Comments
Security Skills Shortage, Or Training Failure?
Newest First  |  Oldest First  |  Threaded View
DoTheRightThing
50%
50%
DoTheRightThing,
User Rank: Apprentice
8/25/2012 | 4:47:06 PM
re: Security Skills Shortage, Or Training Failure?
All these companies and people running them make broad statements that tell only half truths. The statement "We can't find the people with the skills" is really "We can't find the people with the skills AT THE PRICE WE WANT TO PAY". Its supply and demand and if the industry up's the wages as they have for CEO and other executives its a safe bet to say the void will be filled albeit with a bit of lag time for experience to build. The Numbnuts at CNN and CNBC air this weekly letting "guest experts" away with the "half truth" statement.
Andrew Hornback
50%
50%
Andrew Hornback,
User Rank: Apprentice
8/23/2012 | 12:19:36 AM
re: Security Skills Shortage, Or Training Failure?
I think one of the issues that you have to look at here is - what happens when an organization pays for an employee to get trained in a specific skill or software package and then said employee suddenly finds themselves a lot more marketable and worth more, although the organization is not willing to increase their compensation?

Organizations are worried about their training dollars walking out the door. Employees don't have the spare time or money to obtain training on their own and there's no impetus for them to learn something new if they're not going to be compensated for it.

Boils down to organizations wanting something for nothing and individuals wanting compensation for doing something.

With security skill sets (and threats) evolving continually, there has to be a happy medium found in order to keep security professionals current - otherwise you end up with folks with outdated skills, folks with classroom experience but no real-world experience or folks who happen to land a position because they're a friend/relative of a C-level exec. In any of the three cases, the organization is at risk - how much risk depends a lot on the organization, obviously.

The board room needs to ask itself, is the amount of risk that we're willing to incur by not keeping our security team modernized on par with the cost of the training to keep them current and the compensation to keep them with the organization?

Andrew Hornback
InformationWeek Contributor
2sense
50%
50%
2sense,
User Rank: Apprentice
8/22/2012 | 7:51:41 PM
re: Security Skills Shortage, Or Training Failure?
It's naive to think that attending a few training classes will make you an expert - it won't. Training provides foundational knowledge which in turn needs to be applied and practiced in a real world setting. There also has to be some genuine desire on the part of the employee to learn. Formal classroom instruction during working hours is one option, but it's expensive and requires time away from work. Self-study is another option that is cheaper and, in my opinion, far more effective in the long run. Since the demand for IT Security professionals will continue unabated for the foreseeable future, it makes sense for anyone who is looking to advance in their careers to take charge of their destiny and acquire the necessary knowledge and skills on their own. Waiting for the corporate suits/skirts to invest in you is simply not going to happen. The added bonus is that once you acquire these new skills, you will be positioned to jump ship once a better gig comes along.
DAVIDINIL
50%
50%
DAVIDINIL,
User Rank: Strategist
8/21/2012 | 11:18:58 PM
re: Security Skills Shortage, Or Training Failure?
Corporations and government agencies like to complain that they "simply cannot find" trained employees.... for the most obscure, one-off, non standard software suites. There is not training for these products other than on the job training. No colleges are going to teach these skills. Freelancers would never pay for the training themselves because there is no market for it.

What the Corp's are really complaining about is that they don't want to pay a living wage for anyone to learn the skills that are required.
Number 6
50%
50%
Number 6,
User Rank: Strategist
8/21/2012 | 8:24:28 PM
re: Security Skills Shortage, Or Training Failure?
I've read much of Dr. Cappelli's research based views and he's spot on. He lists many other practices that led to so-called skilled worker shortages but lack of corporate training programs is among the primary causes. I appreciate that you've noticed and connected it to the security field.


The Agile Archive
The Agile Archive
When it comes to managing data, donít look at backup and archiving systems as burdens and cost centers. A well-designed archive can enhance data protection and restores, ease search and e-discovery efforts, and save money by intelligently moving data from expensive primary storage systems.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Elite 100 - 2014
Our InformationWeek Elite 100 issue -- our 26th ranking of technology innovators -- shines a spotlight on businesses that are succeeding because of their digital strategies. We take a close at look at the top five companies in this year's ranking and the eight winners of our Business Innovation awards, and offer 20 great ideas that you can use in your company. We also provide a ranked list of our Elite 100 innovators.
Video
Slideshows
Twitter Feed
Audio Interviews
Archived Audio Interviews
GE is a leader in combining connected devices and advanced analytics in pursuit of practical goals like less downtime, lower operating costs, and higher throughput. At GIO Power & Water, CIO Jim Fowler is part of the team exploring how to apply these techniques to some of the world's essential infrastructure, from power plants to water treatment systems. Join us, and bring your questions, as we talk about what's ahead.