So I was reading a post on Reddit
(here) and it sort of struck a cord with me. I won't repeat the post here - you get to go read it for yourself.
But at the risk of spoiler alert, the author's basic premise is that business leaders are simply making these statements:
- Stop putting all this security stuff in place that makes it harder and harder for me to do business
- Make security more friendly to my budget and we'll talk about it.
- ...oh but make sure to keep our collective butts out of hot water and get us compliant.
So, let me ask, is there really a cyber talent shortage, based on what we see coming through our classrooms? I mean, there are degrees all over the place and kids are enrolling in droves, but are we actually getting the rich cyber talent that we need to form solid blue teams and be able to defend our networks from come what may?
We all know that cybersecurity is the new sexy. It's the bright shiny buzz word surrounded by pictures of people in business attire, in darkened data centers, analyzing the content displayed on a couple of 27" displays with other pictures of some person in a hoodie and Guy Fawkes mask displayed as "the enemy". Little do these star-struck candidates know that if they actually get into a cyber role within five years after graduation (despite what some admissions rep may say), it's going to be filled with menial tasks like filling out hundreds of pages of documentation for compliance and insurance sake, answering tickets for why the password reset tool isn't working, and maybe pouring over the outputs correlated by a SIEM that shows little more than background noise. But hey, sexy things sell, so we have students (which is good for us...but...).
And as a side rant, just yesterday, US President Biden had some kind of conference with cyber leaders where the output seemed to be (at least from just reading the headlines) was, "Hey NIST, we need a new Framework". Why? What's wrong with the old framework? Seems it was just fine, but since we're still seeing cyber attacks (T-Mobile anyone), somehow a new framework would help tamp down all these new cyber threats.
I didn't think so, either.
I think 3_toad_Grizzly has a point. I personally don't see a real cyber shortage. I see a "care" shortage. I still see business leaders out there that don't care about cyber until it bites them in the posterior region and threatens to sap all their corporate profits that they reluctantly start hiring real cyber analysts into their organizations, rather than just the casual relationship with an MSP to solve a specific problem or, more likely, overcome a compliance/insurance hurdle.
Anyway, it seems CIN is a bit quiet this week, so I figure, time to get a good discussion going and earn a few more achievements and XP. Come one, come all...it's a good old fashioned RickRant!
/r