Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
2018 State of Cyber Workforce
Newest First  |  Oldest First  |  Threaded View
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
11/10/2018 | 12:55:49 PM
Re: The HR emperor is naked.
Many good points Joe!

You could add that online job-search/posting services have overwhelmed traditional HR practices.  I suspect most (dis)qualification requirements in postings are just to narrow the number applications to hundreds, rather than tens of thousands - accepting that the best prospects will likely follow the baby with the bath water.

You also have PC pressure to disregard anything that isn't document-based, anything based on an assessment of the person, such as personal integrity or eagerness to learn.  

Prehaps the biggest one is that the idea of testing applicants for role-specific apptitude, and training those that have it, is rare these days (mostly for the reasons we each mentioned).  Much easier, less expensive, and PC safer to view people as a commodity, prepackaged and ready to plug in (even if most of it is poor quality and made overseas).  

BTW, if you didn't take the "emperor" idea from Roger Penrose's "The Emperor's New Mind" Oxford 1989, I suggest you check it out - very prescient.  
BrianN060
50%
50%
BrianN060,
User Rank: Ninja
11/10/2018 | 12:24:46 PM
Eyes opened, but are you seeing the bigger picture?
"Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide."

Cyber-anything is suposed to mean self-regulating automated systems!  How can you have 3 million carbon-based analog workers (let alone a shortfall of that many), in just ONE aspect of the 21st century automated digital-silicon-cyber-world we're supposed to inhabit?  
wperry31
50%
50%
wperry31,
User Rank: Strategist
11/10/2018 | 11:32:16 AM
Re: Workforce
Love Dark Reading.

 

Hate the "jump trhough the hoops" interface to get to where I want to go.  Jeeeeezzzzz.

 

Finally on the this Post I was able to print 9 separate pages......NOT.

 

Why can't you just put the article or what paper in one link?  All of it!  No one goes out to tread page four of a 9 pager.

 

Maybe I'm missing the obvious button, somewhere, that says, "Print out the whole White Paper."

 

On occasion I've been unable to bring up the item what with all of the responses ranging from Yes, No, Register, Already Registered, View....................

 

Did I mention I loved Dark Reading?  That's the only reason I keep re-indexing the site in the land of the confusing interfaces.

 

Bill
Cheeseman
50%
50%
Cheeseman,
User Rank: Apprentice
11/10/2018 | 9:47:54 AM
Re: Sick Of Seeing This Rubbish - Skill Sortage My A-S-
Its because the management refuses to pay for candidates that are qualified in many companies IT has a say and they refuse to pay security folks more that IT folks even though for really great candidates the technical skills are way beyond normal IT folks
Cheeseman
50%
50%
Cheeseman,
User Rank: Apprentice
11/10/2018 | 9:45:46 AM
Re: Workforce in General
Agreed had a manager tell me they could offshore the security department jobs for $8/hr. That's the problem you get what you pay for and they are not willing to pay for the best candidates
REISEN1955
100%
0%
REISEN1955,
User Rank: Ninja
11/2/2018 | 3:12:38 PM
Re: Workforce in General
Why would ANYONE pick a career in IT when all the C-Suite does is fire staff and outsource to third world countries,  Cyber security may have proection, for now, but still our field has been decimaed by low cost wage and low skill individuals.  I am not referring to India directly but in general, we have been ruined.   H1-B visa abuse IS REAL.  
CyberMark
86%
14%
CyberMark,
User Rank: Strategist
11/1/2018 | 2:39:47 PM
Sick Of Seeing This Rubbish - Skill Sortage My A-S-
Skill Shortage, to the author of this article if you'd have searched the DarkReading database you would have seen these articles of skill shortage have been published and rubbished in the past. I have a master's degree in cyber security and can't even get an interview and I know others in exactly the same situation. So please forward my contact details to all the businesses you did your research with, I will look forward too many interviews.
Joe Stanganelli
100%
0%
Joe Stanganelli,
User Rank: Ninja
10/31/2018 | 11:33:37 PM
The HR emperor is naked.
I've said it before and I will continue to say it. The talent shortage in cybersecurity is horse dung. You'd have a "talent shortage" too if you were only willing to offer people 1/3 or less of what their skills are actually worth. You'd have a "talent shortage" too if you were using arcane HR hiring processes designed to weed talent out instead of find talent. You'd have a "talent shortage" too if you drafted job descriptions for purple squirrels.

Not to mention the fact that there is a perverse incentive in the US to "suffer" from these "talent shortages" -- because then you get to document it and then hire much cheaper labor from overseas by abusing H1B and L1 visa programs.

Organizations who complain of this shortage have no one to blame but themselves and their HR departments. The cybersecurity talent shortage would be largely solved inside of a month if every org purporting to suffer from it laid off all their HR people and reassigned HR duties to different departments who are much better equipped to handle those tasks (compliance/legal/ethics/ERISA stuff to corporate counsel, payroll to AP, hiring to the hiring managers/departments themselves with a CFO's-office assist, etc.).
stevenpaul
50%
50%
stevenpaul,
User Rank: Author
10/30/2018 | 7:13:15 PM
Workforce
Very interesting article on cyber workforce status!


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
How Enterprises are Attacking the Cybersecurity Problem
Concerns over supply chain vulnerabilities and attack visibility drove some significant changes in enterprise cybersecurity strategies over the past year. Dark Reading's 2021 Strategic Security Survey showed that many organizations are staying the course regarding the use of a mix of attack prevention and threat detection technologies and practices for dealing with cyber threats.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2021-41152
PUBLISHED: 2021-10-18
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on t...
CVE-2021-41153
PUBLISHED: 2021-10-18
The evm crate is a pure Rust implementation of Ethereum Virtual Machine. In `evm` crate `< 0.31.0`, `JUMPI` opcode's condition is checked after the destination validity check. However, according to Geth and OpenEthereum, the condition check should happen before the destination validity check. Thi...
CVE-2021-41156
PUBLISHED: 2021-10-18
anuko/timetracker is an, open source time tracking system. In affected versions Time Tracker uses browser_today hidden control on a few pages to collect the today's date from user browsers. Because of not checking this parameter for sanity in versions prior to 1.19.30.5601, it was possible to craft ...
CVE-2021-42650
PUBLISHED: 2021-10-18
Cross Site Scripting (XSS vulnerability exists in Portainer before 2.9.1 via the node input box in Custom Templates.
CVE-2021-41151
PUBLISHED: 2021-10-18
Backstage is an open platform for building developer portals. In affected versions A malicious actor could read sensitive files from the environment where Scaffolder Tasks are run. The attack is executed by crafting a custom Scaffolder template with a `github:publish:pull-request` action and a parti...