cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Community Champion

Re: Security Skills Gap

> dcontesti (Community Champion) posted a new topic in Certifications on

> Just came across this on the Cyber Security Hub and thought it was interesting.

No. No, it's not.

As I have said many times before, the skills gap isn't in security, it's in HR and
recruiting ...

====================== (quote inserted randomly by Pegasus Mailer)
rslade@vcn.bc.ca slade@victoria.tc.ca rslade@computercrime.org
There is a wonderful word - Why? - that children, all children
use. When they stop using it, the reason too often is that no
one bothered to answer them. No one focused and cultivated the
child's innate sense of the adventure of life. - Eleanor Roosevelt
victoria.tc.ca/techrev/rms.htm http://twitter.com/rslade
http://blogs.securiteam.com/index.php/archives/author/p1/
https://is.gd/RotlWB

............
This message may or may not be governed by the terms of
http://www.noticebored.com/html/cisspforumfaq.html#Friday or
https://blogs.securiteam.com/index.php/archives/1468
Highlighted
Contributor III

Re: Security Skills Gap


@rslade wrote:
> dcontesti (Community Champion) posted a new topic in Certifications on

> Just came across this on the Cyber Security Hub and thought it was interesting.

No. No, it's not.

As I have said many times before, the skills gap isn't in security, it's in HR and
recruiting ...


Agree.

 

My issue with a lot of these kinds of reports is that they don't dig in further to the problem.

 

They go:
"there are a lot of security positions open"
"they are open for a long time"
"companies say they have a hard time filling positions"

Thus, there must be a skills gap (not enough people to fill the roles).

 

Uh, how about we dig deeper.  Let's take a look at the positions.  Are they reasonable?  Or are they looking for someone that doesn't exist.  You know, like BS such as "Needs 2 years experience and a CISSP", or needs the skills and experience of 3 people.

 

Or better yet, let's take a look at the candidates they are being rejected and see if they should have been rejected.  Maybe they have people making unreasonable demands or asking stupid questions or turning away competent people for the wrong reasons.

 

But that's too much work.

 

So must be a skills gap.  Let's pump out more infosec folks with no experience who can't get jobs because, well, they have no experience...

 

---
Michael Brown, CISSP, HCISPP, CISA, CISM, CGEIT, CRISC, GSLC, GSTRT, ISSA Fellow
Highlighted
Advocate I

Re: Security Skills Gap

It's the 'and the kitchen sink' mentality.  You've all seen the ads; CISSP & CISM & CISA & ISO 27001 & CoBIT & hands on technical skills & experience of management & ....  They conflate the duties of so many different roles in security and imagine one person can do everything simultaneously with no budget or resources.  And then complain that there are no suitable candidates.  

-----------------------------------------------------------
Steve Wilme CISSP-ISSAP, ISSMP MCIIS
Highlighted
Newcomer I

Re: Security Skills Gap

I was discussing this with my wife. She is a doctor in psychiatry and she could apply for 8 out of 10 open positions since job descriptions are more streamlined. In infosec I can apply for 2 or 3 out 10 because the requirements are all over.

I do have friends who simply lie on their resume. They say the strategy works because background checks are not deep enough so you can get away with pretending that you did 80% of a unicorn job description. 

It is easy to lie about knowing how to manage projects since there isn't a single right way to do it. You can't lie about being fluent in Japanese since it is easy to verify such claim. 

I find it interesting to observe how far people will go to deal with unicorn job descriptions + their need to make money....and I won't blame them.