The poor quality of many UK-based IT security professionals is placing the nation's businesses in danger, according to the first man in the UK to get a PhD in intrusion detection and prevention.
Dr Emlyn Everitt, who was awarded his PhD by the University of Glamorgan after four years of research, has called into question the value of qualifications, including those awarded by the Certified Information Systems Security Profession (CISSP).
He told vnunet.com that qualifications need to be based on real research and practical experience, and that poorly trained security staff are costing businesses money and leaving IT systems open to attack.
"The CISSP gives an indication of knowledge, but it is no indication of true knowledge," said Dr Everitt.
"We need a ground-up rethink of the way we train. It's a similar situation to the UK space programme: we had the knowledge and experience to compete with the Russians and Americans and threw it away."
He pointed out that proper management of security resources is as important as having those resources in the first place, adding that badly managed security could be worse than no security at all.
In some cases companies were wasting money as they had security hardware but were unable to use it properly.
Outsourcing is not a solution to this, he continued, since outsourcing providers need to have someone to check that they are adhering to best practice.
Professor Neil Barrett of Cranfield University said: "It is certainly the case that any qualification based on experience is going to be more useful than a multiple-choice example.
"It is possible to cram for exams like the CISSP and pass. But bear in mind that most people have worked in the industry for some time before they go for a qualification."
Dr Everitt, who works for IT firm Logicalis, also pointed out that academics would need to be paid more if good training was to be built into the university system.
He explained that a minimum seven years' training would be needed for a competent university lecturer, but that such academic jobs often had starting salaries of below £20,000 leaving people with little choice but to go for higher salaries in industry.
Kicking Palantir off of AWS is among their demands, too
Rafaela Vasquez was watching The Voice at the time of the crash, new evidence shows
PUBG price slashed on Steam after selling more than 50 million copies - as daily player numbers plunge
Use the same password for every website? It might be time to change them all