{"id":153,"date":"2017-05-08T14:00:36","date_gmt":"2017-05-08T14:00:36","guid":{"rendered":"http:\/\/securitycurve.com\/?p=153"},"modified":"2017-05-08T14:00:36","modified_gmt":"2017-05-08T14:00:36","slug":"is-the-skills-gap-a-real-thing","status":"publish","type":"post","link":"https:\/\/securitycurve.com\/?p=153","title":{"rendered":"Is the &#8220;skills gap&#8221; a real thing?"},"content":{"rendered":"<p><a href=\"https:\/\/securitycurve.com\/wp-content\/uploads\/2017\/05\/6b4c8b6f5849da03ffe4122ddf4468e6.jpg\"><img decoding=\"async\" class=\"alignright wp-image-154 size-medium lazyload\" data-src=\"https:\/\/securitycurve.com\/wp-content\/uploads\/2017\/05\/6b4c8b6f5849da03ffe4122ddf4468e6-297x300.jpg\" alt=\"\" width=\"297\" height=\"300\" src=\"data:image\/svg+xml;base64,PHN2ZyB3aWR0aD0iMSIgaGVpZ2h0PSIxIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPjwvc3ZnPg==\" style=\"--smush-placeholder-width: 297px; --smush-placeholder-aspect-ratio: 297\/300;\" \/><\/a><\/p>\n<p>So you&#8217;ve heard about the cybersecurity &#8220;skills gap&#8221;? \u00a0I&#8217;m sure you have. \u00a0There&#8217;s been quite a <a href=\"https:\/\/www.forbes.com\/sites\/jeffkauflin\/2017\/03\/16\/the-fast-growing-job-with-a-huge-skills-gap-cyber-security\/#522adaa85163\">bit of attention<\/a> recently paid to\u00a0it in all kinds of venues: <a href=\"http:\/\/blog.indeed.com\/2017\/01\/17\/cybersecurity-skills-gap-report\/\">surveys devoted to it<\/a>, analysis, <a href=\"https:\/\/www.hackerone.com\/blog\/is-there-really-a-cybersecurity-skills-gap\">debates about it&#8217;s reality<\/a>, and so forth. \u00a0It&#8217;s garnered quite a bit of attention.<\/p>\n<p>But is it really the truth?<\/p>\n<p>We know a few things for a fact:<\/p>\n<ol>\n<li>If you ask an organization if they have the right skills in place to appropriately defend their environment (at least given the budget they currently have available and they tool-set they currently employ), they&#8217;ll say they don&#8217;t.<\/li>\n<li>If you ask an organization if they are able to find security personnel in a reasonable amount of time, they&#8217;ll say they can&#8217;t.<\/li>\n<li>On average, it takes a long time to fill open security positions &#8212; and the evidence suggests that there are quite a few open positions in the field.<\/li>\n<\/ol>\n<p>All of these things are true &#8211; at least insofar as our ability to measure extends. \u00a0 What sticks in my craw though are that\u00a0these three data points are the base upon which much of the discussion about the skills gap is founded &#8212; and they&#8217;re not really super objective (other than the last one). \u00a0Meaning,\u00a0employees in security are highly incented to answer a certain way to points 1 and 2. \u00a0Can you adequately defend the environment? \u00a0When will the answer to that ever be yes? \u00a0Can they find the staff they need quickly? \u00a0Probably not &#8211; but when is that ever true?<\/p>\n<p>The third one is more tangible. \u00a0But couldn&#8217;t that also be reflective of how folks are hiring rather than lack of skilled talent? \u00a0I see very few well-run hiring processes out there &#8211; and disorganization and shoddy hiring (lack of organization, etc.) could just as easily account for that issue vs. lack of skills.<\/p>\n<p>Note that I&#8217;m not saying that there isn&#8217;t a skills shortage necessarily&#8230; I think I&#8217;m just looking for better data points.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>So you&#8217;ve heard about the cybersecurity &#8220;skills gap&#8221;? \u00a0I&#8217;m sure you have. \u00a0There&#8217;s been quite a bit of attention recently paid to\u00a0it in all kinds of venues: surveys devoted to it, analysis, debates about it&#8217;s reality, and so forth. \u00a0It&#8217;s garnered quite a bit of attention. But is it really the truth? We know a [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","footnotes":""},"categories":[4],"tags":[110],"class_list":["post-153","post","type-post","status-publish","format-standard","hentry","category-security","tag-skills-gap"],"_links":{"self":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts\/153","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=153"}],"version-history":[{"count":0,"href":"https:\/\/securitycurve.com\/index.php?rest_route=\/wp\/v2\/posts\/153\/revisions"}],"wp:attachment":[{"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=153"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=153"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/securitycurve.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=153"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}