One Article Review
| Source |  AlienVault Blog |
|---|---|
| Identifiant | 1554316 |
| Date de publication | 2020-02-20 13:00:00 (vue: 2020-02-20 14:01:45) |
| Titre | Is the cybersecurity skills gap real? |
| Texte | An independent guest blogger wrote this blog. If you do a web search for “cybersecurity skills gap,” you’ll get many, many pages of results. It’s certainly a hot topic in our industry. And it’s a matter that security practitioners and human resources people often disagree on. But before I get further into the matter, it would help to know what it is we’re talking about when we use the phrase “cybersecurity skills gap.” From the perspective of employers, it means that potential job applicants don’t have the specific cybersecurity skills they’re looking for, and possibly the people they already employ don’t have the skills to be promoted into new cybersecurity related positions. This can be a really tricky area, because computer technology evolves very quickly, and often universities, colleges, and vocational schools cannot change their curriculum at the same speed. Accordingly, the cyber threat landscape can change quickly too! From the perspective of many job seekers and security people, including myself and many of my colleagues I’ve spoken with, the phrase “cybersecurity skills gap” can sound like a taunt. Some of us have spent years in computer science programs, and many more years in IT courses and acquiring industry specific certifications. So we don’t have a particular niche certification or ten years experience with Windows Server 2016. We have loads of related knowhow, and we match many of the other job requirements, why won’t employers give us a chance and let us learn the rest? A few others have had a knack for computing since childhood, but the expense of college tuition and certification exams can seem insurmountable when you’re just starting out and have little money. How do we get our foot in the door in the first place when you need experience for a job, but you can’t get experience until you get a job? The cybersecurity skills gap phenomenon can hurt people in the industry who want good jobs, but it hurts companies and the security of their networks even more. According to the 2018 (ISC)² Cybersecurity Workforce Study, more than 2.9 million cybersecurity related job positions worldwide were unfilled. In the time that’s passed, that number likely grew. These are positions spanning a wide range of roles, from SOC analysts to DFIR, from penetration testers to application security specialists. Not having people work in these positions that organizations have recognized as needs inevitably weakens cybersecurity everywhere, and companies lose huge amounts of money in cyber attacks and data breaches. I have my own personal views on the matter. But cybersecurity people on Twitter also talk a lot about unrealistic job posting expectations and their impact on the skills gap. Shawn Thomas is a SOC manager. He tweeted about his exasperation with job posting requirements. “If your entry level job in infosec requires: A masters At least 3 certs Prefers two years of experience. YOU ARE NOT ALLOWED TO COMPLAIN THAT ITS HARD TO FIND CANDIDATES Additionally the discouragement students have when they hear that should make you feel bad about yourselves.” I also have an industry friend who has done a lot of her own research into the skills gap matter. Plus she has experience hiring for cybersecurity roles, experience that I lack. Alyssa Miller is a security evangelist and hacker, and she shares her knowledge at so many security conferences that it’d overwhelm me to do the same. She has written many posts on her blog about the skills gap, so I wanted to learn a bit from he |
| Envoyé | Oui |
| Condensat | $40 “culture “cybersecurity “i “if “must “there's 000 2016 2018 2020 about absolutely according accordingly acquiring actively actually additionally advance advice afraid against all allow allowed along already also always alyssa amazed amounts analysts anyone appearance applicants application are area artificially asked attacks backgrounds bad based because been before believe better bias biases bit blog blogger body breaches broaden brooks brothers budgets businesses but can can't can’t candidates cannot certainly certification certifications certs chance change childhood cissp clear close colleagues college colleges companies company complain computer computing conferences contributing conversation conversely corporate cost could courses create criteria culture curriculum cutting cyber cybersecurity data decades default definitely develop development dfir disagree discouragement discussed diversity don't don’t done door early easily either eliminate embrace employ employees employers enable encourages entry ethnicity evaluating evangelist even everyone everyone’s everywhere evolves exams exasperation exists expectations expense experience experiences factor factors fail feel finally find finding first fit foolish foot forth fortunately framework frequently friend from full further gap gap” gender general get gets give good greater grew guest hacker had hair hard has have having hear heard help helps her hire hiring his hit honestly hope hot how huge human hurt hurts i'm i've i’ve idea ideas impact improve including independent industries industry inevitably infosec insurmountable interviewers interviewers’ invest investing investment involved isc it’d it’s its job jobs just knack know knowhow knowledge lack landscape last learn least leave let level levels leveraged like likely limiting lines little loads local location look looking looks lose lot make man manage manager managers many market master’s masters match matter may means metasploit miller million millions mind misapplied money more much multiracial myself need needed needs networks new nice nicer niche non not nullifying number office often old one open opening opinion organization organizations other others out over overused overwhelm own pages particular passed pay penetration people per person personal perspective phenomenon phrase physically piercings ping place plans plus pointed pong pool pools positions positive possibly posting posts potential practitioner practitioners prefers prejudice problem problems process programs promoted providing purple quickly range ranging reading real really recognized recognizes related reluctance reluctant remote require requirements requires: research resource resources responsibility rest results role roles said salary same schools science search second security see seekers seem server shares shawn she should shouldn’t showing since sizes skills sleeve soc solutions solvable some someone something sound spanning specialists specific speed spend spent spoken starting stay students study suit tables take takes talent talk talking tattoo tattoos taunt team tech technology ten term testers than that's that’s them then these they’re things think thomas those thoughts threat thrive time today too topic train trained training transition tricky truly tuition tweeted twitter two understand unfilled universities unrealistic until use used value very views vocational want wanted wardrobe we're we’d we’re weakens web well what wheelchair when which white who who's whole why wide will willing windows within woman won’t wondered work workforce working worldwide worth would written wrong wrote year years you’ll you’re your yourselves |
| Tags | Threat |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.