According to a survey by 3,500 hundred technology professionals in North America issued by CompTIA, there's a big gap between the security skills organizations are searching for and the actual skills the workers have.
Isn't that sorta like hiring batman, and instead of riding in on the batmobile, he comes peddling on a bat-tricycle. And instead of living in the bat cave, he lives in the bat-basement below his bat-parents. OK, that's enough of that.
But the fact is, as security now tops the list of IT skills companies views as of top importance, there is a serious shortage of skill available out in the tech workplace. Drilling down into the data, 73 percent of companies identified security, firewalls, and data privacy as IT skills most important, but only 57 percent found their employees proficient in these skills. The gap proved even wider in countries with more nascent IT industries like China, Poland, India, Russia, and South Africa.
As there seems to be no shortage of hackers, and they have now gotten so sophisticated that they even test out their malware (would you call that Penetrator Testing instead of Penetration Testing?) in simulations, I wonder what the success rate is of turning hackers into CSOs. Or is it, Once a hacker, always a hacker?
I was employed for several years for a U.S. Federal Government (civilian) office as a network / systems administrator. I focused much of my time on security, as for example we had public access to networks which contained sensitive data. My boss was rarely interested in anything security related, and I fell in less favor over time with my security focus. The systems and network ran well, and were never compromised or failed, although unfortunately I am no longer in that position. I hope to pass a CISSP exam and soon help another organization maintain their security...