Admittedly, a good deal of my issue with the so-called "skills gap" is anecdotal, my issue is its being played as across the board for all kinds of cybersecurity positions.
I will accept that in SOME markets for SOME types of jobs, there is a lack of talent, but to play it as being the same everywhere is wrong.
Too many people are being sold on this idea, and spending time and money to become cybersecurity trained and then finding there are no positions. Or no one will hire them because they have no experience. Then you got wags claiming we should just pull people from outside of cybersecurity to fill the gap. Uh, what about the folks who are NOW in cybersecurity looking for work. Hire those people FIRST before you start pulling from outside.
Also, a lot of us see just bad job postings. Posting that are looking for people with the skills/experience of 3 people, or wanting someone to do the job of 2-3 people, or wanting a senior-level person from an entry level position (and entry level pay).. And some companies really don't know what they want or what they should pay. There is information out there on that. So they turn away or ignore talent, leaving positions open for months, or offer below market rates and don't understand why they can't fill positions. I know from personal experience positions that went open for months when 2-3 qualified people applied, sometimes were interviewed, and none hired. Don't tell me there was a lack of talent.
Overall I thought your posting was good.
I think that too many in our industry don't understand what it takes for certifications to be valued and what they have to do in terms of having that ANSI approved cache. I've seen this with new people getting CompTIA certifications, and then being shocked that they now need to pay an annual fee and do CPEs to maintain their certs, some saying its just a money making scheme. Not understanding that for their certs to be valued and respected, they need to be ANSI approved (the DOD won't touch them if they aren't), and that required the org do stuff, including CPEs, and the like that costs money, hence maintenance fees.
I understand the need to increase fees. I've seen this with other orgs which have held off on increasing fees/dues and then being forced to increase and the jump is large. What I don't like is how it was handled. I pay $150 a year for 2 certs. The switch over should have been that instead of paying $150 this calendar year to pay $125, and nothing more. But instead it seems that I am being asked to pay something like $235, which I don't understand. Just poor way of rolling it out.
I'm not an expert on statistics but if you have 15.000 respondents on an online questionnaire, extrapolating a need of 3 million people globally is likely, to say the least, statistically dishonest. I'll have to dive deeper into the report to determine what led to that number being the leading statistic. It would be interesting to see a more detailed analysis through a series of blog posts or webinars.
Have to agree.
Am bothered by these claims of a 'skills gap'. Too often it seems people aren't willing to dig into the causes. Many companies can't fill roles. Heck, have seen this in my area. Is this due to lack of talent, or is it due to other causes, such as the company having unrealistic job postings, unrealistic expectations, and in many cases ignoring or passing over qualified candidates? I know in a few cases in my area companies trying to fill infosec roles for months when they passed over/ignored several qualified candidates. There is no excuse for this. But to claim its due to a "skills gap" or lack of candidates is misleading.