It's a huge problem. There has been debate in various spaces on how to handle any of this, and so far none have really caught on. (Thankfully?)
When we posted a new cyber position some time ago, it was amazing the people that applied. We were looking for a junior level person, yet had plenty of "senior" level people apply for the spot. In this case "senior" means management, not tech types. One was even a manager over 20 different sites teams. His primary skill was creating power point slides, not stopping intruders or investigating/preventing malware infections. He wanted about 3X what we had to spend on a new person. You'd think when the position was listed as a entry-level spot these people would be smart enough not to apply. Maybe something in that... On the employeer side of things, I'd love to have a "meaningful" set of things that people could put on a resume to catch my interest. I don't mean the alphabet soup that people currently use that indicates they memorized the answers to pass a test. I've found that the more of these certs people have, the less they actually know or may be willing to learn. They know the answers since they passed the test. Real life hasn't hit them yet. These "experts" make it hard for a company to justify the higher pay that is expected. How many times to you get burned by someone that knows all the right buzz words but doesn't know the "practical skills" side of things. --Gene /~\ The ASCII Gene Rackow email: rac...@anl.gov \ / Ribbon Campaign Cyber Security Office voice: 630-252-7126 X Against HTML Argonne National Lab / \ Email! 9700 S. Cass Ave. / Argonne, IL 60439 Kyle Creyts made the following keystrokes: >I know a lot of people who recently joined the workforce in IT and infosec, >and I know few enough who are happy or satisfied with their pay; part of >the problem is the way paragon status has been conferred upon those with a >trivial set of skills, a good break with the press, and sense of >opportunism. > >The role models for some of the younger entrants are very successful, but >not very humble. Many have come to expect higher wages for some of these >skills, with "possession of skills and experience" being defined by the >individual and their evaluator rather than the industry as a whole, or even >a majority. I am not defining a skillset when I say "skills in pen-testing" >or "skills in data forensics" or "firewall management experience," though >it would seem many people believe that these words seem to embody such a >skillset. > >It would seem that some standards (I know, it seems hard to keep standards >current with the rapid evolution of knowledge in our field) would greatly >aid in giving these people proper perspective. Knowing more about something >than anyone you know doesn't necessarily make you an expert. > >As an industry, we lack some authoritative reference points to help >individuals understand where they stand in knowledge and experience. >Admittedly, we work in a field where young authority seems somewhat >commonplace. Perhaps this influences the perception of those new to the >workforce, or even those who have been around a while? > >But who am I to comment? I'm just another young guy, recently having >entered the workforce... >On Nov 24, 2012 9:59 AM, "Rob, grandpa of Ryan, Trevor, Devon & Hannah" < >rmsl...@shaw.ca> wrote: > >> I see a lot of companies complaining that they can't get skilled/trained >> infosec >> people. >> >> I see a lot of experienced infosec people out of work. >> >> http://www.nytimes.com/2012/11/25/magazine/skills-dont-pay-the-bills.html >> >> ====================== (quote inserted randomly by Pegasus Mailer) >> rsl...@vcn.bc.ca sl...@victoria.tc.ca rsl...