Monday, November 10, 2014

Is the Information Security Skills Gap misidentified?

In recent postings, I've touched on the information security skills gap.  Many individuals and groups are pushing the idea that the large number of unfilled information security positions (40% is a number I've seen tossed around) is due to a "skills gap", that there are not enough skilled individuals to fill them.  And so we need to pump out more infosec professionals.

As noted, I'm not in agreement with this idea.  There may be a skills gap in certain areas and in certain markets, but don't think its correct to say we have an overall skills gap.


I agree that there are positions going unfilled.  I've seen them in my area, but feel they are going unfilled due to other factors: poor pay, poor understanding of needed skills, etc.  You're not going to have much luck if you are looking for a senior level professional, but you want them to fill a so-called entry level position at entry level pay.  Trying to pay someone with $120K skills at $60K won't be very successful.

Well, I was reading an article at CSOOnline, and it seemed to touch on my view.  (article is HERE.)

The article wasn't about jobs or the skills gap, but did touch on the need by many organizations to get more security professionals, and are unable to do so.  They mentioned a report from the Ponemon Institute on this matter, and its said that chief reason organizations couldn't fill their vacancy was LACK OF COMPETITIVE SALARIES.  Not a skills gap.

I think further work needs to be done on the large number of unfilled roles.  I think too many are jumping to a faulty conclusion.  Do the research.  I think a good number of roles are going unfilled because of poor salaries being offered and a poor understanding of skills needed.



No comments:

Post a Comment