YAWNMSPA (Yet Another We Need More Security Professionals Article)
This article from Forbes doesn't really say much of anything except "we need lots more peeps!" Supposedly all of us are having our salaries rise and any of us can walk in anywhere and get a job on the spot.
Doesn't quite fit with my experience and observations.
For at least 35 years I've seen the same kinds of articles. Over the same time, I've seen lots of companies advertising for employees with twenty years experience in fields that have existed for less than ten. I've gone for interviews for senior positions and been handed "competency tests" that were trivia quizzes photocopied out of hobbyist magazines.
When I've been on the other side of the table, I've never had trouble filling positions with workable candidates. (Not prefect, but I had about a 93% success rate.)
I don't think we have any real shortage of security talent (although we probably do have a fair shortage of companies willing to provide training for shortcomings/changes in technology). I strongly suspect the real shortage is in competent recruiters.
............ This message may or may not be governed by the terms of http://www.noticebored.com/html/cisspforumfaq.html#Friday or https://blogs.securiteam.com/index.php/archives/1468
Re: YAWNMSPA (Yet Another We Need More Security Professionals Article)
When I owned and managed my own company and I directly interviewed and hired my staff I had a great success rate. So much so that folks that moved away, because a spousal unit got transferred, would look me up if they came back into the region looking for work. "I want to work for you!"
When I left the IT consulting world (still pondering that decision) and went with a medium and large size organization where there were HR organizations my success rate tanked. There may be some value in an HR organisation, and before anyone on this blog blows up at me for stating that, I do get that there needs to be some oversight went it comes to hiring practices, compliance, safety, education, etc.
I know some HR groups are busy because my LinkedIN profile is getting hammered.
In regard to the premise of the article, I have to wholeheartedly agree. Publishing an article with little to no basis in anything but buzzwords and hype really doesn't tell much of a story outside of the fact the author was paid for witless drivel.
I'd like to know why this article was thought worthy of the space let alone the effort. Guess it was a slow business news week and someone needed a softball to throw to the reader base.
A few years ago the hype and near panic to hire InfoSec people was certainly true. Today its finding senior practitioners. We have TONS of entry level talent or people who think they know something about security but don't. Really articles like this only serve to conflate the industry is already facing.
Most of us have seen this movie and how it ends before and it ain't a pretty ending.