What's good for infosec professionals and their career options is bad for the industry, economy, and country.
Businesses everywhere are facing the fact: the security talent pool is dry. I spoke to a manager recently who had hired a security analyst after eight months of searching. Each month he had reduced the requirements and increased the salary. Needless to say, in the end, he was getting less than he wanted for a lot more money. If you are a security professional, this seems great—we have one of the few jobs that are not about to be replaced with automation, and there’s no end in sight to the skills shortage.
But if we take a wider view, this is a big economic problem. Security work is either not getting done, or is being done by people who lack the background or aptitude. Is it any wonder that cyberattacks are on the rise? Sometimes it feels as if any motivated adversary can walk into a network as if we'd laid out a welcome mat. Organizations today are complex, growing and shifting technology quickly—whether it’s shadow IT, or M&A, or movement to the latest virtual data centers—no networks are standing still. Security teams are either understaffed or under-skilled, and so are falling further behind while our adversaries are getting more automated, more mature and more sophisticated in their search for high-value soft targets.