The Cybersecurity Skills Gap: It Doesn't Have to Be This Way

The Cybersecurity Skills Gap: It Doesn't Have to Be This Way
Once it becomes clear that off-the-shelf experts aren't realistic at scale, cultivating entry-level talent emerges as the only long-term solution -- not just for a hiring organization but for the field as a whole.

The cybersecurity skills gap has become an unavoidable lament. This is the commonplace idea that both the quality and quantity of candidates are falling short of what the industry needs to fulfill its mission. You usually see it framed in terms of x number of unfilled positions, or with a quote from an exasperated CISO that her new hires aren't ready to rock. The ramifications of this gap often look very dire — critical infrastructure threatened, lives lost, intellectual property pilfered, geopolitical advantages squandered, and won't-somebody-please-think-of-the-children?


To be sure, there are issues around security staffing and career paths. However, this skills gap is often presented as a criticism by hiring organizations of both security training and the sheer brainpower of the candidates, and it doesn't add up. The hiring organizations are both framing this problem in the wrong way and contributing to the problem themselves.


Looking for the Wrong ThingThe most obvious problem with security hiring is that there is virtually no ground floor. We consistently see job postings for entry-level positions that expect five years of experience or hands-on experience with expensive enterprise tools. Everybody hopes that someone else will put in the work of teaching candidates the ropes, but nobody wants to pay for the experience that they demand. Instead, despairing of finding good people, many directors turn to vendor solutions, which only widens the gap. This bait-and-switch not only leaves new candidates stranded but also makes the career path look comparatively bad. Why would you spend ye ..

Support the originator by clicking the read the rest link below.