{"id":560,"date":"2017-08-24T15:48:47","date_gmt":"2017-08-24T15:48:47","guid":{"rendered":"http:\/\/securitycurve.com\/?p=560"},"modified":"2017-08-24T15:48:47","modified_gmt":"2017-08-24T15:48:47","slug":"skills-gap-or-pyramid-scheme","status":"publish","type":"post","link":"https:\/\/securitycurve.com\/?p=560","title":{"rendered":"Skills gap? Or pyramid scheme?"},"content":{"rendered":"

So you’ve probably heard that security (cybersecurity if you must) has a skills gap, right? \u00a0Today’s headlines, for example, have no fewer than three separate articles about it (the best of which is this one<\/a> over at The Register).<\/p>\n

I’ve heard this too. In fact, I’ve been one of the folks actively reporting on it: both in the trade media and also at my (ahem) “day job.” \u00a0I’ve done studies about it, wrote reports and articles about it, blogged and spoken about it, and otherwise been discussing it ad nauseum. \u00a0 But I’ve started to question the premise a little bit – or maybe not the premise but the implications? \u00a0I’m questioning something.<\/p>\n

Now, I get it that what I’m about to say is not “the traditional wisdom.” \u00a0So I’m sure people will come out of the woodwork to fight me on it. \u00a0But let me walk you through my musings and you can draw your own conclusions. \u00a0First, from the get-go, let me be clear that I’m not disputing that the data says what it says. \u00a0There is absolute a challenge filling positions – we know that from the data. \u00a0There are also open positions out there: they are increasing, there are more of them, and organizations aren’t getting what they need skill-wise. \u00a0Truth – I know because data.<\/p>\n

I think that the conclusions that folks draw from these points are a little skewed though. \u00a0Here’s what I mean. \u00a0When looking at the data points above, most people tend to picture in their minds something like this:<\/p>\n

\"\"<\/a><\/p>\n

The size of the circle represents, as you might imagine, the number of open positions. \u00a0People tend to assume a universal distribution of jobs across all experience levels. \u00a0For simplicity’s sake, let say the market is broken down into two groups of jobs: “experienced people jobs” and “entry level” jobs. \u00a0The natural assumption leads people to think that the “skills gap” and “resource shortage” mean that both the demand for experienced people and the demand for entry level would increase near equivalently.<\/p>\n

This is the part that I’m starting to think isn’t true. \u00a0 Instead, I think what we’re seeing is something like this:<\/p>\n

\"\"<\/a><\/p>\n

In this, the overall size of the position “inventory” is increasing, but it is not happening homogeneously across all areas. \u00a0Instead, it’s happening at a certain place: the bottom of the triangle. \u00a0Say the market is striated in such a way that you have bands like:<\/p>\n