What's Behind the Cybersecurity Jobs Shortage?

In 1999 cybersecurity pundit Bruce Schneier answered questions from Slashdot's readers. 24 years later on his personal blog, Schneier is still offering his insights. Last month Schneier said that warnings about millions of vacant cybersecurity positions around the world never made sense to me" - and then shared this alternate theory. From the blog of cybersecurity professional Ben Rothke:[T]here is not a shortage of security generalists, middle managers, and people who claim to be competent CISOs. Nor is there a shortage of thought leaders, advisors, or self-proclaimed cyber subject matter experts. What there is a shortage of are computer scientists, developers, engineers, and information security professionals who can code, understand technical security architecture, product security and application security specialists, analysts with threat hunting and incident response skills. And this is nothing that can be fixed by a newbie taking a six-month information security boot camp.... In fact, security roles are often not considered entry-level at all. Hiring managers assume you have some other background, usually technical before you are ready for an entry-level security job. Without those specific skills, it is difficult for a candidate to break into the profession. Job seekers learn that entry-level often means at least two to three years of work experience in a related field. Rothke's post offers two conclusions:"Human resources needs to understand how to effectively hire information security professionals. Expecting an HR generalist to find information security specialists is a fruitless endeavor at best.""So is there really an information security jobs crisis? Yes, but not in the way most people portray it to be."

Read more of this story at Slashdot.