> dcontesti (Community Champion) posted a new topic in Certifications on
> Just came across this on the Cyber Security Hub and thought it was interesting.
No. No, it's not.
As I have said many times before, the skills gap isn't in security, it's in HR and
My issue with a lot of these kinds of reports is that they don't dig in further to the problem.
"there are a lot of security positions open"
"they are open for a long time"
"companies say they have a hard time filling positions"
Thus, there must be a skills gap (not enough people to fill the roles).
Uh, how about we dig deeper. Let's take a look at the positions. Are they reasonable? Or are they looking for someone that doesn't exist. You know, like BS such as "Needs 2 years experience and a CISSP", or needs the skills and experience of 3 people.
Or better yet, let's take a look at the candidates they are being rejected and see if they should have been rejected. Maybe they have people making unreasonable demands or asking stupid questions or turning away competent people for the wrong reasons.
But that's too much work.
So must be a skills gap. Let's pump out more infosec folks with no experience who can't get jobs because, well, they have no experience...
It's the 'and the kitchen sink' mentality. You've all seen the ads; CISSP & CISM & CISA & ISO 27001 & CoBIT & hands on technical skills & experience of management & .... They conflate the duties of so many different roles in security and imagine one person can do everything simultaneously with no budget or resources. And then complain that there are no suitable candidates.
I was discussing this with my wife. She is a doctor in psychiatry and she could apply for 8 out of 10 open positions since job descriptions are more streamlined. In infosec I can apply for 2 or 3 out 10 because the requirements are all over.
I do have friends who simply lie on their resume. They say the strategy works because background checks are not deep enough so you can get away with pretending that you did 80% of a unicorn job description.
It is easy to lie about knowing how to manage projects since there isn't a single right way to do it. You can't lie about being fluent in Japanese since it is easy to verify such claim.
I find it interesting to observe how far people will go to deal with unicorn job descriptions + their need to make money....and I won't blame them.