Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Comments
2018 State of Cyber Workforce
Newest First  |  Oldest First  |  Threaded View
BrianN060
BrianN060,
User Rank: Ninja
11/10/2018 | 12:55:49 PM
Re: The HR emperor is naked.
Many good points Joe!

You could add that online job-search/posting services have overwhelmed traditional HR practices.  I suspect most (dis)qualification requirements in postings are just to narrow the number applications to hundreds, rather than tens of thousands - accepting that the best prospects will likely follow the baby with the bath water.

You also have PC pressure to disregard anything that isn't document-based, anything based on an assessment of the person, such as personal integrity or eagerness to learn.  

Prehaps the biggest one is that the idea of testing applicants for role-specific apptitude, and training those that have it, is rare these days (mostly for the reasons we each mentioned).  Much easier, less expensive, and PC safer to view people as a commodity, prepackaged and ready to plug in (even if most of it is poor quality and made overseas).  

BTW, if you didn't take the "emperor" idea from Roger Penrose's "The Emperor's New Mind" Oxford 1989, I suggest you check it out - very prescient.  
BrianN060
BrianN060,
User Rank: Ninja
11/10/2018 | 12:24:46 PM
Eyes opened, but are you seeing the bigger picture?
"Let's start with this eye-opener: The cybersecurity profession is facing a shortfall of 3 million workers worldwide."

Cyber-anything is suposed to mean self-regulating automated systems!  How can you have 3 million carbon-based analog workers (let alone a shortfall of that many), in just ONE aspect of the 21st century automated digital-silicon-cyber-world we're supposed to inhabit?  
wperry31
wperry31,
User Rank: Strategist
11/10/2018 | 11:32:16 AM
Re: Workforce
Love Dark Reading.

 

Hate the "jump trhough the hoops" interface to get to where I want to go.  Jeeeeezzzzz.

 

Finally on the this Post I was able to print 9 separate pages......NOT.

 

Why can't you just put the article or what paper in one link?  All of it!  No one goes out to tread page four of a 9 pager.

 

Maybe I'm missing the obvious button, somewhere, that says, "Print out the whole White Paper."

 

On occasion I've been unable to bring up the item what with all of the responses ranging from Yes, No, Register, Already Registered, View....................

 

Did I mention I loved Dark Reading?  That's the only reason I keep re-indexing the site in the land of the confusing interfaces.

 

Bill
Cheeseman
Cheeseman,
User Rank: Apprentice
11/10/2018 | 9:47:54 AM
Re: Sick Of Seeing This Rubbish - Skill Sortage My A-S-
Its because the management refuses to pay for candidates that are qualified in many companies IT has a say and they refuse to pay security folks more that IT folks even though for really great candidates the technical skills are way beyond normal IT folks
Cheeseman
Cheeseman,
User Rank: Apprentice
11/10/2018 | 9:45:46 AM
Re: Workforce in General
Agreed had a manager tell me they could offshore the security department jobs for $8/hr. That's the problem you get what you pay for and they are not willing to pay for the best candidates
REISEN1955
REISEN1955,
User Rank: Ninja
11/2/2018 | 3:12:38 PM
Re: Workforce in General
Why would ANYONE pick a career in IT when all the C-Suite does is fire staff and outsource to third world countries,  Cyber security may have proection, for now, but still our field has been decimaed by low cost wage and low skill individuals.  I am not referring to India directly but in general, we have been ruined.   H1-B visa abuse IS REAL.  
CyberMark
CyberMark,
User Rank: Strategist
11/1/2018 | 2:39:47 PM
Sick Of Seeing This Rubbish - Skill Sortage My A-S-
Skill Shortage, to the author of this article if you'd have searched the DarkReading database you would have seen these articles of skill shortage have been published and rubbished in the past. I have a master's degree in cyber security and can't even get an interview and I know others in exactly the same situation. So please forward my contact details to all the businesses you did your research with, I will look forward too many interviews.
Joe Stanganelli
Joe Stanganelli,
User Rank: Ninja
10/31/2018 | 11:33:37 PM
The HR emperor is naked.
I've said it before and I will continue to say it. The talent shortage in cybersecurity is horse dung. You'd have a "talent shortage" too if you were only willing to offer people 1/3 or less of what their skills are actually worth. You'd have a "talent shortage" too if you were using arcane HR hiring processes designed to weed talent out instead of find talent. You'd have a "talent shortage" too if you drafted job descriptions for purple squirrels.

Not to mention the fact that there is a perverse incentive in the US to "suffer" from these "talent shortages" -- because then you get to document it and then hire much cheaper labor from overseas by abusing H1B and L1 visa programs.

Organizations who complain of this shortage have no one to blame but themselves and their HR departments. The cybersecurity talent shortage would be largely solved inside of a month if every org purporting to suffer from it laid off all their HR people and reassigned HR duties to different departments who are much better equipped to handle those tasks (compliance/legal/ethics/ERISA stuff to corporate counsel, payroll to AP, hiring to the hiring managers/departments themselves with a CFO's-office assist, etc.).
stevenpaul
stevenpaul,
User Rank: Author
10/30/2018 | 7:13:15 PM
Workforce
Very interesting article on cyber workforce status!


Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Promise and Reality of Cloud Security
Cloud security has been part of the cybersecurity conversation for years but has been on the sidelines for most enterprises. The shift to remote work during the COVID-19 pandemic and digital transformation projects have moved cloud infrastructure front-and-center as enterprises address the associated security risks. This report - a compilation of cutting-edge Black Hat research, in-depth Omdia analysis, and comprehensive Dark Reading reporting - explores how cloud security is rapidly evolving.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2023-24065
PUBLISHED: 2023-01-29
NOSH 4a5cfdb allows stored XSS via the create user page. For example, a first name (of a physician, assistant, or billing user) can have a JavaScript payload that is executed upon visiting the /users/2/1 page. This may allow attackers to steal Protected Health Information because the product is for ...
CVE-2023-0565
PUBLISHED: 2023-01-29
Business Logic Errors in GitHub repository froxlor/froxlor prior to 2.0.10.
CVE-2023-0566
PUBLISHED: 2023-01-29
Static Code Injection in GitHub repository froxlor/froxlor prior to 2.0.10.
CVE-2009-10003
PUBLISHED: 2023-01-29
A vulnerability was found in capnsquarepants wordcraft up to 0.6. It has been classified as problematic. Affected is an unknown function of the file tag.php. The manipulation of the argument tag leads to cross site scripting. It is possible to launch the attack remotely. Upgrading to version 0.7 is ...
CVE-2016-15022
PUBLISHED: 2023-01-29
A vulnerability was found in mosbth cimage up to 0.7.18. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file check_system.php. The manipulation of the argument $_SERVER['SERVER_SOFTWARE'] leads to cross site scripting. The attack can be launche...