to abdicate responsibility. E.g. if it fails, they're off the hook because they can say they paid top dollar for 'the best'.
Over the years, I've observed this to be correct more often than not. The last port of call for many senior managers is to consult with their own teams (or even try to manage them). The team then has some salesperson forced on them who extracts their knowledge and then gets 5x the pay for it. Then leaves and the team have to fix the shit they caused anyway.
I now view a manager employing a consultant as a public admission that they're scared, out of their depth and couldn't care less about wasting public money.
...this would only be the right solution if the NHS's actual, core security problem was a lack of white hat hacking consultants in some data centre somewhere.
Yeh, it might be useful in a way, but as everyone who works here knows, just getting the basics right (patching, stop people clicking on stuff they shouldn't, etc, etc) would go a lot further. A lot of the time, the security people already KNOW where the holes are, and don't need expensive consultants to tell them, but they're not supported by senior management (until there's a data leak or virus outbreak when saving their own arse suddenly becomes a top priority).
And they should wake up and get rid of the ridiculously counterproductive IG Toolkit while they're at it - any NHS organisation can easily pass with flying colours and still be full of holes, so all it does is give senior management an excuse to spend nothing on *actual* security because they scored well on the Toolkit. It's an absolute effing joke and everyone knows it.
YES!! 100%
I've made this argument so many times. Suitable qualifications might be found in Systems or Cybernetics as they are cross speciality subjects (created for that very purpose) and directly capable of contributing to any System, including a Security System, being greater than the sum of its parts.
Unfortunately, however, Systems qualifications don't tick any search criteria boxes for lazy arse recruitment agents so you're invisible to employers and your typical IT manager reads it as being some kind of jack of all trades and master of none. Also, they still seem to equate the words 'Cyber' or 'System' with 'Computer'. It's about CONTROL FFS. Y'know, like controlling your IT security as part of a whole operational system, not just a random patchwork that allows who-knows-what through your Swiss cheese defences.
I know, because I've been banging my head on this particular wall for years now. Tragically, I've still got 15 years of this to go as I don't sell enough oil paintings to dump the whole frustrating industry and live life as a bohemian artist somewhere nice :(
"99% hyperbole and 1% nothing new"
Yes, it's technically clever and it's advancing on what's gone before, but at the end of the day it's just a 'system'. Technology, not some completely new kind of 'thing' is changing the workplace, as has been the case for centuries.
As alluded to in the article, uneducated labour could do the same job following the same rules and processes. All AI is, is rules and processes but done on a computer and with added tabloid bullshit about robots