funsec mailing list archives

Re: "Skills gap"?

From: rackow () mcs anl gov
Date: Sat, 24 Nov 2012 21:08:57 -0600

It's a huge problem.  There has been debate in various spaces on how to
handle any of this, and so far none have really caught on. (Thankfully?)

When we posted a new cyber position some time ago, it was
amazing the people that applied.  We were looking for a junior level
person, yet had plenty of "senior" level people apply for the spot.
In this case "senior" means management, not tech types.  One was
even a manager over 20 different sites teams.  His primary skill was
creating power point slides, not stopping intruders or
investigating/preventing malware infections.  He wanted about 3X 
what we had to spend on a new person.   You'd think when the position
was listed as a entry-level spot these people would be smart enough
not to apply.  Maybe something in that...

On the employeer side of things, I'd love to have a "meaningful" 
set of things that people could put on a resume to catch my 
interest.  I don't mean the alphabet soup that people currently
use that indicates they memorized the answers to pass a test.
I've found that the more of these certs people have, the less
they actually know or may be willing to learn.  They know
the answers since they passed the test.  Real life hasn't
hit them yet. 

These "experts" make it hard for a company to justify the higher
pay that is expected.  How many times to you get burned by someone
that knows all the right buzz words but doesn't know the
"practical skills" side of things.

--Gene

/~\ The ASCII         Gene Rackow               email: rackow () anl gov
\ / Ribbon Campaign   Cyber Security Office     voice: 630-252-7126
 X  Against HTML      Argonne National Lab      
/ \ Email!            9700 S. Cass Ave. / Argonne, IL  60439

Kyle Creyts made the following keystrokes:

I know a lot of people who recently joined the workforce in IT and infosec,
and I know few enough who are happy or satisfied with their pay; part of
the problem is the way paragon status has been conferred upon those with a
trivial set of skills, a good break with the press, and sense of
opportunism.

The role models for some of the younger entrants are very successful, but
not very humble. Many have come to expect higher wages for some of these
skills, with "possession of skills and experience" being defined by the
individual and their evaluator rather than the industry as a whole, or even
a majority. I am not defining a skillset when I say "skills in pen-testing"
or "skills in data forensics" or "firewall management experience," though
it would seem many people believe that these words seem to embody such a
skillset.

It would seem that some standards (I know, it seems hard to keep standards
current with the rapid evolution of knowledge in our field) would greatly
aid in giving these people proper perspective. Knowing more about something
than anyone you know doesn't necessarily make you an expert.

As an industry, we lack some authoritative reference points to help
individuals understand where they stand in knowledge and experience.
Admittedly, we work in a field where young authority seems somewhat
commonplace. Perhaps this influences the perception of those new to the
workforce, or even those who have been around a while?

But who am I to comment? I'm just another young guy, recently having
entered the workforce...
On Nov 24, 2012 9:59 AM, "Rob, grandpa of Ryan, Trevor, Devon & Hannah" <
rmslade () shaw ca> wrote:

I see a lot of companies complaining that they can't get skilled/trained
infosec
people.

I see a lot of experienced infosec people out of work.

http://www.nytimes.com/2012/11/25/magazine/skills-dont-pay-the-bills.html

======================  (quote inserted randomly by Pegasus Mailer)
rslade () vcn bc ca     slade () victoria tc ca     rslade () computercrime org
As the harbor is welcome to the sailor, so is the last line to
the scribe.                      - marginalia by scribe/copyist monk
victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links
http://blogs.securiteam.com/index.php/archives/author/p1/
http://twitter.com/rslade
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.


--e89a8fb202287345ba04cf471f49
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<p>I know a lot of people who recently joined the workforce in IT and infos=
ec, and I know few enough who are happy or satisfied with their pay; part o=
f the problem is the way paragon status has been conferred upon those with =
a trivial set of skills, a good break with the press, and sense of opportun=
ism. </p>

<p>The role models for some of the younger entrants are very successful, bu=
t not very humble. Many have come to expect higher wages for some of these =
skills, with &quot;possession of skills and experience&quot; being defined =
by the individual and their evaluator rather than the industry as a whole, =
or even a majority. I am not defining a skillset when I say &quot;skills in=
pen-testing&quot; or &quot;skills in data forensics&quot; or &quot;firewal=
l management experience,&quot; though it would seem many people believe tha=
t these words seem to embody such a skillset. </p>

