cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

Security Skills Gap

Just came across this on the Cyber Security Hub and thought it was interesting.

 

No alt text provided for this image

8 Replies
Highlighted
Advocate I

Re: Security Skills Gap

It could be that organisations are unwilling to take people in at the bottom and train them up; which generally you have to do in all fields unless you want to pay over the odds on an ongoing basis.  Or it could be that they're unwilling to take people in from other IT fields like IT Operations or Networking, and give them some extra training.  It's actually remarkably easy to take someone with an existing IT background and teach them security as they already know a reasonable amount.  

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Highlighted
Community Champion

Re: Security Skills Gap

There certainly is more competition for the best-of-the-best and that makes hiring the exceptionally qualified candidate more difficult.

Highlighted
Newcomer I

Re: Security Skills Gap

I'm sure there are people applying for roles where they have a level of expertise lower than needed. For most of the job positions, the answer may be to hire the ones with potential and train them internally. I hope many companies do that. 

Regarding the other stats, whether or not there is still a salary gap, if there are more job positions than people out there, the problem is not going to go away soon. Also, my personal opinion is that people with the right combination of information security knowledge and business acumen are still uncommon. That gap will require a much longer time to be filled.

Highlighted
Contributor III

Re: Security Skills Gap


@Steve-Wilme wrote:

It could be that organisations are unwilling to take people in at the bottom and train them up; which generally you have to do in all fields unless you want to pay over the odds on an ongoing basis.  Or it could be that they're unwilling to take people in from other IT fields like IT Operations or Networking, and give them some extra training.  It's actually remarkably easy to take someone with an existing IT background and teach them security as they already know a reasonable amount.  


There's no "could be" about it.  

 

In my area (South Florida) there are many people struggling to find work in infosec, but having problems due to the lack of entry-level positions.  There is little reason to bring people from outside infosec when we have so many IN infosec looking and not finding.

 

There is also the problem of companies looking for unicorns.  Basically setting unrealistic expectations for positions, and turning away good candidates because they aren't perfect in some way.  When I see a company looking to fill a position for months and I know they interviewed several people who could do the job, I have little sympathy for them. 

 

HR folks who have no idea about infosec doesn't help, either.  We have a company here with several infosec positions open for months.  I know several who have applied and not heard a thing from the company.

 

So, for me, I think this so called "skills gap" is less there not being enough people and more a broken job placement system.

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, GSLC, GSTRT, ISSA Fellow