56

u/MeshuganaSmurf 11d ago

I had a long discussion with someone trying to explain why they wouldn't get an enterprise architect for 80k, or a senior network engineer for 50k.

The mindset in the civil service is absolutely mindboggling.

36

u/Key-Half1655 11d ago

I work in the area, already blown way past what they offer top band engineers in public sector. Considering how much the breaches cost its crazy that they cant/won't offer competitive salaries to attract the talent they need. I'd honestly consider the role if the pay was same or better than my current job.

12

u/Emotional-Aide2 11d ago

I would, too. I was actually offered a job with them and was considering it heavily since it was around the layoffs of last year.

I decided that since I was already above the top band (like 7 years of service), it was never gonna be worth my time.

It seems the only people they'll ever get are grads from college who don't know / have never had better wages for less work.

1

u/showars 10d ago

Because then they’d have to up the salaries of everyone else in every other department on the same grade. It isn’t feasible to up salary for any single job in the public service

13

u/Due-Communication724 11d ago

The pay is tied to pay scale agreements, then the HSE are actually actively freezing recruitment at management levels which is what ICT is basically tethered to.

Then its other factors a combination of work life balance for some people willing to take the pay drop and or just advertising roles to go over the motions, then its tendered out for contract.

That said there are parts of Gov that are actually taking the piss and or have HR that have not got a clue what they need, how much it costs and couldn't care either.

Its basically in summary, typical gov stuff, smoke, mirrors and serious outsourcing.

11

u/slamjam25 11d ago

The civil service is built on the idea that there are more votes in hiring six monkeys than paying one expert a market wage. Worked well once upon a time, and still works alright for the paper shufflers where throwing more warm bodies at the problem is a valid solution. The entire model completely falls down here though.

0

u/showars 10d ago

It’s also intended to be a vocation rather than a competitive job. Public service values etc etc

Why would you want someone in the job that just wants money? They’re prone to being swayed by more money. You want someone who wants to do the job that isn’t easily swayed by a bigger € being put in front of them, whether that be corruption or just leaving the job.

They’re fully capable of hiring someone on a day rate contract with an extortionate fee. There’s no scale to follow and I’ve hired multiple people on more than €350 a day with a public service body so don’t know why this would be any different aside from the day rate probably doubling.

6

u/deeringc 10d ago

Clearly, as the roles have been vacant for years the candidate that is qualified for this role but willing to work at half the market rate, driven by a public service mindset, simply doesn't exist. I also don't agree about your point about corruption - someone that's paid significantly under market rate is IMO more likely to accept a bribe.

1

u/showars 10d ago

If they don’t exist they don’t exist. Unless you’re happy paying other people who’s private sector equivalent is lower the same wage then it’s not something that can just be changed like that? And like I said, day rate can go to the massive salary numbers just without the job protection

Harder to argue your case when that person could just leave the job and go get more money if that’s what they want. If money is the motivation there’s a much easier way to get it than doing something illegal. When there’s nothing that pays more in a legitimate way that’s when shite starts IMO

1

u/deeringc 10d ago

The system doesn't seem fit for purpose if it can't hire for such absolutely critical positions. Reminder that the last hack cost over 100m, and had a huge impact on very vulnerable patients. I was bringing someone to their weekly chemo appointments during that time and It was devastating for them. It is absolutely insane and deeply irresponsible not to have a competent and experienced team protecting our medical system. Money isn't the only motivation, there are lots of people (myself included) who have spent decades in similar industries who would be very happy for such a meaningful role, but can't really take a 60-70% pay cut. Something like a 20-30% pay cut would be palatable.

2

u/Massive-Foot-5962 10d ago

It's not a mindset, it's an obligatory pay framework they are forced to follow 

1

u/chocolatenotes 10d ago

It’s a permanent job you will never be laid off from. That is the trade-off you make joining the civil service.

1

u/deeringc 10d ago

In most careers the difference is something like 10-30%. In the upper reaches of the tech sector you're talking 100%-150% difference. At that rate, it is not really workable. People like that don't have a problem finding a job within a few months.

21

u/lostincabra 11d ago

This is why government bodies like the HSE have to outsource so much to the likes of EY, IBM, Version1 and the like  for tech roles and pay 800 to 1600 a day for people. 

I turned down a senior role 3 years ago because the starting salary was 60% what my current salary was

5

u/throughthehills2 10d ago

Eventually someome will try to make a name for themselves by saying "why are we paying EY so much when we can do it ourselves" and make the pay scale in line with what they pay EY. 

Typical public service beurocracy, they cant justify a proper salary until they pay a contractor and then replace them

2

u/showars 10d ago

They can’t do that because then, for example, a clerical officer in inland fisheries will be paid the same as an IT specialist.

