“You can’t win anything with kids,” said football pundit Alan Hansen. He was talking on the British TV programme Match of the Day, after Manchester United, a team bursting with young talent, but which lacked experience, was thrashed three goals to one by Aston Villa in August 1995. That team of youngsters just got better, clinching both the Premiership title and FA Cup that season, and putting those words by Hansen into a hall of infamous quotes.
Melanie Oldham, founder and CEO of Bob’s Business Information Security Awareness, believes in kids too — not that she would describe her staff as kids — younger people might be an appropriate description.
She explains: “When we hire from a recruitment company, we train the staff, but because there is such a high churn rate in the industry, they move on.”
Melanie wants to build a team that lasts — and she does this by going back to school, or university. She hires school or university leavers, she takes on students doing a placement as part of their university course or from school, and she takes on apprentices.
That’s a different approach, but then maybe fighting cyber crime needs a different approach.
She explains: “Traditionally, the natural fit for cyber security workers was seen as ex-police force — typically, white males.
“I am recruiting quite young individuals, so taking out senior management, the average age of the team is probably about 25 – and it’s a diverse team, too.
She explains further: “They are creative, adaptive, they know technology, and they have a real energy for it.” There is another benefit, employing staff that way is very cost effective.
Maybe it is not just about saving money on wages. The Manchester United approach that worked so well entailed recruiting young players, moulding them, training them, and creating a team of loyal players — many of the kids that Alan Hansen referred stayed the distance, the likes of Ryan Giggs and Paul Scholes dazzling fans until they were ready to retire. There was less of a need to get a chequebook out and buy the latest sensation from South America, Europe or Africa, getting homegrown talent reduced the upfront cost, created stability and maybe a more coherent team approach.
Melanie puts it this way: “I can two-month them into my way of working.” She cites the example of Dale — hired straight from school five years ago; he has come to know Melanie and the business “inside out,” and is now a team leader.
“So, you have cyber apprenticeships, cyber degrees, cyber placements, they are all very different departments.” She says that within a university you can have ten to 15 people working or studying in complementary areas, and they don’t even know that the others exist.”
Melanie’s tip is to go out and talk, speak to schools and universities. She says: “We have got it quite smooth now, we have two cyber placements a year, and they come for 14 months, with a two month overlap with their replacement.”
The hope is that when the placement students finish their course, their relationship will be such that they will join the company, full-time.
The army of cyber criminals is growing, and its foot soldiers are often young, in some countries hired and trained while still at school. Competing with that army requires just as an innovative approach and maybe the Melanie Oldham way is an effective way.
But there is another ingredient. Tackling cyber crime is not just about building a team of cyber security professionals, it’s about getting staff on your side too — about finding champions, communicators, getting the numbers on your side.
And to achieve this, Melanie Oldham has a cunning plan.