Ah yes, the usual complaints about talent shortage, recruitment etc. As someone who has worked for 24+ yrs in IT/infosec and recruits for my team, the problems are twofold: recruiters & HR are utterly clueless when it comes to infosec, we all know this. What isn't discussed...
is what a lot of orgs call "talent shortage". Too many infosec people think this is some kind of slur on their technical abilities etc and it isn't. What corp orgs in particularly mean by "talent shortage" is they can't find decent GRC types with solid experience to help them...
manage an infosec programme that takes into account multiple MSPs, outsourced SOCs etc. Most companies do not have internal red or blue teams, this is outsourced to an MSP. Far too many candidates turn up with an expectation that they'll be unleashing their l33t skillz all day...
and they don't get the job as we know they'll be bored and lose interest. There is far too much emphasis in infosec on rockstar types, and nowhere near enough on the those who can manage and do the "basics", i.e. get a vuln management process working, keep MSPs on the straight...
and narrow, deal with other IT teams and the wider business. Soft skills are usually atrocious, particularly with those from a red/blue background and in corp infosec, this is a critical skill. Pay is also a factor, you may think your hacking skills are worth a decent salary...
and they are, but not to a corp business who wants help with "this infosec stuff". Most orgs do not have mature infosec programmes and they want help to do it properly, so they look for experience and the right skill set, i.e. GRC. Blue & red jobs do exist but they are far....
outnumbered by GRC corp roles, people apply then complain they don't get the job because as soon as GRC focussed infosec see them, it's a "no". We know you aren't what we are looking for, and that's without HR & co wading in with their usual bullshit. It's a mess that needs...
fixing, but a massive start would be focussing infosec learning on the type of jobs available, not fantasy Hollywood l33t hacker infosec, but the real infosec businesses need to function properly, not just complaining about idiot recruiters and throwing hands up in despair etc.
You can follow @supernaut29A.
Tip: mention @twtextapp on a Twitter thread with the keyword “unroll” to get a link to it.

Latest Threads Unrolled:
There are a lot of misconceptions about the Turkish diaspora in Germany. Since i just finished writing an essay about this topic I thought it's time to give other people
Read more
Las mejores calculadoras online en 2020A thread http://totumat.com/2020/11/26/las-mejores-calculadoras-online-en-2020/ Cuando se estudian asignaturas que requieren de cálculos complicados, nada mejor que contar con una buena calculadora.
Read more
Mitigating #ClimateChange is as much about taking up new techs as about leaving others behindMost studies focus on #coal's global downfall but another #energy tech decline is loomingRead my new
Read more