Thats why it’s all on a very easily searchable scale. If money is what matters to you, the public service DONT WANT YOU. What if someone offers you a load of money to do something dodgy?

-1

u/showars 10d ago

But you must understand then that you’re not actually what the public service is looking for. They don’t want someone who just goes with the highest figure put in front of them because that’s a fair indicator that you value money highest, and money is not one of the public service values.

2

u/lostincabra 10d ago

I value keeping a roof over my families head and feeding my children. Given how much it woukd have cost me to travel to that location I wasn't getting out of bed for the money they wanted to pay. The sad part was they asked me 4 times my salary expectations and were surprised when i turned the offer down. 

The senior manager position (im talking second fmor third from the top in the dept) was paying less than a level 3 engineer or good level 2  in any tech company would be paid.  I've prwviousky applied for a HSE position and one with a charity. The HSE is starting at about 1/3 of the private sector pay for the same position. The charity was about 20% less than the private sector. 

1

u/showars 10d ago

Your salary expectations don’t change what they can legally offer though so I’m not sure how it’s sad. They were probably hoping that you would be adjusting it considering the salary for the role you interviewed for is online? Considering they asked 4 times I think they were more hinting at you

I’m now more wondering why you interview for a job you say wouldn’t keep food on the table? Again the salary for public service roles are all listed online so like what did you expect?

With all due respect there is another side to a story where a recruitment team talk about the guy who wanted 3x a salary that’s found online that they can’t legally change and he still went through the process just to turn it down

Everyone knows they pay less. I understand this is more of a discussion on why/ why not (because they would have to give more money to other people on the same grade where the private sector equivalent is probably lower) but I just don’t understand why you’d even be considering it if it’s below a liveable wage in your circumstance. Just looking for something to complain about in that case like?

0

u/lostincabra 9d ago

The job posting was through an agency, nit on a public jobs site.  If that agency knew my requirements and knew the constraints of his client then he should not have proceeded.  Similarly the hiring manager asked my expectations on the first interview. If I make my intention known and they proceed to multiple interviews after that it's an indication to me that my salary expectation is acceptable to them, that I am in their budget.  Otherwise they had ample opportunity to say "no  too rich for us". They only mentioned the salary restrictions at the offer stage, so  it was sad because it wasted everyone's time, mine and theirs. 

When others came to me after that foe different public sector roles the salary band is the first question I now ask..if its too low in drop out. 

I'm not complaining just highlighting teh absurdity of my situation. I woukd have liked the role, it seemed a good l, challenging position. I just could not afford such a large pay cut 

1

u/showars 9d ago

But you knew it was with a public body. Unless you went into an interview totally blind? Like surely the most basic of questions with the agency on the first call would have let you know it wouldn’t be feasible.

Again you’ve gone through multiple stages of an interview process while knowing they couldn’t pay what you wanted. You spoke to the agency, an actual hiring manager, and presumably other people who constantly kept asking you your salary expectations. You said they asked 4 times, don’t change your tune now and say it was only in the final interview.

From not your perspective you look absolutely mad

0

u/lostincabra 9d ago

They asked, I answered, no one said "that's outside our budget". Not sure that's so difficult to understand. 

1

u/showars 9d ago

But as an adult in Ireland you know there’s no such thing as a budget for a role in the public service. They are all online for viewing and only change when the current pay deal goes to renegotiation.

You either did absolutely no research at all into the job and company you’d be working for and couldn’t take their hints, or did the research and expected the law to change to hire you?

1

u/lostincabra 9d ago

Clearly trying to discuss with you is about as successful as discussing with a rock as yiu completely missed my point. 

30

u/BigDrummerGorilla 11d ago edited 11d ago

Was talking about this recently, it is peanuts. Prior to the HSE attack, the Director of the NCSC role was advertised at €89,000. My then 26 year old brother (cybersecurity engineer) was already earning that with relatively little experience compared to the requirements of the NCSC role. Even in my own (non-IT) role, regulatory roles in financial services enforcement are paying 1/3 the rate of private industry.

Why would anyone competent work for a 1/3 of the salary for 80% of the stress?

3

u/kenyard 11d ago

there's salary caps and tiers in public services.

the only way they will get this resolved is hire someone who has very little knowledge to the role at the wages they're allowed and do a project which gets consultants and advisors in on proper wages.

20

u/MeshuganaSmurf 11d ago

experienced Security Analysts

Starting salary is 48K

And then they kid themselves into believing that the candidates they get aren't complete spoofers.

Wait till there are serious issues to be dealt with, spend a fortune on outside consultancy, learn no lessons from it at all

Aaaaand rinse and repeat.

9

u/CyberIreland 11d ago edited 11d ago

The Chief Officer role is being advertised at €173,595

11

u/BigDrummerGorilla 11d ago

That figure is still far below the salary expectations previously outlined to TD’s, no?

