Laughing Through the Cybersecurity Crisis: It’s a Skills Game, Not a Numbers Game!

No, we’re not short of people in cybersecurity who can say ‘firewall’, but we do lack those who can code and understand security architecture. The Information Security Jobs Crisis isn’t about unfilled seats, but the skills to occupy those seats. Seems a six-month bootcamp won’t make you a security maestro after all!

Hot Take:

When it comes to cybersecurity, it’s not a numbers game — it’s a skills game! Bruce Schneier, a veteran cybersecurity pundit, has dismissed the oft-cited “millions of unfilled cybersecurity jobs” narrative, suggesting a skills shortage, not a people shortage. Apparently, we are not lacking in people who can throw around buzzwords like ‘firewall’ and ‘encryption’, but we do have a dearth of tech-savvy practitioners who can actually code, understand technical security architecture and have threat hunting and incident response skills. And no, a six-month bootcamp won’t turn you into a cybersecurity whizz kid.

Key Points:

  • There is not a shortage of cybersecurity generalists and middle managers, but a shortage of skilled professionals who understand technical security architecture and can code.
  • Security roles are often not considered entry-level jobs, requiring technical background and experience.
  • A six-month information security bootcamp is not enough to become a skilled cybersecurity professional.
  • HR departments need to understand how to effectively hire information security professionals.
  • There is a jobs crisis in information security, but it’s not about numbers, it’s about skills.

Need to know more?

The Cybersecurity Mirage

Don't be fooled by the mirage of millions of unfilled cybersecurity jobs. It's not about empty seats; it's about the right skills to fill those seats. As Schneier and Rothke argue, we have plenty of people in cybersecurity but what we need are professionals with the right technical skills, from coding to understanding security architecture.

Entry-Level? Think Again

If you thought you could just stroll into an entry-level cybersecurity job straight out of college, think again. In this field, 'entry-level' often means having at least two to three years of work experience in a related field. So, before you start dreaming of hacking and saving the world, you might want to get your hands dirty with some actual tech work first.

HR, We Have a Problem

The problem might not just be with the candidates but also with those hiring them. As Rothke points out, expecting an HR generalist to find information security specialists is a bit like expecting a fish to climb a tree. HR departments need a better understanding of the skills required to effectively hire information security professionals.

A Crisis of Skills, Not Numbers

So yes, there is a crisis in information security jobs, but it's not the one you've been told about. It's not a crisis of numbers, but a crisis of skills. We need more computer scientists, developers, engineers, and information security professionals who can actually do the technical heavy lifting, not just throw around buzzwords.
Tags: application security specialists, Bruce Schneier, hiring for information security, Information Security Professionals, job shortage, technical security architecture, threat hunting