“People require investment. That's our job as leaders.”

Twitter: @ian_InfoSec • Website: medium.com/@ian_InfoSec

Ian Anderson is a security manager focusing on the relationships between information technology and operational technology and how those relationships work to defend industrial control systems. He is also interested in risk and governance and identity management within enterprise environments. Ian is a graduate of the University of Oklahoma and maintains GSLC, GCIH, and CISSP certifications.

Do you believe there is a massive shortage of career cybersecurity professionals?

I'm not so sure there's a shortage for cybersecurity-specific positions of 3 million+ people (a number frequently reported). The reality is that there are fewer than a million total cybersecurity jobs out there. If the deficit is genuinely that big, we would see other indicators. Getting into cybersecurity is still hard. Unlike in other disciplines, there's no clear path to joining the cybersecurity ranks. Degree programs and alternative training are still in their beginning stages. The shortage will become real when we see more prioritization around talent development over scaling existing talent.

Another reason I question the doom and gloom of the talent shortfall is the way we continue to hire for security. Companies routinely require things like the CISSP certification or ...