Is the current talent shortage in IT affecting your security posture?
Sort by:
I was actually having a conversation with someone who was talking about a recent database security issue and they said the problem is that the database creators didn't create a flag to keep your database off the internet, like a single widget. And I said, "No. That's not a problem. The real problem is that we've made it too simple and now everyone expects the SaaS or the product or the application to solve all of my ills." It is so hard to find network engineers today who I can sit down and say, "Explain classless inter-domain routing (CIDR) and subnetting to me." They're like, "I just have Amazon do that. I don't know how to do any of that."
I've got a really good recruiting firm that's found needles in a stack of needles for me. But if I’m looking for a cloud security engineer because I want cloud, network, Linux systems, and security, my recruiters are like, "Pick 2. I can't do all 4 of those." But I'm not willing to pick two. I need all 4.
They don't have a clue, they have no understanding of what that is. I was a networking specialist for years and years. As a chief of engineering for my last company I was trying to find people skilled in both programming and networking, and the lack of understanding of networking is truly unbelievable and abysmal.
I do management and monitoring and we often hear that there's a dearth of network engineers out there. CIOs are coming to us and saying, "People don't know how to manage their networks."
It has taken me more than 6 months to find a good cloud security engineer because people are so comfortable with tools that if you want them to do some of these things the old way, they have no idea what to do.
If you need so many skills, then the pay scale increases. You have to come up with a completely separate business justification for why somebody on your team is asking for so much money, when there are other folks on your team who are not even on par.