And I'm sure we've all been on the receiving end of looking at a job description that asked for CISSP, CISM, ISO 27K lead auditor, risk management and data protection knowledge to find that the hiring manager really wanted a firewall admin or sysadmin.
And if they do want someone, they often want one person to do everything, which in a mid sized company just isn't humanly possible even if you work a 50 hour week every week.
This is nearly always the case for small to medium size businesses. They often times have a poor understanding as to the time and energy that's required in these positions. Working more than 50 hours a week causes your good IT security personnel to seek greener pastures elsewhere. One can never negate the value of 'quality of life' in a career position.
This scenario has happened to me. I find a job description that I fit, practice interview based on that description. Then during the interview and instead of a security person, they want a Dev-ops person. It's extremely frustrating.
I’ve definitely been getting my share of Unicorn hunting calls/emails lately. Specifically, around the buzzword “Insider Threat”.
I think what folks here are talking about is an advertisement for one position that turns out to be a different position entirely. An example from recent history is one that I got pitched by a headhunter:
The position of “Network Security Engineer” that requires a CISSP with a CCNA or CCDA, and either a CCNP or CCIE R&S highly desired. The position requires knowledge of the Cisco IOS command line, routing and switching protocols, cable plant design and management, and network security architecture.
I think many people, including myself, would see this as a senior level position. Someone possibly doing network planning and design, and able to quality check subordinate’s work by reviewing configuration files or planned command sequences, and approving changes. When I got to the phone interview with the customer, it became apparent that they are looking for a router/switch installation technician. The CCNA/CCDA/Network+ level qualification was wholly appropriate. Possibly even a BICSI qualification as well for the cable plant responsibilities. There is absolutely no need for the CISSP, and a CCNP/CCIE would be severely overqualified. Not only that but the salary range pitch is about 50% of what I expected and was more in line with an entry level person.