You can’t be on social media in security without hearing about the “cybersecurity talent shortages.” I really like Michael Santarcangelo’s CSO article: Are new security specialists starting at a disadvantage?
“Nowadays, most junior security professionals come right out of college with a baseline security foundation as they enter the workforce – but lack that foundational and practitioner knowledge of the networking side of things. This trend is causing real-world challenges for security operations center (SOC) teams.”
True! And while it’s good advice to recommend looking at candidates from other areas of IT, the problem becomes one of pay when that security job is a slight step down in terms of pay for a candidate that is “new” to security, but established in their IT field. This is one of several problems swirling around our state of hiring and talent today. (For example, the IT boom of 1999-2000 producing many new IT practitioners, but now cloud services and general 15+ year boredom are fueling experimentation into security, but security isn’t ready to support them.)