GCHQ case study: How security body attracted cyber security experts using digital recruitment campaign

This case study outlines the digital recruitment campaign created by TMP Worldwide for GCHQ (Government Communications Headquarters) to recruit top cyber talent. The campaign was awarded Grand Prix at this year's DADI Awards.

GCHQ is one of the UK’s three intelligence agencies alongside Mi5 and Mi6. Against a backdrop of the UK’s new Cyber Security strategy, GCHQ needed to recruit people with the critical skills necessary to help defend the UK network from cyber attack. GCHQ has no consumer brand, and given the nature of the organisation, its brand awareness as a recruiter is fairly low. It also pays Civil service salaries and is based predominantly in one location – Cheltenham. Key objectivesGCHQ’s objective was twofold – firstly to attract, connect with and encourage a wider range of people to apply for niche cyber roles. And secondly as well as connecting potential applicants with GCHQ as an employer, the code breaking challenge aimed to raise awareness of GCHQ’s mission to protect the UK’s national security interests. GCHQ wanted to attract individuals with a keen interest in code breaking and ethical hacking. This audience wouldn’t necessarily be attracted to traditional recruitment methods, so TMP worked with GCHQ to create a new approach. GCHQ has a history of code breaking dating back to Bletchley Park and the days of Alan Turing. So TMP developed a code challenge that could be applied to today’s audience, utilising social media to seed the recruitment message. This was GCHQ’s first foray into using a viral method of attracting people to apply for roles. StrategyIt was essential to profile the audience before understanding how to target them. The audience were profiled as follows:

• Self taught hackers
• Advertising adverse
• Non-conformist
• Unaware of the value of their skills
• Nocturnal

To target this group TMP created a campaign, routed in audience understanding and social activation, to seed details of an anonymous code challenge amongst the cyber community using blog networks, forums and YouTube. Our audience were challenged and attracted to the challenge, both in solving it, and understanding who created it. The challenge was solved by entering a code into a space on the challenge a micro-site: www. canyoucrackit.co.uk. The code was written by a Cyber Security expert at GCHQ, and the challenge took place over a six week period. One month into the challenge, TMP and GCHQ issued a joint press release revealing the perpetrator of the challenge as being GCHQ in order to generate additional publicity for the campaign. Finally the solution to the challenge was posted once the campaign closed. During the campaign applicants who cracked the code were invited to apply for a role. Afterwards they were invited to register their interest in future roles. TMP wanted the audience to work as advocates on GCHQ’s behalf spreading the word virally via their social networks, creating a sense of competition to crack the code. As a previously risk adverse organisation this was the first time GCHQ had used social media. The campaign was closely monitored throughout and success measured closely. Results

• Generated over 94m hits to the challenge website, a record for any advertising campaign (Google Analytics)
• 3.2m unique visitors to the challenge website (Google Analytics)
• Generated £1.7m worth of PR (discluding TV coverage). It was seen by millions around the world with national news coverage in the UK, Australia, Brazil, Australia and throughout Europe. There were articles in 450 publications around the world
• As well as national newspapers and mainstream radio, it was also featured on the News at 10 and Daybreak and written about in hundreds of blogs.
• The spread through social media was staggering, trending in the top four most talked about subjects on Twitter overnight on 1 December 2011 for the terms GCHQ code, GCHQ challenge, GCHQ job and GCHQ.
• 236 people cracked the code (database files)
• 170 people submitted applications – far exceeding any previous recruitment for the same roles. At the start of the campaign GCHQ would have been happy to have 10 applications

The campaign has been a huge success in terms of generating awareness of Cyber Roles at GCHQ. People have been motivated by the conversation, the approach and the mission. An impressive number of applicants have been generated, especially considering two key challenges faced by GCHQ - that salaries for these roles are less than commercial sector pay in similar roles and that the location in Cheltenham is an issue. As well as connecting potential applicants with GCHQ as an employer, the code breaking challenge has raised a huge awareness of GCHQ’s mission to protect the UK’s national security interests.