Best bet for commodity futures? Buy security professionals. Apparently there is a world wide shortage.
Yeah, right. As I have noted elsewhere, and frequently, there's been a shortage my whole career. I ain't rich yet. There's a bit of a disconnect.
OK, so first off, recently, there was Trump's "executive order," which, as I noted, is mostly about getting staff for (relatively low paying) government jobs, and probably isn't going to change much of anything.
Now, in Canada, another group has been formed "to craft a plan for cyber security education and workforce development." Yeah, good luck with that.
Returning to the US, the Marines are asking for civilian volunteers to make up a new computer task force cyber security unit. According the the General responsible, "If anybody wants to join, you can sign up." (Sounds a bit desperate, if you ask me ...)
The problem, as I see it, is that in the past five years a lot of talent threw their hat into offensive security camp.
While it is definitely an interesting field, we have a distinct imbalance creeping up of defenders vs. pentesters, readteamers and security researchers.
Unfortunate reality is that offensive security is more or less universal while defense is, in large part, vendor specific. If you are hired by a company that is a Cisco shop, you are pretty much bound to rely on their security portfolio. If your employer using Qualys, then that's what you are tied to, etc..
Additionally, enforcement of corporate security policies frequently constrain the ability of their employees to use anything not whitelisted and they are prohibited from venturing outside of their defined responsibilities by the frameworks adopted by the companies.
IMHO, this got to be pretty frustrating for the talented folks trying to advance both, their knowledge and careers.
@rslade wrote:Yeah, right. As I have noted elsewhere, and frequently, there's been a shortage my whole career. I ain't rich yet. There's a bit of a disconnect.
All those cybersecurity hirings, they're on the "to be approved" pile, right next to the plan to fix pensions, social security, medicare, fossil-fuel dependency, sustainability, two-party politics, hot dogs coming in packages of 10 but rolls in 8, etc, etc. We live in a world where we exhaust ourselves with defining problems. After all, that's what the folks at the top of the pyramid (i.e. politicians) do a great job of - blame. It takes actual brains and leadership, however, to solve them, and those are far more scarce commodities than cybersecurity professionals.