A month ago I wrote the blog ‘Beware of the ‘Pet Rock’ Cybersecurity Vendors‘, in which I offered to give a day of my time away for free. I stated:
“Any organisation within a 1 hour train ride from London can have 1 day of my time for ‘free’ as long as the following requirements are fulfilled:“
And while those ‘requirements’ were as basic as there were necessary…:
I have written several blogs on the poor state of cybersecurity recruiting, all with the hope that they may trigger at least some positive change. Even if that change is only in the very few people who are actually reading this crap.
When I say “poor state”, I of course mean fundamentally, systemically, and damned near fatally broken. It just does not work, not for the employers, not for the candidates, not for the recruiters, and not for the industry as a whole. As much as I have criticised/blamed recruiters, it’s really not their fault as much as we might think.
Recruiters, like any other salesperson, are rarely [if ever] subject matter experts in their chosen industry sector (i.e. they cannot DO the jobs they are trying to fill). The real experts, the ones who can actually do the work, are in turn rarely [if ever] capable of doing what the ‘salesperson’ does (i.e. they have no idea how to sell themselves).
Each time I think I’m getting to the heart of the challenges faced by those on all sides of cybersecurity recruiting, a further complexity raises its ugly head.
While I still think that job titles are horribly limiting, that job descriptions completely miss the point, and that the cybersecurity skill-gap misconception is mostly the fault of the organisations asking for help, there’s no getting away from the fact that cybersecurity recruiters are doing themselves no favours.
5 years ago, when I was still smarting from being laid off [fired, cough], I found myself back in the job market looking for …something.
After 12+ years in the same organisation, I had worked my way up from ‘Firewall Administrator’ to ‘Director of Delivery’ for EMEA and APAC. Through poor planning and various character flaws I was at a complete loss where to even start looking for an equivalent position. My safety-net was non-existent as making connections has never been what I would call a strong suit.
Like every other independent security consultant out there, I have to ask; “Cybersecurity skills gap? What the Hell are you talking about?”
I’m not even going to quote the plethora of doomsday statistics, but suffice to say the majority of organisations and Governments believe the cybersecurity skills gap is actually a real thing and getting worse. They have no idea that the experts to solve most security issues are out there with dumbfounded expressions thinking; “I’m sitting RIGHT here?!”