@computercrime.org >> As the harbor is welcome to the sailor, so is the last line to >> the scribe. - marginalia by scribe/copyist monk >> victoria.tc.ca/techrev/rms.htm http://www.infosecbc.org/links >> http://blogs.securiteam.com/index.php/archives/author/p1/ >> http://twitter.com/rslade >> _______________________________________________ >> Fun and Misc security discussion for OT posts. >> https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >> Note: funsec is a public and open mailing list. >> > >--e89a8fb202287345ba04cf471f49 >Content-Type: text/html; charset=ISO-8859-1 >Content-Transfer-Encoding: quoted-printable > ><p>I know a lot of people who recently joined the workforce in IT and infos= >ec, and I know few enough who are happy or satisfied with their pay; part o= >f the problem is the way paragon status has been conferred upon those with = >a trivial set of skills, a good break with the press, and sense of opportun= >ism. </p> > ><p>The role models for some of the younger entrants are very successful, bu= >t not very humble. Many have come to expect higher wages for some of these = >skills, with "possession of skills and experience" being defined = >by the individual and their evaluator rather than the industry as a whole, = >or even a majority. I am not defining a skillset when I say "skills in= > pen-testing" or "skills in data forensics" or "firewal= >l management experience," though it would seem many people believe tha= >t these words seem to embody such a skillset. </p> > ><p>It would seem that some standards (I know, it seems hard to keep standar= >ds current with the rapid evolution of knowledge in our field) would greatl= >y aid in giving these people proper perspective. Knowing more about somethi= >ng than anyone you know doesn't necessarily make you an expert. </p> > ><p>As an industry, we lack some authoritative reference points to help indi= >viduals understand where they stand in knowledge and experience. Admittedly= >, we work in a field where young authority seems somewhat commonplace. Perh= >aps this influences the perception of those new to the workforce, or even t= >hose who have been around a while?</p> > ><p>But who am I to comment? I'm just another young guy, recently having= > entered the workforce... </p> ><div class=3D"gmail_quote">On Nov 24, 2012 9:59 AM, "Rob, grandpa of R= >yan, Trevor, Devon & Hannah" <<a href=3D"mailto:rmsl...@shaw.ca= >" target=3D"_blank">rmsl...@shaw.ca</a>> wrote:<br type=3D"attribution">= ><blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p= >x #ccc solid;padding-left:1ex"> > >I see a lot of companies complaining that they can't get skilled/traine= >d infosec<br> >people.<br> ><br> >I see a lot of experienced infosec people out of work.<br> ><br> ><a href=3D"http://www.nytimes.com/2012/11/25/magazine/skills-dont-pay-the-b= >ills.html" target=3D"_blank">http://www.nytimes.com/2012/11/25/magazine/ski= >lls-dont-pay-the-bills.html</a><br> ><br> >=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D =A0(quot= >e inserted randomly by Pegasus Mailer)<br> ><a href=3D"mailto:rsl...@vcn.bc.ca"; target=3D"_blank">rsl...@vcn.bc.ca</a> = >=A0 =A0 <a href=3D"mailto:sl...@victoria.tc.ca"; target=3D"_blank">slade@vic= >toria.tc.ca</a> =A0 =A0 <a href=3D"mailto:rsl...@computercrime.org"; target= >=3D"_blank">rsl...@computercrime.org</a><br> > >As the harbor is welcome to the sailor, so is the last line to<br> >the scribe. =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0- marginalia by scri= >be/copyist monk<br> ><a href=3D"http://victoria.tc.ca/techrev/rms.htm"; target=3D"_blank">victori= >a.tc.ca/techrev/rms.htm</a> <a href=3D"http://www.infosecbc.org/links"; targ= >et=3D"_blank">http://www.infosecbc.org/links</a><br> ><a href=3D"http://blogs.securiteam.com/index.php/archives/author/p1/"; targe= >t=3D"_blank">http://blogs.securiteam.com/index.php/archives/author/p1/</a><= >br> ><a href=3D"http://twitter.com/rslade"; target=3D"_blank">http://twitter.com/= >rslade</a><br> >_______________________________________________<br> >Fun and Misc security discussion for OT posts.<br> ><a href=3D"https://linuxbox.org/cgi-bin/mailman/listinfo/funsec"; target=3D"= >_blank">https://linuxbox.org/cgi-bin/mailman/listinfo/funsec</a><br> >Note: funsec is a public and open mailing list.<br> ></blockquote></div> > >--e89a8fb202287345ba04cf471f49-- > >--===============0238771655== >Content-Type: text/plain; charset="us-ascii" >MIME-Version: 1.0 >Content-Transfer-Encoding: 7bit >Content-Disposition: inline > >_______________________________________________ >Fun and Misc security discussion for OT posts. >https://linuxbox.org/cgi-bin/mailman/listinfo/funsec >Note: funsec is a public and open mailing list. >--===============0238771655==-- _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
