A month ago I wrote the blog ‘Beware of the ‘Pet Rock’ Cybersecurity Vendors‘, in which I offered to give a day of my time away for free. I stated:
“Any organisation within a 1 hour train ride from London can have 1 day of my time for ‘free’ as long as the following requirements are fulfilled:“
And while those ‘requirements’ were as basic as there were necessary…:
…as long as WE are the ones who define success for ourselves. Otherwise 99.9% of the world’s population would fall well short.
Seems obvious, right? For example, if you take money as a measure of success, for every billionaire (~2,600 as of 2019) there are nearly 3,000,000 people who are just ‘getting by’. So for the vast majority of us, the chances of being a big success [in monetary terms] are very slim.
The same applies for any other success factor where you are comparing yourself to the world’s best, there is very little room at the top.
It was not that
long ago that the most senior security incumbent at the time of a data breach
was not only fired ignominiously, but torn to shreds by his/her ‘peers’ as
being anything from unqualified, to incompetent, to grossly negligent.
nothing short of pariahs.
The vestiges of
this ridiculous practice are still rife (take BA for example), but things are
changing, and we all have a Recital to thank for it:
I have written several blogs on the poor state of cybersecurity recruiting, all with the hope that they may trigger at least some positive change. Even if that change is only in the very few people who are actually reading this crap.
When I say “poor state”, I of course mean fundamentally, systemically, and damned near fatally broken. It just does not work, not for the employers, not for the candidates, not for the recruiters, and not for the industry as a whole. As much as I have criticised/blamed recruiters, it’s really not their fault as much as we might think.
Recruiters, like any other salesperson, are rarely [if ever] subject matter experts in their chosen industry sector (i.e. they cannot DO the jobs they are trying to fill). The real experts, the ones who can actually do the work, are in turn rarely [if ever] capable of doing what the ‘salesperson’ does (i.e. they have no idea how to sell themselves).
Each time I think I’m getting to the heart of the challenges faced by those on all sides of cybersecurity recruiting, a further complexity raises its ugly head.
While I still think that job titles are horribly limiting, that job descriptions completely miss the point, and that the cybersecurity skill-gap misconception is mostly the fault of the organisations asking for help, there’s no getting away from the fact that cybersecurity recruiters are doing themselves no favours.