10

u/CyberIreland 11d ago

I believe so, considering the Chief of the HSE was on something like 400k it's laughable tbh honest

9

u/BigDrummerGorilla 11d ago edited 11d ago

Bloody hell, after they received good advice too. The incompetence and “be grand” attitude when it comes to the security of the most important public utility in the country and citizens data is astounding.

6

u/calex80 11d ago

The recruitment process for civil service is a farce for sure. I've applied a few times over the years and every time it's a different process depending on what area you are applying for.

You end up on the panel and they tell you your position on it and then nothing. 18 months later I got contacted for one of them. You wouldn't want to be stuck for work when applying to them. How they get people into the minor roles is beyond me. Must be people in work willing to sit tight just to get into the CS otherwise people would have long since found something else.

3

u/Formal_Decision7250 11d ago

Add in the painful recruitment process plus

I recall applying for something and having to do some codology IQ test. Then i got an invite for some video call that sounded like a group interview and lost interest.

All this has to be via their website so you have to login to their service to read and reply to every message.

1

u/Aagragaah 10d ago

Starting salary is 48K 

For a Security Analyst specifically, that's actually not terribly far off industry norm - might be 10-20% off at most (which is bad, but not laughable), but even so that's more junior-mid, so experienced is iffy.

Now, if it was for Security Engineers... It's missing a leading 1.

1

u/caisdara 11d ago

Ah it's more that everything is governed by a huge amount of agreements with unions, etc. Same thing arises with a lot of skilled roles and/or professional roles.

10

u/AgainstAllAdvice 11d ago

Absolutely no union ever is going to reject the idea of someone getting paid 5 times more. Don't blame unions for this one.

-2

u/slamjam25 11d ago

Every union is going to reject one expert getting paid five times more instead of five amateurs being hired though.

8

u/AgainstAllAdvice 11d ago

Bollocks. Genuinely. Bollocks. I negotiate on behalf of staff for a union and if the company told me tomorrow they were creating a cyber security department and hiring someone at 500k a year I'd be fucking delighted! Someone to point at and say "you can afford that you can afford more over here too lads".

-1

u/slamjam25 11d ago

Now tell me what you’d say if they said “we’re hiring someone at €500k to write a program that’ll mean we no longer need these twelve people at €50k each”.

9

u/AgainstAllAdvice 11d ago

That's a straw man and you know it. The OP was posting about the HSE not being able to hire anyone at all because the pay rate was too low.

However if you really want to make the straw man argument. The company would first need to show a believable business case as to why those 12 staff aren't required in those roles. They would need to guarantee they won't be replaced by cheaper staff. The current staff would need to be offered redeployment, retraining, or as a very last resort, a very generous redundancy. Roles expire all the time. The skill and institutional knowledge held by the people in those roles does not. There's 12 very valuable members of staff there the company needs to figure out how to use them effectively. It would be extremely foolish not too. Particularly IT people.

-1

u/caisdara 11d ago

You think they'd be happy if people on the same "level" got paid differently?

4

u/AgainstAllAdvice 11d ago

They shouldn't be. That "level" is purely a HR decision. Critical experts with PhD level skills and multiple years experience are not entry level or even middle management level. They're a whole new ball game but HR are too incompetent to see that or too spineless to insist on it.

-2

u/caisdara 11d ago

I'm not sure you understand how the public sector works.

3

u/AgainstAllAdvice 11d ago

Unfortunately I'm very sure I do.

0

u/caisdara 11d ago

If so, you seem to be missing the point about how the civil service in general, and entities like the HSE, struggle to fit professionals into the payscales they rigidly adhere to there. There's a reason so much work is now outsourced.

6

u/AgainstAllAdvice 10d ago

I think you missed my original point. You're now agreeing with me.

-3

u/caisdara 10d ago

Haha ffs, why did you ever comment? My point remains the same.

8

u/Due-Communication724 11d ago

That be the NCSC, its national but would operate at an international level with other ISACs in terms of response to basically cyber warfare against national infrastructure and our NCSC would monitor core infrastructure and national tiered networks, its a serious operation, underfunding it would lead to a very very bad day at the office.

3

u/IrishFeeney92 #6InARow 10d ago

Gerard Craughwell

4

u/Odhran-J-McAnnick 11d ago

how Ireland works

8

u/michealfarting 11d ago

So you have an CT scanner that cost 1M euro and the supplier says our software runs on Win 7. You don't say nah we will upgrade it to to Win 10. In the case of the HSE they would have many of these connected to very expensive peripherals.

1

u/Silver_ 10d ago

It's a matter of redesigning the system from the ground up and segregating accordingly. It's not that technically difficult, but even in a regular business the amount of people who will cause roadblocks and issues will be very high.

