“The industry needs to figure out how to bring in less experienced people with great potential who can level up with the right training and support.”

Twitter: @sushidude

Steve Christey Coley is a principal InfoSec engineer at the MITRE Corporation. He was the cofounder and technical lead of CVE and chair of its editorial board from 1999 to 2015. He co-authored the “Responsible Vulnerability Disclosure Process” IETF draft and contributed to CVSS v2. He is the technical lead for the Common Weakness Enumeration (CWE), including the SANS/CWE Top 25 from 2009–2011. He supports the FDA on medical device security, including vulnerability handling, risk assessment, and policy development. He seeks to make the cybersecurity profession more inclusive, diverse, and accessible to everybody who seeks a place in it.

Do you believe there is a massive shortage of career cybersecurity professionals?

There is probably a shortage, but we don't really know how bad it is since many people are trying to break into InfoSec and can't find a job. Many new professionals struggle to break in at the junior level, although some of them might be targeting only the more famous companies and missing out on more fulfilling opportunities at lesser known, less glamorous companies. But at the same time, many organizations have unrealistic expectations in their job listings. They'll ...