<p>It would seem that some standards (I know, it seems hard to keep standar=
ds current with the rapid evolution of knowledge in our field) would greatl=
y aid in giving these people proper perspective. Knowing more about somethi=
ng than anyone you know doesn&#39;t necessarily make you an expert. </p>

<p>As an industry, we lack some authoritative reference points to help indi=
viduals understand where they stand in knowledge and experience. Admittedly=
, we work in a field where young authority seems somewhat commonplace. Perh=
aps this influences the perception of those new to the workforce, or even t=
hose who have been around a while?</p>

<p>But who am I to comment? I&#39;m just another young guy, recently having=
entered the workforce... </p>
<div class=3D"gmail_quote">On Nov 24, 2012 9:59 AM, &quot;Rob, grandpa of R=
yan, Trevor, Devon &amp; Hannah&quot; &lt;<a href=3D"mailto:rmslade () shaw ca=
" target=3D"_blank">rmslade () shaw ca</a>&gt; wrote:<br type=3D"attribution">=
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">

I see a lot of companies complaining that they can&#39;t get skilled/traine=
d infosec<br>
people.<br>
<br>
I see a lot of experienced infosec people out of work.<br>
<br>
<a href=3D"http://www.nytimes.com/2012/11/25/magazine/skills-dont-pay-the-b=
ills.html" target=3D"_blank">http://www.nytimes.com/2012/11/25/magazine/ski=
lls-dont-pay-the-bills.html</a><br>
<br>
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =A0(quot=
e inserted randomly by Pegasus Mailer)<br>
<a href=3D"mailto:rslade () vcn bc ca" target=3D"_blank">rslade () vcn bc ca</a> =
=A0 =A0 <a href=3D"mailto:slade () victoria tc ca" target=3D"_blank">slade@vic=
toria.tc.ca</a> =A0 =A0 <a href=3D"mailto:rslade () computercrime org" target=
=3D"_blank">rslade () computercrime org</a><br>

As the harbor is welcome to the sailor, so is the last line to<br>
the scribe. =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0- marginalia by scri=
be/copyist monk<br>
<a href=3D"http://victoria.tc.ca/techrev/rms.htm"; target=3D"_blank">victori=
a.tc.ca/techrev/rms.htm</a> <a href=3D"http://www.infosecbc.org/links"; targ=
et=3D"_blank">http://www.infosecbc.org/links</a><br>
<a href=3D"http://blogs.securiteam.com/index.php/archives/author/p1/"; targe=
t=3D"_blank">http://blogs.securiteam.com/index.php/archives/author/p1/</a><=
br>
<a href=3D"http://twitter.com/rslade"; target=3D"_blank">http://twitter.com/=
rslade</a><br>
_______________________________________________<br>
Fun and Misc security discussion for OT posts.<br>
<a href=3D"https://linuxbox.org/cgi-bin/mailman/listinfo/funsec"; target=3D"=
_blank">https://linuxbox.org/cgi-bin/mailman/listinfo/funsec</a><br>
Note: funsec is a public and open mailing list.<br>
</blockquote></div>

--e89a8fb202287345ba04cf471f49--

--===============0238771655==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.
--===============0238771655==--

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

Current thread:

"Skills gap"? Rob, grandpa of Ryan, Trevor, Devon & Hannah (Nov 24)
- Re: "Skills gap"? Paul Ferguson (Nov 24)
  - Message not available
    - Message not available
    - Fwd: "Skills gap"? Paul Ferguson (Nov 24)
    - Message not available
    - Re: Fwd: "Skills gap"? Paul Ferguson (Nov 24)
- Message not available
  - Re: "Skills gap"? Kyle Creyts (Nov 24)
    - Re: "Skills gap"? rackow (Nov 24)
    - Re: "Skills gap"? John Bambenek (Nov 24)
    - Re: "Skills gap"? Rich Kulawiec (Nov 29)
    - Re: "Skills gap"? John Bambenek (Nov 29)
    - Re: "Skills gap"? Blanchard, Michael (InfoSec) (Nov 29)
    - Re: "Skills gap"? John Bambenek (Nov 29)
    - Re: "Skills gap"? Paul Ferguson (Nov 29)
    - Re: "Skills gap"? Blanchard, Michael (InfoSec) (Nov 29)
    - Re: "Skills gap"? Paul Ferguson (Nov 29)
    - Re: "Skills gap"? John Bambenek (Nov 29)
    - Message not available
    - Re: "Skills gap"? John Bambenek (Nov 29)

(Thread continues...)