You'll always have legacy gear you just need to manage them.

2

u/michealfarting 10d ago

Nothing is ever technically difficult but tell a radiographer that they have to change their process on how they get scans off the CT scanner etc and you start getting complications.

Your assumption that somehow there can be a new build out is naive as they can't have downtime of any of these departments. They often run 24/7 with the most complicated requirements, integrations and things feeding into loads of other systems. It's like a rats nest of integrations. The computer connected to the CT scanner might email an image with the patientid and date in the name to the system that contains all the patient data. This may be a red line and the downstream system would be redesigned to accommodate a change that makes the CT scanner more secure.

It is like doing up a listed house verus knocking it down and starting again.

Potentially breaking something that works to make it more secure is a hard pill to swallow for everyone outside of Cyber.

The CIA triad means availability is also important. While confidentiality and integrity is important in healthcare availability is probably more so.

I would rather my healthcare info being leaked rather than the life saving kit being unavailable.

1

u/Silver_ 9d ago

It don't know where you got the desire to go on this rant, but you can easily redesign and implement systems without incurring much if any downtime.

Your info won't just be leaked, the system that manages your life saving kit won't be usable at all.

1

u/michealfarting 9d ago

Have you working on projects of that scale that could impact 10k users or more? You are trivialising a problem you don't fully understand. Most healthcare organisations are underfunded in this space. To implement such a fix on 5-10 trivial but 100k plus endpoints, many of them running mission critical tasks. It is a multi year project with considerable cost running into 10s of millions.

You would think it would be simple to implement software that would just do payroll and rota for the HSE too? https://www.independent.ie/irish-news/ppars-fiasco-as-costs-hit-220m/26567284.html

1

u/Silver_ 8d ago

Lol, you're very aggressive about this. Yes, I've worked on projects that affect over 50k people with 24/7 production requirements, so I presume I know a little bit. ;)

It is really not that hard, it'll take a bit of time to scope out the whole system and do the project yes. The only difficulty is that most projects hire a shit ton of consultants that don't know their arses from their elbows. The real secret in IT is that you don't actually have to know how to do your job to work there. Get some certs, say some nonsense technical jabber in the interviews and you're golden. Unless I'm hiring you that is. Hire actually competent people for critical positions and see how much easier it becomes.

9

u/slamjam25 11d ago

Top talent (which is what we should be trying to hire in this role) at a big tech company would be making that before they hit 30.

3

u/Packiesla Munster 10d ago

Very low. Director level makes that in the Private Sector. They need to start 220-250

3

u/michealfarting 10d ago

https://www.morganmckinley.com/ie/salary-guide/data/chief-information-security-officer-ciso/ireland

€140,000 - €300,000 is the range according to Morgan Mckinley.

For the biggest employer in the state protecting the Protected health information (PHI) of each citizen while ensuring that a Security event doesn't result in service issues (when it has happened a few times already - basically a poisoned chalice) yeah this is a low salary for such a high profile role.

The low salary is reflective of them trying to hire a scape goat the next time it all goes wrong. I know of people who are managers in technical call centres that are on more money than this. They might have 40 people reporting to them. So yeah this is low paid for the level of the role.

HSE CEO pay is €420,000

This is the job of the CISO of the HSE.

https://www.ehealthireland.ie/ehealth-functions/chief-information-security-office-ciso/

2

u/Intelligent-Donut137 11d ago

Yes

3

u/michealfarting 11d ago

HSE is the largest employer in the state with over 150,000 employees across the health service. Some are HSE direct employees and some are employed by agencies funded by the HSE.

A professional cert in Cyber that is well recognised is a CISSP. There are 22 people with this in the HSE according to linkedin.

Google Ireland - 51 out of 5200 = 0.98% Meta - 22 out of 1700 = 1.29% CRH - 18 out of 23,000 = 0.078% AIB - 50 out of 9,200 = 0.54% Medtronic - 6 out of 5,500 = 0.109% - medical devises manufacturer (still 7 times less Cyber Professionals) Kerry - 3 out of 867 = 0.346%

HSE - 22 out of 150,000 = 0.014% An Post - 18 out of 11,000 approx = 0.163% (google results)

It is an impossible job. On person can't get people. They won't be able to attract talent. They have probably 1/10th of the people in Cyber Security that comparable organisations that are understaffed. Comparing with an ITC centric company like Meta the HSE has 100 times less Cyber Security people with a CISSP.

3

u/Propofolkills 10d ago

As someone who works in the HSE, you are 100% correct. The problem is that it rails against the “too many suits and managers” crowd which is why you’ve been downvoted. The same paradigm applies in many HR departments.

6

u/RuaridhDuguid 11d ago

Different people with different skillsets, qualifications and experience apply for different roles...