I’ve been in technology for more years than I’ll publicly admit, and I’ve been full-time infosec for 23 years now. In the past ten years, it’s been hard to escape the rallying cry of the skills shortage: organizations take weeks, months, and longer to fill infosec positions.
I’m going to tell you now why, in many cases, this so-called skills shortage exists.
We’re lazy.
Yes, we are lazy. We don’t want to take the time to find a motivated, solid foundation, perfect personality, tech worker, and train them up on cybersecurity. Instead, we want only the finished product.
We all want unicorns.
Further, we want someone who has experience in all ten of the main preventive / detection / response tools we use. I think we’d have better luck on Power Ball.
We’re cheap.
If we are fortunate to find a candidate who checks all of the boxes, we probably can’t afford them. Unicorns are rare, and rare things are expensive.
There – I said it. Most of us fit into one or more of the above categories. Me included.
Peter H. Gregory 