Page 249 - Cyber Defense eMagazine Annual RSA Edition for 2024
P. 249

common in the industry right now that many colleagues looking for work feel as if they need to significantly
            scale-back their expectations – and that feels wrong.



            Keyword matching candidates

            Many people interviewing candidates and sifting through resumes are keyword matching and lack the
            ability to truly recognize the right talent for a role. The days of keyword matching on resumes were over
            in the late 90s; companies who still do that today are creating their own problems.



            Shrinking salaries

            While there are publications out there luring people into our industry with outrageous salary promises,
            the reality is that compensation for the many open roles is poor. If a company needs someone who has
            experience in FedRAMP, cloud infrastructure, and domain knowledge in healthcare, they should know
            what that talent is worth.



            A lack of interoperability


            Companies are facing aging security infrastructure that neither works together well, nor has a path to
            support the evolution of IT. If we add cloud adoption into the mix, we’re looking at a monumental task to
            either upgrade everything or manage at least two separate and disparate tool sets for security. Obtaining
            this perfect synergy is unrealistic in many cases, and the lack of interoperability, despite being expected,
            is another reason why people leave.

            A quick word on how we’re injecting, or proposing to inject, new talent. So many “boot camps” are popping
            up,  propped  up  by  promises  of  a  lucrative  career  that  lead  to  bad  outcomes.  To  be  effective  in
            cybersecurity, candidates need a background in everything else that underpins technology – software
            development, network understanding, systems understanding and so much more. What we’re seeing are
            people  who  apply  for  a  security  architect  position  and  can’t  explain  a  three-way  handshake,  how
            applications communicate, or why DNS packets shouldn’t be 100Mb in size. I liken this to wanting to be
            an auto mechanic without understanding the mechanics of internal combustion engines. Sure – you can
            replace a taillight and change the oil, but you won’t truly understand the big problems.



            The wrong priorities

            Most companies focused on adding more people simply won’t solve one of their core problems. Stopping
            the influx of complex threats most companies face isn’t a numbers game. It’s unrealistic to expect analysts
            to sift through petabytes of available information – manually – with enough efficiency to identify attacks
            in  a  meaningful  timeframe.  Attackers  leverage  automation,  verticalized  economies  of  scale,  and
            advancements in the latest tech trends. Even if a company could hire ten more analysts, unless it fixes






                                                                                                            249
   244   245   246   247   248   249   250   251   252   253   254