The myth of the cybersecurity skills shortage
Source: ComputerWorld by Ira Winkler
Interesting article up for a read at ComputerWorld. Which all in all, is a good thing. The article talks of “The myth of the cybersecurity skills shortage” Winkler calls out companies that are claiming there is a cybersecurity skills shortage; which I don’t necessarily believe there is.
From the article at ComputerWorld:
The approach that seems to prevail these days — seeking a new hire who already has the right skills and experience or hiring them away from another organization — just doesn’t work. But it is why so many people believe there is a shortage of security professionals.
Mr. Winkler hit the nail on the head with this statement. I have a significant amount of security experience, I’ve worked for the government, large companies, medium companies, and small companies. I will generally do reasonably well at any interview question poised for me. The problem I’m seeing, is there are companies out there, that have beaten it into the head of their employees, that they are looking for someone that is an absolute master of skillset X, and disregard everything else. I, like many other security practitioners have my weaknesses; if I am slightly weaker in skillset X, then I am immediately assumed not a good fit for the job.
The way I like to pursue jobs, is I aim for something I want to do, with a company I wouldn’t mind doing it for. Whether I have 100% strength on skillset X, or whether I’m slightly weaker at X, but extremely strong, at skillsets Y and Z; I will still apply, but a decent amount of time, I’ll get shot-down, due to the assumption, that because my skillset at X isn’t the greatest, I’ll never be able to catch up. This is where the fallacy in the argument lies. Company X, needs to look at candidate skills, and make their decision the ability of the candidate to learn skillset X (if skillset X is truly the reason for hiring). So again, there are areas where I’m slightly weaker, such as DLP. That doesn’t mean I don’t know what DLP is, or how it functions, but I’ve never sat in front of a host that does DLP and used it on a day to day basis. Does that mean I’m not right for any position at your organization due to the fact I’ve not been a DLP administrator?
Just something to think about. I always judge interview candidates on not just what they know, but what I think they will learn, and how strong of learners they are.